Hot topics and tips for 2026 audits

Although there aren’t many new rules and regulations for auditors to consider for 2025 and 2026 year-ends, there are plenty of recent developments and common challenges to think about. These made for some lively discussions during the faculty’s November 2025 webinar on hot topics and tips for 2026 audits. This article focuses on some of the key areas explored in the webinar recording, with links to related ICAEW resources.

Revisions to company and LLP size limits

Auditors are reminded that the much-heralded changes to company size limits in the UK, introduced by Statutory Instrument 2024/1303, took effect for periods commencing on or after 6 April 2025. This will result in a significant number of medium-sized entities becoming small and potentially audit exempt.

The two-year rule can sometimes result in companies having to wait longer than they would like to before taking advantage of small company exemptions. However, the transitional rules for the statutory instrument’s application mean that this is unlikely when the new thresholds are first applied. ICAEW’s updated technical helpsheet – Is a company or group small? – will help auditors to navigate these changes, as will this Insights article on company size thresholds.

Revisions to ISA (UK) 505

The Financial Reporting Council’s revised ISA (UK) 505 External Confirmations took effect for periods commencing on or after 15 December 2024. The revised standard is not expected to be particularly contentious as it largely codifies existing good practice and updates it by making specific reference to confirmations by electronic or other media.

However, some of the discussions during the faculty webinar focused on the fact that entities manage their money in more diverse ways these days, which can make application of the ISA, even in its revised format, challenging. 

One such challenge exists for the audit of entities that use cash deposit platforms, which give them access to a range of savings accounts from multiple banks through a single software application. These platforms are sometimes also known as banking aggregators. Although some webinar participants indicated that such cash deposit platforms do provide confirmations, auditors should consider whether further procedures are needed to corroborate the information provided, for example by logging into the system and checking that the information included is consistent with the confirmation obtained.

Approaches to group audits

Although well-established, the revised ISA (UK) 600, Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) sparked a lot of debate during the webinar.

One area of discussion was the determination of component performance materiality (CPM). CPM reflects aggregation risk, which for many auditors is initially based on the number of components in the group. If a group is evenly split between, say, eight components and the group performance materiality (PM) is set at, say, 85% of group materiality, CPM would be set at a lower percentage of this (such as 60% of group PM). Alternatively, if most of the group results came from one or two broadly similar components, CPM might be as high as 90% of group PM. If the components weren’t as similar, the group auditor might use different CPMs for each one.

For a wholly UK group, CPM for a subsidiary undertaking might be the same as the performance materiality figure used for the undertaking’s own statutory audit. However, this will not be the case where, for example, a UK subsidiary is audit exempt as a result of using the S479A guarantee – or where a non-UK subsidiary does not need an audit in its own jurisdiction.

Care also needs to be exercised in relation to aggregation risk in other situations. A CPM figure lower than that used for a subsidiary’s statutory audit might be necessary where intra-group transactions and balances result in group figures being materially lower than those reported in the subsidiary undertaking’s own financial statements.

Another consideration is the danger of basing component materiality on the size of a component. This can result in over-testing in very small components, while more significant misstatement risks are less well addressed.

Taking the above into account, group auditors should stand back and carefully consider whether the CPM figures are set at an appropriate level to allow the group auditor to address the aggregation risk and to identify material misstatements at the group level.

Approaches to component audits

Many smaller firms are more often the component auditor than the group auditor. While the majority of ISA (UK) 600 requirements focus on the responsibilities of the group auditor, it is important that component auditors are familiar with those requirements and understand their responsibilities in the group audit.

Appreciating the need for group auditors to really ‘own’ the group audit will, for example, make it easier for a component auditor to better understand the group auditor’s requests and why these are likely to become more demanding. 

Component auditors may find that the level of engagement from group auditors varies widely. A proactive approach from component auditors can help to minimise problems. The last thing a component auditor needs is to sign off locally, only for the group auditor to decide that sufficient appropriate audit evidence hasn’t been gathered, with this then triggering a need for more work to be performed.

There is some excellent guidance for component auditors in ICAEW’s recently updated publication on auditing in a group context and a hub of practical resources on Auditing groups of companies. 

Ethical hot topics

Ethical issues arising from the provision of non-audit services continue to present challenges for firms. The webinar discussed a scenario in which a firm maintained the accounting records for a small property group in Excel, which were then used to produce financial statements that the firm audited. 

In this scenario, a key paragraph in the FRC’s Revised Ethical Standard 2024 is paragraph 5.52, which prohibits a firm designing, providing or implementing information technology systems for an entity relevant to an engagement where these would be important to any significant part of the accounting or financial management system or to the production of the financial statements audited by the firm. 

Paragraph 5.53 goes on to state that relevant services would include the storing, managing or hosting of data, for example where the firm acts as the only access to such an entity’s financial or non-financial information.

Although, based on paragraph 5.54, the maintenance of information in the way described above is acceptable in the course of an audit, or to enable the provision of a permissible service, care should be exercised. Whether a firm is maintaining records to provide accounting, payroll or company secretarial services, entities should be able to access the underlying information, or at least periodically be given a copy of it.

This should be done whenever records are updated to ensure that the entity has access to the most current information. The firm should also be careful not to initiate transactions, as this is prohibited. For example, assigning a purchase invoice to the appropriate nominal code requires the auditor’s judgement, and the entity must guide the firm on how to record these postings.

Sample sizes

The webinar also covered the commonly discussed topic of sample sizes and made clear that auditing standards do not prohibit the use of sample size caps.

According to ICAEW’s Quality Assurance Department (QAD) and cold file reviewers, both regularly see weak justifications for substantial reductions in sample sizes generated from calculators embedded within commonly used audit methodologies. 

This is an area where careful thought is needed by auditors. Risk assessment, relevant assertions and other audit evidence will all help the auditor to arrive at an appropriate size for a sample – and any cap. 

Use of auditor judgement is a key consideration in determining sample sizes and sometimes standard calculators are overused. However, whatever sample size the auditor ends up with, clear documentation of the basis for the judgement applied will always be crucial to an external reviewer of a file.

Peter Herbert, Director, Insight Training