Certain UK companies are required by law to have a statutory audit of their annual financial statements. This applies if the company exceeds size thresholds, is part of a regulated sector, or where it is a subsidiary of an overseas group that does not qualify as “small” under UK company law. In such cases, the UK subsidiary must be audited even if its own size would not normally require it. Statutory audits must be carried out by a registered auditor in accordance with International Standards on Auditing (UK), and the auditor’s opinion is filed with Companies House alongside the accounts.  

Beyond statutory audits, many companies choose to have internal control reviews carried out to assess the effectiveness of their financial reporting systems and compliance procedures. These reviews are not legally required but can highlight weaknesses in accounting systems, segregation of duties, and IT or operational controls that could expose the business to risk.  

Business process reviews extend this approach to operational efficiency and governance. They involve examining how key processes such as procurement, sales, payroll, and inventory management are designed and operated in practice. Findings can identify inefficiencies, control gaps, or compliance risks that, if addressed, may improve performance and reduce exposure to error or fraud.  

Other assurance engagements can also be undertaken to provide confidence to management, investors, lenders, or regulators. Examples include agreed-upon procedures, where specific checks are performed on areas such as grant claims, intercompany charges, or compliance certificates. These engagements do not result in an audit opinion but give stakeholders assurance over particular aspects of the business.  

All assurance work in the UK is governed by professional and ethical standards issued by the Financial Reporting Council (FRC). Companies should consider whether statutory obligations, group reporting requirements, investor expectations, or internal risk management objectives require audit or assurance reporting, and ensure that the appropriate level of review is obtained.