You Don't Need to Be Big to Get Audited

Audit attention often follows risk, not size. In Malaysia, statutory rules under the Companies Act 2016 mean every company must appoint an auditor each financial year unless an exemption applies under Section 267(2). Small private firms can still draw scrutiny if records or compliance raise flags.

This guide sets expectations for founders and directors of Sdn. Bhd. entities. It explains when audits apply, what auditors review, and how SSM’s exemption framework operates in practice. Clear, defensible books remain essential even when a statutory audit is waived.

Practical preview: new rules from 2025 introduce phased thresholds and timing tied to financial year starts. The article will cover staying eligible as a company grows, what must be lodged with SSM, and typical LHDN expectations for tax filings.

Key Takeaways

Audit risk is driven by compliance and records, not just company size.
Statutory audit exemptions exist but do not replace good accounting.
2025 changes add qualifying thresholds and phased timing rules.
Directors must know filing duties with SSM and common LHDN expectations.
Practical checks help preserve exemption status as revenue or assets grow.

Why Small Businesses in Malaysia Still Get Audited

Perceived financial risk—not size—often drives requests for audited accounts. An audit raises confidence in financial statements when outsiders rely on numbers to make decisions.

Who asks for audits and why? Banks, investors, franchisors, and other stakeholders may require audited statements to lower their risk level before lending, investing, or signing contracts.

Accountability, duties, and common pressure points

Directors remain responsible for accurate records and regulatory compliance even when operations are simple. Good governance prevents problems later.

Typical triggers for audits include credit applications, vendor onboarding, share restructures, and preparing a sale. These events raise the practical need for verified accounts.

Trust through clean records

Clear bookkeeping, consistent policies, and transparent transactions build trust and reduce friction when stakeholders request assurance.

Remember: audit exemption is a policy tool to reduce costs for SMEs, not a license for casual reporting. Maintaining tidy financials keeps options open and lowers the chance of surprise audits.

What an Audit Actually Covers in Your Financial Statements

Auditing looks beyond totals: it verifies the transactions and controls that produce the figures.

What auditors look for in statements, records, and controls

Auditors test whether financial statements are fairly presented and prepared under applicable accounting standards. They seek supporting information for balances and disclosures.

Evidence reviewed includes invoices, bank statements, contracts, payroll summaries, and reconciliations. Sampling and testing validate that transactions posted to the statement reflect real activity.

The difference between errors, misstatements, and fraud indicators

Errors are typically accidental omissions or calculation slips. Misstatements become serious when they are material, even without intent.

Fraud indicators are red flags: missing source documents, altered records, unexplained entries, or control overrides. When such signs appear, auditors expand testing and seek extra evidence.

Why management matters: auditors rely on management representations and explanations, but independent support is required. Better controls and cleaner records reduce audit adjustments, shorten audit time, and lower the risk of adverse findings.

Malaysia’s Baseline Rule Under the Companies Act 2016

The Companies Act 2016 sets a clear baseline: a company should engage an auditor each financial year unless an exemption applies.

Operationally, “default” means: unless a private company fits an exempt category and formally elects that status, an audit will apply for the relevant years. Treat appointment of an auditor as the starting assumption when preparing annual accounts.

The Registrar’s power under Section 267(2) provides the legal bridge for SSM to publish exemption criteria. That power allows authorities to create category-based rules and practice directives that describe who may skip an audit.

Key points:

Exemptions are category-driven and follow published criteria, not ad hoc approvals.
Eligibility must be checked each year, since revenue, employee count, or asset growth can change status.
Even when exempt, basic compliance and record-keeping remain essential.

This framework gives small companies a practical path to lower audit costs while keeping accountability. The next section explains how SSM implements those exemption rules in practice.

How the SSM Audit Exemption Framework Works

Policy makers introduced an exemption regime that balances cost relief with ongoing accountability.

Why the exemption exists

The audit exemption aims to cut compliance costs for micro and small private companies while keeping responsible record-keeping in place. Eligible smes may save on statutory audit fees and redirect funds toward operations and growth.

When it began and why it matters

The framework has been in effect since 4 August 2017. It matters because many small businesses still face heavy compliance burdens that affect cash flow and agility.

Industry context and practical impact

Malaysia has far more active companies than approved auditors. As of 30 Nov 2024 there were 689,134 active companies and 1,947 approved auditors. That equals about one auditor for every 354 companies.

Metric	Count	Meaning for smes
Active companies	689,134	High demand for audit services
Approved auditors	1,947	Limited audit capacity
Auditor : company ratio	1 : 354	Tighter deadlines, higher fees

Limited capacity can raise costs and slow reporting for small firms. The exemption helps eligible companies avoid mandatory statutory services while keeping financial information credible.

Next step: even when exemption applies, certain stakeholders may still request audited financial statements for assurance.

You Don’t Need to Be Big to Be Audited

External reliance, not company scale, frequently drives demands for an auditor’s sign-off.

“Exempt from audit” doesn’t mean “exempt from accountability.”

Accurate financial information, supporting documents, and simple internal controls remain essential. Management must keep clear records that can be produced when stakeholders ask for verification.

How stakeholders use audited financial statements for assurance

Lenders use an audit to assess repayment capacity and loan risk. Investors seek confidence in governance and future forecasts.

Business partners or franchisors often request an independent report before signing agreements. An audit provides standardized assurance that closes information gaps.

Unaudited accounts are not always distrusted. Still, outsiders may ask more questions, request additional schedules, or apply stricter terms when assurance is absent.

Stakeholder	Purpose	Typical request
Bank	Assess credit risk	Audited financial statements, cash flow projections
Investor	Evaluate governance	Audit report, management explanations
Partner	Confirm stability	Financial information, audited financial or extra schedules

Later sections explain how to lodge documents with SSM and keep exemption status while meeting stakeholder assurance needs.

New Audit Exemption Criteria Starting With Financial Periods From 2025

From 2025, eligibility for skipping a statutory audit depends on when a company’s financial period begins, not when reports are filed.

When the new criteria become applicable

Timing rule: the audit exemption criteria apply according to the start date of the annual period. If the annual period commences on or after 1 January 2025, PD 10/2024 governs eligibility.

Conversely, PD 3/2017 still applies for annual periods that commence on or before 31 December 2024. Submission date or year‑end alone does not change which policy applies.

How PD 10/2024 and PD 3/2017 work across start dates

Simple examples clarify the difference:

Company A starts its year on 1 Jan 2025 — PD 10/2024 applies for that annual period.
Company B starts on 1 Oct 2024 and ends 30 Sep 2025 — PD 3/2017 applies because the period commenced in 2024.
Company C starts on 1 Apr 2025 — PD 10/2024 is the controlling guidance.

Plan ahead: directors should review eligibility before year‑end. The “current and past years” assessment uses measured results at specified dates, so early threshold tracking matters.

Track thresholds early when revenue growth is expected. This allows a deliberate choice: elect audit exemption or proceed with an audit. Next, the numeric thresholds for the phased approach (2025–2027) outline the compliance checklist.

Audit Exemption Thresholds for Revenue, Total Assets, and Employees

Thresholds set clear cutoffs that determine if a private company can skip a statutory audit in a given period.

Phase thresholds (turnover / total assets / employees):

Phase (start date)	Turnover	Total assets	Employees (number)
2025 (1 Jan–31 Dec 2025)	RM1,000,000	RM1,000,000	10
2026 (1 Jan–31 Dec 2026)	RM2,000,000	RM2,000,000	20
2027 onward (from 1 Jan 2027)	RM3,000,000	RM3,000,000	30

How the “meet at least two of three” rule works:

If turnover and employees are under the thresholds, the exemption applies even when assets exceed the cap.
If assets and turnover meet the limits, a slightly higher headcount will not block eligibility.
Meeting any two criteria across revenue, assets and employees secures the exemption for that qualifying year.

Assessment window: eligibility is judged using the current year plus the immediate past years as required by the guidance. This rolling check prevents short-term dips from creating a false sense of security.

“Losing eligibility affects future years, but qualifying years remain exempt.”

Planning checklist: track monthly revenue run-rate, keep a year-end asset list for big purchases, and adopt a consistent method to count employees. Forecast growth so thresholds are not crossed by surprise.

Which Companies Are Excluded From Audit Exemption

Certain private companies cannot use the audit exemption, regardless of size or turnover.

Excluded categories at a glance

Subsidiaries of public companies — these companies are not eligible for the audit exemption.
Foreign companies operating locally — cross‑border reporting rules remove eligibility.
Exempt private companies that lodge an EPC certificate instead of financial statements.

Why subsidiaries of public companies are treated differently

Subsidiaries of public groups fall under higher public‑interest expectations. Group reporting and investor transparency require stronger oversight.

This higher baseline protects stakeholders and supports consolidated reporting for the parent company.

Foreign companies and other excluded categories

Foreign structures face extra regulatory checks and are generally outside the exemption framework. That reflects the need for consistent cross‑border reporting and local compliance.

How EPC lodging affects company accounts

An exempt private company that files an EPC certificate cannot also elect the exemption under PD guidance. If the same company instead lodges unaudited company accounts, it may qualify when criteria are met.

So what this means: the chosen lodgment path changes what documents are prepared and which accounting rules apply. Even without a statutory audit, solid accounting and adherence to accounting standards preserve credibility and ease future financing.

Excluded Category	Main Reason	Practical Impact
Subsidiary of public company	Investor and group reporting needs	Must prepare audited statements per group policies
Foreign company	Cross‑border reporting & local rules	Additional filings; no exemption
Exempt Private Company (EPC) with EPC certificate	Files certificate instead of accounts	Cannot elect audit exemption; alternative lodgment required

Dormant Companies and Audit Exemption

A dormant company may qualify for relief when activity has been minimal across defined reporting periods.

What “dormant” means in practice: companies with no significant accounting transactions, no active trade, and only minimal movements for maintenance qualify. This status covers firms dormant since incorporation or dormant in the current financial year and the immediate past years under the framework.

Common pitfalls: the dormant position can be broken by issuing invoices, paying salaries, signing new contracts, or recording operational expenses beyond upkeep. Such actions may trigger an audit or remove exemption eligibility.

Practical benefits and governance habits

Eligible companies can reduce costs and administrative time through the exemption. Still, good records are essential if the company plans to reactivate later.

Document board resolutions that confirm dormant status.
Keep a clean bank account trail showing minimal transactions.
Review activity at year‑end so the dormant test for years is clear.

Next step: follow SSM lodgment rules even when exempt and maintain basic compliance to avoid surprises in future audits.

What to Lodge With SSM When You Elect Audit Exemption

Choosing audit exemption changes the lodgment path, not the record-keeping standard.

Exact lodgment set: a company must lodge unaudited financial statements, a directors’ report, and a certificate of compliance. These items are required under Section 254 of the Companies Act 2016 and form the official submission to SSM.

Timing rules and the 30-day requirement

Prepare and finalise the financial statements and directors’ report according to Companies Act timelines.
Circulate the statements and report to members as required.
Lodge the package with SSM within 30 days of circulation.

Approved standards and practical filing notes

Statements lodged must follow applicable approved accounting standards. Compliance with accounting standards is mandatory even when no auditor signs off.

MBRS practicalities: submission via MBRS is the usual route. Expect service provider fees; a common estimate is around RM1,000 depending on scope.

What good unaudited accounts look like: reconciled bank balances, clear fixed asset lists, proper revenue recognition, and defensible accruals. These elements make the information credible for stakeholders and regulators.

financial statements

Document	Purpose	Deadline
Unaudited financial statements	Present company performance and position	Within 30 days after circulation
Directors’ report	Explain operations, risks, and decisions	Circulate with statements
Certificate of compliance	Confirm statutory requirements met	Include in SSM lodgment

Election of exemption shifts who verifies accounts; it does not remove the obligation to prepare accurate accounts.

How to Elect Audit Exemption Without Filing a Separate Application

A company may claim audit relief simply by meeting PD 10/2024 thresholds and recording the decision.

What electing should look like inside the business

No separate SSM form is required. Eligibility flows from meeting the thresholds and formally electing that status at board level.

Document the choice with a directors’ resolution that cites the assessment date. Attach calculation schedules for turnover, assets, and headcount.

Governance steps and working papers

Record a directors’ resolution and circulate it to management and the finance team.
Keep a working paper file with monthly run‑rates, asset lists, and staff counts for current and prior years.
Issue clear instructions to external accountants or internal finance about lodgment and statement preparation.

Why some companies still hire an auditor: voluntary audit services provide external assurance for lenders, investors, or partner checks. A timely audit can be cheaper than delays from funding hurdles or repeated due diligence.

“Electing relief does not remove the duty to prepare accurate accounts; robust records make any future audit faster and cheaper.”

Action	Purpose	Who signs off
Directors’ resolution	Formal election and record	Board
Threshold working papers	Evidence for eligibility	Management & finance
Voluntary audit	Extra assurance for stakeholders	Engaged auditor

Next: reconcile how this choice affects tax filings and LHDN expectations in the following section.

Income Tax and LHDN: Do You Still Need Audited Accounts?

Tax filings follow a different legal path than company registrations, and that split matters for small firms.

How the two regimes link

SSM enforces company lodgments under the Companies Act. LHDN enforces income tax under the Income Tax Act 1967. The legal hooks differ, so meeting one set of rules does not automatically satisfy the other.

Practical position from the tax authority

LHDN’s audited-accounts rule sits in subsection 77A(4) of the Income Tax Act 1967 and is separate from Companies Act duties. LHDN announced that if a firm is not required to submit audited accounts to SSM, subsection 77A(4) would not apply. That means many exempt companies may file tax returns without an audit report.

Filing with management accounts and Form C

In practice, many SMEs submit Form C using final management accounts. Ensure the accounts reconcile to tax schedules and that supporting information is available if tax authorities ask.

Remember: exemption from SSM audit does not remove the need for substantiation. LHDN can query deductions, related-party items, or unusual movements and request supporting documents.

For complex facts—group structures, incentives, grants—confirm directly with LHDN or a licensed tax agent for tailored guidance.

When audit relief applies for company filings, maintain clear books so tax questions can be answered quickly.

How to Count Employees for the Thresholds

A clear headcount snapshot at financial year‑end determines whether the employee threshold is met.

Full‑time employee definition under PD 10/2024

Exact test: a paid worker who works not less than 6 hours per day for at least 20 days in a month, or at least 120 hours in a month.

Who is included and who is excluded

Include local and foreign staff, contract workers, and probationary employees when tallying the employee number.

Exclude directors and shareholders even if they work full time. Also exclude unpaid or irregularly paid family or friends.

Practical tracking methods to avoid mistakes at year‑end

Maintain a monthly headcount register linked to payroll. Reconcile the register with EPF/SOCSO records where applicable.

Centralize employment contracts and run a short year‑end confirmation to capture the exact number at the end of the financial period. This helps meet the thresholds and avoids compliance issues later.

Method	Owner	Frequency
Headcount register	HR / Finance	Monthly
Payroll reconciliation	Payroll officer	Monthly
Year‑end snapshot & sign‑off	Directors & HR	Once per financial year

“Accurate headcounts protect an exemption claim and reduce surprises when accounting and compliance checks occur.”

When an Audit Still Makes Sense Even If You Qualify for Exemption

Meeting regulatory thresholds is only part of the story; practical financing and contracting often demand external verification.

Bank loans and investor checks

Banks and lenders commonly require audited financial statements as part of credit approval. They use the report to assess cash flow quality, covenant comfort, and the sustainability of earnings.

Investors rely on the same evidence when valuing risk and negotiating terms. An audit shortens due diligence and can unlock higher limits or lower interest rates.

Other commercial and grant demands

Franchisors, major suppliers offering trade credit, and many grant bodies insist on audited accounts for transparency. These parties treat an independent report as assurance that figures are reliable.

Governance and performance benefits

An external audit often surfaces control weaknesses and process improvements. Recommendations improve month-to-month performance tracking and reduce leakage.

Consider cost vs value: an audit can pay for itself by speeding up funding or improving loan terms.
Decision rule: plan an audit if expansion, fundraising, or large contracts are likely in the next 12–24 months.

“An audit can be a strategic investment that converts statutory relief into real commercial opportunity.”

Understanding Audit Reports and the Four Types of Audit Opinions

Audit opinions act as a traffic light for financial trust: green, amber, or red depending on findings.

What an audit report is: a formal communication by an auditor that states whether the financial statements audited are fairly presented under the applicable reporting framework. This report gives assurance to lenders, investors, and partners about reliability.

audit report

Unqualified (clean) opinion

An unqualified opinion means the auditor found no material misstatements. The report signals strong confidence in the company’s controls and disclosure. Lenders and partners treat this outcome as clear assurance for credit and deals.

Qualified opinion

A qualified opinion arises when a material issue exists but is not pervasive. Examples include one area with missing evidence or a single account misstated. The auditor reports the exception while confirming the rest of the financial statements audited are acceptable.

Adverse opinion

An adverse opinion means material and pervasive misstatements make the statements unreliable. This outcome severely affects creditor confidence, may breach covenants, and often restricts access to capital.

Disclaimer of opinion

A disclaimer occurs when auditors cannot obtain sufficient evidence and cannot form an opinion. The result creates serious red flags for stakeholders and can trigger extra due diligence or refusal of financing.

“Understanding these opinions helps directors anticipate how audit outcomes can affect negotiations, covenants, and reputation.”

Opinion	Meaning	Practical impact
Unqualified	Fairly presented	Higher trust; easier access to finance
Qualified	Limited issue	Clarify and correct; some lender questions
Adverse	Not reliable	Loss of confidence; financing constrained
Disclaimer	No opinion	Serious red flags; additional checks

Audit Findings That Trigger Action: Criteria, Condition, Cause, Consequence

A finding should map what was expected, what was found, why it happened, and what it means.

How auditors structure findings so issues become fixable

Auditors frame each finding using four parts: criteria, condition, cause, and consequence.

Criteria state the standard or expectation. Condition records the observed state. Cause explains why the gap appeared. Consequence describes the impact on reporting or controls.

Building corrective action plans that reduce repeat findings

Findings matter because they give management a plan, not just a critique.

Assign an owner and deadline for each corrective step.
List measurable actions and the evidence that will show completion.
Schedule a follow‑up review to verify improved performance.

Example for SMEs: missing supporting invoices (condition) vs. recordkeeping rules (criteria), caused by informal approval flows (cause), leading to tax delays and extra fees (consequence).

“Treat findings as a roadmap for continuous improvement rather than a one‑off checklist.”

Element	What it shows	Practical step
Criteria	Expected standard	Document policies and cite the standard
Condition	Observed issue	Record sample evidence and dates
Cause	Root reason	Identify process or resourcing gaps
Consequence	Impact on reports	Quantify risk and cost

Conclusion

Stakeholder reliance on credible financial records drives most audit demands for smaller businesses.

, The central takeaway: in Malaysia, audits respond to risk, legal duty, and outside needs rather than mere company size. Companies Act 2016 sets the baseline that an auditor is normally appointed each year, while SSM’s exemption framework gives eligible private companies relief under defined thresholds.

From 2025 the phased thresholds and the timing rule tied to the financial period start create clearer planning horizons. If eligibility is lost, future years can lose the right to claim exemption, though previously qualifying years remain exempt.

Prepare accurate statements, keep supporting records, and track revenue, assets, and headcount early. For planned loans, investors, or big contracts, consider a voluntary audit for extra assurance.

FAQ

Why do small businesses in Malaysia still get audited?

Audits focus on risk, accountability, and trust rather than company size. Regulators, banks, investors, and large customers may require audited statements to confirm accuracy and compliance. Audits also help detect errors, misstatements, and fraud indicators that could harm the business or its stakeholders.

What common situations push small companies toward audit pressure?

Situations include applying for bank loans, onboarding as suppliers for large corporations, seeking grants or investor funding, or being part of a corporate group where the parent requires consolidated assurance. Regulatory checks and tax authority scrutiny can also prompt audits.

What do auditors examine in financial statements and records?

Auditors review accounting records, transaction evidence, internal controls, reconciliations, and disclosure notes. They test balances, confirm third-party information, and assess whether statements follow approved accounting standards and present a true and fair view.

How do auditors distinguish errors, misstatements, and fraud indicators?

Errors are unintentional mistakes; misstatements are material inaccuracies in reports; fraud indicators involve intentional acts to mislead. Auditors evaluate intent, consistency, supporting evidence, and control weaknesses to classify findings and recommend action.

What does the Companies Act 2016 say about appointing an auditor?

The Act makes appointing an auditor the default rule for companies. While exemptions exist, the baseline legal position requires auditors unless a specific exemption is granted under Section 267(2) or related frameworks.

How can the Registrar exempt companies under Section 267(2)?

The Registrar may grant exemptions for certain company categories based on criteria and regulations set out by the Companies Commission of Malaysia (SSM). Exemptions must meet prescribed conditions and are documented in the Registrar’s guidance.

Why does the SSM offer audit exemption and who benefits?

Audit exemption reduces compliance costs and administrative burden for genuinely small, low-risk companies. It aims to help micro and small enterprises while preserving accountability through other filing requirements and oversight measures.

When was the audit exemption introduced and why is it important now?

Exemption policies evolved to align legal requirements with the needs of small businesses and economic growth. Recent policy updates clarify thresholds and timing to provide predictability for companies planning finances and compliance.

If a company is “exempt from audit,” does that remove accountability?

No. Exempt status means no statutory audit requirement, but accountability remains. Directors still prepare financial statements, comply with accounting standards, and may need to provide other supporting documents or certifications for stakeholders.

How do stakeholders use audited financial statements for assurance?

Banks, investors, partners, and franchisors use audited statements to assess creditworthiness, operational performance, and compliance. An audit increases confidence in numbers and reduces perceived risk when making commercial decisions.

When do the new audit exemption criteria take effect for financial periods starting 2025?

The new criteria apply to financial periods commencing on or after the specific effective dates set out in SSM guidance. Companies should review PD 10/2024 and PD 3/2017 to determine applicability based on their financial year start date.

How do PD 10/2024 and PD 3/2017 apply across different financial year start dates?

These practice directives set out transitional rules and thresholds. Companies must match their financial period start dates to the directives’ effective windows to know which thresholds and rules apply for exemption eligibility.

What are the audit exemption thresholds for revenue, total assets, and employees?

Thresholds are phased in for 2025, 2026, and 2027. A company must meet at least two out of three criteria—revenue, total assets, and employee count—using the current year plus the immediate past year assessment to qualify. Companies should consult SSM tables for exact numeric limits per phase.

How does the “meet at least two out of three thresholds” rule work?

To claim exemption, a company must satisfy any two of the three thresholds (revenue, total assets, employees) in the required assessment period. Meeting fewer than two disqualifies the company from exemption for that period.

What does assessing the “current year plus immediate past year” mean in practice?

The company compares its relevant figures across the current financial year and the preceding year. If the combined or consecutive-year metric meets the thresholds specified, the company may be eligible for exemption under the directive.

How should companies plan growth to avoid losing exemption unexpectedly?

Monitor revenue, assets, and staff headcount regularly. Model forecasts and consider the timing of hires or major purchases. Early planning helps decide whether to keep audit arrangements or prepare stakeholders for audited statements if thresholds will be exceeded.

Which companies are excluded from audit exemption?

Exclusions typically include subsidiaries of public companies, foreign companies, banks and regulated financial institutions, and other categories set by SSM. Specific excluded categories are listed in the exemption framework and should be checked before assuming eligibility.

Why are subsidiaries of public companies treated differently?

Subsidiaries feed into consolidated financial statements for public companies, which require audited assurance. To preserve group-level transparency and investor protection, subsidiaries often must maintain audited accounts even if they appear small.

What about exempt private companies using an EPC certificate instead of financial statements?

Certain exempt private companies may lodge an Exempt Private Company (EPC) certificate that replaces some filing requirements. However, specific conditions and documentation rules apply and directors must ensure compliance with SSM guidance.

When does a dormant company qualify for audit exemption and what counts as dormant?

A dormant company that has not traded or had significant transactions during the relevant period may qualify. Dormant status requires careful definition: typically no business operations, no significant accounting transactions, and adherence to filing rules even when exempt.

What must be lodged with SSM when a company elects audit exemption?

Companies must lodge unaudited financial statements, the directors’ report, and a certificate of compliance or other required declarations. The documents must still follow approved accounting standards and disclosures as applicable.

What are the timing rules and the 30-day lodging requirement after circulation?

Once financial statements are circulated to members, certain filings must be lodged with SSM within specified windows—commonly 30 days after circulation. Companies should track circulation dates and filing deadlines to avoid penalties.

Do approved accounting standards still apply if an audit is exempted?

Yes. Directors must prepare accounts in accordance with approved accounting standards even when no audit is required. Proper accounting ensures accurate reporting and reduces the risk of disputes or regulatory follow-up.

How can a company elect audit exemption without a separate application?

Electing exemption usually involves a board resolution and proper documentation in the company records. Companies indicate the election through the required filings with SSM when lodging unaudited statements, following the directive’s procedures.

Why might some companies still appoint an auditor even if eligible for exemption?

Firms may appoint auditors to satisfy bank covenants, investor expectations, franchisor requirements, or to strengthen governance. An audit can also identify improvement areas and boost confidence among stakeholders.

Does LHDN still require audited accounts for tax purposes if audit exemption applies?

LHDN may require audited accounts in certain situations, but management accounts and Form C filing are commonly used when a company is exempt from audit. It is important to confirm specific tax requirements with LHDN for each case.

When should a company confirm requirements directly with LHDN?

When tax positions are complex, when claiming incentives, or when prior audits influenced tax assessments, companies should seek direct confirmation from LHDN or a tax advisor to avoid compliance gaps.

How are employees counted for threshold tests under PD 10/2024?

Full-time employees are counted per the directive’s definition. The count typically excludes directors, shareholders, and unpaid family members. Companies should follow PD 10/2024 guidance and maintain payroll records to support the count.

Who is excluded from the employee count for exemption thresholds?

Exclusions commonly include directors who are not on payroll, significant shareholders, and unpaid family members working in the business. Consult the directive for precise exclusions and documentation requirements.

What practical tracking methods help avoid employee-count mistakes at year-end?

Maintain a simple headcount register, reconcile payroll reports monthly, and record employment start and end dates. Regular reviews help ensure accurate threshold assessments and support lodging requirements.

When does it still make sense to get an audit even if exemption is available?

Audits remain valuable when seeking bank loans, negotiating credit facilities, attracting investors, meeting vendor or franchisor requirements, or applying for grants. An audit can also strengthen internal controls and performance tracking.

How do audited financials help with bank loans and investor due diligence?

Audited statements provide independent assurance about accuracy and controls, reducing lender and investor risk. They often speed credit decisions and can improve terms compared with unaudited submissions.

What are the four types of audit opinions and what do they mean?

The four opinions are unqualified (clean), qualified, adverse, and disclaimer. Unqualified signals reliable statements. Qualified indicates limited issues. Adverse means statements are misleading. Disclaimer means the auditor could not obtain sufficient evidence.

What triggers corrective action from audit findings using the criteria-condition-cause-consequence model?

Auditors structure findings by identifying the criteria (what should be), the condition (what is), the cause (why it happened), and the consequence (impact). This format makes issues measurable and helps directors build actionable remediation plans.

How should companies build corrective action plans to reduce repeat findings?

Prioritize root causes, set clear responsibilities and timelines, implement control improvements, and monitor progress. Regular follow-ups and embedding changes into policies reduce the likelihood of recurrence.

You Don’t Need to Be Big to Get Audited