D-Audit Consulting

D-Audit Consulting logo
Timeline revisione legale e CSRD 2024–2028

Statutory audit 2026: what changes and how to prepare in time

A practical guide for businesses and supervisory bodies on the new rules, deadlines and operational checks.

  • From 2026 listed SMEs fall under the CSRD scope with sustainability reports subject to limited assurance, with an opt-out option until 2028. Financial audit and sustainability assurance need to be coordinated.
  • Group audits follow ISA 600 (Revised) for periods beginning 15 December 2023.This already affects 2024 financial statements, with planning and documentation impacts in 2025–2026.
  • Resta centrale ISA Italia 315 su identificazione e valutazione dei rischi e il quadro italiano di D.Lgs. 39/2010. Rafforzare controlli interni e governance è prioritario.

1) 2026 at a glance


CSRD and listed SMEs. Small and medium-sized enterprises listed on on EU regulated markets come into scope from 1 January 2026. An opt-out is available until 2028. ESRS LSME apply with proportionate disclosure requirements. Sustainability information is initially subject to limited assurance, with EU assurance standards to be adopted by 1 October 2026.

Group audits. Under ISA 600 (Revised) the group auditor must direct and integrate component auditors’ work more robustly, planning risks, materiality and responses at both group and component level. It is effective for periods beginning on 15.12.2023, therefore relevant for 2024 year-ends and beyond. 

Practical impacts for companies and oversight bodies

  • Internal controls and risk assessment.. ISA Italia 315 requires a stronger risk map, control framework and IT environment. Gaps in processes, segregation of duties and data lineage increase risk and audit timelines.
  • Governance and responsibilities.. In Italy, statutory audit is governed by Legislative Decree 39/2010. Coordination among the Board of Directors, Board of Statutory Auditors/Organismo di Vigilanza and the auditor reduces findings and unexpected costs.
  • Sustainability and finance. ESG data flows are entering the annual closing process. For listed SMEs, integrating environmental and social KPIs into accounting and control systems is essential to support future limited assurance. 

Operational roadmap to 2026

Within 90 days

  • Gap analysis on accounting processes, internal controls, IT and data governance against ISA 315.
  • CSRD/ESRS assessment: confirm 2026 scope, identify data, sources and owners.
  • Groups: update Group Audit Instructions per ISA 600 (Revised) and set the communication plan with component auditors.

Within 6–9 months

  • Testing of controls on high-risk areas.
  • ESG data model: define metrics, data-quality controls, traceability and archiving for the audit trail.
  • Consolidation manual updated with group materiality, error thresholds and a calendar of requests to components.

Within 12 months

  • Audit simulation: dry-run of limited assurance on the ESG section and an integrated finance–ESG closing.
  • Training for finance, control and sustainability teams; mandatory updates for auditors as required by the MEF.

Quick checklist to be ready

  • Significant risks mapped and linked to key controls.
  • Consolidation policies and Group Instructions updated.
  • Financial and ESG materiality defined and documented.
  • Data owners assigned for each priority ESG disclosure.
  • Calendar of requests for group companies and data providers.
Ruoli nell’audit di gruppo secondo ISA 600 Revised

5) How D-Audit can support you

 

  • Readiness assessment on statutory audit and sustainability.
  • Control design and implementation support.
  • Group-audit coordination and instruction packages.
  • argeted training for CFOs, boards and control functions.
EN
EN IT
Scroll to Top