EOFY offer
90% off your plan for your first 6 months

Offer ends 30 June 2026. Terms apply.

Buy now

Audit

Learn what an audit is, who needs one in Australia and how to prepare your business.

Published Monday 22 June 2026

Table of contents

Key takeaways

  • An audit is an independent examination of your financial records, tax returns or business operations to verify accuracy and compliance with relevant regulations.
  • In Australia, large proprietary companies, public companies, registered charities above certain thresholds and self-managed super funds (SMSFs) are required to have an audit under the Corporations Act 2001 or other legislation.
  • Even if your small business isn't legally required to have an audit, a voluntary audit can strengthen credibility with investors, lenders and other stakeholders.
  • Keeping accurate, well-organised records throughout the year means your finances are ready when audit time arrives.

What is an audit?

An audit is an independent examination of financial records, tax returns, internal processes or operations to verify their accuracy and compliance with regulations.

The term "audit" most commonly refers to financial statement audits and tax audits. However, businesses may also encounter compliance audits, operational audits, internal audits and forensic audits depending on their industry and size.

Most audits are conducted by an independent, qualified auditor or audit firm. This independence is essential because it gives stakeholders confidence that the findings are objective. Even when a business initiates its own internal audit, it's good practice to involve an external party to maintain that objectivity.

Who needs an audit in Australia?

Australian audit requirements depend on the type, size and structure of your entity. Several laws and regulators determine whether your business needs an independent audit.

Under the Corporations Act 2001, the following entities generally require an annual audit:

  • Large proprietary companies that meet at least 2 of 3 financial thresholds set by the Corporations Act, covering consolidated revenue, gross assets and employee count
  • All public companies, regardless of size
  • Foreign-owned companies operating in Australia that meet certain reporting thresholds

Other entities with audit obligations include:

  • Registered charities with annual revenue of $500,000 or more, as required by the Australian Charities and Not-for-profits Commission (ACNC)
  • Incorporated associations, depending on state or territory legislation and revenue thresholds
  • Self-managed super funds (SMSFs), which must be audited annually by an approved SMSF auditor
  • Australian Financial Services Licence (AFSL) holders, who must lodge audited financial statements with the Australian Securities and Investments Commission (ASIC)

If your small business doesn't fall into any of these categories, you're unlikely to be legally required to have an audit. That said, you may choose to have one voluntarily for the benefits it offers.

Types of audits

There are several types of audits, each with a different focus. Understanding the differences helps you know what to expect if your business is subject to one.

Financial statement audit

A financial statement audit is an independent examination of your business's financial reports. The auditor checks whether your financial statements give a true and fair view of your financial position and comply with Australian Accounting Standards. Lenders, investors and regulators often rely on audited financial statements when making decisions.

Tax audit

The Australian Taxation Office (ATO) can audit your business's tax returns to check their accuracy. The ATO reviews tax returns, profit and loss statements and claimed deductions. Triggers can range from random selection to discrepancies in your returns. If selected, you'll need to provide supporting records for the figures you've reported.

Internal audit

An internal audit examines your business's own processes, controls and risk management practices. It's typically initiated by the business itself rather than an external regulator. Internal audits help you identify compliance gaps and strengthen controls before problems escalate.

Compliance audit

A compliance audit assesses whether your business is meeting the requirements of specific laws, regulations or industry standards. For example, a compliance audit might check adherence to workplace health and safety legislation or environmental regulations. These audits are common in heavily regulated industries such as finance, healthcare and construction.

Operational audit

An operational audit evaluates the efficiency and effectiveness of your business processes. Unlike a financial audit, it focuses on how well your operations are running rather than the accuracy of your financial records. The goal is to identify areas where you can improve productivity and strengthen controls.

Forensic audit

A forensic audit is a detailed investigation into financial records to detect fraud, embezzlement or other financial misconduct. Forensic auditors use specialised techniques to trace transactions, identify irregularities and gather evidence. The findings may be used in legal proceedings.

Audit vs review

An audit and a review are both forms of assurance engagement, but they differ in scope and the level of confidence they provide.

An audit provides reasonable assurance, which is the highest level of assurance available. The auditor performs extensive testing and verification of your financial records before forming an opinion on whether they're free from material misstatement.

A review provides limited assurance. The reviewer performs analytical procedures and inquiries but doesn't carry out the detailed testing involved in an audit. A review is less comprehensive and typically costs less than a full audit.

If your business isn't required to have a full audit, a review engagement may be sufficient. For example, medium-sized charities registered with the ACNC that have annual revenue between $250,000 and $499,999 are required to have a review rather than an audit. Your accountant can help you determine which type of engagement is appropriate for your situation.

The audit process

Understanding what happens during an audit can help you feel more prepared. While the specifics vary depending on the type of audit, most follow a similar structure.

  1. Planning: the auditor outlines the scope of the audit, identifies key risk areas and learns about your business operations and internal controls.
  2. Gathering information: the auditor works with you, your manager or your accountant to collect financial records, supporting documents and other relevant information.
  3. Evaluation: the auditor examines the gathered information to assess whether your financial records and processes align with the applicable standards, regulations or requirements.
  4. Audit report: the auditor provides a detailed report with findings and an opinion. For a tax audit, the ATO will either accept your return as filed or propose adjustments. In most cases, you have the opportunity to respond to findings and provide additional information.

Benefits of an audit

An audit delivers value beyond simply meeting a legal requirement. Even if your business isn't obligated to have one, there are practical reasons to consider a voluntary audit.

  • Compliance and error detection: an audit verifies that your financial records are accurate and compliant with relevant regulations, helping you catch errors or discrepancies before they become costly problems. According to the ATO, the small business income tax gap sits at $27.2 billion, driven in part by reporting mistakes, underscoring the role audits play in identifying and correcting errors.
  • Credibility with stakeholders: audited financial statements demonstrate transparency and reliability. This can strengthen your position when applying for loans, attracting investors or negotiating with suppliers.
  • Improved internal controls: the audit process often highlights weaknesses in your internal processes. Addressing these can reduce your exposure to fraud and improve day-to-day efficiency.
  • Better decision-making: verified financial data gives you a clearer picture of your business's performance, helping you make more informed decisions about growth, spending and strategy.

How to prepare for an audit

Good preparation makes the audit process faster and less disruptive. Here are practical steps you can take to get ready.

  • Keep your financial records accurate, complete and well-organised throughout the year so you're ready when audit time comes.
  • Reconcile your bank accounts, credit cards and other financial accounts regularly so your records match your actual balances.
  • Retain tax records for at least 5 years and check with the ATO for situations where records may need to be kept longer.
  • Document your internal policies and procedures clearly, and review them periodically to make sure they're up to date.
  • Conduct periodic internal reviews to identify and fix issues before the external auditor finds them.
  • Organise supporting documents such as receipts, invoices, contracts and bank statements so they're easy to locate when requested.
  • Communicate with your accountant or bookkeeper early in the process to clarify what the auditor will need and establish a timeline.

Simplify your audit preparation with Xero

Keeping your financial records audit-ready is easier when your accounting is organised and up to date. Xero's cloud-based accounting software automates bank reconciliations and expense tracking, so your records stay accurate with less manual effort.

With automated reconciliations and real-time collaboration with your accountant or bookkeeper, Xero helps you stay on top of your finances year-round. When audit time arrives, your records are already in order. Get one month free.

FAQs on audits

Here are answers to frequently asked questions about audits.

What does an auditor do?

An auditor independently examines your financial records, processes or tax returns to verify their accuracy and compliance with relevant standards. They provide a formal report with their findings and opinion.

How often do audits happen?

Most statutory audits happen annually, aligned with your financial year. The ATO can initiate a tax audit at any time, but these are typically triggered by specific flags in your returns.

What qualifications does an auditor need in Australia?

To audit a company under the Corporations Act, an auditor must be registered with ASIC as a registered company auditor. SMSF auditors must be registered with ASIC as approved SMSF auditors.

How long does an audit take?

The duration depends on the size and complexity of your business. A straightforward audit for a small business might take a few weeks, while larger or more complex audits can take several months.

What happens if you fail an audit?

An audit doesn't result in a pass or fail in the traditional sense. If the auditor identifies issues, they'll note them in their report, and you'll typically have the opportunity to respond, provide additional information or make corrections.

Related terms

Explore other terms related to audits and financial management.

Learn more about audits

Find more resources on audits and financial management for Australian small businesses.

Handy resources

Advisor directory

You can search for experts in our advisor directory

Find an advisor

Xero Small Business Guides

Discover resources to help you do better business

See all our guides and articles

Financial reporting

Keep track of your performance with accounting reports

Find out more

Disclaimer

This glossary is for small business owners. The definitions are written with their requirements in mind. More detailed definitions can be found in accounting textbooks or from an accounting professional. Xero does not provide accounting, tax, business or legal advice.