External Audit in Korea: Thresholds, Process & Requirements

External audit is not optional for many companies operating in Korea. Unlike some jurisdictions where audit requirements are limited to publicly listed entities, Korea mandates external audits for a broad range of private companies once they exceed certain size thresholds. Missing audit obligations — or handling the process carelessly — exposes company officers to criminal liability and significant fines. This guide explains who is required to undergo an external audit, how the process works, and how to prepare effectively.

Who Is Required to Have an External Audit in Korea?

Korea’s Act on External Audit of Stock Companies (주식회사 등의 외부감사에 관한 법률), commonly known as the External Audit Act, was substantially revised in 2018 and significantly expanded its scope. Companies are subject to mandatory external audit if they meet any one of the following criteria:

Stock Companies (주식회사)

• Total assets of KRW 5 billion (approx. USD 3.6 million) or more at the end of the immediately preceding fiscal year
• Revenue of KRW 7 billion or more
• Total liabilities of KRW 7 billion or more
• 100 or more full-time employees

A company meeting any two of the revenue, liability, and employee criteria in the year prior to last year, and any one criterion in the immediately preceding year, is also subject to audit. The revised thresholds brought a large number of previously unaudited small and mid-size companies into the mandatory audit framework.

Limited Liability Companies (유한회사)

The 2018 revision extended audit obligations to Yuhan Hoesa (유한회사) for the first time. The thresholds mirror those for stock companies, with audit required once a limited liability company exceeds the asset, revenue, liability, or employee criteria listed above. Many foreign-invested entities structured as Yuhan Hoesa found themselves newly subject to audit requirements as a result.

Always-Audited Companies

Certain entities are always subject to external audit regardless of size:

• Publicly listed companies (KOSPI, KOSDAQ)
• Companies registered to issue corporate bonds to the public
• Financial institutions (banks, insurance companies, securities firms)

Auditor Appointment Rules

The 2018 Act fundamentally changed how external auditors are appointed in Korea, introducing a mandatory auditor designation system to reduce the influence of management over audit firm selection:

• First 3 years: Companies subject to mandatory audit must engage their first auditor through the auditor designation system (감사인 지정제) administered by the Financial Supervisory Service (FSS) or the Korean Institute of Certified Public Accountants (KICPA). Companies cannot freely select their first auditor.
• Subsequent years: After the mandatory designation period, companies may freely appoint a registered audit firm, but must do so through a formal audit committee or, for companies without an audit committee, with the concurrence of the auditor appointment advisory body.
• Rotation: Audit firm rotation is required every 6 years. After 6 consecutive years with the same firm, a company must change auditors.
• FSS designated audits: The FSS may also designate specific auditors for companies where it identifies governance or audit independence risks, overriding management’s preference entirely.

Audit Process Timeline

For a company with a December 31 fiscal year-end, the external audit process follows this general timeline:

• October–November (interim audit): The audit team conducts interim testing of internal controls, walkthrough procedures, and substantive testing of transactions up to the interim period end
• January–February (year-end fieldwork): Full-scope substantive testing on year-end balances; physical inventory observation (if applicable); confirmation of bank balances and key receivables
• March (report issuance): Auditor issues the audit report; management finalizes financial statements; audit report must be submitted to the FSS/DART system before the annual corporate tax return deadline
• April–May (regulatory filing): Audited financial statements filed on DART (Korea’s electronic disclosure system) for public access

Internal Accounting Control System (내부회계관리제도)

Korea’s Internal Accounting Control System (IACS) requirement — analogous to SOX Section 302/404 in the US — was significantly strengthened by the 2018 Act. Requirements vary by company size:

• All audit-subject companies: Must establish and operate an IACS. The representative director is responsible for evaluating and reporting on the effectiveness of IACS.
• Listed companies with assets above KRW 2 trillion: Full external auditor attestation on IACS design and effectiveness (similar to SOX 404(b))
• Listed companies with assets between KRW 1 trillion and KRW 2 trillion: External auditor reviews IACS report
• Smaller companies: Management self-assessment and internal reporting of IACS effectiveness

For foreign-invested companies, the IACS requirement means that even a wholly-owned Korean subsidiary must document its internal controls over financial reporting and have someone — typically the CEO or CFO — certify their adequacy. This is a frequently overlooked obligation for newly established foreign subsidiaries.

Penalties for Non-Compliance

Korea takes external audit compliance seriously. Penalties for violations include:

• Failure to engage an auditor: Fine of up to KRW 20 million for the company; criminal charges against the representative director are possible in egregious cases
• Obstruction of audit: Criminal penalties including imprisonment of up to 5 years and fines of up to KRW 50 million for those who obstruct auditors or provide false information
• False accounting records: Falsification of financial statements carries criminal liability for company officers under the External Audit Act and the Commercial Act
• IACS non-compliance: Companies failing to establish or properly operate an IACS face regulatory sanctions and increased audit scrutiny

How to Prepare for Your Korean External Audit

Preparation begins well before the auditor sets foot in your office. Steps that significantly reduce audit friction include:

Maintain Audit-Ready Books Year-Round

Korean auditors expect complete, reconciled accounting records with full supporting documentation. Accumulating documentation at year-end rather than maintaining it throughout the year leads to audit delays, qualified opinions, and auditor requests for restatements.

Reconcile All Intercompany Balances

Intercompany receivables, payables, and loans must tie out to the parent/affiliate records. Unexplained intercompany differences are a significant audit risk flag and frequently lead to transfer pricing inquiries.

Prepare Audit Support Schedules

Auditors will request detailed schedules for fixed assets, prepaid expenses, accrued liabilities, and related-party transactions. Having these ready at the start of fieldwork saves time and reduces audit fees.

Engage Your CPA Firm Early

If you are approaching the size thresholds for the first time, engage a qualified Korean CPA firm before year-end. Your CPA firm can assist with auditor selection, pre-audit preparation, and liaison with the audit team throughout the process.

Korea’s external audit framework is designed to protect investors and creditors — but compliance is equally important for your own governance. A clean audit opinion builds credibility with Korean business partners, financial institutions, and government agencies.

Need help understanding Korea external audit requirements for your company? Contact Bricks Insight for a consultation.

Reference date: 4월 2026 (based on regulations as of this date)