What are SRA audits?

10 Jun 2025 | Business advice

What are SRA audits?

“What are SRA audits?” is one of the most common questions we receive from partners who are new to client-money compliance. SRA audits, specifically Solicitors Accounts Rules (SAR) audits, are independent reviews conducted by accountants to ensure law firms comply with the Solicitors Regulation Authority’s (SRA) rules on handling client money. These audits are mandatory for law firms in England and Wales that hold or deal with client money. The primary goal is to protect client funds and maintain public trust in the legal profession.

Although the rules were streamlined in 2019, their importance has only grown. With more than 9,000 SRA-regulated law firms now trading in England and Wales (SRA, 2025), competition is fierce and reputational damage from a qualified audit can be immediate. At the same time, the volume of client money moving through client accounts continues to rise as mergers and acquisitions reshape the market. Over the 12 months to March 2025, 498 firms closed and 388 opened (SRA, 2025), underlining how quickly risk profiles can change.

Against this backdrop, the audit offers more than tick-box reassurance for the regulator. It is a financial health check that protects client interests, underpins lender confidence and strengthens a firm’s culture of accountability. In this blog, we explain who needs an SRA audit, how the process works, what counts as a material breach and how our specialist audit team at Coveney Nicholls can keep you on the right side of the rules. By the end you will not only understand the technical requirements but also the strategic value of getting the audit right first time.

Who needs an SRA audit?

Under Rule 12.1 of the Accounts Rules, any practice that holds or receives client money must obtain an Accountant’s Report within six months of its year-end. There are two narrow exemptions:

  • All client money held comes from the Legal Aid Agency.
  • During the accounting period the average client-account balance is below £10,000 and the maximum balance never exceeds £250,000 (SRA, 2025).

If you fall inside either exemption, you must still document how you reached that conclusion and keep evidence for inspection. For everyone else, the audit is mandatory, whether you are a sole practitioner with a single client account or an ABS with offices across Europe.

What an SRA audit covers

The reporting accountant’s work is guided by SRA-issued minimum procedures. In practice, we tailor our approach to match the risk profile of each firm, but key review points include:

  • Client-money segregation: Confirming that client funds are not mixed with office money.
  • Three-way reconciliations: Ensuring that bank, cash-book and client-ledger balances agree at least every five weeks.
  • Residual balances: Checking that dormant client money is identified and returned promptly.
  • Transfers and withdrawals: Testing that payments are supported by bills, completion statements or other evidence.
  • Interest policy: Assessing whether your interest calculations comply with your written policy and are applied consistently.

We also assess systems and controls, interview the compliance officer for finance and administration (COFA), and test a sample of transactions. The findings feed into the SRA’s AR1 report, which is either signed unqualified or qualified depending on whether material breaches are identified.

Understanding material breaches

Materiality is not defined by a single number. Instead, we consider:

  • The value of the breach relative to typical client balances.
  • How long the breach persisted before correction.
  • Whether the breach indicates a systemic control failure.
  • The potential impact on individual clients.

Examples that usually qualify include:

  • Using client money to settle office disbursements in advance of a bill.
  • Failing to perform reconciliations for several months.
  • Allowing the client account to slip into overdraft.

Minor breaches – for example, a one-day posting error corrected immediately – are recorded but not reported unless they form part of a pattern. The COFA should maintain a central breach register so that repeated issues are easy to spot and escalate.

The audit timeline and deliverables

  1. Engagement and planning: We agree scope, fee and access to records four to six weeks before year-end.
  2. Fieldwork: Normally two to five days on-site or remote. We use secure cloud portals to minimise disruption.
  3. Draft findings meeting: We share preliminary observations and discuss any remedial actions.
  4. Final report: The AR1 must be delivered to the SRA within six months of the accounting date. Only qualified reports are submitted, but you must still keep unqualified reports on file for six years.
  5. Post-audit feedback: We issue a management letter with practical recommendations and, where requested, train finance teams on best practice.

Firms operating internationally often have additional duties, such as confirming that overseas client accounts meet local safeguarding rules. Our membership of an international association means we can coordinate multi-jurisdictional testing and consolidate opinions into one clear report, saving time for finance teams and partners alike.

Staying compliant between audits

An unqualified report depends on everyday discipline, not last-minute fixes. We recommend:

  • Quarterly file reviews: Sample files randomly, looking for unreconciled ledger items or outdated completion statements.
  • Technology assessment: Legacy case-management systems still underpin 27% of reported SRA breaches, according to the Law Society Risk and Compliance Service. Upgrading can eliminate many manual errors.
  • Continuous COFA training: Regulations evolve and so should internal knowledge.
  • Cashflow forecasting: Flag upcoming completions or refunds that could push balances above exemption limits.
  • External health checks: A mid-year mini-audit identifies problems early and reduces year-end pressure.

Our audit and assurance team offers fixed-price compliance reviews that mirror the SRA tests without the formal report. They are popular with new entrants and firms approaching rapid growth.

How accountants add value

A Solicitors Regulation Authority audit is more than a test – it is an opportunity to improve controls, reassure lenders and demonstrate professional pride. Working with a chartered firm that combines big-firm experience with small-firm values means you can expect:

  • Plain-English advice: We translate the rules into workable procedures.
  • Proactive alerts: If the SRA consults on rule changes, like its current review of residual client balances, we brief you immediately.
  • Sector benchmarking: Using anonymised data across our client base, we show where your KPIs sit against similar firms.
  • Global reach: Our European network ensures overseas offices receive consistent audit quality.

By outsourcing to specialists, you free your finance team to focus on client service while we shoulder the regulatory burden.

Protecting your firm and your clients

Keeping client money safe is a fundamental promise every solicitor makes. An efficient SRA audit proves you have honoured that promise and signals to banks, insurers and potential merger partners that your firm takes compliance seriously. It also delivers peace of mind to partners – a valuable commodity when the market is changing so quickly.

If you are unsure whether you need an audit, worried about borderline breaches or simply want a fresh pair of eyes on your processes, we are ready to help. Our dedicated legal-sector team draws on long-term relationships, modern technology and a commitment to loyalty that puts your interests first.

Talk to us today about your upcoming year-end and discover how straightforward SRA compliance can be when you have an expert on your side – and let us show you exactly what are SRA audits for your practice.