The cost of a CASS audit

CASS audit cost is a material consideration for FCA‑regulated firms and can vary widely depending on the firm’s structure, the CASS audit scope, firm’s history of compliance, and the audit firm selected. Regulatory change, for example, new CASS rules, can also increase audit effort and fees, particularly in transition years when additional testing, documentation and senior‑level review are often required.

The FCA within their policy statement PS25/12 from August 2025 refers to estimated CASS 15 audit costs based on complexity of the firms:

• Simple: £30–60k (large auditors); £10–18k (other auditors)
• Average: £60–150k (large auditors); £20–30k (other auditors)
• Complex: £150–250k (large auditors); £75–125k (other auditors)
• Very complex: £250–500k (large auditors);  £125–250k (other auditors)

Although these figures are EMI/PSP‑specific but serve as a useful indication of how audit costs can vary significantly between the audit firms.

CASS audits are treated as public‑interest engagements, and with the anticipated wider FRC CASS assurance engagement quality reviews on the horizon, auditors will face greater scrutiny, changes to their risk assessments, enhanced quality reviews, and increased senior‑staff involvement, which can further add to CASS audit fees.

Apart from the obvious factors that affect the scope, complexity and cost of CASS audits, such as the number and complexity of business lines and their CASS footprint, number of clients, transaction volumes, involvement of third parties, complexity of transactional arrangements, and use of third‑party administrators etc - there are additional factors that influence the time and cost of your CASS audit.

In accordance with the FRC Client Asset Assurance Standard for CASS engagements, auditors must assess the firm’s IT environment and the key IT controls that affect client assets.

If your firm operates within a complex or moderately complex IT environment, a significant portion of  your CASS audit cost will be the IT environment and control assessment. CASS reasonable‑assurance engagements report on the firm’s systems and controls  -  assessment of IT therefore is a requirement for the CASS auditors, not an option.

A strong CASS control framework reduces the volume of testing and exceptions/CASS breaches auditors must investigate. Clear, well‑documented controls and reliable evidence speed up testing, limit rework and reduce the review time. Conversely, weak or poorly documented controls increase audit scope, drive additional procedures, require more senior oversight.

 The key is to ‘get things right first time’. Experienced CASS auditors can often resolve complex queries immediately; although the CASS rules are not always user‑friendly, many requirements are clear / “black or white”. Crucially, auditors must not only understand what is present but also identify what is missing  -  any absent step, control or process and its implications.

For example, an experienced auditor can, after a short walkthrough of CASS reconciliations, quickly spot system limitations and control failures. By contrast, work performed by less experienced staff can add little value, generate extra audit time, trigger follow‑ups and consultations, and increase costs. Everyone deserves the chance to learn, but the practical question is who bears the cost of on‑the‑job training.

In our experience, getting it right first time is a must. Small teams of highly experienced CASS auditors are typically the most time‑ and cost‑efficient.

Readiness for your CASS audit is critical: efficiency from both the firm and the auditor is a key driver of lower costs. When a client is unprepared, fieldwork becomes inefficient and auditors commonly cite lack of readiness as the reason for fee overruns. Proactive communication, agreed timelines and deadlines, and regular update calls keep work focused, reduce rework and limit senior‑level interventions. 

 Choose auditors with proven CASS expertise. ‘Getting things right first time” is the key.  

The CASS auditor need not be your statutory auditor; you can appoint a different audit firm to provide a dedicated CASS audit service. 

 Verify their CASS experience, references, methodology and proposed seniority mix. 

 Ask for hours by grade, average and blended rates, and total proposed time at each level. Run a competitive tender and compare blended rates across proposals. 

Seek fixed fees where appropriate; any fee overruns must be clearly justified by the auditor, the root cause identified, and responsibility for the additional cost established, discussed and agreed — do not simply accept overruns, as they may not be your responsibility.

 Agree deadlines and escalation points to avoid delays. 

Regular update calls and short walkthroughs reduce duplicated effort and speed issue resolution.

Identify system limitations, understand required IT testing requirements.

Agree vendor testing, reliance on assurance reports and required confirmations up front. 

 Specify partner/ERCR (second partner) time and senior sign‑offs in the proposal. 

  Identify efficiency gains and lessons learned from the previous audit.

Talis Karklins | Statutory and CASS regulatory auditor | Talis Karklins Ltd | CASS Audit Services | www.cassauditservices.co.uk