Annual trust account audit requirements for Australian law firms
Australian law practices that received or held trust money during the financial year must appoint an approved external examiner to audit their trust records each year and lodge the examiner's report with the designated local regulatory authority. The Legal Profession Uniform Law (NSW, VIC, WA) and equivalent state legislation set out the examination scope, timing and exceptions.
Coverage
Every Australian law practice that operated a trust account or received trust money during the year under review — including incorporated legal practices, partnerships and sole practitioners.
Legal basis
Legal Profession Uniform Law Part 4.2 Division 3 (External examination of trust records). Legal Profession Uniform General Rules 2015 rr 66–75. Equivalent provisions in the Legal Profession Acts of QLD, SA, TAS, ACT and NT.
The obligations
Appoint an approved external examiner
Appoint an external examiner approved by the designated local regulatory authority within the time required by the applicable rules.
Examine records for the full financial year
The examination must cover trust records for the examination period — normally 1 April to 31 March in Uniform Law states — and any transactions in that period.
Provide the examiner with complete access
Give the examiner access to all trust records, client matter files, bank statements and supporting documents necessary to complete the examination.
Ensure the examination tests key controls
The examiner must test bank reconciliations, authorisation of withdrawals, receipt procedures, trust ledgers and the handling of controlled money and transit money.
Rectify any deficiencies identified
Address any deficiencies or irregularities identified by the examiner as soon as reasonably practicable and document the remediation.
Lodge the examiner's report on time
Ensure the external examiner's report is lodged with the designated local regulatory authority by the statutory deadline — 31 May in Uniform Law states.
Self-report irregularities discovered mid-year
Report any suspected deficiency, defalcation or breach in the trust account to the designated local regulatory authority as soon as it is identified, not just at audit time.
Maintain statements of trust money
Provide each person for whom trust money is held with an itemised statement of account at least annually and on request.
Retain audited records for seven years
Retain all trust records subject to the examination for at least seven years after the last entry, in a form that allows the examiner and regulator to reconstruct transactions.
Notify the regulator of a cessation or exemption
If the firm ceases to receive trust money, notify the designated local regulatory authority and follow the rules for a final examination or exemption.
What happens if you do not comply
Failure to appoint an examiner, late lodgement, or false statements can lead to disciplinary action, conditions on the practising certificate, civil penalties and, in serious cases, criminal prosecution.
Reporting requirements
The external examiner's report must be lodged annually with the designated local regulatory authority (typically the state Law Society or Legal Services Commissioner) by the statutory deadline, together with any supplementary information requested.
What firms should do today
- Appoint the external examiner early in the new examination year so they can book the audit window
- Complete and review the March reconciliation the day the period closes so the audit starts with clean records
- Provide the examiner with a standing index of trust account files, reconciliations and banking authorities
- Debrief after every audit and turn examiner feedback into controls for the coming year
- Monitor lodgement deadlines and diarise reminders four weeks, two weeks and one week out
Compliance with Quillio
Quillio preserves matter records and correspondence on Australian-hosted infrastructure, giving examiners a complete audit trail for trust-related client communications without sending data offshore. See /resources/security.
This guide is general information about trust account audit requirements only — not legal or compliance advice. Timing, scope and exemptions differ between Uniform Law and non-Uniform Law jurisdictions and should be confirmed with the relevant regulator.
Build compliance into your stack.
Quillio is built around AU compliance from the ground up — SOC 2 Type II + ISO 27001 + Australian data sovereignty. The free trial requires no sales call.
Start your free trial