The revision of international auditing standards ISA 240 and ISA 500 — effective from December 2026 — fundamentally changes what auditors expect from your data: not samples and summaries, but structured transactional records, continuously reconciled accounts, documented lineage for every number, and a consistent data model across entities. Modern audit tools such as MindBridge and DataSnipper analyse entire transaction populations, not representative samples — and for that they need audit-grade data. ICAEW reports that 73% of auditors consider client preparation quality the primary factor in audit efficiency. Companies with a five-day close pay 40% less in audit fees — a direct measure of what a year-round managed data layer delivers. Audit-grade data is not perfect data — it is data that meets the standard at which an audit does not require detective work. For mid-market companies across CEE, this means one thing: building the data infrastructure must start now, not the month before the auditor arrives.
Audit is changing. Not gradually — structurally. And most mid-market companies have not noticed yet.
Until recently, the auditor worked with whatever they were given. If data was in Excel, they analysed Excel. If there was a partial sample, they tested the sample. The auditor adapted to what could be examined. That is changing.
ISA 240 (Revised) comes into force for audit periods beginning on or after 15 December 2026. ISA 500, which defines what constitutes “sufficient and appropriate evidence,” is simultaneously modernising its treatment of technology-enabled procedures. The result is a shift: auditors will assume you have access to raw transactional data in structured form, that your financial layer is continuously reconciled, and that any number in a report is traceable.
These are not obstructive requirements. They are capability requirements. When modern audit analytics — anomaly detection, automated pattern analysis across all transactions, assessment of data transformation logic — can only be deployed on quality data, data quality becomes part of audit performance.
This article explains what is changing, why it matters, and what it means for your preparation.
What Audit-Grade Data Actually Is
There is no formal definition — but there is a quality threshold at which modern audit tools operate reliably.
When audit software — MindBridge analysing your general ledger, DataSnipper extracting and verifying source documents — accesses your data, it needs to find something specific. Not a report that someone assembled in Excel over several months. Not monthly summaries. Not samples selected on request.
It is four things.
1. Structured transactional records. Individual entries — document number, supplier name, amount, category, posting date, cost assignment — in a standardised format, without manual edits. If your invoices sit in an ERP but data gets copied and adjusted in Excel before anyone uses it, it is not structured. When an audit algorithm analyses 10,000 purchases, it needs source data — not a processed selection.
2. Continuously reconciled accounts. Not a year-end close with December catch-ups. Reconciliation means every subledger — receivables, payables, inventory, fixed assets — ties to the general ledger monthly, without unresolved variances. If you only reconcile at year end on the basis that precision only matters when it counts, tracking back through history to find where numbers diverged takes weeks.
3. Documented data lineage. Where a number comes from. What happened to it in transformation. Who validated it. Not buried in Excel formulae or an undocumented process. When an auditor asks “why is this margin different from last month,” they need traceability — where the number originated and what happened to it on the way to the report.
4. A consistent data model across entities. If you have two legal entities using different charts of accounts, or three business units each with their own accounting logic, consolidation and comparability become annual challenges. A unified model — a single chart of accounts with dimensions for entity-specific differences — means data aggregates rather than translates.
That is audit-grade data. It is not perfect data. It is data that meets the standard at which a modern audit is not dependent on what it is handed — but can run its analysis without compromise.
Why This Is Changing Now
Audit is moving from sample testing to population testing. When you had 2,000 invoices and the auditor selected 50, they had to pick “representative” samples — and the risk remained that the sample missed an anomaly. Today, when an audit algorithm can analyse all 2,000 in minutes, sampling becomes unnecessary. But that requires structure.
ICAEW (the Institute of Chartered Accountants in England and Wales) has reported that 73% of auditors cite client preparation quality as the primary factor in audit efficiency. That is not a “nice to have.” It means: without it, audit becomes detective work. With it, audit becomes fast, reliable analysis.
ISA 500 and ISA 240 codify this officially. The consequence: from 2026, auditors will assume you have access to audit-grade data, and will calculate audit time and fees on that basis.
What This Changes for You
Three things: audit duration, fees, and recurring findings.
Audit duration. BDO found that 58% of mid-market companies describe the audit process as “stressful” or “very stressful.” The primary reason is last-minute improvisation — reconciling accounts, chasing documents, explaining numbers that lack clear history. When your data is governed throughout the year, the audit does not start with “where is everything?” It starts with “what do these numbers mean?”
That typically shortens the audit from four to six weeks down to two to three. The audit becomes analytical rather than administrative.
Audit fees. Deloitte analysed 200 companies and found that firms with a five-day close pay audit fees 40% lower than firms with a twenty-day close. Not because they are smaller — because the auditor does not spend a day “finding” data and can focus on analysis.
If you close the month in two weeks, the audit fee falls proportionately. This is not about what an auditor charges. It is about what they can afford to charge. When audit is efficient, the saving is shared.
Recurring findings. If you receive the same auditor comment year after year — “insufficient documentation,” “reconciliation discrepancies,” “unclear data lineage” — the issue is not how you manage the audit. The issue is your data infrastructure. And that can be fixed.
The Four Data Expectations in Practice
Now that you know what audit-grade data is, here is how it maps to your processes.
Expectation 1: Structured Transactional Records Without Manual Edits
What this means: When an auditor requests “all purchases for April,” they receive a CSV or ERP export — individual line items, each with its own document reference, without data having been copied or modified in Excel.
Why it matters: Modern audit analytics requires source integrity. If data has passed through Excel and been modified — even inadvertently — automated analysis cannot proceed cleanly. The auditor would need to verify manually, which eliminates the value of the tooling.
What this looks like: Monthly purchase data flows from your ERP directly into your financial layer, without manual transcription. If you export from the ERP and copy into Excel to prepare it, that is not clean data.
Where to start: Identify where data is “prepared” in Excel before analysis or audit. Those are your vulnerability points.
Expectation 2: Continuous Reconciliation Without Year-End Catch-Ups
What this means: End of December is not when your balance sheet agrees with your subledgers. That happens monthly — receivables reconcile to invoices, payables to purchase orders, inventory to physical counts, all without unexplained differences.
Why it matters: If your accounts are reconciled monthly, the audit can focus on trend changes and the lineage of newly identified variances. If they are reconciled once a year, the audit has to work backwards through history to find when and why the numbers diverged. That is days spent in retrospective investigation.
What this looks like: Your controller or head of accounting confirms monthly that each subledger — receivables, payables, fixed assets — agrees with the general ledger. If you first see this in August as you prepare for audit, that is not reconciliation — that is searching.
Where to start: Introduce a monthly checklist — which person is responsible for closing each subledger against the general ledger? Who reviews it?
Expectation 3: Documented Lineage — From Transactions Through Transformations to Reports
What this means: When you see a number in the management report, you have a visible path back to source. Which transactions contributed to it? What happened to them on the way into the report? Who validated it?
When it is in Excel — formulae run long, without description. When it is in a BI tool — logic is often embedded without documentation. When it is in an ERP — data sits at the back without a clear way to trace it forward.
Why it matters: ISA 500 requires “sufficient and appropriate evidence” — which means you need to explain how you moved from raw data to a final number. When lineage is undocumented, the evidence is weak. The auditor must manually reconstruct the path — which is expensive and slow.
What this looks like: When an auditor asks “show me how you got from individual invoices to the ‘revenue’ line in the P&L,” you have a working paper or documented process that can be followed without the answer being “it’s just how it works.”
Where to start: Document your transformations. If Excel contains a “margin adjustment,” record why. If a BI report carries a KPI, document its formula. This documentation will not be interrogated during the audit — but it is what your auditor and your team will build on.
Expectation 4: A Consistent Data Model Across Entities
What this means: If you have three legal entities, all of them use the same chart of accounts — or a closely aligned one, with dimensions for entity-specific differences. If you have a subsidiary in the Czech Republic and a Slovak entity, their account codes map across without a translation table.
Why it matters: Consolidation is aggregation, not translation. When audit tools receive a consolidated dataset, they assume uniformity. If each entity uses different logic, consolidation becomes a manual process — and that is where errors get lost.
What this looks like: How much of your consolidation happens in Excel? If it is a monthly exercise involving mapping tables and adjustment logic, the model is not unified.
Where to start: If you have multiple entities, align with your auditor on what a unified structure should look like. It does not require identical account codes — but the structural logic should be consistent.
What Most Companies Assume — and Why They Are Wrong
“Our auditor has never complained about our data.”
Auditors adapt. What they dislike and what they consider normal are two different things. If they received data in Excel, they analysed Excel. If they arrived to a year-end reconciliation exercise, they worked through it. The auditor tests what can be tested and skips what cannot. That is not a standard — it is pragmatism. ISA 240 and ISA 500 will no longer allow it.
“This only applies to large companies or listed entities.”
The ISA revisions apply to all statutory audits — regardless of size. Mid-market companies with revenues of €1–50M are in scope. There are no exemptions. Audit will change for you too.
“We have time to sort this out before September.”
Retrospective fixes create gaps in documentation. Modern audit algorithms now detect “data that appears to have been adjusted.” If you go back in August and “fix” the June reconciliation, the audit sees that it happened with a delay. The problem is not the numbers — it is that the documentation does not match the process. This is now checked automatically.
“We need to get a new ERP.”
No. The problem is not the system — it is the layer between systems, where data gets copied, modified, and joined together. Most mid-market companies run three to five systems: an accounting package for invoicing, a separate HR system, a consolidation tool, Excel budgets. The issue is how data flows between them. Replacing the ERP does not fix that — it resets it. The solution is a governed data layer, not a new ERP.
How This Connects to Financial Data Governance
Audit-grade data is not an “audit project.” It is the output of financial data governance — a structure that operates throughout the year.
What your auditors will expect is exactly what you need for internal reporting. A unified model means consistent reporting. Continuous reconciliation means management sees current numbers without surprises at any point during the year. Documented lineage means that when the CFO asks “what changed,” there is an answer.
Governance is precisely why these standards are normative for the auditor — and why they should be standard for you.
Reliability Starts Now
The standards change in December 2026. That means the next financial year audit — covering periods that close in mid-2026 — will already operate under the new expectations.
This is not a moment for panic. It is a moment for diagnosis. Look at:
- Transactional data. How does it move from your ERP into your financial layer? Without Excel adjustments or manual copying?
- Reconciliation. Do your subledgers tie to the general ledger monthly, without variances?
- Documentation. When an auditor asks “how did you arrive at this number,” do you have an answer that does not involve “it’s just how it is”?
- Consistency. If you have multiple entities, are their data models comparable?
The easier it is to answer these questions, the closer you are to audit-grade standard. The longer each one takes, the earlier you should have started. Not in August. Now.
Related Articles
- The Financial Data Governance Framework — the foundation on which audit-grade readiness is built
- Chart of Accounts Architecture — the Archaeological Layer of Data Quality — the unified data model as a starting point
- Internal Controls and Audit Readiness Framework — how data governance maps to internal controls
- Single Source of Truth in Finance — why consistency is non-negotiable
- Financial Data Quality Checklist — a diagnostic for where you stand today