Skip to content

The Audit Process: A Step-by-Step Overview

Every business that meets the UK’s statutory audit threshold will go through the audit process at least once a year. But what does that actually involve? If you’ve never been audited before – or you’re trying to make sense of what your auditor is doing – this guide breaks it down into clear steps. The audit process follows a logical sequence, from early planning right through to the final audit report, and it’s governed by International Standards on Auditing (UK), known as ISAs.

Understanding how auditors work helps you prepare better, respond faster to requests, and get more value from the whole exercise. It also removes a lot of the mystery. An audit isn’t a fishing expedition. It’s a structured, evidence-based review of your financial statements, and every audit follows a similar path.

What are the 5 stages of the audit process?

Most firms break the audit process into five main stages. The exact labels vary, but the structure is broadly the same across the profession:

  1. Planning and risk assessment – the team gets to know your business, identifies risks, and builds an audit plan tailored to your organisation.
  2. Understanding controls – your systems and processes are reviewed to see how activity is recorded and what safeguards exist against error or fraud.
  3. Testing – this is the hands-on phase where samples of transactions are selected, balances checked, and evidence gathered.
  4. Evaluation and review – findings are pulled together, assessed against materiality thresholds, and discussed with management.
  5. Reporting – the signed audit report is issued, including the opinion on whether the financial statements give a true and fair view.

These five audit stages apply whether you’re a small company just above the statutory audit threshold or a large group with multiple subsidiaries. The depth and complexity change, but the audit framework stays the same.

Audit planning: where it all starts

The audit plan is the foundation of everything that follows. Under ISA 300, the engagement team is required to plan their work so it’s performed effectively. That means understanding your industry, your entity’s structure, the accounting policies you use, and where the biggest risks sit.

During planning, the team will typically:

  • Review prior year audit files and management letters
  • Discuss significant changes with your finance team – new contracts, restructuring, system migrations – that could affect the audit
  • Carry out an initial assessment of where misstatement is more likely
  • Set materiality levels (the threshold below which errors wouldn’t change a reader’s view of the accounts)
  • Decide which audit procedures to apply and where to focus testing

Good planning saves everyone time. If you’re going through your first statutory audit, getting organised early makes a real difference to how smoothly things run.

How your controls are assessed

Before diving into the numbers, the auditor needs to understand your internal control environment. This covers how your business authorises activity, records it, safeguards assets, and prevents or detects errors.

For a smaller company, controls might be relatively informal – perhaps the managing director approves all payments over a certain amount. Larger organisations tend to have documented audit trails, segregation of duties, and IT safeguards built into their accounting systems.

The auditor isn’t there to design your controls. But they do need to assess whether those controls are relevant to the audit and whether they can be relied upon. If a particular area is weak, the team will do more detailed testing there.

Fieldwork: conducting the audit

This is the audit stage most people picture. Your auditor is on site – or working remotely through your cloud accounting system – testing the numbers behind your financial statements.

What does the audit look like in practice? It depends on the risks identified during planning, but common procedures include:

  • Selecting a sample of transactions and tracing them back to source documents (invoices, contracts, bank statements)
  • Confirming balances directly with third parties – banks, debtors, creditors
  • Recalculating figures like depreciation, tax provisions, and accruals
  • Inspecting assets to confirm they exist and are in the condition stated
  • Reviewing journal entries for unusual or large adjustments
  • Analytical procedures – comparing current year figures to prior year, budget, or industry benchmarks to spot anomalies

Every audit test has a purpose, and every conclusion gets documented in the working file. The Financial Reporting Council (FRC) can inspect audit files, so the team is meticulous about their working papers.

What are the 7 audit procedures?

ISA 500 sets out seven types of procedure used to obtain sufficient, appropriate evidence:

  1. Inspection – examining records, documents, or physical assets. This could mean reviewing a signed lease agreement or physically counting inventory.
  2. Observation – watching a process being performed, such as a stocktake or a bank reconciliation being prepared.
  3. External confirmation – getting written responses directly from third parties. Bank confirmations and debtor circularisations are classic examples.
  4. Recalculation – independently checking the mathematical accuracy of documents or records.
  5. Reperformance – independently executing a procedure or control that was originally performed by the entity’s staff.
  6. Analytical procedures – evaluating financial information through analysis of plausible relationships between both financial and non-financial data.
  7. Inquiry – seeking information from knowledgeable persons, both within and outside the entity.

Not all seven are used on every audit balance. The choice depends on the nature of the account, the level of risk, and what kind of audit evidence is most persuasive for that particular assertion. A combination of procedures gives stronger evidence than any single method alone.

From draft report to final report

Once audit testing wraps up, the auditor pulls everything together. Any issues found – misstatements, control weaknesses, areas of concern – are documented and discussed with management.

You’ll usually receive a draft report first. This gives you a chance to review the findings, provide additional information if something was misunderstood, and correct any factual errors. A management letter follows with recommendations for improvement on processes and controls.

After any adjustments are agreed, the final report is issued. This includes the opinion – most commonly an unqualified (clean) opinion confirming the financial statements give a true and fair view. The audit report is addressed to the shareholders and filed at Companies House alongside the accounts.

If the auditor identifies material misstatements that management won’t correct, or limitations on the scope of work, the opinion will be modified. Modified opinions (qualified, adverse, or disclaimer) are relatively rare for well-prepared companies, but they do happen.

How long does the audit process take?

Timelines vary depending on the size and complexity of the organisation. A straightforward engagement for a small company might take two to three weeks from planning to sign-off. Larger jobs with multiple locations, complex transactions, or group consolidation can run for several months.

The biggest factor in keeping things on track? Preparation. When the finance team has clean trial balances, supporting schedules ready, and quick answers to queries, the whole process moves faster. Delays almost always come from missing information or unresolved accounting questions, not from the work itself.

Making the audit work for your business

An audit doesn’t have to be something you just endure. The best audit firms use their understanding of your business to provide genuine insight – flagging risks you hadn’t considered, benchmarking your accounts against peers, and highlighting where processes could be tightened.

At Audit Group, we’re part of Jack Ross Chartered Accountants, an ICAEW-regulated practice established in 1948. We’ve audited businesses across Manchester and beyond for decades, and we know how to make the process as painless as possible.

If you’d like to talk about your next audit or have questions about the audit process, call us on 0161 832 4451 or visit our contact page.

Book your audit consultation

We respond within 24 hours. No call centres. Direct access to your audit partner.

Call back form (#4)

0161 832 4451

Barnfield House, The Approach
Manchester M3 7BX

Click to load map
Call Now Get a Callback