Audit and Assurance Services in the Philippines

Corporations, listed companies, banks, insurers, and other regulated entities in the Philippines rely on independent audit and assurance to satisfy regulators, inform boards, and protect the integrity of their financial reporting. STLAF’s audit practice delivers the full range of that work: statutory financial statement audits under Philippine Standards on Auditing (PSA), internal audit engagements, sector compliance audits, sustainability assurance under the SEC’s new mandatory regime, and special purpose audits for transactions and investigations.

STLAF is a Board of Accountancy (BOA) accredited firm. Our Certified Public Accountants sign Audited Financial Statements (AFS) that are accepted by the SEC, the BIR through eAFS, the BSP, and the Insurance Commission. What sets the practice apart is not only the attest work. STLAF is a full-service legal and accountancy firm, which means that when an audit surfaces an exposure that escalates into a BIR assessment or a regulatory inquiry, the same firm that signed the opinion responds. That continuity, explained further below, is the reason finance leaders engage us for audit work they expect to be scrutinized later.

For context on how our audit practice sits inside the wider firm, see our accounting and audit services Philippines hub.

External Audit and Financial Statement Audit

The external audit is a regulator-driven, independent examination of a company’s financial statements conducted under PSA and designed to express an opinion on whether those statements fairly present the entity’s financial position and performance under PFRS. It is not the same as a BIR tax audit. A BIR examination is a Bureau-initiated tax examination; an external audit is an attest engagement by an independent CPA firm, commissioned by the entity to satisfy shareholders and regulators. Companies need both, and they serve different purposes.

Statutory Audit Requirements in the Philippines

The SEC raised the AFS filing threshold to PHP 3 million in total assets or total liabilities under its 2026 rules. Corporations above that threshold must submit audited financial statements annually. Publicly listed companies file regardless of size. Sector-specific regulators add their own triggers: the BSP requires audited statements from banks and non-bank financial intermediaries, the Insurance Commission from insurance and reinsurance firms, and the Cooperative Development Authority from CDA-registered cooperatives. Non-stock non-profits above certain revenue thresholds also fall into the audit net. STLAF advises on the applicable filing obligation before engagement, not after.

Audit of Financial Statements Under PFRS

Philippine Financial Reporting Standards (PFRS) is the primary framework, aligned with IFRS. PFRS for SMEs applies to small and medium entities that meet the size and public accountability criteria. STLAF audits under both. Our opinion is one of four: unqualified (the financial statements are fairly presented), qualified (fairly presented except for specified matters), adverse (not fairly presented), or disclaimer (we cannot express an opinion). Each has downstream consequences for financing, licensing, shareholder confidence, and regulator standing. We tell clients what we are likely to conclude before we conclude it; no client learns about a qualified opinion on the day we sign.

BIR-Accredited External Auditor, AFS, and eAFS Filing

BOA accreditation is the baseline. For many engagements, BIR accreditation is also required for the CPA signing the audit report attached to the corporate tax return. A non-accredited signature exposes the taxpayer to penalty and the CPA to sanction from the PRC. STLAF confirms accreditation status in writing before engagement. Electronic filing of the AFS to the BIR through eAFS is now the default channel for covered taxpayers. The SEC’s filing deadline for calendar-year corporations is 29 May for the current cycle; fiscal-year filers have 120 calendar days from year end. We build engagement timelines around those deadlines rather than around our own workflow.

Internal Audit Services

Internal audit is a different engagement. It is commissioned by management and reports to the audit committee. It does not produce an opinion on the AFS. It produces assurance on the effectiveness of risk management, controls, and operations. Boards and audit committees use it to identify exposures before external auditors, regulators, or the BIR do. Mid-market and large corporates engage STLAF on a fully outsourced basis when they do not have an in-house function, or on a co-sourced basis when the in-house team needs specialist coverage (IT audit, forensic, regulated-industry expertise). The adjacent service line that handles enterprise risk frameworks, controls design, and forensic investigation sits under our risk management and internal controls practice.

Risk-Based Internal Audit

We build the audit plan from the client’s risk register and the board’s materiality thresholds. The COSO framework anchors the methodology. Coverage is prioritized by exposure, not by rotation. Audit committees see clear reporting on what was tested, what was found, and what has been remediated since the last cycle.

Operational Audit

Beyond financial controls, operational audit examines process efficiency, resource utilization, and performance against management expectations. The deliverable is a management letter with practical recommendations, not a compliance checklist.

IT and Systems Audit

Application controls, user access, change management, and CAS environment reviews. For regulated industries, this includes mapping to sector-specific frameworks (BSP IT risk expectations for banks, IC for insurance).

Compliance Audit

Compliance audits test an entity’s adherence to a specific regulatory or contractual standard. Scope is narrower than a full external audit but can carry as much weight if the regulator or counterparty asks for it. This is also the section where SMEs most commonly enter the audit market, typically because a government body, lender, or investor has triggered the request.

Regulatory Compliance Audit (SEC, BSP, IC)

Listed companies and regulated entities face ongoing compliance testing by sector regulators. BSP Circular 900 sets the risk management and control framework that banks are expected to operate under, and audits against it are substantive. The Insurance Commission has parallel expectations for insurance firms. STLAF is accredited for external audit across these sectors and conducts compliance audits against the relevant regulator’s framework.

Tax Compliance Audit

Tax compliance audits are proactive. We test the client’s tax posture before the BIR does, identify exposures (VAT, withholding, income tax, documentary stamp), and recommend corrective action. When a BIR assessment arrives, the client has already seen what we have seen. For ongoing tax compliance outside the audit cycle, see our tax compliance Philippines service.

Labor Compliance Audit

DOLE General Labor Standards Compliance, SSS, PhilHealth, Pag-IBIG, 13th-month and leave obligations, and contractor/contractualization exposure. Labor compliance audits matter because findings cascade into BIR withholding exposure and, in some cases, criminal liability for officers.

ESG Audit and Sustainability Assurance

The Philippine sustainability reporting regime has changed materially. The original framework, SEC Memorandum Circular 4-2019, introduced voluntary sustainability reporting for publicly listed companies with a ‘comply or explain’ approach. It has now been replaced. SEC Memorandum Circular 16-2025, issued 22 December 2025, adopts PFRS S1 (general sustainability disclosures) and PFRS S2 (climate-related disclosures), aligned with the ISSB. The framework is mandatory, tiered, and assurance is part of it.

ESG Disclosure Requirements: From SEC MC 4-2019 to MC 16-2025

Under the new circular, limited external assurance on Scope 1 and Scope 2 greenhouse gas emissions becomes mandatory two years after an entity’s initial PFRS S1 and S2 implementation. The phase-in applies from 2029 for Tier 1 companies, 2030 for Tier 2, and 2031 for Tier 3. The assurance practitioner can be a CPA or a qualified non-accountant, but the engagement must be independent and conducted under an accepted assurance framework. STLAF is building the practice now so that Tier 1 clients are not scrambling in the 2028 cycle.

GRI and TCFD Assurance Engagements

Many Philippine PLCs have been reporting voluntarily under the Global Reporting Initiative (GRI) Standards and, for climate, the Task Force on Climate-related Financial Disclosures (TCFD) recommendations. GRI is a broad sustainability disclosure framework; TCFD is climate-specific and has been absorbed into PFRS S2. STLAF conducts assurance engagements under both, and supports clients mapping their existing GRI and TCFD disclosures to PFRS S1 and S2 so the transition does not require a new data architecture.

ESG Data Verification and Reporting

In practice, ESG assurance is about controls over non-financial data, methodology review (emissions factor selection, calculation boundaries, organizational scope), and attestation on what the published numbers represent. The work is audit-adjacent, requires cross-disciplinary capability (climate science, engineering data, accounting), and is increasingly scrutinized by investors and lenders.

Special Purpose Audits

Not every assurance need is a full audit. Agreed-upon procedures (AUP) engagements are scope-limited, do not provide an opinion, and are used to test specific account balances, covenants, or transaction details, often at the request of lenders, counterparties, or management. Financial due diligence audits are pre-transaction reviews commissioned by buyers or sellers, and are typically paired with legal due diligence on the same transaction. Forensic audits respond to suspected fraud, asset misappropriation, or financial statement manipulation.

For transaction-driven engagements where due diligence is the work product and the buyer is preparing an acquisition or capital raise, see our financial advisory services. The audit team and the advisory team work the same file. For BIR matters that escalate from audit findings, our BIR tax audit defense team takes over.

Frequently Asked Questions

Do I need a BOA-accredited auditor to sign my Audited Financial Statements?

Yes. BOA accreditation is the baseline regulatory requirement under Republic Act No. 9298 for any CPA signing AFS in the Philippines. A non-accredited signature exposes the taxpayer to penalty and the CPA to PRC sanction. Some engagements require additional accreditation stacks (BIR, SEC, BSP, IC, CDA). STLAF confirms accreditation status in writing before engagement.

What is the difference between a BIR audit and an independent financial audit?

A BIR audit is a tax examination initiated by the Bureau, triggered by a Letter of Authority, and focused on tax positions. An independent financial audit is an attest engagement by a CPA firm under PSA, focused on whether the financial statements fairly present the entity’s position and performance under PFRS. The two are independent and both may apply to the same company in the same year.

Who is required to file Audited Financial Statements with the SEC in the Philippines?

Under 2026 SEC rules, corporations with total assets or total liabilities above PHP 3 million must file audited statements annually. Publicly listed companies file regardless of size. Sector-specific obligations apply to banks, non-bank financial intermediaries, insurance companies, and cooperatives through BSP, IC, and CDA rules respectively. We advise on the applicable filing obligation as part of scoping.

Is sustainability reporting assurance now mandatory for Philippine listed companies?

Yes, on a phased basis. SEC MC 16-2025 replaces MC 4-2019 and introduces mandatory disclosure under PFRS S1 and S2. Limited external assurance on Scope 1 and Scope 2 greenhouse gas emissions becomes mandatory two years after each tier’s initial implementation: from 2029 for Tier 1, 2030 for Tier 2, and 2031 for Tier 3.

What happens if our external audit surfaces findings that trigger a BIR assessment?

Audit findings sometimes create tax exposure that the BIR later pursues. The sequence is typically a Letter of Authority, a Preliminary Assessment Notice, a Final Assessment Notice, and a Final Decision on Disputed Assessment. STLAF’s in-house legal team handles the response end-to-end, so the audit team that surfaced the issue is in the same firm as the lawyers who draft the protest. No separate firm brief required.

What is the difference between internal and external audit?

External audit is regulator-driven, annual, conducted by an independent BOA-accredited CPA firm, and produces an opinion on the AFS. Internal audit is management-commissioned, risk-based, reports to the audit committee, and produces assurance on controls and operations. Different engagement type, different reporting line, often run in parallel.

What types of audit opinion can an external auditor issue?

Four: unqualified (financial statements are fairly presented under PFRS), qualified (fairly presented except for specified matters), adverse (not fairly presented), and disclaimer (auditor unable to form an opinion). The opinion drives downstream consequences for financing, regulatory standing, and shareholder confidence. We signal likely outcomes early in the engagement so that there are no surprises at sign-off.

How long does a financial statement audit usually take in the Philippines?

Timing depends on entity size, complexity, prior-year workpaper quality, and the readiness of the accounting team. For calendar-year corporations filing by the SEC deadline, the audit cycle typically runs from January fieldwork through April sign-off. Pre-audit readiness reviews materially shorten the critical path.

Why Choose STLAF for Audit Services

The audit itself is the commodity. Every serious Philippine CPA firm can deliver a PSA-compliant financial statement audit. What changes the client outcome is what happens next.

Our CPAs are BOA-accredited and, where the engagement requires, accredited by the BIR, the SEC, the BSP, or the IC. Our opinions stand on their own. The differentiator is that if an audit finding triggers a BIR assessment, a SEC inquiry, a BSP supervisory letter, or an IC compliance follow-up, the response does not require a handoff. STLAF’s in-house lawyers engage directly. The team that saw the finding is in the same firm as the team that has to explain it. The client is not briefing a separate law firm mid-process, paying a second discovery cost, or managing the gap between advisors.

That continuity matters most at the worst moments. When a regulator writes a Letter of Authority, a Preliminary Assessment Notice, or a show-cause order, the window to respond well is measured in weeks. STLAF compresses the response curve by not requiring two firms to coordinate. That is the practical meaning of being a legal and accountancy firm under one roof.

STLAF Global is a BOA-accredited CPA firm and law firm providing external audit, internal audit, compliance audit, ESG/sustainability assurance under SEC MC 16-2025, and special purpose audits.