Regulatory updates

Auditing updates

Updates from ICAI

Back
Select Month :
January 2022

The ICAI has released the following Implementation Guides (IG) on 15 January 2022:

  • Implementation Guide to SA 560, Subsequent Events: : The IG provides a brief introduction and an overview of SA 560, illustrative checklist of audit procedures to be followed by auditors while applying SA 560 as well as illustrative examples. It also provides guidance on various implementation challenges (issues) pertaining to SA 560 in the form of Frequently Asked Questions (FAQs). Some of the key implementation challenges discussed pertain to :
    • Matters excluded : SA 560 does not deal with matters relating to the auditor’s responsibilities regarding ‘Other Information’, as specified in SA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information. However, when the audited financial statements are included in other documents, subsequent to the issuance of the financial statements, these documents may bring to light a subsequent event that is within the scope of SA 560. The auditor may have additional responsibilities relating to such subsequent events, for example, performing additional audit procedures upto the date of the document.
    • Facts which become known to the auditor after the date of the auditor’s report: The IG on SA 560 provides various scenarios where facts become known to the auditor after the auditor’s report but before the financial statements are issued, and in some cases, after the financial statements have been issued. The IG specifies the audit procedures required to be performed by an auditor in each of these scenarios. 
    • Exception for management from amending the financial statements pursuant to a subsequent event:  In cases where the issuance of the financial statements for the succeeding period is imminent, management may not revise the previously issued financial statements which require amendment due to a subsequent event.
    • Dual dating:  Sometimes after completion of audit work, but before issuance of the audit report, a significant event comes to the audit team’s attention. In light of this, dual dating refers to dating the audit report on completion of audit work along with an additional later date for disclosure of the impact of a subsequent event. Its purpose is to provide a means of inserting important information in the financial statements, identified after audit work is complete and to inform users that the auditor takes full responsibility for all subsequent events only up to the end of audit work and for the specifically identified subsequent event. However, responsibility is not taken for other events that may have occurred after the end of audit work.
    • Subsequent events impacted by any pandemic or unforeseen circumstances:  An auditor determines the nature, timing and extent of audit procedures such that they are responsive to the auditor’s risk assessment. While undertaking audit procedures for subsequent events, including events impacted by a pandemic, the auditor considers management’s adjustments or disclosures including timelines used to distinguish between adjusting and non-adjusting events. It is also important to consider the effects of a pandemic as a factor in an entity’s analysis of estimates required in the financial statements, including, but not limited to, estimates related to expected credit loss, inventory obsolescence, impairment analyses, variable and contingent compensation, etc. Therefore, judgement needs to be applied to determine whether the conditions existed at the date of the financial statements.
    • Factors to consider in a pandemic situation: The IG on SA 560 provides examples of events or conditions that may be affected by or exist as a result of a pandemic. This includes events involving unforeseen circumstances, and which may be relevant for the auditor in determining whether subsequent events have occurred and reflected in the financial statements (where applicable), such as, new commitments, borrowings, guarantees, invocation of force majeure clause, etc.   
    • Auditor’s responsibility where events of a pandemic become known after the date of the auditor’s report: The IG refers to para 10 of SA 560, which states that the auditor has no obligation to perform audit procedures regarding the financial statements after the date of the auditor’s report. However, additional audit procedures will be required when a fact becomes known to the auditor that, had it been known to the auditor at the date of the auditor’s report, may have caused the auditor to amend his/her report.
    • Revocation of Unique Document Identification Number (UDIN) on amendment of audit report: When an auditor amends his/her audit report, the UDIN used for that audit report needs to be revoked in accordance with the FAQs on UDIN for practicing chartered accountants issued by ICAI. This revocation is required even if the management does not amend the financial statements.
    • Subsequent events related to changes in Internal Financial Controls over Financial Reporting (IFCoFR):  The auditor should inquire from management whether there were any changes in IFCoFR or factors that significantly impact IFCoFR, obtain written representations from management relating to such matters and consider implications, if any, on the audit report.

To access the text of ICAI notification on IG of SA 560, please click here

  • Implementation Guide to SA 210, Agreeing the Terms of Audit Engagements: The IG provides a brief introduction and overview of SA 210, as well as a few illustrative clauses that can be considered to be included in engagement letters. It also provides guidance on various implementation challenges (issues) pertaining to SA 210 in the form of Frequently Asked Questions (FAQs). Some of the key implementation challenges discussed pertain to:
    • Changes in the terms of audit engagement: Changes in the terms of audit engagements may be considered reasonable or unreasonable as under:
      I. Reasonable changes in terms: A few examples of the changes in the terms of audit engagement that can be considered reasonable include, change in circumstances leading to significant change in ownership, significant change in the nature of the business, change in legal or regulatory requirements, etc.
      II. Unreasonable changes in the terms:  Changes in the terms of audit engagement that would be considered unreasonable include changes relating to information that is incorrect, incomplete or otherwise unsatisfactory. An example might be where the auditor is unable to obtain sufficient appropriate audit evidence regarding receivables and the entity asks for the audit engagement to be changed to a review engagement to avoid a qualified opinion or a disclaimer of opinion
    • Separate engagement letter for a component: In certain cases, the auditor of the parent entity may also be the auditor of the component. The IG provides factors to be considered for a separate engagement letter in such cases. The factors are as follows:
      . Who appoints the component auditor;
      . Whether a separate auditor’s report is to be issued on the component;
      . Legal requirements in relation to audit appointments;
      . Degree of ownership by parent; and
      . Degree of independence of the component management from the parent entity
    • Engagement letter in case of a joint audit: Two or more auditors, that are appointed to conduct the audit jointly and report on the financial statements of the entity, should obtain a common engagement letter.

To access the text of ICAI notification on IG of SA 210, please click here

Action Points for Auditors

  • Auditors should refer to the FAQs and examples mentioned in the Implementation Guides to SA 560 and SA 210 while applying these SAs to their audit engagements
  • The checklist provided by ICAI in the IG to SA 560 should be customised by auditors based on the specific requirements of the audit engagements and may be included as part of their audit documentation
  • The IG to SA 560 also specifies various examples of events and conditions that may be affected as a result of any pandemic, which may be relevant for auditors to determine their possible impact on the financial statements. For example, new commitments, borrowings, etc. entered into by the auditee as a result of the pandemic. 
  • Illustrative clauses of engagement letters included in the IG to SA 210 may be inserted in the audit engagement letters drafted by auditors, depending upon the terms and conditions of the engagement.

The Ministry of Corporate Affairs (MCA) amended Schedule III of the Companies Act, 2013 on 24 March 2021. Schedule III provides general instructions for preparation of Financial Statements of a company classified under Division I (Indian GAAP ), Division II (Ind AS) and Division III (Ind AS for Non-Banking Financial Companies (NBFCs)).

The ICAI through an announcement dated 24 January 2022 has revised the Guidance Notes on Schedule III to the Companies Act, 2013 (GN) for entities covered in Division I, Division II and Division III of the Schedule III respectively. The changes in the GN have largely been made to align the guidance given in the GN with the corresponding changes made by the MCA in Schedule III and CARO 2020. some of the key guidance provided is in the annexure attached.

To refer the text of ICAI Guidance Note of the Schedule III Division I, please click here

To refer the text of ICAI Guidance Note of the Schedule III Division II, please click here

To refer the text of ICAI Guidance Note of the Schedule III Division III, please click here

Action Points for Auditors

Schedule III provides general instructions for preparation of financial statements of a company. The GN issued by ICAI provides broad guidelines to deal with practical issues that may arise in the implementation of the Schedule III. MCA brought corresponding amendments in Schedule III to CARO 2020 to align management responsibilities on disclosures under the Schedule III with those of the statutory auditors under CARO 2020.
February 2022

Statutory audit of banks involves a number of peculiarities due to some unique features of banks and banking operations e.g., huge volumes and complexity of transactions, wide geographical spread of banks’ network, large range of products and services offered, extensive use of technology, strict vigilance by the banking regulator, etc.

In this regard, ICAI releases a publication ‘Guidance note on audit of banks’ (the guidance note) every year to provide detailed guidance to auditors conducting audit of banks and their branches. The revised 2022 edition of the guidance note is divided into two sections i.e., Section A - Statutory Central Audit and Section B - Bank Branch Audit. It contains illustrative formats of an engagement letter, auditor’s report both in case of nationalised banks and banking companies and management representation letter. It also incorporates the impact of various circulars of the Reserve Bank of India (RBI) as well as certain important advisories, pronouncements of the ICAI which would be relevant for bank audits for the financial year ending 31 March 2022.

To access the text of ICAI guidance note, please click here

Action Points for Auditors

  • Auditors should refer to the various Appendices included in the guidance note, such as - illustrative formats of an engagement letter, formats of auditor’s report in case of nationalised banks and banking companies, formats of management representation letter, text of master directions, master circulars and other relevant circulars issued by RBI. This will provide relevant guidance and enhance uniformity in the audit reports issued.
  • With the entire banking process becoming automated and computerised, auditors should emphasise on key IT aspects like cyber security review, digital banking fraud risks, blockchain and so on.
  • Previously, AASB had also issued two separate publications i.e., “Technical Guide on Audit of Internal Financial Controls in case of Public Sector Banks” and “Technical Guide on Revised Formats of Long Form Audit Report”. Auditors should use this guidance note in conjunction with the mentioned publications.
There are no updates in March 2022
April 2022

The Ministry of Corporate Affairs (MCA) issued the Companies (Audit and Auditors) Amendment Rules, 2021 on 24 March 2021 introducing inter aliaa new Rule 11(e) and a new Rule 11(f) in the Companies (Audit and Auditors) Rules, 2014.

Rule 11(e) deals with reporting on lending or receiving funds through pass through entities marked for an ultimate beneficiary and Rule 11(f) deals with reporting on the payment/declaration of dividend.

The Rules are effective for audits of companies for FY 2021-22 onwards.

The Institute of Chartered Accountants of India (ICAI) on 26 April 2022 has issued an ‘Implementation Guide (IG) on Reporting under Rule 11(e) and Rule 11(f) of the Companies (Audit and Auditors) Rules, 2014’. The IG provides detailed guidance and provides practical illustrations on different scenarios with regard to various aspects of reporting like analysis of rules, management's responsibilities in respect of disclosures in financial statements, illustrative format of confirmation letters and management representation letters.

The IG provides the following guidelines with regard to reporting under both, Rules 11(e) and 11(f):

  1. Applicability to consolidated financial statements: Reporting on compliance with Rules 11(e) and 11(f) for subsidiaries, joint ventures and associates that are Indian companies (together termed as components) will be on the basis of the reports of their statutory auditors. The auditors of the parent company may request such information from the component auditors as part of group reporting instructions 2. The auditors of the parent company would need to apply professional judgement and comply with Standards on Auditing (SA) 600, Using the Work of Another Auditorwhile assessing the matters reported by component auditors.
  2. Transactions eliminated in consolidation procedures (intra-group transactions) and consequently not forming part of consolidated financial statements: Guidance note on Schedule III indicated that disclosure in consolidated financial statements would be provided after applying the principles of consolidation i.e., only the funds provided or invested outside the group would be required to be disclosed. However, the IG suggests that even if transactions are eliminated on consolidation, such transactions would continue to be covered by an auditor’s reporting obligations.
  3. Reporting language in the audit reports on standalone and consolidated financial statements: The IG provides illustrative language that can be referred to for reporting under Rule 11 (e) and Rule 11(f) in standalone and consolidated financial statements.

Key guidelines to consider while reporting under Rule 11(e)

The IG has provided the following guidelines and clarifications while reporting under Rule 11(e):

  • Scope of reporting: Reportingunder Rule 11(e) in substance requires an auditor to report whether the disclosures in the notes to the financial statements (in respect of certain types of funding arrangements as specified in these rules) have been appropriately provided by the management. Auditor also needs to bring out the material misstatements3 identified.
  • When there are no transactions that require reporting under Rule 11(e): The IG specifies that in a situation wherein there is no transaction that requires reporting, a statement to that effect should be provided in the financial statements.
  • Reporting based on fund and non-fund based transactions: Reporting under Rule 11(e)(i) would be required when the funding party transfers funds to the intermediary (i.e., no reporting would be required under this rule in case of a non-funding arrangement between the funding party and the intermediary). However, reporting under Rule 11(e)(ii) would be required irrespective of whether the intermediary enters into a funding or a non-funding arrangement with the ultimate beneficiary.
  • Importance of determining ‘timing of cash flows’: The IG brings out the importance of determining the timing of cash flows from a funding party to the intermediary and from the intermediary to the ultimate beneficiary. It is also important to determine when an understanding for onward lending or investment of funds on behalf of the funding party is reached. This will determine the financial period in which reporting will be done under Schedule III of the Companies Act, 2013 and consequently in the audit report.
  • Sources of funds: For thepurpose of reporting under Rule 11(e), a funding party may advance, loan or invest funds from any source. Therefore, sources of funds for a company may include share capital, securities premium, grants, profits, borrowings, etc.
  • Indirect lending: There may be cases where there is more than one intermediary as a pass-through entity. In such a case, reporting for intermediaries who pass on the funds further to other intermediaries will be under Rule 11(e)(i) (i.e., as a funding party who further advances, loans or invests funds to another intermediary) and under Rule 11(e)(ii) (i.e., as an intermediary who receives funds from the funding party).
  • Management responsibility: TheIG states that management should implement internal controls that would ensure all transactions are appropriately captured and reported. Further each transaction of lending or investing should be carefully evaluated and supported by a formal written agreement which includes the nature and purpose of such funding. Management should also obtain end-use certificates from parties that receive the funds.
  • Auditor’s responsibility: Someof the key audit procedures to be planned and performed by an auditor, as mentioned in the IG, include:
    • Auditors should ensure completeness of reporting of all arrangements covering funding and utilisation of funds under Rule 11(e).
    • Internal controls implemented by management should be tested for appropriate identification and reporting of transactions.
    • companies with statutory records maintained by the company as per the requirements of the Companies Act, 2013.
    • Obtain minutes of board meeting where the funding of amounts was approved, and which will enable an auditor to determine whether the company was acting as a funding party or as an intermediary.
    • Obtain a separate and specific management representation letter with regard to disclosures in the financial statements from those charged with governance duly taken on record by the board of directors.

Key guidelines to consider while reporting under Rule 11(f)

The IG discusses scenarios in which auditor reporting is required, considering the date of declaration and payment of interim and/or final dividend. It also provides guidance on auditor responsibility. Key provisions discussed in the IG are given below:

  • Auditors should determine adequacy of profits, including if management has considered the effect of any audit qualification when determining the adequacy of profits.
  • Certified copy of resolutions declaring dividend by board of directors should be obtained.
  • Auditors should check whether dividend has been transferred to a separate bank account within the time prescribed under the Companies Act, 2013.
  • Where dividend is paid through the Registrar and Transfer Agent (RTA), confirmation regarding payment to registered shareholders can be obtained from the RTA.
  • Investor complaints with regard to dividend should be examined to determine if any of them indicate any non-compliance by the company with the Companies Act, 2013.
  • A written representation from management regarding compliance with section 123 of the Companies Act, 2013 should be obtained from the management.
  • Auditor should ensure compliance with rules pertaining to dividend declaration and payment as per any other law (i.e. apart from the Companies Act, 2013).
  1. This will be the case where the statutory audit of the unlisted components, (and thus reporting on these clauses) would be finalised post the statutory audit of the listed entity, since unlisted components have time till six months from year-end to conduct their annual general meeting.
  2. While determining what is a ‘material’ misstatement, the auditor should consider both, the quantitative and the qualitative aspects of the misstatement.

To access the text of the IG, please click here

Action Points for Auditors

  • Reporting under Rules 11(e) and 11(f) of the Companies (Audit and Auditors) Rules, 2014 are applicable for audits of companies for financial years 2021-22 and onwards. These rules cast an extensive responsibility on auditors due to wide scope of reporting under these rules. The auditors should refer to the guidance given in the IG including the illustrative formats of audit reports, confirmation letters and management representation letters.
  • They should also communicate the areas of responsibilities of the management with those charged with governance, and require adequate documentation in the notes to the financial statements regarding the types of funding arrangements.
May 2022

In 2012, the International Auditing and Assurance Standards Board (IAASB) had issued the International Standard on Assurance Engagements (ISAE) 3410, Assurance Engagements on Greenhouse Gas Statementsto provide reasonable or limited assurance on Greenhouse Gas Statements. However, the Indian reporting framework did not have any specific auditing standard on assurance engagements on Greenhouse Gas Statements, corresponding to ISAE 3410. Taking note of this, in February 2021, the Sustainability Reporting Standards Board (SRSB) of the ICAI issued the Standard on Assurance Engagements (SAE) 3410, Assurance Engagements on Greenhouse Gas Statements.

ICAI, vide a notification dated 2 May 2022 has announced the effective date of application of SAE 3410 as follows:

  • Voluntary basis for assurance reports covering periods ending on 31 March 2023
  • Mandatory basis for assurance reports covering periods ending on or after 31 March 2024.

To access the text of ICAI notification, please click here

Action Points for Auditors

In recent years, climate change concerns and sustainable development have taken center stage in global and national priorities. Given the link between Greenhouse Gas (GHG) emissions and climate change, many entities are quantifying their GHG emissions as part of regulatory requirements and due to increase in demand for such information by investors. Since regulators and investors rely on such information, there is a corresponding demand for assurance on the information provided. SAE 3410 requires practitioners to select procedures appropriate to the circumstances of the engagement based on an assessment of risks of material misstatement.

The practitioners would need to assess whether a limited or reasonable assurance could be required on the GHG statement. Effective understanding and communication between the practitioner and the client would enable appropriate planning and risk assessment, which will facilitate a smooth execution of the assurance engagement.

June 2022

In July 2020, ICAI had issued the Guidance Note on the Companies (Auditor’s Report) Order, 2020 (CARO 2020) to provide detailed guidance to auditors on the reporting requirements of the CARO 2020.

There have been certain amendments to the Schedule III to the Companies Act, 2013 (which include amendments that are in line with the clauses pertaining to the CARO 2020 and various additional disclosure requirements). Therefore, ICAI, in June 2022released an Exposure Draft of the Guidance Note on CARO 2020 (exposure draft). Some of the key changes suggested in the exposure draft include:

Applicability:
  1. For evaluating applicability of CARO 2020, total income should be considered as a criteria instead of total revenue, and
  2. For evaluating applicability of the CARO 2020 to NBFC companies, definition of Reserves and Surplus has been amended. The revised definition of Reserves and Surplus6 for entities following Division III of the Schedule III is now aligned with the definition of Reserves and Surplus for entities following Division II of the Schedule III.

Clause (iii) - Reporting on loans, investments, guarantees, securities and advances in nature of Loan: The exposure draft has recommended the following changes while reporting under clause (iii) of the CARO 2020:

  1. Clause 3(iii)(a)(A) and (B)7: The exposure draft has introduced changes in the reporting format of clause (iii)(a), relating to granting of loans and advances in the nature of loans. As per the proposed format, the reporting for loans and advances in the nature of loans would be split into secured and unsecured portions. The revised format proposed by the exposure draft is given below:
Guarantees Security Loans secured Loans unsecured Advances in nature of loans - secured Advances in nature of loans - unsecured
Aggregate amount granted/ provided during the year
- Subsidiaries
- Joint Ventures
- Associates
- Others
Balance outstanding as at balance sheet date in respect of above cases
- Subsidiaries
- Joint Ventures
- Associates
- Others

Clause 3(iii)(c)8: Where repayment of principal and payment of interest is not regular, the auditor is required to report in a prescribed format. The exposure draft has now proposed reporting non-payment of principal and/or interest in two separate tabular formats, as given below:

For companies whose principal business is NOT to give loans: Additional column for actual date of payment has been included in the existing format- the revised format is given below:

Name of the Entity Amount Due date Date of payment Extent of delay Remarks, if any

For companies whose principal business is to give loans:
New format has been proposed for companies whose principal business is to give loans, in which only summarised informationis required to be given pertaining to:

  1. No. of cases where repayments were not regular
  2. Principal amount outstanding as of the reporting date, and
  3. Overdue amount including interest on reporting date

(Name of the entity is not required to be provided by entities whose principal business is to give loans).

The new format introduced by the exposure draft is given below:

No. of cases where repayments were not regular Principal amount outstanding on the reporting date Overdue amount including interest on the reporting date

Clause 3(iii)(e)9: The exposure draft has amended the suggested format for reporting under this clause by adding a column for gross amount of loans/advances in nature of loan granted during the year to those parties where the overdue amount was settled by renewal or extension of a fresh loan.

Accordingly, percentage of loans renewed or extended will be computed as a percentage of total loans or advances in the nature of loans granted during the relevant year to the party where there is a renewal or extension of a loan. Earlier, the requirement was to compute the percentage of loans renewed with respect to the total loans or advances in the nature of loan granted during the year (cumulative amount for all parties).

The revised reporting format proposed by the exposure draft is given below:

Name of the parties Aggregate amount of loans or advances in the nature of loans granted during the year Aggregate overdue amount settled by renewal or extension or by fresh loans granted to the same parties Percentage of the aggregate to the total loans or advances in the nature of loans granted during the year

Clause (ix)(f) -Reporting on raising of loans against pledge of securities held in subsidiaries, etc.: Auditors are currently required to report the loans raised by a company against a pledge of securities held in its subsidiaries, associates and joint ventures. As per the exposure draft, companies would now be required to disclose the nature and carrying amount of the securities pledged, and cross reference it to the relevant note in the financial statements.

Clause (xix)- Reporting on material uncertainty: Currently, auditors are required to review the liquidity ratios computed by the company and report on whether any material uncertainty exists as on the date of the audit report. However, as per the revised requirements, auditors should now use the financial ratios10 as computed and disclosed by companies in accordance with the requirement of the Schedule III to the Companies Act, 2013, instead of the liquidity ratios for reporting under this clause.

Apart from the aforementioned changes, other changes in the exposure draft are clarificatory in nature and provide reference to the Schedule III disclosures including the fact where the reporting requirement under CARO 2020 is different from that in the Schedule III.

  1. As per the revised definition, Reserves and Surplus comprise of:
    1. Capital Reserve,
    2. Retained Earnings,
    3. Securities Premium, and
    4. Other Reserves
  2. Clause 3(iii)(a)(A) and (B) requires specific reporting by auditor, where a company has provided loans, advances in the nature of loans, stood guarantee or provided security to any entity.
  1. Clause 3(iii)(c) requires reporting by auditor on whether the schedule for repayment of principal and payment of interest has been stipulated and whether the repayments or receipts of principal and interest respectively are regular.
  2. Clause 3(iii)(e) requires auditors to report instances of evergreening of loans.
  1. Schedule III (Division I and II) requires disclosure of the following financial ratios in the financial statements:
    1. Current ratio
    2. Debt-equity ratio
    3. Debt service coverage ratio
    4. Return on equity ratio
    5. Inventory turnover ratio
    6. Trade receivables turnover ratio
    7. Trade payables turnover ratio
    8. Net capital turnover ratio
    9. Net profit ratio
    10. Return on capital employed
    11. Return on investment
  1. Schedule III (Division III) requires disclosure of the following financial ratios in the financial statements:
    1. Capital to risk-weighted
    2. asset ratio (CRAR)
    3. Tier I CRAR
    4. Tier II CRAR
    5. Liquidity Coverage Ratios

To access the text of the exposure draft, please click here

Action Points for Auditors

In many clauses, the exposure draft stipulates that auditors should review the disclosures given in the financial statements pertaining to the respective CARO clause, and accordingly provide their comment in CARO 2020. However, in certain clauses, the reporting requirement under the CARO 2020 is different from that in the Schedule III, therefore professional judgement needs to be applied.

July 2022

In July 2020, ICAI had issued the Guidance Note on the Companies (Auditor’s Report) Order, 2020 (CARO 2020) (guidance note) to provide detailed guidance to auditors on the reporting requirements of CARO 2020

Subsequently, certain amendments were made to the Schedule III to the Companies Act, 2013 (Schedule III). Therefore, with the objective of aligning the CARO 2020 with the additional disclosures introduced by the Schedule III, in June 2022, ICAI issued an Exposure Draft of the Guidance Note on CARO 2020. Based on the feedback received from various stakeholders, on 14 July 2022, ICAI released the Guidance Note on CARO 2020 (revised guidance note). Following are some of the key changes introduced:

a. Applicability:
  • For evaluating applicability of the CARO 2020 for companies following IGAAP, total income should be considered as a criterion instead of total revenue. Therefore, this requirement is aligned for entities complying with both, Accounting Standards and Ind AS
  • For evaluating applicability of CARO 2020 to NBFC companies, definition of Reserves and Surplus has been amended. The revised definition of Reserves and Surplus7 for entities following Division III of Schedule III is now aligned with the definition of Reserves and Surplus for entities following Division II of the Schedule III.
  • b. Clause 3(iii)(c) – Regularity of repayment of principal and interests for loans granted: This clause requires an auditor to report in respect of loans and advances in the nature of loans, with respect to the schedule of repayment of principal and interest and on regularity of such repayment. The revised guidance note has modified the reporting format and added an additional column for ‘actual date of payment’. The said format is applicable for all the companies, whether or not their principal business is to give loans. The revised reporting format is given below:
Name of the Entity Amount Due date Date of payment
[NEW COLUMN]		 Extent of delay Remarks, if any

c. Clause 3(iii)(e) – Evergreening of loans/advance in the nature of loans granted: The revised guidance note has amended the reporting format by adding an additional column for gross amount of loans/advances in the nature of loan granted during the year to those parties where the overdue amount was settled by way of renewal or extension or fresh loan.

Name of the parties Aggregate amount of loans or advances in the nature of loans granted during the year
[NEW COLUMN]		 Aggregate overdue amount settled by renewal or extension or by fresh loans granted to same parties Percentage of the aggregate to the total loans or advances in the nature of loans granted during the year

d. Clause 3(ix)(f) – Reporting on raising of loans against pledge of securities held in subsidiaries, etc.: Auditors are currently required to report the loans raised by a company against a pledge of securities held in its subsidiaries, associates and joint ventures. As per the revised guidance note, companies would now be required to disclose the nature and carrying amount of the securities pledged, and cross reference it to the relevant note in the financial statements.

e. Clause (xix) – Reporting on material uncertainty: Before amendment of the guidance note, auditors were required to review the liquidity ratios computed by the company and report on whether any material uncertainty exists as on the date of the audit report. However, as per the revised guidance note, auditors should now use the financial ratios8as computed and disclosed by companies in accordance with the requirement of the Schedule III, instead of the liquidity ratios for reporting under this clause.

Apart from the aforementioned changes, other changes in the exposure draft are clarificatory in nature and provide reference to the Schedule III disclosures including the fact where the reporting requirement under the CARO 2020 is different from that in the Schedule III.

  1. As per the revised definition, Reserves and Surplus comprise of:
    1. Capital Reserve,
    2. Retained Earnings,
    3. Securities Premium, and
    4. Other Reserves.
  1. Schedule III (Division I and II) requires disclosure of the following financial ratios in the financial statements:
    1. Current ratio
    2. Debt-equity ratio
    3. Debt service coverage ratio
    4. Return on equity ratio
    5. Inventory turnover ratio
    6. Trade receivables turnover ratio
    7. Trade payables turnover ratio
    8. Net capital turnover ratio
    9. Net profit ratio
    10. Return on capital employed
    11. Return on investment
  1. Schedule III (Division III) requires disclosure of the following financial ratios in the financial statements:
    1. Capital to risk-weighted asset ratio (CRAR)
    2. Tier I CRAR
    3. Tier II CRAR
    4. Liquidity Coverage Ratios

To access the text of the Technical Guide for LLPs, please click here

Action Points for Auditors

  • In many clauses, the revised Guidance Note stipulates that auditors should review the disclosures given in the financial statements pertaining to the respective CARO clause, and accordingly provide their comments in the CARO 2020. However, in certain clauses, the reporting requirement under the CARO 2020 is different from that in the Schedule III. In such cases, professional judgement needs to be exercised by the auditors.
August 2022

On 25 July 2022, SEBI had introduced regulations pertaining to the Social Stock Exchange (SSE) by making amendments to the following regulations:

  • The SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 (ICDR Regulations)2 by inserting a chapter on ‘Social Stock Exchange’,
  • The SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR Regulations)3 by adding a chapter on ‘Obligations of Social Enterprises’, and
  • The SEBI (Alternative Investment Funds) Regulations, 2012 (AIF Regulations)4 by introducing changes in relation to social impact fund.

According to the ICDR Amendment Regulations, an SSE means a separate segment of a recognised stock exchange having nationwide trading terminals, permitted to register Non-Profit Organisations (NPOs5) and/or list the securities issued by NPOs in accordance with the provisions of the ICDR Regulations. The provisions would apply to:

  • NPOs seeking to only get registered with an SSE,
  • NPOs seeking to get registered and raise funds through an SSE, and
  • For Profit Social Enterprises (FPSE)6 seeking to be identified as a Social Enterprise (SE)7 under the provisions of the ICDR Regulations.

As per the amendments an SE, which is either registered with or has raised funds through an SSE, should submit an annual impact report to the SSE (the format would be specified by SEBI). The annual impact report must be audited by a social audit firm8, employing social auditor(s)9.

In this regard, ICAI has been entrusted with the responsibility of being the self-regulatory organisation for regulating the profession of social auditors. Consequently, on 5 August 2022, ICAI released an Exposure Draft (ED) on Compendium of Social Audit Standards (SAS).

Some of the key requirements of the SAS framework discussed in the ED are as follows:

  • Applicability: The SAS would apply whenever an independent social audit of an SE is carried out. The framework specifies five elements of a social audit engagement. These are:
  1. A three-party relationship involving a social auditor, a responsible party (generally SE), and the intended user
  2. Project/programme/intervention to be covered
  3. Project monitoring framework
  4. Evidence
  5. A written report
  • Quality control for social auditor: A social auditor/audit firm must establish a system of quality control, including policies and procedures addressing each of the following elements:
  1. Leadership responsibilities for quality within the firm
  2. Ethical requirements
  3. Acceptance and continuance of client relationships and specific engagements
  4. Human resources
  5. Engagement performance, and
  6. Monitoring.

The quality control policies and procedures should be documented and communicated to the firm’s personnel on a timely basis.

  • Understanding the entity and its environment: For establishing an SE’s primacy of social intent, a social auditor should conduct a preliminary review of the entity and its environment. Such a review may include information such as the stated objectives of the project/programme, project monitoring framework10, programme specific baseline11, mid-line and end-line12 assessment reports, fund utilisation certificate, alignment of the project outcomes to National/State priorities, NITI Aayog’s Sustainable Development Goals (SDG) India Index Indicators and so on.
  • Collection and analysis of data: A social auditor should use various methods such as interviews, questionnaires, Focussed Group Discussion (FGD)13 etc. for collecting data on different quantitative and qualitative parameters.The respondents would be the stakeholders of an SE which affect or are affected by the project. Based on the data collected, the social auditor should analyse and interpret it as per the ‘Theory of change and logic model’, explaining the process of intended social impact of the project. The review process should answer the following questions:
    1. What was the situation before and what would have happened in the absence of the project?
    2. How much has the project contributed to the changes that are evidenced as compared to pre project interventions?
    3. How much unintended impacts (positive and negative) happened due to the project?
  • Materiality: A social auditor should consider materiality while assessing the overall impact of the project/programme. Different quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, the interests of different stakeholders involved, etc. should be taken into consideration while assessing the materiality threshold.
  • Using the work of field level research agency/subject matter experts: In certain cases, a social auditor may need to use the work of assistants/field level research agencies and/or other social auditors and subject matter experts. In such situations, the social auditor should perform relevant procedures to evaluate the appropriateness and adequacy of the work performed and consider their significant findings/assessments, if any, in the context of the specific social audit. A social auditor would continue to be responsible for the overall social audit report of an SE.
  • Use of technology: A social auditor should determine the usage and acceptability of technology for meeting the objectives, collecting and verifying evidence as well as validating impact measurements and assessments in case of social audit engagements. The social auditor should consider the extent of usage of IT tools to be deployed for:
    1. information database to be maintained at one place for information of all stakeholders, beneficiaries, volunteers, staff,
    2. Data collection process through online surveys, virtual interviews, satellite imagery for monitoring forestry coverage etc., and
    3. Data sorting and visualisation, data analysis, reporting.
  • Documentation: Engagement documentation must be prepared on a timely basis, and it should provide a record of the basis for the social audit report, the nature, timing and extent of the audit procedures performed, evidence obtained, significant issues observed, if any, and recommendations made for future improvements. The process of assembling the final engagement file should be completed within a period of 60 days after the date of the social audit report. Also, the retention period should be seven years from the date of the social audit report.
  • Reporting – Social audit report: A social auditor must issue a written social audit report containing the findings from the assessment in terms of the impact created, gaps, if any, along with the recommendations for improvement. It should address the social impact assessment covered by the project/programme that the intended users might be interested in. The framework does not require a standardised format for reporting on all social audit engagements. The social audit reports may be tailored to the area specific circumstances.

The framework identifies certain basic elements which the social audit report should include, which are given below:

Social Audit Report14
Executive summary
Notice to the reader
Section I
  • Context
  1. Background of the engagement
  2. About the project
  3. Responsibilities of the reporting entity and social auditor
  4. Compliances with framework, standards, code of conduct
  • Scope of the engagement
  • Objectives of the social audit
  • Approach and methodology
  1. Basic approach – steps followed
  2. Sampling methodology (type of universe – finite/infinite, sampling unit – individual/household, sample technique and sample size)
  3. Mapping of stakeholders for the interactions
  4. Data collection – primary sources and secondary sources and tools used
  5. Study Limitations
Section II
  • Key findings
  • Alignment with the national/state priorities
Section III
  • Gaps or challenges
  • Recommendations
Section IV
  • Annexures (if applicable)
  1. Case studies/stakeholders speak
  2. Any other relevant documents

The ICDR Amendment Regulations mention 16 thematic areas which would qualify as eligible activities for the purpose of establishing primacy of social intent. In this regard, ICAI has prescribed 16 SAS in the ED, each corresponding to a specific area. These are as follows:

Standard No Standard name
SAS 100 Eradicating hunger, poverty, malnutrition and inequality
SAS 200 Promoting health care including mental healthcare, sanitation and making available safe drinking water
SAS 300 Promoting education, employability and livelihoods
SAS 400 Promoting gender equality, empowerment of women and LGBTQIA+ communities
SAS 500 Ensuring environmental sustainability, addressing climate change including mitigation and adaptation, forest and wildlife conservation
SAS 600 Protection of national heritage, art and culture
SAS 700 Training to promote rural sports, nationally recognised sports, Paralympic sports and Olympic sports
SAS 800 Supporting incubators of Social Enterprises
SAS 900 Supporting other platforms that strengthen the non-profit ecosystem in fundraising and capacity building
SAS 1000 Promoting livelihoods for rural and urban poor including enhancing income of small and marginal farmers and workers in the non-farm sector
SAS 1100 Slum area development, affordable housing and other interventions to build sustainable and resilient cities
SAS 1200 Disaster management, including relief, rehabilitation and reconstruction activities
SAS 1300 Promotion of financial inclusion
SAS 1400 Facilitating access to land and property assets for disadvantaged communities
SAS 1500 Bridging the digital divide in internet and mobile phone access, addressing issues of misinformation and data protection
SAS 1600 Promoting welfare of migrants and displaced persons

The ED would be open for comments up to 13 September 2022.

To access the text of the ICAI ED, please click here

  1. The amendments have been issued by the SEBI (Issue of Capital and Disclosure Requirements) (Third Amendment) Regulations, 2022 (ICDR Amendment Regulations)
  2. The amendments have been issued by the SEBI LODR (Fifth Amendment) Regulations, 2022 (LODR Amendment Regulations)
  3. The amendments have been issued by the SEBI AIF (Third Amendment) Regulations, 2022 (AIF Amendment Regulations)
  4. An NPO means a social enterprise, which is any of the following entities:
    • A charitable trust registered under the Indian Trusts Act, 1882
    • A charitable trust registered under the public trust statute of the relevant state
    • A charitable society registered under the Societies Registration Act, 1860
    • A company incorporated under section 8 of the Companies Act, 2013
    • Any other entity as may be specified by SEBI
  5. For Profit Social Enterprise’ means a company or a body corporate operating for profit, which is a social enterprise for the purposes of the ICDR Regulations and does not include a company incorporated under section 8 of the Companies Act, 2013
  6. An NPO or a FPSE, in order to be identified as an SE, must establish primacy of its social intent. In this regard, SEBI has prescribed 16 thematic areas which would qualify as eligible activities that meets the eligibility criteria specified in the ICDR Amendment Regulations. Additionally, an SE should have at least 67 per cent of its activities, qualifying as eligible activities through one or more of the following:
    • at least 67 per cent of the immediately preceding three-year average of revenues comes from providing eligible activities to members of the target population,
    • at least 67 per cent of the immediately preceding three-year average of expenditure has been incurred for providing eligible activities to members of the target population, and
    • members of the target population to whom the eligible activities have been provided constitute at least 67 per cent of the immediately preceding three-year average of the total customer base and/or total number of beneficiaries.
  7. Social audit firm means any entity which has employed social auditors and has a track record of minimum three years for conducting social impact assessment
  8. Social auditor refers to an individual registered with a self-regulatory organisation under ICAI or such other agency, as may be specified by SEBI, who has qualified a certification programme conducted by the National Institute of Securities Market (NISM) and holds a valid certificate in this regard
  9. Project monitoring framework details the inputs, activities, outputs, outcomes and impact that would aid an auditor’s understanding of the project. Additionally, the auditor should also consider parameters such as inclusiveness, relevance, effectiveness and efficiency, convergence and sustainability of the project for assessing its impact
  10. Baseline measurement is required to establish the starting point in any project/programme/project-based activity
  11. A mid-line and end-line measurement is the audit conducted respectively during the intervention phase and after the end of that intervention
  12. For the purpose of this framework, the FGD constitutes subject matter experts including Non-Governmental Organisations, NPOs, working on the respective thematic areas and actively engaged in social activities as well as beneficiaries.
  13. Elements provided in the illustrative social audit report are indicative.

Action Points for Auditors

  • As per the SEBI notification, social audit firms employing social auditors who have qualified the certification course conducted by the NISM would be allowed to conduct a social audit. With assurance on sustainability reporting gaining traction in the recent times, auditors and other practitioners should keep a track of the eligibility requirements and other developments happening around this space.
  • Auditors are encouraged to utilise the comment period and send their observations/comments, if any. Since, the SAS are still in the development stage, there are certain areas that need evaluation and application of judgement. Auditors may consider the following points in this regard:
    1. Evaluation of materiality may involve significant judgement due to various qualitative factors in social projects of an SE.
    2. Evaluation of materiality may involve significant judgement due to various qualitative factors in social projects of an SE.
    3. Evaluation of an auditor’s independence would require more detailed guidance.
    4. Evaluation of the scope of a social audit whether it would include a financial review.
September 2022

Standard on Auditing (SA) 505, External Confirmations recognises that external confirmations are an integral method of obtaining audit evidence. Over the years, auditors have been using external confirmation procedures for obtaining account balances confirmation from various parties (confirming parties), such as banks, creditors, debtors, third-parties in possession of auditee’s investments/property etc.

However, it has come to the notice of the ICAI that, in recent years, auditors are facing various difficulties in obtaining external confirmations from banks. One of the major concern in this regard is that some banks are using services of third-party vendors to provide confirmations on their behalf to auditors. Use of third-party vendors leads to the risk that the information provided by third-party vendors may not be authentic and complete. Further, it is not clear as to who will be responsible in case there is failure of IT controls at the end of third-party vendors which may impact the integrity of information provided.

These factors raise a question as to who will be held responsible for authenticity and completeness of information provided to auditors, the concerned bank or such third-party vendors. Presently, there is no legal framework/guidelines to deal with these aspects. Thus, auditors are exposed to serious risk, in case they use the confirmation from such third-party vendors as audit evidence.

In this regard, ICAI, vide an announcement dated 7 September 2022 advised the auditors to seek direct confirmation from the concerned banks.

To access the text of the announcement, please click here

In July 2021, ICAI had issued the Audit Quality Maturity Model Version 1.0 (AQMM v1.0), comprising of a set of different Audit Quality Indicators (AQIs) to enable audit firms to self-evaluate their current level of audit maturity, identify areas where they lack and thereby help them in developing a roadmap for upgrading to a higher level of maturity. AQMM was introduced with an aim to move away from the traditional approach of enforced regulation to a more modern self-compliant model for the audit firms.

Initially, AQMM v1.0 was recommendatory and covered certain firms

The ICAI, vide a notification dated 13 September 2022 issued the revised version of the AQMM – Audit Quality Maturity Model Revised Version 1.0 (AQMM Rev v1.0). This is a mandatory evaluation of the audit quality maturity of firms auditing the following class of entities:

  1. A listed entity, or
  2. Banks other than co-operative banks (except multi-state cooperative banks), or
  3. Insurance companies.

However, firms doing only branch audits are excluded from the mandate.

The requirement for mandatory evaluation of AQMM is with effect from 1 April 2023.

Similar to AQMM v1.0, the AQMM Rev v1.0, includes the following dimensions of audit maturity categorised into three sections:

  1. Practice Management – Operation,
  2. Human Resource Management, and
  3. Practice Management – Strategic/Functional.

Each of the aforementioned sections consist of the related AQIs and firm’s maturity rating would be determined based on the score achieved in each section.

It has also been provided that the scores and level arrived at would be subject to review by a peer reviewer alongside the peer review cycle, which falls anytime on or after 1 April 2023. The level, so arrived at, after being reviewed by the peer reviewer should be hosted on the website of the ICAI alongside the details of the peer review certificate.

The firm(s) can get their scores reviewed by an AQMM reviewer5 before their peer review cycle falls due. Also, the firms whose last peer review cycle has been completed and not a year has lapsed from the date of the last review, such firms can get their scores reviewed before their next peer review falls due by an AQMM reviewer. However, it has been stated that the subsequent reviews would necessarily be aligned to the peer review cycle and that the period of review in no case would be less than a year.

In this regard, ICAI has also released the Implementation Guide (IG) to the AQMM v1.0. The IG has been issued in the form of various implementation clues, which are practice based.

  1. AQMM reviewer is a member of the ICAI and empaneled as a peer reviewer. He/she is appointed by the Peer Review Board for conducting an AQMM review any time before the peer review cycle of the firm falls due.

To access the text of ICAI’s notification, please click here

To access the text of the IG, please click here

To access the text of AQMM Rev v1.0, please click here

Action Points for Auditors

  • Audit firms should develop the necessary infrastructure, including appropriate control mechanism in order to be able to collate data with respect to different AQIs for each engagement. This will help determine whether it meets a particular parameter i.e., ‘yes’ or ‘no’ criteria to award a score corresponding to an AQI. They should also maintain the relevant documentation to support their scores, which should be made available to the inspection teams, in case of any inspection.
  • AQMM is required to be filled in for each firm in a network, even if such firms follow the same Standards on Quality Control (SQC), Human Resource and operational practices. Thus, those firms which are a part of a network and meet the applicability criteria should build in the required resources and refer the following roadmap for moving up the next level of audit maturity:
  1. Step 1 Benchmarking: Audit firms should benchmark their current maturity level and document a list of specific aspects that they are currently lacking, and which need to be initiated to move to the next level of the AQMM
  2. Step 2 Planning initiatives: Firms should convert the initiative to be taken into an action plan, with quarterly or annual timelines
  3. Step 3 Identifying resources and execution plan: A cross-functional team should be identified to own the execution of the plan and accountability should be defined for reporting progress and challenges, if any in the implementation
  4. Step 4 Assessing progress: Progress made should be re-evaluated against the AQMM and execution plan should be revisited on a half-yearly basis, to identify revisions, if any
  5. Step 5 Perform a peer review/review by an external firm/internal inspection: The firm should have its AQMM reviewed by a peer reviewer, or additionally by an external firm or internal inspection and assess the position at periodical intervals.

In January 2019, ICAI had issued the 12th edition of the Code of Ethics (Code of Ethics, 2019), coming into effect from 1 July 2020. However, applicability of certain provisions of Volume-I of the Code of Ethics, 2019 (the Code) had been deferred on account of situations prevailing at the given time due to Covid-19. These included provisions relating to:

  • Responding to Non-Compliance with Laws and Regulations (NOCLAR),
  • Fees - relative size, and
  • Tax services to audit clients.

ICAI, vide an announcement dated 29 September 2022 (the amendment) has made the above-mentioned provisions applicable with effect from 1 October 2022 with certain amendments. Some of the significant amendments issued in this regard include:

  • Amendment to provisions relating to ‘Responding to Non-Compliance with Laws and Regulations (NOCLAR)’
  • Section 260 of the Code specifies the provisions for responding to Non-Compliances with Laws And Regulations (NOCLAR), which is applicable to professional accountants in service. As per the extant requirements, the provisions were applicable to all the employees of listed entities. However, the amendment has now narrowed down the applicability criteria to only senior professional accountants in service6, who are in employment of the listed entities. The amendment has also clarified that senior professional accountants in service refer to key managerial personnel.
  • Section 360 of the Code guides professional accountants in public practice in assessing the implications of the matter and the possible courses of action when responding to NOCLAR during the course of audit engagements of listed entities.

There are certain amendments with respect to the applicability of Section 360 of the Code, the definition of an ‘audit’ or ‘audit engagement’ and measures to be taken in case of an imminent breach. These are discussed below:

Existing provision Amendment notified by ICAI
The provisions stipulated in Section 360 of the Code were applicable to audit engagements of all listed entities Section 360 would now be applicable to audit engagements of entities, the shares of which are listed on recognised stock exchange(s) in India and have a net worth of INR250 crore or more. The applicability of Section 360 will subsequently be extended to all listed entities, at the date to be notified by ICAI.
The term ‘audit engagement’7 has been defined in the glossary to the Code and is applicable to the entire Code. For the purpose of Section 360, an ‘audit’ or ‘audit engagement’ shall mean a reasonable assurance engagement in which a professional accountant in public practice expresses an opinion whether financial statements give a true and fair view in accordance with an applicable financial reporting framework.
Measures to be taken in case of imminent breach
As per Section R360.26 of the Code, where a professional accountant becomes aware of an imminent breach of a law or regulation that would cause substantial harm to stakeholders, he/she should first consider whether it would be appropriate to discuss the matter with management or those charged with governance of the entity, and then determine whether to disclose the matter immediately to an appropriate authority in order to prevent or mitigate the consequences of such imminent breach. 		Section R360.26 has been repealed.

(Source: ICAI announcement dated 29 September 2022 (Applicable date of certain deferred provisions of Volume-I of Code of Ethics, 2019))

Amendment to provisions relating to ‘Fees-relative size’

As per paragraph 410.3 of the Code, when the total fees generated from an audit client by a firm expressing an audit opinion on the financial statements of that client, represents a large proportion of the total fees of that firm, the dependence on that client and concern about losing the client creates a self-interest or intimidation threat (commonly referred to as threats).

Paragraphs 410.3 - R410.6 of the Code prescribe about factors that need to be evaluated while assessing the threats, and actions that can be taken to safeguard against such threats, etc. These provisions are applicable from 1 October 2022, with certain amendments, which are discussed below:

Existing provision Amendment notified by ICAI
Where for two consecutive years, the total gross annual professional fees (total fees) from an audit client and its related entities represent more than 15 per cent of the total fees received by the firm which is expressing an opinion on the financial statements of the client (dependency on fees), the firm shall: The threshold for determining an audit firms’ dependency on fees from a client has been amended. The revised threshold has been prescribed separately for Public Interest Entities (PIEs) and Non PIEs as below:
  1. For PIEs: An audit firm would be considered dependent on fees received from a PIE, if the total fees from the PIE represents more than 20 per cent of the total fees of the firm,
  2. For Non PIEs: An audit firm would be considered dependent on fees received from a non-PIE, if the total fees from the non-PIE represents more than 40 per cent of the total fees of the firm.
A. Disclose to Those Charged With Governance (TCWG) of the audit client the fact of such dependency on the audit fees Disclosure regarding dependency on fees is now required to be made to ICAI
(Exemption from the above provision is provided to the firm, where the total fees received from an audit client does not exceed INR5 lakh in respect of a firm8, and/or in case of audits of government entities.9)
  1. The exemption from making disclosures to ICAI regarding the dependency on audit fees would be applicable to firms who received total fees from an audit client of INR20 lakh (instead of the current limit of INR5 lakh).
  2. ‘Regulators’ would be added to the list of government entities.
B. Discuss and apply the remedial actions to safeguard the threat created by dependency on the audit fees- which includes a pre-issuance and post-issuance review. This provision has been repealed.

(Source: ICAI announcement dated 29 September 2022 (Applicable date of certain deferred provisions of Volume-I of Code of Ethics, 2019))

Amendment to provisions relating to ‘Tax services to audit clients’

Sub Section 604 of the Code specifies the provisions relating to rendering of tax services to audit clients. As per sub-section 604, providing tax services to an audit client might create a self-review or advocacy threat. In order to mitigate such threats, sub-section 604 of the Code includes requirements that prohibit firms and network firms from providing certain tax services to audit clients in some circumstances.

One such service prescribed in sub-section 604 of the Code includes ‘Assistance in the Resolution of Tax Disputes’, wherein a firm or a network firm has been prohibited from providing services involving acting as an advocate for certain audit clients, before a court in the resolution of a tax matter.

Sub-section 604 further defines what would be considered as a court. This definition has been amended as below:

Existing provision Amendment notified by ICAI
In case of Assistance in the resolution of Tax disputes, the term “Court” is explained as under: What constitutes a ‘Court’ depends on how tax proceedings are heard in India. In case of Assistance in the resolution of Tax disputes, the term “Court” is explained as under: For the purpose of this sub-section, ‘Court’ does not include a Tribunal

(Source: ICAI announcement dated 29 September 2022 (Applicable date of certain deferred provisions of Volume-I of Code of Ethics, 2019))

  1. Senior professional accountants in service (‘senior professional accountants’) are directors, officers or senior employees who are able to exert significant influence over, and make decisions regarding, the acquisition, deployment and control of the employing organisation’s human, financial, technological, physical and intangible resources. They refer to the Key Managerial Personnel (KMP) of the entity
  2. Audit engagement has been defined as ‘A reasonable assurance engagement in which a professional accountant in public practice expresses an opinion whether financial statements are prepared in all material respects (or give a true and fair view or are presented fairly, in all material respects), in accordance with an applicable financial reporting framework, such as an engagement conducted in accordance with Standards on Auditing. This includes a Statutory Audit, which is an audit required by legislation or other regulation’
  3. This includes fees received by the firm for other services rendered through the medium of a different firm or firms in which such member or firm may be a proprietor or partner.
  4. This includes audit of government companies, public undertakings, nationalised banks, public financial institutions or where appointments of auditors are made by the Government.

To access the text of the announcement, please click here

To access the text of the detailed provisions (with amendments), please click here

To access the text of the Code of Ethics, 2019, please click here

Action Points for Auditors

  • Section 360 of the Code explains the provisions for responding to NOCLAR applicable to professional accountants in public practice. Though, the amendment has narrowed down the applicability criteria to audit engagements of entities, the shares of which are listed on recognised stock exchange(s) in India and have a net worth of INR250 crore or more, it has been specified that the applicability would be subsequently extended to all listed entities. Thus, practitioners auditing listed entities having net worth of less than INR250 crore should put in place the required system and necessary procedures for appropriate identification and disclosure of instances of noncompliance with laws and regulations.
  • Auditors should take note of the requirements to make disclosures regarding fee amounts to the ICAI, where such fees exceed the prescribed threshold.
There are no updates in October 2022
There are no updates in November 2022
December 2022

Standard on Auditing (SA) 230, Audit Documentation prescribes the basic principles of audit documentation that should be complied by auditors while performing audits of financial statements.

In 2013, the Institute of Chartered Accountants of India (ICAI) had issued the ‘Implementation Guide to SA 230, Audit Documentation’ (the IG)3 to provide practical implementation guidance to auditors in the form of various Frequently Asked Questions (FAQs).

Recently, on 15 December 2022, ICAI revised the implementation guide (revised IG) to provide more guidance on the aspect of assembly of the final audit file.

The revised IG (like its earlier version) includes summary of the standard, introduction, FAQs on SA 230, a checklist and also an illustrative working paper format. Some of the key guidance pertaining to the assembly of the final audit file include:

  • Assembly of the final audit file after the date of the auditors’ report: SA 230 permits only administrative changes to be made to audit documentation after the date of the auditor’s report, therefore the revised IG advises that all audit documentation should be prepared on a timely basis – i.e. at the time the audit work is performed4. When assembling an audit file, an engagement team should ensure that it has a complete and final set of documents that support an auditor’s opinion. The revised IG also provides certain illustrative examples of activities that would be considered as administrative changes that are required to be completed before the final assembly of the audit file.
  • Changes to audit documentation which are other than administrative in nature: The revised IG provides guidance on documentation requirements5 by an engagement team when changes or additions that are not administrative in nature are made to the audit documentation after the date of the auditor’s report but before the archive date. The revised IG has also provided examples of circumstances that require changes or additions to the documentation that are not administrative after the date of an auditor’s report. In certain cases, an engagement team may discover that, considering the facts and circumstances at the time of the audit, one or more additional audit procedures may have been omitted to be performed. In such situations, when the engagement team is performing procedures and obtaining and documenting evidence after the date of the auditor’s report, the engagement team does not discard any related documentation that previously existed.
  • Confidentiality, safe custody, integrity, accessibility and retrievability of documentation: Auditors should comply with the requirements of the Standard on Quality Control (SQC) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements. As per SQC 1, audit firms should establish policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of documentation of an engagement. For this purpose, appropriate controls may be designed and implemented to:
    1. Enable determination of when and by whom engagement documentation was created, changed or reviewed
    2. Protect the integrity of the information at all stages of the engagement
    3. Prevent unauthorised changes to the documentation of an engagement
    4. Allow access to the documentation by authorised persons to properly discharge their responsibilities
    For practical reasons, original paper documentation may be electronically scanned for inclusion in engagement files.
  1. The implementation guide was subsequently revised in 2018.
  2. Timely audit documentation enhances the quality of audit and facilitates the effective review and evaluation of audit evidence obtained and conclusions reached before an auditors’ report is finalised.
  3. Such documentation includes:
  • An explanation describing what information was added or changed.
  • When the evidence was obtained.
  • The date the information was added and reviewed
  • The name of the person who prepared and reviewed the additional information.
  • The circumstances encountered and the reasons for adding the information.
  • The new or additional audit procedures performed, audit evidence obtained, and conclusions reached.
  • When the conclusions in respect of the new information were approved by the engagement manager, engagement partner and / or engagement quality control reviewer (where applicable).
  • The effect on an auditor’s report.

To access the text of the ED, please click here

Action Points for Auditors

  • The recent reports and observations issued by the National Financial Reporting Authority (NFRA) have highlighted lapses in certain aspects of audit documentation. Auditors should refer to the FAQs and examples mentioned in the revised IG to SA 230 and ensure adherence to the guidelines with respect to their specific audit engagements
  • The revised IG has provided guidance on certain aspects pertaining to audit file assembly. Auditors should take note of the same while assembling the audit files after the date of their audit reports.
  • Auditors should refer to the checklist provided by ICAI in the revised IG to SA 230 while compiling their audit files and also take note of the illustrative working paper format provided in the IG for reference.
January 2023

Globally, there has been an increased focus on sustainability reporting and investments in sustainable businesses. Accordingly, organizations are increasingly reporting on their broader performance and impact. However, with a view to deepen the investor’s trust on the reported information, there is a need to provide assurance on the information reported. In India, presently, there is no authoritative guidance with respect to assurance engagements on sustainability information. Practitioners in India currently refer to the International Standard on Assurance Engagements (ISAE) 3000, Assurance Engagements Other than Audits or Reviews of Historical Financial Information.

In this regard, on 12 September 2022, the Institute of Chartered Accountants of India (ICAI) had released an Exposure Draft on the Standard on Sustainability Assurance Engagements (SSAE) 3000, Assurance Engagements on Sustainability Information (ED). Based on the comments and representations received from different stakeholders, ICAI, on 10 January 2023, has issued the final standard – SSAE 3000, Assurance Engagements on Sustainability Information. Following are some of the key aspects that have been discussed:

  • Applicability and Effective Date: SSAE 3000 would apply to a sole proprietorship or partnership firm registered with the ICAI on:
    1. A voluntary basis for assurance reports covering periods ending on 31 March 2023, and
    2. Mandatory basis for assurance reports covering periods ending on or after 31 March 2024.
  • Parties involved: All assurance engagements would have at least three parties - the responsible party, the practitioner and the intended users. However, depending upon the circumstances of an engagement, there may also be a separate role defined for a measurer/evaluator, or the engaging party, as the case may be. The responsible party is responsible for identifying the underlying subject matter1. Subject matter refers to the phenomenon that is measured or evaluated by applying criteria The measurer/evaluator uses the criteria2Criteria are the benchmarks used to measure or evaluate the underlying subject matter, so identified to measure or evaluate the underlying subject matter, resulting in subject matter information3 Subject matter information refers to the outcome of the measurement or evaluation of the underlying subject matter against the criteria, i.e., the information that results from applying the criteria to the underlying subject matter . The engaging party agrees the terms of the engagement with the practitioner and the practitioner issues the assurance report for the intended users.
  • Scope: There are two kinds of assurance engagements - attestation engagements4 An assurance engagement in which a party other than the practitioner measures or evaluates the underlying subject matter against the criteria. A party other than the practitioner also often presents the resulting subject matter information in a report or statement. In some cases, however, the subject matter information may be presented by the practitioner in the assurance report. In an attestation engagement, the practitioner’s conclusion addresses whether the subject matter information is free from material misstatement. The practitioner’s conclusion may be phrased in terms of:
    • The underlying subject matter and the applicable criteria,
    • The subject matter information and the applicable criteria, or
    • A statement made by the appropriate party.
    and direct reporting engagements5 An assurance engagement in which the practitioner measures or evaluates the underlying subject matter against the applicable criteria and the practitioner presents the resulting subject matter information as part of, or accompanying, the assurance report. In a direct engagement, the practitioner’s conclusion addresses the reported outcome of the measurement or evaluation of the underlying subject matter against the criteria. . SSAE 3000 would apply only to the attestation engagements (both limited as well as reasonable assurance engagements). SSAE 3000 is an umbrella standard which applies to all assurance engagements on sustainability information. However, in case there is a subject matter information to which a specific assurance standard applies, e.g., Green House Gases (GHG) emissions, SSAE 3000 would apply in addition to the subject matter specific standard. Also, SSAE 3000 should be read in conjunction with the “Framework for Assurance Engagements” issued by the ICAI6 In case of any conflicts between SSAE 3000 and the Framework for Assurance Engagements, SSAE 3000 would prevail .
  • Understanding the underlying subject matter: The underlying subject matter, so identified by the entity should have the following two characteristics:
    1. It can be measured or evaluated against the relevant criteria, and
    2. It can be subject to procedures to gather information required for supporting the necessary assurance conclusion.
    In order to understand the underlying subject matter and other significant issues, if any, the practitioner should make inquiries of the relevant parties regarding their knowledge of an actual, suspected or alleged intentional misstatement affecting the subject matter information, main findings of the internal audit function (if there is such a function) regarding the subject matter information, and whether an expert has prepared the subject matter information.
  • Materiality: The practitioner should consider the appropriate materiality threshold for planning and performing the assurance engagement, determining the nature, timing and extent of procedures, as well as in evaluating that the subject matter information is free from any material misstatement. Various quantitative and qualitative factors which may be considered for determining materiality threshold include, the number of persons or entities affected by the underlying subject matter, the characteristics of the presentation adopted for the subject matter information when the applicable criteria allows for variations in that presentation, and so on.
  • Using the work of subject matter experts/another practitioner/internal auditor7 If the practitioner plans to use the work of the internal audit function, he/she should also evaluate the extent to which the internal audit function’s organisational status and relevant policies and procedures support the objectivity of the internal auditors and whether it applies a systematic and disciplined approach, including quality control : The practitioner, while using the work of any subject matter expert, another practitioner or the internal auditor should evaluate the necessary competence, capabilities and objectivity level and perform relevant procedures to determine the adequacy of the work so performed for the engagement purpose.
  • Documentation: The practitioner must prepare on a timely basis, the engagement documentation which provides a record of the basis for the assurance report, the nature, timing and extent of the procedures performed, evidence obtained, significant matters arising during the engagement, if any, conclusions reached, and the significant professional judgements made in reaching those conclusions. Engagement documentation should be assembled in an engagement file on a timely basis after the date of the assurance report and should be retained for a period of not less than five years from the date of the assurance report.
  • Reporting: The practitioner, based on the evaluation of the evidence obtained and conclusions reached, should issue an assurance report8 The assurance report should not be dated earlier than the date on which the practitioner has obtained the evidence on which his/her conclusion is based in writing. The report so issued should clearly express the practitioner’s conclusion about the subject matter information. In this regard, SSAE 3000 has specified a list of basic elements that must be included in an assurance report and has also provided the illustrative formats of the assurance reports for reference purpose.

Further, it has been clarified that the assurance report should be signed by the practitioner (i.e., the engagement partner) in his/her personal name. In case a firm has been appointed as the practitioner, the report should be signed in the personal name of the practitioner as well as in the name of the firm. The partner/proprietor signing the assurance report must mention his/her ICAI membership number and also include the registration number of the firm, wherever applicable.

To access the text of SSAE 3000, please click here

Action Points for Auditors

Currently, many companies in India, while preparing their sustainability/ESG reports refer ISAE 3000. Thus, auditors should engage with such companies and communicate with them regarding the new standard issued which is based on ISAE 3000.

On 25 July 2022, the Securities and Exchange Board of India (SEBI) had introduced regulations pertaining to the Social Stock Exchange (SSE)9 An SSE means a separate segment of a recognised stock exchange having nationwide trading terminals, permitted to register Non-Profit Organisations (NPOs) and/or list the securities issued by NPOs in accordance with the provisions of the ICDR Regulations. by making amendments to the following regulations:

  • The SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 (ICDR Regulations)10 The amendments have been issued by the SEBI (Issue of Capital and Disclosure Requirements) (Third Amendment) Regulations, 2022 (ICDR Amendment Regulations) by inserting a chapter on ‘Social Stock Exchange’
  • The SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR Regulations)11 The amendments have been issued by the SEBI LODR (Fifth Amendment) Regulations, 2022 (LODR Amendment Regulations) by adding a chapter on ‘Obligations of Social Enterprises’, and
  • The SEBI (Alternative Investment Funds) Regulations, 2012 (AIF Regulations)12The amendments have been issued by the SEBI AIF (Third Amendment) Regulations, 2022 (AIF Amendment Regulations) by introducing changes in relation to social impact fund.

As per the amendments introduced, a Social Enterprise (SE)13 An NPO or a For Profit Social Enterprise (FPSE), in order to be identified as an SE, must establish primacy of its social intent. In this regard, SEBI has prescribed 16 thematic areas which would qualify as eligible activities that meet the eligibility criteria specified in the ICDR Amendment Regulations. Additionally, an SE should have at least 67 per cent of its activities, qualifying as eligible activities through one or more of the following:
‑   at least 67 per cent of the immediately preceding three-year average of revenues comes from providing eligible activities to members of the target population,
‑   at least 67 per cent of the immediately preceding three-year average of expenditure has been incurred for providing eligible activities to members of the target population, and
‑   members of the target population to whom the eligible activities have been provided constitute at least 67 per cent of the immediately preceding three-year average of the total customer base and/or total number of beneficiaries. , which is either registered with or has raised funds through an SSE, should submit an annual impact report to the SSE. The annual impact report must be audited by a social audit firm14Social audit firm means any entity which has employed social auditors and has a track record of minimum three years for conducting social impact assessment, employing social auditor(s)15 Social auditor refers to an individual registered with a self-regulatory organisation under ICAI or such other agency, as may be specified by SEBI, who has qualified a certification programme conducted by the National Institute of Securities Market (NISM) and holds a valid certificate in this regard .

The ICAI has been entrusted with the responsibility of being the self-regulatory organization for regulating the profession of social auditors. Consequently, on 5 August 2022, ICAI had released an Exposure Draft (ED) on Compendium of Social Audit Standards (SAS).

Based on the comments and feedback received from various stakeholders, ICAI, on 14 January 2023 released the final version of the SAS (the standards). ICAI has prescribed total 16 standards, each corresponding to a specific thematic area (as suggested by SEBI) which would qualify as eligible activities for the purpose of establishing primacy of social intent. Subsequently on 4 February 2023, ICAI has issued the Framework for SAS (framework) which provides basic principles for social audit of projects/programs/project-based activities and provides guidance on matters relating to preparation of social audit report. The key requirements prescribed by the framework and the SAS issued by ICAI are as follows:

Applicability: The framework is applicable to engagements conducted by the social auditor, such as social audit (i.e., social impact assessment of a project/program of SEs), impact assessment (under the Companies (Corporate Social Responsibility Policy) Amendment Rules, 2021 and other similar assignments16Any other engagement(s) conducted by other auditor of an organisation e.g., statutory audit, internal audit, tax audit will not be under the scope of this Framework.

Elements of social audit engagement: The five elements of a social audit engagement are:
  • A three-party relationship involving a social auditor, a responsible party (generally SE), and the intended user
  • Project/programme/intervention to be covered
  • Project monitoring framework
  • Evidence
  • A written report.

Planning, conducting and documenting social audit engagements: The framework lists down the considerations for a social auditor while planning the audit, including understanding the entity and its environment, the responsibility of the social auditor when it uses the work of a field level research agency and/or subject matter expert and other matters. It also prescribes the steps for fieldwork process, which includes data collection and sampling and documentation of the work done.

A system of quality control: A social auditor/audit firm should establish a system of quality control which must include policies and procedures addressing each of the following elements:

  1. Leadership responsibilities for quality within the firm,
  2. Ethical requirements,
  3. Acceptance and continuance of client relationships and specific engagements,
  4. Human resources,
  5. Engagement performance, and
  6. Monitoring.

The quality control policies and procedures should be documented and communicated to the firm’s personnel on a timely basis.

Communication with TCWG: The social auditor should communicate with Those Charged With Governance (TCWG) in a timely manner on matters such as the following:

  • The roles and responsibilities of the social auditor with respect to the social audit
  • An overview of the planned scope, timing of the social audit
  • Communicate timely observations arising from the social audit that are significant/relevant to the project/programme
  • Deficiencies in internal control for programme implementation/management that the auditor has identified and in the social auditor’s judgement are of sufficient importance to merit their respective attentions.

Materiality: A social auditor should consider materiality while assessing the overall impact of the project. Materiality should be considered in the context of various quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, the interests of different stakeholders involved, and so on.

Use of technology: A social auditor should determine the usage and acceptability of technology for meeting the objectives, collecting and verifying evidence as well as validating impact measurements and assessments in case of social audit engagements.

Reporting – Social audit report: A social auditor needs to issue a written social audit report containing the findings from the assessment in terms of the impact created, gaps, if any, along with the recommendations for improvement. It should address the social impact assessment covered by the project that the intended users might be interested in. While the framework does not require a standardised format for reporting on all social audit engagements (i.e., social audit reports may be tailored to the area specific circumstances), it identifies certain basic elements which the social audit report should include.

Social audit standards: The amended ICDR Regulations prescribe 16 thematic areas which would qualify as eligible activities for the purpose of establishing primacy of social intent. Consequently, ICAI issued 16 SAS, each corresponding to a specific area. These are as follows:

Standard No Standard name
SAS 100 Eradicating hunger, poverty, malnutrition and inequality
SAS 200 Promoting health care including mental healthcare, sanitation and making available safe drinking water
SAS 300 Promoting education, employability and livelihoods
SAS 400 Promoting gender equality, empowerment of women and LGBTQIA+ communities
SAS 500 Ensuring environmental sustainability, addressing climate change including mitigation and adaptation, forest and wildlife conservation
SAS 600 Protection of national heritage, art and culture
SAS 700 Training to promote rural sports, nationally recognised sports, Paralympic sports and Olympic sports
SAS 800 Supporting incubators of Social Enterprises
SAS 900 Supporting other platforms that strengthen the non-profit ecosystem in fundraising and capacity building
SAS 1000 Promoting livelihoods for rural and urban poor including enhancing income of small and marginal farmers and workers in the non-farm sector
SAS 1100 Slum area development, affordable housing and other interventions to build sustainable and resilient cities
SAS 1200 Disaster management, including relief, rehabilitation and reconstruction activities
SAS 1300 Promotion of financial inclusion
SAS 1400 Facilitating access to land and property assets for disadvantaged communities
SAS 1500 Bridging the digital divide in internet and mobile phone access, addressing issues of misinformation and data protection
SAS 1600 Promoting welfare of migrants and displaced persons

The standards provide guidance on three key aspects:

  1. Objective and scope
  2. Process of social audit, including parameters related to collection of data, audit evidence and metrics for evaluation of a project/programme
  3. Assessment of challenges and limitations.

Effective date: The standards and framework are effective from the date of their hosting on the ICAI website, i.e., standards are effective from 14 January 2023, and the framework is effective from 4 February 2023.

To access the text of the framework, please click here

To access the text of the standards, please click here

Action Points for Auditors

  • As per the amendments introduced by SEBI , social audit firms employing social auditors who have qualified the certification course conducted by the NISM would be allowed to conduct a social audit. With assurance on sustainability reporting gaining traction in recent times, auditors and other practitioners should keep a track of the eligibility requirements and other developments happening around this space
  • Since sustainability reporting and assurance, in addition to the quantitative details, would take into consideration a host of qualitative metrics as well, auditors should focus on developing the necessary knowledge base and resources for understanding and evaluating the different parameters to carry out social audits in an effective and efficient manner.
There are no updates in February 2023
March 2023

On 24 March 2021, the Ministry of Corporate Affairs (MCA) issued certain amendments to the Companies (Accounts) Rules, 2014 (the Accounts Rules) and the Companies (Audit and Auditors) Rules, 2014 (the Audit Rules) with regard to audit trail of transaction recorded in an accounting software (audit trail).

As per Rule 3(1) of the Accounts Rules, every company which uses an accounting software for maintaining its books of account, should use only such an accounting software which has the following features:

  • Records an audit trail of each and every transaction
  • Creates an edit log of each change made in the books of account along with the date when such changes were made, and
  • Additionally, companies must ensure that the audit trail is not disabled.

Companies are required to comply with the audit trail requirements from 1 April 2023. Further, Rule 11(g) of the Audit Rules read with Section 143(3) of the Companies Act, 2013 prescribes the reporting responsibility of the auditors with regard to audit trail. In this regard, an auditor is required to provide his/her comments in the auditor’s report stating that the company has used such an accounting software for maintaining its books of account which has a feature of recording audit trail facility. Auditors should also comment on whether:

  • The audit trail feature has been in operation throughout the year, for all the transactions recorded in the software
  • The audit trail feature has not been tampered with, and
  • The audit trail has been preserved by the company as per the statutory requirements for record retention.

Auditors are required to report on the audit trail requirement with effect from 1 April 2022. With a view to provide guidance on the reporting requirements and procedures that auditors should adopt while discharging their reporting responsibilities on the audit trail features, on 28 March 2023, ICAI issued an Implementation Guide on Reporting under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014 (IG). The key guidance provided by the IG is given hereunder:

  • Scope of applicability: The requirement to implement and maintain an audit trail is applicable to all companies which prepare their financial statements as per the provisions of the Companies Act, 20134This implies that the audit trail feature would also apply to Section 8 companies and a foreign company as defined in the 2013 Act.. Further, this feature would apply for both standalone as well as consolidated financial statements.Auditors of the companies which are within the scope of applicability would be required to report on whether the auditee companies have complied with the stated requirements. For the purpose of reporting on this clause in the consolidated financial statements, auditors would need to assess the matters reported by the auditors of subsidiaries, associates and joint ventures that are Indian companies. While making such assessments, auditors of the holding company should apply the principles of Standard on Auditing (SA) 600, Using the Work of Another Auditor.
  • Absence of compliance due to different applicability dates: Companies are required to comply with the audit trail feature from 1 April 2023, however, auditors are required to report on the audit trail feature of the management from 1 April 2022. Therefore, there is likely to be a scenario for the financial year 2022-23 where in the absence of compliance requirement for the companies, auditors would not be able to report under the Audit Rules.
  • Preservation of audit trail: The management should retain the records pertaining to audit trail as per the statutory requirements for record retention i.e., a period of eight years from the date of applicability of the audit trail requirement in the Account Rules i.e., from 1 April 2023.
  • What is an ‘audit trail feature in an accounting software’: The IG defines and provides key considerations pertaining to an accounting software and the audit trail requirement. This is given as below:
    1. Accounting software: The definition and other features of an accounting software are given as below:
      1. Accounting software is a computer program or system that enables recording, maintenance and reporting of books of account and relevant ecosystem applicable to business requirements. The functionality of such accounting software differs from product to product. As every organisation employs multiple software for accounting, operations and other requirements like consolidation, collection of data, etc. the guide emphasises that only the accounting software which is relevant for maintaining books of account should be considered for enabling of audit trail.
      2. Accounting software may be hosted and maintained in India or outside India
      3. Accounting software may be on the premise or on a cloud or subscribed to as Software as a Service (SaaS) software or maintained at a service organisation.
      4. In scenarios wherein the accounting software is supported by service providers, the independent auditor’s report of the service organisation should be considered to ensure compliance with audit trail requirements.
      For ease of reference for the practitioners and the companies, the IG has provided the illustrative list of accounting software used by the companies.
    2. Audit trail: Audit trail is a visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source. Audit trails are a chronological record of the changes that have been made to the data. Any change to data including creating new data, updating or deleting data that must be recorded. Records maintained as audit trail may include the following information:
      1. When changes were made i.e., date and time (timestamp)
      2. Who made the change i.e., user ID
      3. What data was changed i.e., data/transaction reference; success/failure
    Audit trails may be enabled at the accounting software level depending on the features available in such software or the same may be captured directly in the database underlying such accounting software.
  • Management’s responsibility: It is the primary responsibility of the management of the company using an accounting software to ensure that an audit trail is effectively implemented as per the requirements stipulated in the Accounts Rules. The key points for implementation and maintenance of an audit trail feature include the following:
    1. Identify what constitutes books of account
    2. Identify the software
    3. Ensure the software has audit trail feature
    4. The audit trail should capture changes to each and every transaction
    5. There should be controls to ensure that changes to the configurations of the audit trail feature are authorised and logs of such changes should be maintained.
    6. The audit trail feature should always be enabled at database level, controls should be implemented for the same.
    7. The audit trail should be protected from any modification.
    8. There should be controls to ensure that periodic backups of the audit trails are taken and archived
    9. There should be controls over maintenance and monitoring of audit trail and its feature, to ensure they are designed and operating effectively throughout the period of reporting.
    10. There should be controls to ensure that User IDs are assigned to each individual and that User IDs are not shared.
    11. There should be controls to ensure that access to the audit trail (and backups) is disabled or restricted and access logs should be maintained, whenever the audit trails have been accessed.
  • Responsibility of the auditor: Auditors are required to comment on whether the company is using an accounting software which has a feature of recording audit trail. Additionally, the auditor should report on whether the audit trail feature is configurable, whether it operated throughout the year, whether all transactions in the software are covered in the audit trail feature, whether the audit trail feature has been preserved for record retention. Some of the key responsibilities of the auditor includes the following:
    1. The auditor’s responsibility under the Audit Rules is restricted to transactions which have been recorded in the accounting software and subsequent changes made thereto
    2. With regard to the auditor’s procedures to verify a company’s compliance with the requirements of maintaining an audit trail, it needs to perform the following key procedures:
      1. Assess on a test basis, whether the audit trail has been configured and enabled for the identified
      2. The software configuration that controls enabling or disabling of the audit and access to such configuration.
      3. Changes to the audit trail configuration during the period of audit and management’s review mechanism for such changes
      4. Completeness and accuracy of audit trail or edit logs
      5. Testing that management has performed to assess the completeness and accuracy of the audit trail
      6. Evaluate the management’s approach regarding identification of accounting software considered for the purposes of maintenance of audit trail
      7. Inquire with the management on how they evaluated changes that are required for the maintenance of audit trail as part of changes or upgrades to the accounting software
      8. Consider involvement of specialists or experts to assist in evaluation of management controls and configurations in the accounting software with regard to audit trail
      9. Reviewing the independent auditor’s report of the service organisation in scenarios where the company’s accounting software is supported by service providers
      10. Inquire and understand from the management regarding the procedures implemented to preserve the records as per the statutory record retention period.
    3. Reporting considerations: The auditor is expected to evaluate the reporting implications by giving due consideration to SA 250, Consideration of Laws and Regulations in an Audit of Financial Statements .
    4. Special considerations in case of fraud: In scenarios wherein the occurrence of an error or fraud cannot not be established due to lack of maintenance, availability or retrievability of audit trails, the auditor should consider performing an assessment of risk of material misstatements due to fraud. Professional judgement should be applied while determining reporting implications under the audit report, including under CARO.
    5. Reporting on internal financial controls: An auditor should state in his/her audit report whether the company has adequate internal financial controls with reference to financial statements in place and the operating effectiveness of such controls. Where the feature of audit trail has not operated throughout the year, the auditor may need to appropriately modify his/her comment while reporting under Rule 11(g) depending upon further testing/examination. However, it should be noted that mere non-availability of audit trail does not necessarily imply failure or material weakness in the operating effectiveness of internal financial controls over financial reporting.
    6. Written representations: Auditors should obtain written management representation- the IG has provided an illustrative management representation letter.
    7. Audit documentation: The auditor should comply with the requirements of SA 230, Audit Documentation to document the work performed on the audit trail.

To access the text of the IG, please click here

Action Points for Auditors

Maintaining audit trail is a significant requirement for the companies in terms of resources and infrastructure needed for implementing the same. It also casts an important responsibility on the auditors to report on the same in accordance with Rule 11(g) of the Audit Rules read with Section 143(3) of the Companies Act, 2013. Thus, the auditors should evaluate the necessary audit procedures required and audit evidence needed to report on the same. Further, he/she should also engage with the companies and discuss about the key organisational-level changes that may be required for implementing this. Some of the important considerations, in this regard include:

  • Has the company identified all accounting software that would get covered under the provisions of the audit trail rules?
  • Has the company made necessary arrangement and additional investment for maintenance of daily backups and generating and maintaining audit trails?
  • Whether necessary processes and controls are in place regarding the access of audit trail, avoidance of data tampering and ensuring that audit trail feature is not disabled at any point in time?
  • Whether a periodic review of the user access (i.e., the users who can access, review, make changes etc. to the accounting software) performed?
  • In case of a third party or outsourced software, has the company obtained Service and Organisation Control (SOC) report for evaluating the compliance with the regulatory requirements of daily backup and audit trail?
  • Whether the logs are being maintained as per the retention requirements and retrieval of the same is possible?
There are no updates in April 2023
There are no updates in May 2023
There are no updates in June 2023
There are no updates in July 2023
There are no updates in August 2023
There are no updates in September 2023
There are no updates in October 2023
There are no updates in November 2023
There are no updates in December 2023
There are no updates in January 2024
February 2024

On 24 March 2021, the Ministry of Corporate Affairs (MCA) issued the Companies (Audit and Auditors) Amendment Rules, 2021, notifying certain changes to Rule 111 Other matters to be included in auditors report of the Companies (Audit and Auditors) Rules, 2014 (the Audit and Auditors Rules). Rule 11(g) was introduced, which specified that auditors should report on the use of accounting software by companies having audit trail (edit log) feature. Consequently, in March 2023, ICAI issued the Implementation Guide on Reporting under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014 (the implementation guide). Based on the feedback and queries received from different stakeholders, in February 2024, ICAI has issued a revised Implementation Guide on Reporting under Rule 11(g) (the revised implementation guide). The revised implementation guide comprises of detailed guidance on various aspects of the reporting requirement as well as includes a new section on Frequently Asked Questions (FAQs). Some of the important FAQs include:

  • Definition of books of account: The FAQs have clarified that the following would be considered as ‘books of account’ maintained in an accounting software and accordingly, an audit trail for the same should be maintained.
  • Master data: Vendor/customer master data complements the transaction record and provides further information pertaining to books of account
  • Purchase order/sales order: Purchase order/sales order or contracts are used by companies as control/governance mechanism to establish the contractual obligations of the parties. Where the terms of such purchases or sales are agreed at the time of receipt or at the time of booking the invoice and thus depending upon the likely interface/input to the ‘books of account’, one may conclude it to be part of accounting software requiring existence of an audit trail feature
  • Records of Property, Plant and Equipment/intangible assets: Property, plant and equipment /intangible assets register may be classified as accounting software, if the same provides direct and auto feed to the accounting software2 Auto feed to books of account by a PPE register would be in terms of depreciation, profit or loss on sale of property, plant and equipment/intangible assets, etc..
  • Use of spreadsheets: End-user computing tools, like spreadsheets, may be classified as accounting software if the same provides direct and auto feed to the accounting software.
  • No exemptions from audit trail requirements: In case a company maintains its books of account in electronic mode, then it is required to comply with the requirements of Rule 3 of the Companies (Accounts) Rules, 20143 Rule 3 of the Companies (Accounts) Rules, 2014 inter alia requires every company which uses accounting software for maintaining its books of account to include a feature of recording audit trail of each and every transaction. It also requires the software to create an edit log of each change made in the books of account, whether or not the underlying journal entry can be edited or not. This is applicable from 1 April 2023 (Accounts Rules). This requirement is applicable to all companies and no exemption is available for the small and medium companies or for banks and Non-Banking Finance Companies (NBFCs)
  • No requirement to report on audit trail in the limited review report: The revised implementation guide has clarified that currently, there is no requirement prescribed under the Companies Act, 2013 or any of the SEBI Regulations for the auditors to report on the audit trail feature of accounting software while issuing their limited review report
  • Use of specialist/expert or reliance on information system audit report by the auditor: It has been specified that the auditor may consider involvement of a specialist or expert in the field of information technology to assist in evaluation of management controls and configurations in the accounting software regarding audit trail. However, while doing so, the auditor must comply with the requirements of SA 620, Using the Work of an Auditor’s Expert. Similarly, where accounting software is provided by a service provider, the auditor may consider using independent auditor’s report on service organisation (for example, SOC 1/SOC 2/ SAE 3402) for compliance with audit trail requirements4 It has been further clarified that if the SOC or SAE report of the service organisation does not cover the full reporting year, then the auditor would need to modify the reporting under clause 11(g) of the Audit and Auditors Rules. While doing so, statutory auditor of the company is required to comply with the requirements of SA 402, Audit Considerations Relating to an Entity Using a Service Organisation. However, the ultimate responsibility for reporting on audit trail would remain with the statutory auditor only.
  • Implication of audit trail feature not operational throughout the year: The revised implementation guide has clarified that in case there are no transactions during any part of the year, it would not be considered as a reason for not enabling the audit trail feature. Similarly, technical glitches in the accounting software during any part of the financial year due to which audit trail feature remains non-functional does not give any exemption to the management regarding their responsibility. Consequently, if the audit trail feature remains non-functional during any part of the year, the auditor would need to appropriately modify reporting under Rule 11(g) of the Audit and Auditors Rules5 It has also been clarified that reporting on the audit trail feature is independent of any adverse findings by the auditor . It would also have an impact on reporting under Section 143(3)(b)6 The auditor’s report should state whether proper books of account as required by law have been kept by the company, so far as appears from the examination of those books and proper returns and Section 143(3)(h)7 The auditor’s report should state any qualification, reservation or adverse remark relating to the maintenance of accounts and other matters connected therewith of the 2013 Act.
  • Applicability of materiality concept for reporting on audit trail: Rule 11(g) of the Audit and Auditors Rules states that audit trail is required for each and every transaction, creating an edit log of each change made in the books of account. Thus, reporting would apply for all the transactions, irrespective of the amount involved. Reporting on audit trail is a factual reporting. Auditor’s reporting is based on test checks which would require application of the concept of materiality for the purpose of sample selection
  • Requirement to comment on details of audit trail logs: As per Rule 11(g) of the Audit and Auditors Rules, the auditor needs to comment only on the below aspects:
  • Whether the company has used such accounting software for maintaining its books of account which has a feature of recording audit trail (edit log) facility
  • Whether the audit trail has operated throughout the year for all transactions recorded in the software
  • Whether audit trail feature has not been tampered with, and
  • Whether audit trail has been preserved by the company as per the statutory requirements for record retention.

Thus, there is no requirement for auditors to comment on the details of audit trail logs.

  • Log of all changes: In case of multiple changes made in the books of account, the log of entire chain of changes should be maintained. Retaining only the last/latest changes will not serve the purpose of compliance with audit trail requirements. In a situation where only the last/latest changes are maintained, the auditor would need to appropriately modify the reporting under Rule 11(g) of the Audit and Auditors Rules
  • Reporting on accounting software outside India: Audit trail requirements are applicable even for accounting software maintained outside India if the company is incorporated in India. In case the auditor is relying on the work of another auditor, then audit trail feature requirement should form part of SOC/SAE report
  • Requirement of audit trail to remain accessible in India at all times: There may be a situation wherein the audit trail is recorded at back-end on a server/cloud maintained outside India.

Rule 3 of the Accounts Rules requires companies to maintain a daily back-up of books of account8 This includes other books and papers of the company maintained in electronic mode (including at a place outside India), to be kept in servers physically located in India. Since audit trail would fall under the definition of books of account, a daily backup of the audit trail would also be required to be maintained in a server physically located in India.

To access the text of the revised implementation guide, please click here

Action points for auditors

Maintaining an audit trail is a significant requirement for the companies in terms of resources and infrastructure needed for implementing the same. It also casts an important responsibility on the auditors to report on, in accordance with Rule 11(g) of the Audit and Auditors Rules read with Section 143(3) of the Companies Act, 2013. Thus, the auditors should evaluate the necessary audit procedures required and audit evidence needed to report on the same. While the requirement to implement this for companies was 1 April 2023, there may be companies that are now in the process of adopting these. In such cases members of the profession should engage with such companies and discuss about the key organisational-level changes that may be required for implementing this.

Audits for the year/period ending 31 March 2024 would be the first year/period in which the auditor would report on the audit trail maintained by the companies since it is applicable for companies for financial years commencing on or after 1 April 2023. Some of the important points that auditors may consider while reporting on audit trail include:

  • Has the company identified all accounting software that would get covered under the requirements of the audit trail rules?
  • Has the company made necessary arrangement and additional investment for maintenance of daily backups and generating and maintaining audit trails?
  • Whether necessary processes and controls are in place regarding the access of audit trail, avoidance of data tampering and ensuring that audit trail feature is not disabled at any point in time?
  • Whether a periodic review of the user access (i.e., the users who can access, review, make changes etc. to the accounting software) performed?
  • In case of a third party or outsourced software, has the company obtained Service and Organisation Control (SOC) report for evaluating compliance with the regulatory requirements of daily backup and audit trail?
  • Whether the logs are being maintained as per the retention requirements and retrieval of the same is possible?

On 7 February 2024, ICAI issued the following revised Standards on Auditing (SAs):

  • SA 800 (Revised), Special Considerations – Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks
  • SA 805 (Revised), Special Considerations – Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement
  • SA 810 (Revised), Engagements to Report on Summary Financial Statements

(Together referred to as the ‘revised standards’)

The key changes in the revised standards is:

  • Auditors should consider the requirements of SA 700 (Revised), Forming an Opinion and Reporting on Financial Statements , while forming their opinion
  • Auditors should also address specific considerations relating to issues such as going concern, key audit matters, other information, etc. while forming their opinion.

Effective Date: The revised SAs would be applicable to audits/engagements for financial years beginning on or after 1 April 2024. The extant SA 800, SA 805 and SA 810 would continue to apply to audits/engagements for the financial year 2023-24.

To access the text of the revised SAs, please click here

Action points for auditors

Considering that the revised SAs would become applicable to audit engagements beginning on or after 1 April 2024, auditors should evaluate the impact of the changes introduced and discuss them with the management.

Auditors should continue to apply the existing SA800, 805 and 810 for periods beginning prior to 1 April 2024.

There are no updates in March 2024
There are no updates in April 2024
There are no updates in May 2024
There are no updates in June 2024
July 2024

The Pillar Two Model Rules, released in December 2021, are part of the two-pillar solution to address the tax challenges of the digitalisation of the economy, and are designed to ensure large Multinational Enterprises (MNEs) pay a minimum level of tax on the income arising in each jurisdiction where they operate. Once the Pillar Two Model Rules are enacted in India, these amendments would be relevant to the non-company entities applying Accounting Standards issued by the ICAI and to whom Pillar Two Model Rules would be applicable. In order to help such non-company entities ease into the application of the principles and requirements of AS 22 (issued by ICAI), to account for deferred taxes related to top-up taxes, ICAI has issued the following temporary exceptions to the requirements in AS 22 (issued by ICAI):

The amendments introduce:

  • A temporary exception to the requirements to recognise and disclose information about deferred tax assets and liabilities related to Pillar Two income taxes; and
  • Targeted disclosure requirements for affected entities.

The amendments are effective for annual reporting periods beginning on or after 1 April 2024.

To access the text of the amendments, please click here

Action points for auditors

  • Auditors of non-company entities that are a part of larger groups, would need to assess the status of the pillar two implementation in the countries where the group operates at the interim reporting date. Where these amendments become applicable, companies would need to determine how to reflect the current top-up tax and what information to disclose.
  • Auditors of non-company entities would also need to reflect the impact of the changes in tax laws in their impairment assessments.
There are no updates in August 2024
There are no updates in September 2024
October 2024

On 14 October 2024, the Institute of Chartered Accountants of India (ICAI) issued the following standards:

  • Standard on Quality Management (SQM) 1: Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements
  • SQM 2: Engagement Quality Reviews.

These standards would override the Standard on Quality Control (SQC) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements once the SQMs are effective.

Key points covered in these standards is given below:

SQM 1

  • SQM 1 deals with a firm’s responsibilities to design, implement and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements
  • This SQM requires the firm to apply a risk-based approach in designing, implementing and operating the components of the system of quality management in an interconnected and coordinated manner such that the firm proactively manages the quality of engagements performed by the firm.
  • For the purposes of this SQM, a system of quality management addresses the following eight components.
  • The firm’s risk assessment process: Involves identifying and assessing risks to the firms’ quality objectives. This process ensures that the firm understands the potential threats to achieving its quality objectives and can implement appropriate responses.
  • Governance and leadership: Establishes the firm's commitment to quality through leadership and governance structures. This includes setting the tone at the top and ensuring that quality is a core value within the organization.
  • Relevant ethical requirements: Ensures compliance with ethical standards and regulations. This component addresses the ethical obligations of the firm and its personnel.
  • Acceptance and continuance of client relationships and specific engagements: Focuses on the firm's policies and procedures for accepting and continuing client relationships and engagements.
  • Engagement performance: Covers the policies and procedures related to the performance of engagements. This ensures that engagements are performed in accordance with professional standards and regulatory requirements.
  • Resources: A firm’s quality objectives should appropriately address obtaining, developing, using, maintaining, allocating and assigning resources1 This includes human resources, technological resources, intellectual resources and service providers in a timely manner to enable the design, implementation and operation of the system of quality management
  • Information and communication: Ensures that relevant information is obtained or generated and communicated within the firm and with external parties. Effective communication supports the functioning of the quality management system
  • The monitoring and remediation process: Involves ongoing monitoring of the quality management system and taking corrective actions, when necessary.
  • Applicability: SQM 1 applies to all firms performing audits or reviews of financial statements, or other assurance or related services engagements.

Effective date: SQM 1 is recommendatory from 1 April 2025 and mandatory from 1 April 20262 Systems of quality management in compliance with SQM 1 may be designed and implemented by 1 April 2025 on a voluntary basis, and the evaluation of the system of quality management may be performed within one year following 1 April 2025.

Systems of quality management in compliance with SQM 1 are required to be designed and implemented by 1 April 2026, and the evaluation of the system of quality management is required to be performed within one year following 1 April 2026. .

SQM 2

SQM 2 deals with the appointment, eligibility, and responsibilities of the engagement quality reviewer.

  • Appointment: SQM 2 outlines the process for appointing an engagement quality reviewer
  • Eligibility: The eligibility criteria of an engagement quality reviewer includes competence, capability and objectivity of an individual, including whether the individual has sufficient time, the authority of the reviewer in the firm and whether the reviewer complies with ethical requirements.
  • Responsibilities and documentation: The engagement quality reviewer would be responsible for inter alia discussions and review of significant matters, significant judgements and conclusions. Further, the review process and the findings should be appropriately documented.

Applicable: SQM 2 applies to all engagements for which an engagement quality review is required to be performed in accordance with SQM 1.

Effective date: SQM 2 is recommendatory for audits and reviews of financial statements for periods beginning on or after 1 April 2025 and other assurance and related services engagements beginning on or after 1 April 2025.

To access the text of the standards, please click here

Action points for auditors

  • Audit firms should understand the changes between the SQC and SQM. Auditors and audit firms should evaluate how these standards will impact their organization and what steps should be taken to put in place processes to ensure adherence to these standards within the timelines prescribed.
There are no updates in November 2024

Our Insights

Tools and Enablers
Resources
Events and Webinars
Sectoral Insights

Reach out to us

;