Statutory Audits in Malaysia: A 2025 Guide to the ISA Risk-Based Approach and Quality Standards

The Statutory Audit in Malaysia's 2025 Corporate Landscape

In 2025, the statutory audit in Malaysia is characterized by two powerful and intertwined themes: a continued commitment to a rigorous, risk-based audit methodology, and a new, proactive era of firm-wide quality management. While new audit exemption criteria have changed the landscape for many private companies, the statutory audit remains a cornerstone of corporate governance and a critical mechanism for maintaining trust and confidence in the integrity of financial reporting.

The Foundation: Audits under ISAs and the Companies Act 2016

The bedrock of audit practice in Malaysia is its full alignment with international standards. All statutory audits are conducted in accordance with the International Standards on Auditing (ISAs), as adopted by the Malaysian Institute of Accountants (MIA). This ensures that audits in Malaysia are performed to a globally recognized standard of quality and rigor.

The auditor's ultimate objective is to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework (MFRS or MPERS) and the requirements of the Companies Act 2016. This opinion provides essential assurance to shareholders, lenders, investors, and other stakeholders.

The Risk-Based Audit Approach in Practice

Modern auditing is not a one-size-fits-all exercise. The ISAs mandate a risk-based approach, which means the audit is tailored to the specific risks of each company. The key stages include:

1. Risk Assessment (ISA 315): The audit begins with the auditor gaining a deep understanding of the company and its environment, including its business model, its industry, and its system of internal control. This understanding is used to identify and assess the risks of material misstatement in the financial statements.
2. Response to Assessed Risks (ISA 330): Based on the risk assessment, the auditor designs and performs specific audit procedures to address those risks. This may involve testing the company's internal controls, performing detailed substantive testing of transactions and balances, or a combination of both.
3. Reporting (ISA 700 series): The culmination of the audit is the auditor's report. For listed companies, this report will also include Key Audit Matters (KAMs), which are the matters that, in the auditor's professional judgment, were of most significance in the audit.

A New Era of Audit Quality: The Impact of ISQM 1

A major development shaping the audit profession is the implementation of the International Standard on Quality Management (ISQM) 1. This standard represents a fundamental shift from a reactive, compliance-based approach to quality control to a proactive, risk-based approach to quality management. Key aspects of ISQM 1 include:

• A Proactive, Risk-Based Approach: ISQM 1 requires audit firms to design, implement, and operate a system of quality management that is tailored to the nature and circumstances of the firm and the engagements it performs.
• Eight Integrated Components: The standard is built around eight integrated components, covering everything from the firm's governance and leadership to its risk assessment process, engagement performance, and monitoring and remediation.
• Focus on Continuous Improvement: ISQM 1 is not a one-off exercise. It requires firms to continuously monitor and improve their systems of quality management to ensure that they are consistently delivering high-quality audits.

For Malaysian audit firms, the systems required by ISQM 1 have been in place since the end of 2022, and the focus in 2025 is on the ongoing effectiveness and continuous improvement of these systems.

The 2025 Audit Exemption and Its Implications

Effective from January 1, 2025, new audit exemption criteria have been introduced for private companies in Malaysia. While this reduces the compliance burden for many SMEs, it also places a greater responsibility on the directors of those companies to ensure the accuracy of their financial reporting. For those companies that are not exempt, the statutory audit takes on an even greater significance, as it provides one of the few independent checks on the financial health and governance of the company.

Conclusion

The statutory audit in Malaysia in 2025 is a sophisticated and robust process. It is defined by a rigorous, risk-based approach to the audit itself, and a deep, firm-wide commitment to proactive quality management. In an increasingly complex business world, the statutory audit remains an essential service that underpins trust, promotes transparency, and supports the integrity of Malaysia's capital markets.