Independent Audit Requirements for Companies in Turkey

Independent audit requirements for companies in Turkey depend on company type, sector, and financial thresholds. This legal guide explains which Turkish companies must undergo independent audit, how the threshold tests work, who appoints the auditor, what the audit covers, and what happens if a company fails to comply.

Introduction

Independent audit requirements for companies in Turkey are not limited to banks, listed issuers, and large public-interest entities. Turkish law uses a layered model: some companies are subject to independent audit automatically because of the sector they operate in, while others become subject to audit when they exceed certain size thresholds over time. The legal basis begins in the Turkish Commercial Code, which states that companies falling within the relevant audit framework are audited under Turkish Auditing Standards issued by the Public Oversight, Accounting and Auditing Standards Authority, and that the companies to be audited under Article 398 are determined by the President. (https://ticaret.gov.tr)

This matters because independent audit in Turkey is not just an accounting formality. The Commercial Code provides that, if a company that is legally subject to audit does not have its financial statements and annual activity report audited, those documents are deemed not prepared at all. That consequence alone makes the audit regime one of the most serious corporate-compliance areas for Turkish companies and foreign-owned subsidiaries operating in Türkiye. (https://ticaret.gov.tr)

It is also a moving target. The general audit thresholds were amended in 2024 and again in March 2026. KGK announced on March 17, 2026 that the general thresholds for companies subject to the ordinary size-based audit test were raised for fiscal years beginning on or after January 1, 2026. As of today, April 1, 2026, any serious legal analysis must therefore distinguish between the thresholds used for 2025 financial years and the thresholds now applicable for 2026 and later periods.

This guide explains the independent audit requirements for companies in Turkey in a practical, legally structured way. It covers the legal framework, the categories of companies that are always audited, the threshold-based groups, the current financial and employee thresholds, how the two-year test works, how subsidiaries and affiliates are counted, how the auditor is appointed, what independence rules apply, what the audit covers, which financial reporting framework usually applies, and what happens if the company gets the issue wrong.

The Legal Framework of Independent Audit in Turkey

The core legislative basis is the Turkish Commercial Code. Article 397 states that companies subject to audit under the statutory framework are audited in accordance with Turkish Auditing Standards that are aligned with international auditing standards and issued by KGK. The same article also makes clear that the annual report’s financial information is part of the audit scope, not merely the year-end financial statements themselves. (https://ticaret.gov.tr)

Article 398 then defines the substance of the audit. It states that the audit covers the company’s and, where applicable, the group’s financial statements, the annual report of the board of directors, inventory, accounting, and internal control to the extent required by the standards, as well as compliance with Turkish Accounting Standards, the law, and the company’s charter provisions relating to financial reporting. The same article emphasizes the “true and fair view” logic by requiring the audit to determine whether the company’s financial position is reflected honestly and, if not, why not. (https://ticaret.gov.tr)

The more specific question of which companies are subject to audit is not answered directly in the Commercial Code alone. The current framework comes from the Presidential Decision on the Determination of Companies Subject to Independent Audit, currently Decision No. 6434 as amended, together with KGK’s implementing principles. The decision states that the relevant “companies” are capital companies regulated by the Turkish Commercial Code, and it divides the audit universe into companies that are automatically audited and companies that become audited if they exceed certain thresholds.

In practice, that means the Turkish independent-audit regime is built on two legal layers working together. The Commercial Code tells you what audit means, what the consequences are, and who appoints the auditor. The Presidential Decision and KGK rules tell you whether your company is actually inside the audit perimeter. (https://ticaret.gov.tr)

Which Companies Are Automatically Subject to Independent Audit

The first group consists of companies that are subject to independent audit without any size test at all. KGK explains that these are the companies listed in Annex I of the Presidential Decision. The current decision identifies a broad set of public-interest and regulated entities in this group. (Kamu Gözetimi Kurumu)

Annex I includes capital-markets institutions regulated by the Capital Markets Board, such as investment firms, collective investment institutions, portfolio management companies, mortgage finance institutions, asset leasing companies, central clearing institutions, central depositories, trade repositories, rating agencies, valuation institutions, listed companies, and certain non-listed joint stock companies that have issued capital-markets instruments under an approved issuance document. It also includes companies regulated by the Banking Regulation and Supervision Agency, such as banks, financial holding companies, financial leasing companies, factoring companies, financing companies, asset management companies, qualifying shareholders in certain banking structures, and savings finance companies. Insurance, reinsurance, and pension companies are also included automatically.

The same Annex I list also covers Borsa İstanbul-authorized foreign-exchange institutions and precious-metals intermediaries, licensed warehouse operators and public warehouses, certain RTÜK-regulated media service providers, EPDK-regulated companies that are subject to independent audit under energy-market rules, payment institutions and e-money institutions regulated by the Central Bank of the Republic of Türkiye, and public economic enterprises and their affiliates. KGK also announced on March 17, 2026 that domestic companies established under Additional Article 1 of the Natural Gas Market Law and more than 50 percent directly or indirectly owned by state economic enterprises were added to Annex I.

For practitioners, the most important lesson is that many companies become subject to independent audit because of who regulates them, not because of their turnover or headcount. If a company operates in a regulated space such as banking, insurance, capital markets, payments, certain media, certain energy segments, or state-linked sectors, it may already be in the automatic-audit group even if it is relatively small by ordinary commercial standards.

The Threshold-Based Audit Groups

For companies outside the automatic-audit list, Turkish law uses threshold tests. KGK’s current guidance explains that audit-sensitive companies are divided into four groups. Group 1 is the automatic-audit Annex I list. Groups 2, 3, and 4 are threshold-based and become subject to independent audit if they meet the relevant test. (Kamu Gözetimi Kurumu)

Group 2: Companies in Annex II

Group 2 consists of the companies listed in Annex II of the Presidential Decision. KGK’s current guidance states that these companies become subject to audit if, on a stand-alone or combined basis with subsidiaries and affiliates, they satisfy at least two of the following three criteria in two consecutive fiscal years: assets of at least TRY 120 million, annual net sales revenue of at least TRY 150 million, and an average employee count of at least 100. (Kamu Gözetimi Kurumu)

Annex II currently includes, among others, companies supervised by the Information and Communication Technologies Authority under the Electronic Signature Law, the Electronic Communications Law, the Postal Services Law, and Article 1525 of the Turkish Commercial Code; certain TMSF-controlled entities; and companies at least 50 percent owned by municipalities. These companies are not automatically audited just because of their sector, but they are brought into an intermediate threshold regime that is lower than the general commercial thresholds.

Group 3: Non-Listed but Public Companies Under the Capital Markets Law

Group 3 consists of companies whose capital-market instruments are not traded on an exchange but which are still deemed public under the Capital Markets Law. KGK states that these companies become subject to independent audit if they meet at least two out of three thresholds for two consecutive fiscal years: assets of at least TRY 30 million, annual net sales revenue of at least TRY 40 million, and an average employee count of at least 50. (Kamu Gözetimi Kurumu)

These are low thresholds compared with the general commercial group, which shows that Turkish law places greater disclosure and assurance expectations on companies that occupy a quasi-public position in capital-markets law, even if they are not exchange-traded. (Kamu Gözetimi Kurumu)

Group 4: All Other Companies

Group 4 is the ordinary commercial bucket for companies that are not in Group 1, 2, or 3. This is where the most widely discussed thresholds apply. KGK’s March 17, 2026 announcement states that, for fiscal years beginning on or after January 1, 2026, the general thresholds were revised to: assets of TRY 500 million, annual net sales revenue of TRY 1 billion, and an average employee count of 150.

Before that March 2026 change, KGK’s explanatory page listed the general thresholds for 2025 and earlier post-2024 periods as assets of TRY 300 million, net sales of TRY 600 million, and 150 employees. That historical distinction still matters when companies are analyzing whether they were required to be audited for 2025 versus 2026. (Kamu Gözetimi Kurumu)

So, as of April 1, 2026, the most accurate way to describe the current Turkish system is this: if a company is outside Annex I, Annex II, and the non-listed public-company group, it falls into the ordinary Group 4 test and becomes subject to audit only if it exceeds at least two of the three current thresholds—TRY 500 million assets, TRY 1 billion net sales, and 150 employees—in the manner required by the law.

How the Two-Year Test Works

One of the most misunderstood features of Turkish independent-audit law is the “two consecutive fiscal years” rule. KGK’s implementing rules state that, for Groups 2, 3, and 4, a company becomes subject to independent audit only if it exceeds at least two of the three thresholds in two consecutive fiscal years. The same official text also says that the two satisfied criteria do not have to be the same in both years.

This is important because many companies wrongly think that exceeding the threshold once automatically triggers audit for the same year. It does not. The general rule is that a threshold-based company becomes subject to independent audit from the following fiscal year after the two-year test is completed. KGK’s current rules state this explicitly in the Presidential Decision and in the implementing principles.

The same logic applies on the way out, but with a nuance. KGK’s implementing principles state that a company that entered the audit perimeter because it exceeded the thresholds exits the perimeter from the following fiscal year if it falls below at least two of the three thresholds in two consecutive fiscal years. In addition, it may also exit if, in one fiscal year, it falls at least 20 percent below at least two of the thresholds.

That exit rule matters operationally. A company does not automatically stop being subject to audit the moment its numbers soften. Turkish law is designed to avoid instability in the audit perimeter, so both entry and exit are deliberately structured over time.

How to Calculate the Thresholds Correctly

Threshold calculation in Turkey is more technical than many founders expect. KGK’s implementing rules state that, when deciding whether a company is subject to audit, the company must be evaluated together with its subsidiaries and affiliates. For assets and annual net sales, the parent company’s own figures are adjusted by fully adding subsidiaries and adding affiliates in proportion to the company’s participation interest. Group transactions involving subsidiaries are eliminated; some affiliate-of-affiliate situations are handled differently.

The same official rules state that overseas subsidiaries and affiliates are also taken into account in the calculation of assets and annual net sales. That means a Turkish holding company or a Turkish subsidiary with foreign participations cannot simply ignore cross-border entities when assessing whether it falls into the audit perimeter.

The employee-count calculation is also specific. KGK states that the employee threshold is based on the annual average of the total monthly employee count reported in the withholding-tax return or the combined withholding and premium return. Apprentices and interns under vocational-training agreements are excluded. Subsidiaries are added in full; affiliates are added proportionally to the ownership share.

Once a company is already subject to audit, the later “stay in or exit” analysis uses the relevant audited-company financial framework. KGK states that companies already subject to audit use amounts shown in financial statements prepared in accordance with Turkish Accounting Standards for later assessments, with special handling where BOBİ FRS is applied and no consolidation is prepared under TMS.

Companies That Are Outside the Decision

Another area of confusion is that not every capital company in Turkey is automatically in scope for the Presidential Decision. The current decision expressly excludes some categories, such as privatization-law companies other than certain Annex I entities, many companies with at least 50 percent direct or indirect public ownership other than those specifically kept inside the system, and certain savings finance companies under TMSF liquidation.

This exclusion logic matters because some founders mistakenly assume that all state-related or all large public-shareholding companies are necessarily subject to independent audit under this specific decision. The current text is more nuanced. Whether the company is inside or outside the decision depends on the exact category and on whether it is specifically captured by Annex I or Annex II.

Who Appoints the Auditor and When

The Turkish Commercial Code places auditor appointment squarely into the corporate-governance framework. Article 399 states that the auditor is appointed by the general assembly, and the group auditor is appointed by the parent company’s general assembly. The same article requires the auditor to be appointed for each financial period and, in any event, before the end of the period in which the auditor will perform the work. After the appointment, the board must register the appointment with the trade registry and announce it in the Turkish Trade Registry Gazette and on the company website without delay. (https://ticaret.gov.tr)

If the company fails to appoint an auditor in time, the problem does not disappear. Article 399 states that if no auditor has been selected by the fourth month of the financial period, the commercial court at the company’s seat may appoint one upon the request of the board, any board member, or any shareholder. The same article also regulates judicial replacement of the auditor where there is justified reason, including doubt about impartiality. (https://ticaret.gov.tr)

From a compliance perspective, this is significant. Companies that already know they are in the audit perimeter should not leave auditor appointment until year-end closes. Turkish law expects an in-period appointment, registry announcement, and, where necessary, court intervention if the internal corporate process fails. (https://ticaret.gov.tr)

Who Can Serve as Auditor

Article 400 of the Turkish Commercial Code sets out who may act as auditor. It states that the auditor may be a sworn-in certified public accountant or certified public accountant licensed under Law No. 3568 and authorized by KGK, or a capital company whose partners are such authorized professionals. (https://ticaret.gov.tr)

The same article also imposes extensive independence restrictions. A person cannot act as auditor if that person is a shareholder of the audited company, a manager or employee of the company, recently held such a role, is a legal representative or significant owner of a connected entity, is closely related to the company’s directors or managers, has participated in keeping the company’s books or preparing its financial statements other than through the audit itself, works with a disqualified auditor, or derives too much of professional income from the audited company or related entities. (https://ticaret.gov.tr)

Turkish law also imposes a rotation rule. Article 400 states that an auditor who has been selected for the same company for a total of seven years within ten years cannot be selected again until three years have passed. That makes the Turkish audit regime stricter than a simple one-time eligibility check; it is designed to preserve independence over time as well. (https://ticaret.gov.tr)

What the Audit Actually Covers

Many companies reduce “independent audit” to a yes-or-no stamp on the year-end financial statements. Turkish law is broader. Article 398 states that the audit covers the company’s financial statements, the annual report of the board of directors, inventory, accounting, internal control to the extent required by the standards, the reports envisaged by Article 378, and compliance with Turkish Accounting Standards, the law, and the charter’s financial-reporting provisions. It also requires the audit to be performed in line with KGK standards and professional ethics. (https://ticaret.gov.tr)

Article 402 then sets out the reporting dimension. The auditor must issue a report on the financial statements that is clear, understandable, simple, and comparative to the previous year. The auditor must also issue a separate report evaluating whether the financial information in the annual report is consistent with the financial statements and reflects reality. The main audit report must clearly state, among other things, whether the books and financial statements comply with the law and the charter and whether the board provided the explanations and documents requested during the audit. (https://ticaret.gov.tr)

In short, Turkish independent audit is not merely an external opinion on whether the arithmetic balances. It is a broader assurance mechanism connected to truthful financial reporting, board accountability, and the reliability of the company’s formal disclosures. (https://ticaret.gov.tr)

What Happens If a Company Fails to Comply

The most severe statutory consequence appears in Article 397. If a company that is legally subject to audit fails to have its financial statements and annual report audited, those documents are deemed not prepared. That consequence is extremely serious in Turkish corporate law because financial statements and annual reports are central to dividend decisions, general-assembly approvals, and other core governance actions. (https://ticaret.gov.tr)

There are also indirect compliance consequences. Because auditor appointment must be registered and announced, and because the company’s financial reporting framework and audit status can affect other obligations, audit failures can create follow-on corporate, tax, and operational issues. One notable spillover obligation is e-Defter. GİB’s current guidance states that companies subject to independent audit under Article 397/4 of the Turkish Commercial Code are required to move into the e-Defter regime beginning from the start of the year following the year in which they satisfy the audit condition.

So, in practice, missing the audit requirement is not just about missing an audit. It can also affect bookkeeping format, governance documents, and the overall legal credibility of the company’s financial reporting. (https://ticaret.gov.tr)

Which Financial Reporting Framework Usually Applies

Independent audit and financial reporting are related but not identical questions. KGK’s official materials state that BOBİ FRS was issued for entities that are subject to independent audit but do not apply TFRS. KGK also explains that entities on the public-interest list—commonly described as KAYİK entities, such as banks, insurers, and listed companies—must apply TFRS, while other audited companies generally apply BOBİ FRS unless they choose TFRS voluntarily. (Kamu Gözetimi Kurumu)

This matters because some companies think “audit” and “TFRS” are always the same thing. They are not. In Turkey, the audit obligation determines whether an independent auditor must examine the financial statements. The applicable accounting framework depends on whether the company is a public-interest entity or another type of audited company. (Kamu Gözetimi Kurumu)

Practical Examples of Companies That Often Misjudge the Rules

A fast-growing private manufacturing company may think it is outside the audit perimeter because it is not listed and not regulated. But if, together with its subsidiaries, it exceeds two of the ordinary general thresholds in two consecutive fiscal years, it may become subject to independent audit from the following year. As of fiscal years beginning on or after January 1, 2026, those general thresholds are TRY 500 million in assets, TRY 1 billion in annual net sales, and 150 employees.

A BTK-regulated electronic-communications or postal-services company may also misjudge the issue by applying only the general thresholds. But Annex II companies have a lower test—currently TRY 120 million assets, TRY 150 million net sales, and 100 employees—so they may be pulled into the audit perimeter much earlier than a comparable unregulated company. (Kamu Gözetimi Kurumu)

A payment institution, e-money institution, bank, insurer, listed issuer, or certain RTÜK-regulated media provider may make the opposite mistake by assuming size matters. For many of these companies, size does not matter for audit entry because they are in Annex I and are audited automatically.

Common Legal Mistakes Companies Make

The first common mistake is using outdated thresholds. The general thresholds changed in 2024 and again in March 2026. A company analyzing 2026 and later financial years using the 2025 general thresholds of TRY 300 million assets and TRY 600 million net sales will misstate its current position. (Kamu Gözetimi Kurumu)

The second mistake is forgetting the two consecutive years rule. Threshold-based audit usually begins only after two successive fiscal years in which at least two criteria are exceeded, and the same criteria do not have to be exceeded in both years.

The third mistake is calculating the thresholds on a stand-alone basis when the rules require group-based analysis. KGK’s implementing principles expressly require the inclusion of subsidiaries and affiliates and also require inclusion of foreign subsidiaries and affiliates in the assets and sales analysis.

The fourth mistake is assuming that a subsidiary becomes audited only because its parent is audited. KGK’s rules say the opposite: a company that does not meet the audit criteria does not become subject to audit merely because its parent, subsidiary, or affiliate is audited, although group-audit obligations at the consolidated level can still remain.

The fifth mistake is waiting too long to appoint the auditor. Turkish law requires the auditor to be chosen by the general assembly before the end of the relevant financial period and to be registered and announced promptly. (https://ticaret.gov.tr)

Conclusion

Independent audit requirements for companies in Turkey are precise, technical, and increasingly important. The Turkish Commercial Code supplies the legal backbone, KGK’s Presidential Decision framework defines which capital companies are in scope, and KGK’s implementing rules explain how the thresholds are calculated and how companies move into and out of the audit perimeter. (https://ticaret.gov.tr)

As of April 1, 2026, the current system can be summarized in a simple way. Some companies are always audited because of their regulated or public-interest character. Some companies are audited under lower thresholds because they belong to Annex II or because they are public within the meaning of capital-markets law without being exchange-traded. All other companies are assessed under the general thresholds, which for 2026 and later periods are TRY 500 million in assets, TRY 1 billion in annual net sales, and 150 employees, with the ordinary two-out-of-three, two-consecutive-years logic. (Kamu Gözetimi Kurumu)

The safest practical approach is not to wait until year-end. Companies should review their sector status, their group structure, their last two years of financials, their employee averages, and their likely next-year position well before the general assembly appoints the auditor. In Turkish practice, the biggest audit mistakes are rarely about audit technique. They are about companies realizing too late that they were already inside the legal perimeter.

FAQ

Are all Turkish companies subject to independent audit?

No. The audit requirement applies to capital companies determined under the Presidential Decision framework. Some are automatically audited because they are in Annex I, while others are audited only if they meet the relevant thresholds.

What are the current general thresholds in Turkey?

For fiscal years beginning on or after January 1, 2026, KGK announced the general thresholds as TRY 500 million in assets, TRY 1 billion in annual net sales, and 150 employees.

Does a company become subject to audit after exceeding the thresholds once?

Usually no. For threshold-based groups, the company generally enters the audit perimeter only after exceeding at least two of the three thresholds in two consecutive fiscal years, and then becomes audited from the following fiscal year.

Who appoints the auditor?

The auditor is appointed by the general assembly, and the appointment must be made before the end of the financial period to be audited. The board must then register and announce the appointment. (https://ticaret.gov.tr)

What if the company does not obtain the required audit?

If a company that is legally subject to audit fails to have its financial statements and annual report audited, those documents are deemed not prepared under the Turkish Commercial Code. (https://ticaret.gov.tr)

Do audited Turkish companies always use TFRS?

No. KGK states that public-interest entities on the relevant list apply TFRS, while other audited companies generally apply BOBİ FRS unless they choose TFRS voluntarily. (Kamu Gözetimi Kurumu)