Concerns over SME audits

While the guidance aims to bridge that gap, the FRC’s decision to hold back on adopting the International Auditing and Assurance Standards Board’s standard for less complex entities (ISA for LCE) has reinforced the sense that a more radical solution is still being deferred.

‘The only way in which audits will materially change is if there is a change to the ISAs or the adoption of a less burdensome regime for SME audits,’ says Steve Collings FCCA of Leavitt Walmsley Associates.

Scalability

The FRC says that its Practice Note 28 guidance is designed to support auditors in applying ISAs (UK) in a way that is ‘scalable, proportionate and effective’. It significantly expands on previous guidance, offering practical examples across core audit areas. These include planning and materiality, risk assessment, audit evidence and analytical procedures, and group audits. It also addresses persistent problem areas such as going concern and fraud.

There is ‘a sense of cautious optimism’ around the guidance as a ‘constructive starting point’, says Talha Farrukh FCCA, audit partner at Gerald Edelman. ‘It helps firms think more clearly in ways that reflect the scale and complexity of SME businesses, rather than simply defaulting to approaches designed for more complex larger entities. It appears to provide a fairly comprehensive and well-structured framework, offering more detailed insight into how audits of SMEs can be approached across key areas.’

It may also help address common SME-specific challenges. Smaller businesses often lack formal documentation or robust internal controls, requiring auditors to perform additional work to obtain sufficient evidence.

Reality gap

Whether Practice Note 28 will drive meaningful change will depend on how firms embrace, interpret and apply it in real-world audit engagements.

While it encourages auditors to exercise professional judgment and to scale procedures appropriately, in reality, inspection pressure may continue to drive conservative behaviour.

‘Auditors have an instilled fear that scaling ISAs to be conducive to the size, nature and complexity of a client is a bad thing that will result in them being frogmarched to the disciplinary committee,’ Collings says.

This, he adds, can directly impact audit documentation because some auditors question whether they have too little or too much to address the ‘sufficient and appropriate’ requirement for audit evidence. ‘Auditors of SMEs are still likely to use audit programmes and checklists to ensure their audit documentation can stand up to scrutiny.’

Root causes remain

As a result, there is a risk that the FRC guidance simply reframes existing requirements rather than reduces the overall audit burden. The central question remains whether guidance alone can address deeper structural issues within the auditing framework.

‘The root cause of issues with application of the ISAs to SME audits lies in the increasing complexity of the ISAs themselves, and developing a practice note will not help address this,’ says Neil Barton, partner at Forvis Mazars.

His concern reflects a broader frustration across the profession. Although ISAs (UK) are designed to be principles-based and scalable, many auditors argue that their increasing length and complexity – driven in part by a focus on public interest entities – has made them harder to apply to SMEs in practice.

‘Many of the ISAs are simply overkill for smaller entities,’ Collings says. This is especially the case, he says, for ISAs 240 (fraud), 315 (risk identification) and 570 (going concern). ‘Even with Practice Note 28 and the scalability provisions within the ISAs themselves, many auditors are still going to rely on a tickbox approach.’

Dedicated standard

Many in the profession see a dedicated SME audit standard as a more fundamental solution, although the FRC has so far refused to adopt the ISA for Less Complex Entities (ISA for LCE) issued by the IAASB as an ISA (UK).

Barton supports ISA for LCE in principle, but says Forvis Mazars has not adopted it at a global level because it does not sufficiently differentiate the work effort from that of the full ISA suite.

‘We believe that a high-quality standard of this nature would be beneficial in auditing SMEs in the UK. We support an ISA for LCE but not necessarily the ISA for LCE that the IAASB published, given the lack of differentiation,’ he adds. ‘What we need is a proper ISA for LCE that addresses the needs of an LCE audit and differentiates the work effort compared to the full ISA suite.’

However, the FRC has signalled that further reform is on the horizon, with its call for views on ISA for LCE and a proposed sandbox to explore how ISAs can be applied more proportionately.

‘Initiatives such as the sandbox are already fostering greater engagement between firms and the Financial Reporting Council … which should support more meaningful and sustainable change over time,’ Farrukh says.

An interim step

Developing and implementing a new ISA for LCE brings practical challenges, including cost, training and system changes. Farrukh suggests that Practice Note 28 may represent a more pragmatic interim step ‘while still leaving the door open to adopting ISA for LCE in the future’.

Practice Note 28 represents a clear attempt by the FRC to respond to concerns about SME audits. But the consensus among practitioners is that guidance alone may not be enough.

‘What we need is a proper ISA for LCE that addresses the needs of an LCE audit and differentiates the work effort compared to the full ISA suite,’ Barton says.

Until then, SME auditors may find themselves navigating the same fundamental challenges, albeit with a slightly clearer map.