Statutory audits aren't one-size-fits-all—your industry and location dictate what you actually need, what it costs, and who can sign off on it. Understanding these rules before you hire an auditor saves you thousands in wasted compliance spend and keeps regulators happy. This guide breaks down the real requirements by sector and jurisdiction so you can find the right audit firm for your situation.
Financial Services Face the Strictest Rules
Banks, insurance companies, and investment firms operate under the heaviest audit burden. In the US, financial institutions typically require annual audits under the Gramm-Leach-Bliley Act, with audit costs ranging from $50,000 to $500,000+ depending on asset size and complexity. The UK's Financial Conduct Authority mandates audits for most regulated firms, often requiring Big Four or top-tier mid-market firms with specific banking credentials.
If you're in fintech or a smaller lender, don't assume you're exempt. Many regulators classify non-bank lenders as financial services, triggering the same audit standards. Your compliance team should confirm your actual regulatory classification before budgeting—misclassification can delay audits by months.
Manufacturing & Distribution: Commodity vs. Complexity
Manufacturing companies face variable audit requirements depending on size, shareholder structure, and geographic footprint. US manufacturers under $100M revenue typically need audits only if they have external investors or public debt, costing $15,000–$75,000 annually. Larger industrial firms with multiple locations often pay $100,000–$300,000 for consolidated audits that test inventory controls, asset depreciation, and supply chain documentation.
EU manufacturers exporting cross-border face additional requirements—many must comply with both home-country standards and customer-mandated audit protocols. If you supply major retailers or automotive OEMs, audit scope often expands significantly.
Non-Profits: Stricter Than You'd Think
Charities, foundations, and NGOs aren't exempt just because they're non-profit. In the US, organizations with over $250,000 in annual revenue typically require an audit under state charity laws, costing $8,000–$40,000 depending on complexity. The UK's Charity Commission mandates audits for charities with income exceeding £250,000, and many require specific charity audit specialists.
If you handle government grants or donor funds, expect more stringent audit trails—auditors will test whether restricted funds were spent per agreement. Budget an extra 20–30% in audit hours if your income comes from public sources.
Tech & SaaS: Compliance Creep
Software companies often underestimate statutory requirements. If you take venture funding, your investors typically require audits even below $10M revenue (costs: $20,000–$60,000). Public SaaS firms face SEC audits, SOX compliance, and quarterly financial reporting—expenses jump to $500,000+. Many SaaS firms also deal with customer-mandated SOC 2 audits, which run $15,000–$50,000 separately.
Cloud and AI companies increasingly face data residency audits, especially if you serve EU or regulated clients. Your auditor needs technical depth here—not all firms can competently assess data controls or model governance.
Key Differences by Jurisdiction
United States:
- SEC rules apply above $10M market cap
- State-level requirements vary; incorporate your audit timeline around December 31 filing deadlines
- Expect 8–12 weeks from fiscal close to final report
United Kingdom:
- Companies House thresholds: audits required if two of three metrics exceed limits ($12.9M turnover, $6.5M balance sheet, 50+ employees)
- Large private companies often need audits even below thresholds if they're part of a larger group
- Regulatory deadlines are tighter: 3–4 months from year-end
Canada:
- CCRA and provincial rules vary by incorporation type
- Private company exemptions exist but trigger if you exceed $10M revenue or have non-resident shareholders
- Audit costs typically 10–15% lower than US equivalents
Australia:
- ASIC requires audits for companies with revenue over AUD $50M or public interest designation
- Not-for-profits and charities have lower thresholds at AUD $1M
What to Look for in an Audit Firm
Before engaging, verify three things: industry experience (ask for client references in your sector), technical team seniority (at least 50% of hours from staff above associate level), and fee transparency (fixed-fee quotes save surprises). Get proposals from 2–3 firms; pricing can vary 40% for identical scope.
Mercoly helps you compare and hire trusted Audit & Assurance providers side-by-side, making it easier to evaluate credentials and find the right fit for your jurisdiction and industry.
Frequently Asked Questions
Q: Do I really need a statutory audit if I'm profitable and have no debt? A: Not necessarily—it depends on your jurisdiction's size thresholds and shareholder structure. Check your local regulatory agency's exemption rules; many small private companies qualify for relief, but the rules are specific.
Q: Can I use the same auditor across multiple countries? A: Only if they have licensed practitioners in each jurisdiction. Most Big Four firms can do this; smaller firms often partner locally, which can add 2–3 weeks to consolidation timelines and complexity.
Q: What happens if we don't get audited but are supposed to? A: Penalties range from $5,000 fines to forced director disqualification and criminal charges in severe cases. Regulators take this seriously—self-report early if you've missed requirements.
Compare audit providers today and find the right firm for your industry and jurisdiction.