Auditing Updates

ICAI issues an announcement on external confirmations through third-party vendors

Standard on Auditing (SA) 505, External Confirmations recognises that external confirmations are an integral method of obtaining audit evidence. Over the years, auditors have been using external confirmation procedures for obtaining account balances confirmation from various parties (confirming parties), such as banks, creditors, debtors, third-parties in possession of auditee’s investments/property etc.

However, it has come to the notice of the ICAI that, in recent years, auditors are facing various difficulties in obtaining external confirmations from banks. One of the major concern in this regard is that some banks are using services of third-party vendors to provide confirmations on their behalf to auditors. Use of third-party vendors leads to the risk that the information provided by third-party vendors may not be authentic and complete. Further, it is not clear as to who will be responsible in case there is failure of IT controls at the end of third-party vendors which may impact the integrity of information provided.

These factors raise a question as to who will be held responsible for authenticity and completeness of information provided to auditors, the concerned bank or such third-party vendors. Presently, there is no legal framework/guidelines to deal with these aspects. Thus, auditors are exposed to serious risk, in case they use the confirmation from such third-party vendors as audit evidence.

In this regard, ICAI, vide an announcement dated 7 September 2022 advised the auditors to seek direct confirmation from the concerned banks.

To access the text of the announcement, please click here

ICAI mandates the evaluation of audit quality maturity of firms using AQMM Revised Version 1.0

In July 2021, ICAI had issued the Audit Quality Maturity Model Version 1.0 (AQMM v1.0), comprising of a set of different Audit Quality Indicators (AQIs) to enable audit firms to self-evaluate their current level of audit maturity, identify areas where they lack and thereby help them in developing a roadmap for upgrading to a higher level of maturity. AQMM was introduced with an aim to move away from the traditional approach of enforced regulation to a more modern self-compliant model for the audit firms.

Initially, AQMM v1.0 was recommendatory and covered certain firms

The ICAI, vide a notification dated 13 September 2022 issued the revised version of the AQMM – Audit Quality Maturity Model Revised Version 1.0 (AQMM Rev v1.0). This is a mandatory evaluation of the audit quality maturity of firms auditing the following class of entities:

A listed entity, or
Banks other than co-operative banks (except multi-state cooperative banks), or
Insurance companies.

However, firms doing only branch audits are excluded from the mandate.

The requirement for mandatory evaluation of AQMM is with effect from 1 April 2023.

Similar to AQMM v1.0, the AQMM Rev v1.0, includes the following dimensions of audit maturity categorised into three sections:

Practice Management – Operation,
Human Resource Management, and
Practice Management – Strategic/Functional.

Each of the aforementioned sections consist of the related AQIs and firm’s maturity rating would be determined based on the score achieved in each section.

It has also been provided that the scores and level arrived at would be subject to review by a peer reviewer alongside the peer review cycle, which falls anytime on or after 1 April 2023. The level, so arrived at, after being reviewed by the peer reviewer should be hosted on the website of the ICAI alongside the details of the peer review certificate.

The firm(s) can get their scores reviewed by an AQMM reviewer⁵ before their peer review cycle falls due. Also, the firms whose last peer review cycle has been completed and not a year has lapsed from the date of the last review, such firms can get their scores reviewed before their next peer review falls due by an AQMM reviewer. However, it has been stated that the subsequent reviews would necessarily be aligned to the peer review cycle and that the period of review in no case would be less than a year.

In this regard, ICAI has also released the Implementation Guide (IG) to the AQMM v1.0. The IG has been issued in the form of various implementation clues, which are practice based.

AQMM reviewer is a member of the ICAI and empaneled as a peer reviewer. He/she is appointed by the Peer Review Board for conducting an AQMM review any time before the peer review cycle of the firm falls due.

To access the text of ICAI’s notification, please click here

To access the text of the IG, please click here

To access the text of AQMM Rev v1.0, please click here

Action Points for Auditors

Audit firms should develop the necessary infrastructure, including appropriate control mechanism in order to be able to collate data with respect to different AQIs for each engagement. This will help determine whether it meets a particular parameter i.e., ‘yes’ or ‘no’ criteria to award a score corresponding to an AQI. They should also maintain the relevant documentation to support their scores, which should be made available to the inspection teams, in case of any inspection.
AQMM is required to be filled in for each firm in a network, even if such firms follow the same Standards on Quality Control (SQC), Human Resource and operational practices. Thus, those firms which are a part of a network and meet the applicability criteria should build in the required resources and refer the following roadmap for moving up the next level of audit maturity:

Step 1 Benchmarking: Audit firms should benchmark their current maturity level and document a list of specific aspects that they are currently lacking, and which need to be initiated to move to the next level of the AQMM
Step 2 Planning initiatives: Firms should convert the initiative to be taken into an action plan, with quarterly or annual timelines
Step 3 Identifying resources and execution plan: A cross-functional team should be identified to own the execution of the plan and accountability should be defined for reporting progress and challenges, if any in the implementation
Step 4 Assessing progress: Progress made should be re-evaluated against the AQMM and execution plan should be revisited on a half-yearly basis, to identify revisions, if any
Step 5 Perform a peer review/review by an external firm/internal inspection: The firm should have its AQMM reviewed by a peer reviewer, or additionally by an external firm or internal inspection and assess the position at periodical intervals.

ICAI announces the applicability date of certain deferred provisions of the Code of Ethics, 2019

In January 2019, ICAI had issued the 12^th edition of the Code of Ethics (Code of Ethics, 2019), coming into effect from 1 July 2020. However, applicability of certain provisions of Volume-I of the Code of Ethics, 2019 (the Code) had been deferred on account of situations prevailing at the given time due to Covid-19. These included provisions relating to:

Responding to Non-Compliance with Laws and Regulations (NOCLAR),
Fees - relative size, and
Tax services to audit clients.

ICAI, vide an announcement dated 29 September 2022 (the amendment) has made the above-mentioned provisions applicable with effect from 1 October 2022 with certain amendments. Some of the significant amendments issued in this regard include:

Amendment to provisions relating to ‘Responding to Non-Compliance with Laws and Regulations (NOCLAR)’

Section 260 of the Code specifies the provisions for responding to Non-Compliances with Laws And Regulations (NOCLAR), which is applicable to professional accountants in service. As per the extant requirements, the provisions were applicable to all the employees of listed entities. However, the amendment has now narrowed down the applicability criteria to only senior professional accountants in service⁶, who are in employment of the listed entities. The amendment has also clarified that senior professional accountants in service refer to key managerial personnel.

Section 360 of the Code guides professional accountants in public practice in assessing the implications of the matter and the possible courses of action when responding to NOCLAR during the course of audit engagements of listed entities.

There are certain amendments with respect to the applicability of Section 360 of the Code, the definition of an ‘audit’ or ‘audit engagement’ and measures to be taken in case of an imminent breach. These are discussed below:

Existing provision	Amendment notified by ICAI
The provisions stipulated in Section 360 of the Code were applicable to audit engagements of all listed entities	Section 360 would now be applicable to audit engagements of entities, the shares of which are listed on recognised stock exchange(s) in India and have a net worth of INR250 crore or more. The applicability of Section 360 will subsequently be extended to all listed entities, at the date to be notified by ICAI.
The term ‘audit engagement’⁷ has been defined in the glossary to the Code and is applicable to the entire Code.	For the purpose of Section 360, an ‘audit’ or ‘audit engagement’ shall mean a reasonable assurance engagement in which a professional accountant in public practice expresses an opinion whether financial statements give a true and fair view in accordance with an applicable financial reporting framework.
Measures to be taken in case of imminent breach As per Section R360.26 of the Code, where a professional accountant becomes aware of an imminent breach of a law or regulation that would cause substantial harm to stakeholders, he/she should first consider whether it would be appropriate to discuss the matter with management or those charged with governance of the entity, and then determine whether to disclose the matter immediately to an appropriate authority in order to prevent or mitigate the consequences of such imminent breach.	Section R360.26 has been repealed.

(Source: ICAI announcement dated 29 September 2022 (Applicable date of certain deferred provisions of Volume-I of Code of Ethics, 2019))

Amendment to provisions relating to ‘Fees-relative size’

As per paragraph 410.3 of the Code, when the total fees generated from an audit client by a firm expressing an audit opinion on the financial statements of that client, represents a large proportion of the total fees of that firm, the dependence on that client and concern about losing the client creates a self-interest or intimidation threat (commonly referred to as threats).

Paragraphs 410.3 - R410.6 of the Code prescribe about factors that need to be evaluated while assessing the threats, and actions that can be taken to safeguard against such threats, etc. These provisions are applicable from 1 October 2022, with certain amendments, which are discussed below:

Existing provision	Amendment notified by ICAI
Where for two consecutive years, the total gross annual professional fees (total fees) from an audit client and its related entities represent more than 15 per cent of the total fees received by the firm which is expressing an opinion on the financial statements of the client (dependency on fees), the firm shall:	The threshold for determining an audit firms’ dependency on fees from a client has been amended. The revised threshold has been prescribed separately for Public Interest Entities (PIEs) and Non PIEs as below: For PIEs: An audit firm would be considered dependent on fees received from a PIE, if the total fees from the PIE represents more than 20 per cent of the total fees of the firm, For Non PIEs: An audit firm would be considered dependent on fees received from a non-PIE, if the total fees from the non-PIE represents more than 40 per cent of the total fees of the firm.
A. Disclose to Those Charged With Governance (TCWG) of the audit client the fact of such dependency on the audit fees	Disclosure regarding dependency on fees is now required to be made to ICAI
(Exemption from the above provision is provided to the firm, where the total fees received from an audit client does not exceed INR5 lakh in respect of a firm⁸, and/or in case of audits of government entities.⁹)	The exemption from making disclosures to ICAI regarding the dependency on audit fees would be applicable to firms who received total fees from an audit client of INR20 lakh (instead of the current limit of INR5 lakh). ‘Regulators’ would be added to the list of government entities.
B. Discuss and apply the remedial actions to safeguard the threat created by dependency on the audit fees- which includes a pre-issuance and post-issuance review.	This provision has been repealed.

(Source: ICAI announcement dated 29 September 2022 (Applicable date of certain deferred provisions of Volume-I of Code of Ethics, 2019))

Amendment to provisions relating to ‘Tax services to audit clients’

Sub Section 604 of the Code specifies the provisions relating to rendering of tax services to audit clients. As per sub-section 604, providing tax services to an audit client might create a self-review or advocacy threat. In order to mitigate such threats, sub-section 604 of the Code includes requirements that prohibit firms and network firms from providing certain tax services to audit clients in some circumstances.

One such service prescribed in sub-section 604 of the Code includes ‘Assistance in the Resolution of Tax Disputes’, wherein a firm or a network firm has been prohibited from providing services involving acting as an advocate for certain audit clients, before a court in the resolution of a tax matter.

Sub-section 604 further defines what would be considered as a court. This definition has been amended as below:

Existing provision	Amendment notified by ICAI
In case of Assistance in the resolution of Tax disputes, the term “Court” is explained as under: What constitutes a ‘Court’ depends on how tax proceedings are heard in India.	In case of Assistance in the resolution of Tax disputes, the term “Court” is explained as under: For the purpose of this sub-section, ‘Court’ does not include a Tribunal

(Source: ICAI announcement dated 29 September 2022 (Applicable date of certain deferred provisions of Volume-I of Code of Ethics, 2019))

Senior professional accountants in service (‘senior professional accountants’) are directors, officers or senior employees who are able to exert significant influence over, and make decisions regarding, the acquisition, deployment and control of the employing organisation’s human, financial, technological, physical and intangible resources. They refer to the Key Managerial Personnel (KMP) of the entity
Audit engagement has been defined as ‘A reasonable assurance engagement in which a professional accountant in public practice expresses an opinion whether financial statements are prepared in all material respects (or give a true and fair view or are presented fairly, in all material respects), in accordance with an applicable financial reporting framework, such as an engagement conducted in accordance with Standards on Auditing. This includes a Statutory Audit, which is an audit required by legislation or other regulation’
This includes fees received by the firm for other services rendered through the medium of a different firm or firms in which such member or firm may be a proprietor or partner.
This includes audit of government companies, public undertakings, nationalised banks, public financial institutions or where appointments of auditors are made by the Government.

To access the text of the announcement, please click here

To access the text of the detailed provisions (with amendments), please click here

To access the text of the Code of Ethics, 2019, please click here

Action Points for Auditors

Section 360 of the Code explains the provisions for responding to NOCLAR applicable to professional accountants in public practice. Though, the amendment has narrowed down the applicability criteria to audit engagements of entities, the shares of which are listed on recognised stock exchange(s) in India and have a net worth of INR250 crore or more, it has been specified that the applicability would be subsequently extended to all listed entities. Thus, practitioners auditing listed entities having net worth of less than INR250 crore should put in place the required system and necessary procedures for appropriate identification and disclosure of instances of noncompliance with laws and regulations.
Auditors should take note of the requirements to make disclosures regarding fee amounts to the ICAI, where such fees exceed the prescribed threshold.

Regulatory updates

Our Insights

Tools and Enablers

Resources

India updates

International updates

Recap on key updates

Publications

Matter for auditors’ attention

Discussion/Consultation papers and Publications issued by regulators

Events and Webinars

Sectoral Insights

Reach out to us