Audit Practice Note 28: A proportionate approach to audits of SMEs

In March 2026, the Financial Reporting Council (FRC) issued Practice Note 28 (PN 28), Guidance for audits of small and medium-sized entities (SMEs), to address concerns that the application of auditing standards to SME audits has become disproportionately burdensome in practice.

PN 28 is intended to support auditors in applying International Standards on Auditing (ISAs) (UK) in a way that is scalable, proportionate and effective, while maintaining audit quality. 

The FRC hasn’t specified an effective date for PN 28, so it’s immediately available for auditors to apply. 

Purpose and status

PN 28 doesn’t amend or replace ISAs (UK). Instead, it provides guidance on the opportunities for scalability and proportionality that are available within the auditing standards, and how existing audit approaches can be better tailored to SME audit engagements. 

Extensive examples have been included within the PN to illustrate how ISAs (UK) can be applied in a proportionate, risk focused way, and to help auditors apply professional judgement to focus on what is relevant and significant to the particular engagement. 

The FRC’s approach is predicated on the view that ISAs (UK) are scalable and can therefore be applied to the audits of SMEs. 

As with other FRC practice notes, PN 28 is persuasive rather than prescriptive, but it’s indicative of good practice and has the potential to influence audit methodologies and clarify the FRC’s expectations of auditors and the supervisory bodies, including ICAS, with regards to audits of SMEs. 

Scope of PN 28 

Although PN 28 is framed by reference to SMEs, it doesn’t provide any size criteria. Instead, it states that: 

“The principles developed in this PN may be applied to any small and medium-sized entity regardless of its size, provided that the entity exhibits no or limited indications of complexity.” 

This means that professional judgement is needed to assess whether an audit falls within the scope of the practice note and there’s guidance within PN 28 to assist with this judgement. For example, the following are given as qualitative indicators that an SME may be less complex: 

• Ownership and/or control of the entity is concentrated in a small number of individuals (sometimes a single individual) who are actively involved in managing the business. 
• The operations are uncomplicated with few activities and sources of income. 
• Business processes and accounting systems are simple. 
• Internal controls are relatively few and may be informal. 

However, we wouldn’t expect PN 28 to be applied to audits of entities which meet the Companies Act 2006 size criteria for a large entity, even if they aren’t a company. Also, we wouldn’t expect it to be applied to complex aspects of an SME audit. 

Paragraph 11 of PN 28 is important as it highlights that guidance within the PN can still be used where a less complex entity has a complex characteristic: 

“Some entities may be judged to be less complex overall, but to have a particular characteristic that’s determined to be complex from an auditing perspective. For example, there may be a complex accounting estimate to address, or a new accounting standard to adopt. The existence of such a characteristic doesn’t preclude the application of the guidance in this PN in relation to the other aspects of the audit that are not complex.” 

PN 28 views the following entities as those most likely to exhibit these qualitative indicators: 

• Small and medium-sized companies within the Companies Act 2006 thresholds. 
• Entities undertaking voluntary audits. 
• Subsidiaries with limited activities. 
• Smaller charities. 
• Subsidiary undertakings within a group structure that engage in a limited range of activities. 
• Group undertakings with simple structures and limited complexity within individual components. 

The application of PN 28 to charity audits

‘Smaller charities’ aren’t defined within PN 28 and there’s no charity law definition. However, it would seem reasonable to consider that a charity, including a non-company charity, which meets the Companies Act size criteria for being medium-sized could exhibit qualitative indicators that make it less complex. 

The Charities SORP 2006, defines ‘larger charities’ as those with gross income of over £500,000 per annum, meaning that the SORP views ‘smaller charities’ as those with an income of £500,000 or less. Given that charities with an income of £500,000 or less are unlikely to require an audit by law, it would be reasonable to assume PN 28 doesn’t intend to constrain the application of PN 28 to charities considered to be ‘smaller’ by the Charities SORP or to those choosing to have an audit. 

It’s worth noting that, in making a judgement about the application of the practice note to a particular charity audit, emphasis should be placed on the qualitative aspects of complexity, rather than strict financial or legal criteria, when determining which entities may be within its scope. 

As with the audits of other SMEs, professional judgement will therefore need to be brought to bear on the application of this practice note to the audits of charities. 

Charity auditors should also consider the guidance in the FRC’s Practice Note 11 (PN 11) (Revised): The audit of charities in the UK (November 2017). PN 11 applies to all charity audits and isn’t restricted to charities of a particular size. 

PN 11 reflects: 

• ISAs (UK) effective for the audit of financial statements with reporting periods commencing on or after 17 June 2016; it has not been updated for subsequent changes to ISAs (UK). 
• The version of FRS 102 and the Charities SORP (FRS 102) extant at the time of publication. 
• Guidance issued by UK charity regulators at the date of publication. 
• Legislation in place at the date of publication. 

It’s based on the legislation and regulations published as at 31 October 2017. Therefore, care should be taken when referring to the material in PN 11 as it’s necessary to ensure that legislation and ISAs (UK) relevant to the reporting period of the charity being audited are complied with. For example, various ISAs (UK) have been revised since Practice Note 11 was issued. 

Key audit areas covered by PN 28

The guidance within PN 28 follows the audit lifecycle and highlights several areas where proportionality is particularly relevant: 

• Planning and materiality. Materiality should be determined with regard to the needs of financial statement users, who may be a narrower group in the SME context. This means that it may be reasonable to apply a higher materiality. 
• Risk identification and assessment. Risk assessment remains fundamental but may be less elaborate where the number and nature of risks are limited. For example, the PN states that for many audits of SMEs there may be no significant risks other than that from ‘management override’. In charities within scope, this may involve targeted attention on the audit of specific income streams such as donations or grants. 
• Internal controls. PN 28 acknowledges that smaller entities often operate with limited segregation of duties and informal internal controls. Auditors may therefore place greater reliance on substantive procedures, provided their approach remains risk based. The PN also states that in many audits of SMEs the auditor may identify no risks of material misstatement, (other than ‘management override’) which require evaluation of control design and implementation. 
• Key areas of professional judgement. PN 28 pays attention to areas where professional judgement is particularly important, including going concern assessments; accounting estimates; and fraud risk. 

Audit documentation: focusing on what matters 

PN 28 places an emphasis on proportionate audit documentation. The FRC recognises that audit files for SMEs have often become unnecessarily extensive. The PN makes clear that documentation should focus on significant matters and key judgements, rather than exhaustive procedural detail. 

Audit documentation will be key to demonstrating audit quality. Firms applying PN 28 to SME audits should therefore consider how their approach to documentation meets the expectations of both the firm’s internal and external quality control arrangements. 

Conclusion

Practice Note 28 reinforces that proportionate auditing is both appropriate and expected, but only where justified by the characteristics of the entity. 

For practitioners, this requires an initial and ongoing judgement as to whether an audit engagement falls within the less complex environment envisaged by PN 28. Where it does, the practice note seeks to provide a framework for delivering audits efficiently and effectively.