National Financial Reporting Authority
7th Floor, Hindustan Times House
Kasturba Gandhi Marg, New Delhi
NF-22/52/2025-NFRA
Date: 16 December 2025

Circular

To
All Statutory Auditors of Public Interest Entities (PIEs) covered under Rule 3 of NFRA Rules, 2018

Sub: Maintenance, archival and submission of Audit File to National Financial Reporting Authority (NFRA) – reg.

In the course of performing its statutory functions, NFRA requires the audit firm¹ to provide audit files as evidence of the work done by the audit firm in respect of specific audit engagements. During the course of performance of its monitoring, enforcement and oversight activities, NFRA has observed certain deficiencies in the audit firms’ submission of audit files to NFRA, and their compliance with the requirements of maintenance and archival of audit files as per Standards on Auditing (SAs) and Standard on Quality Control (SQC) 1.

 Requirements of Professional Standards

2. The Standards on Auditing (SAs)² including the Standard on Quality Control (SQC) 1 define and provide guidance as to what constitutes an audit file and its evidentiary value in respect of the audit process undertaken by an auditor in support of his audit opinion/report. Accordingly, audit firms are required to design policy, procedures and controls around maintaining the sanctity of audit files, ensuring their completeness and timely archival, including controls around authorised access to archived files.

 Components and attributes of an Audit file

3. Paragraph 6 (b) of SA 230 defines an Audit File as “One or more folders or other storage media, in physical or electronic form, containing the records that comprise the audit documentation for a specific engagement”. Paragraphs 2, 3 and 5 of SA 230 describe the nature and purposes of audit documentation, and the objectives of the auditor to prepare documentation as: (a) sufficient and appropriate record of the basis for the auditor’s report; and (b) evidence that the audit was planned and performed in accordance with the SAs and applicable legal and regulatory requirements. Paragraph 6 defines audit documentation (terms such as “working papers” or “workpapers” are also sometimes used), as the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached.

4. Paragraph 13(b) of SA 200 and Paragraph 5 in SA 500 defines audit evidence as the information used by the auditor in arriving at the conclusions on which the auditor’s opinion was based.

5. Paragraphs 8 and 10 of SA 230 require mandatory documentation of the nature and extent of the audit procedures performed, the audit evidence obtained, significant professional judgments, and the discussions of important matters with management, those charged with governance, and others.

 Timely Completion, Archival, Retention and Access of Audit File

6. The SAs also provide that the audit file has to be assembled by an auditor and archived in a specific timeframe to establish integrity of the audit process. In support, paragraphs 14 and 15 of SA 230 require the mandatory assembly of the final audit file after the date of the audit report on a timely basis and its mandatory retention for the specified period.

7. Paragraph 75 of SQC 1 Engagement Documentation: Completion of the Assembly of Final Engagement Files stipulates the need to complete the assembly of final engagement files on a timely basis after the engagement reports have been finalised. In the case of an audit, such a time limit is ordinarily not more than 60 days after the date of the auditor’s report (also refer paragraph A21 of SA 230).

8. The retention of audit documentation is provided for in paragraphs 82 and 83 of SQC 1. These provisions state that the firm should establish policies and procedures for the retention of engagement documentation for a period sufficient to meet the needs of the firm or as required by law or regulation. The retention period may also depend on other factors, such as whether local law or regulation prescribes specific retention periods for certain types of engagements, or whether there are generally accepted retention periods in the jurisdiction in the absence of specific legal or regulatory requirements. In the specific case of audit engagements, the retention period ordinarily is no shorter than seven years from the date of the auditor’s report, or, if later, the date of the group auditor’s report (also refer paragraph A23 of SA230).

9. Paragraph 85 of SQC 1 deals with ownership of engagement documentation and states that unless otherwise specified by law or regulation, engagement documentation is the property of the firm.

10. Paragraph 77 of SQC 1 requires the firm establish policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation. Paragraph 79 of SQC 1 goes on to caution that integrity, accessibility or retrievability of the underlying data may be compromised if the documentation could be altered, added to or deleted without the firm’s knowledge, or if it could be permanently lost or damaged, irrespective of whether engagement documentation is in paper, electronic or other media.

 11. In this regard, it is also relevant to refer to paragraph 81 of SQC 1, which provides for retention of all original paper documentation if some such documentation is to be included in engagement files by converting it into electronic files. Paragraph 81 of SQC 1 states that,

“For practical reasons, original paper documentation may be electronically scanned for inclusion in engagement files. In that case, the firm implements appropriate procedures requiring engagement teams to:
(a) Generate scanned copies that reflect the entire content of the original paper documentation, including manual signatures, cross-references and annotations;
(b) Integrate the scanned copies into the engagement files, including indexing and signing off on the scanned copies as necessary; and
(c) Enable the scanned copies to be retrieved and printed as necessary.

The firm considers whether to retain original paper documentation that has been scanned for legal, regulatory or other reasons.”

(emphasis supplied)

 Observed delays in submission of Audit files to NFRA, beyond reasonable time

12. In view of the requirements in the professional standards outlined above, it is mandatory that audit documentation is completed contemporaneously by the audit firms and archived within the specified timeframe. Therefore, audit firms require only a short period of time for submitting the audit files to NFRA, when required. Based on NFRA’s oversight and monitoring activities, in several matters it has been observed that some auditors of entities falling under Rule 3 of the NFRA Rules 2018 i.e. Public Interest Entities (PIEs), sometimes seek an unreasonable extension of time for submitting audit files to NFRA. While in the interest of natural justice, such extensions have been granted time and again, the elongated timelines sought by audit firms affects the overall timely consideration of the matter at NFRA.

13. Such extensions have, it appears, also been utilised in a few observed instances to convert physical files to electronic formats or vice versa, before sending the files to NFRA and even for preparation of fresh/additional audit documentation (after the expiry of prescribed timeline for assembly and archival of audit files) solely for submission to NFRA.

Instances of loss of data and loss of integrity of audit files

14. The conversion of file formats, as mentioned above, have sometimes been done in a manner that impacts the integrity of the audit files submitted to NFRA. For instance, practices such as printing the original electronic documents and then scanning these to create unsearchable PDFs for sending to NFRA, or any alterations or additions to original audit documentation (in physical or electronic form) in respect of an audit engagement, are violative of the requirements in the SAs and SQC 1.

 15. Practices which obscure original content also cause avoidable compliance burdens and regulatory scrutiny on the auditors. Format conversions, from original electronic form to paper form, lead to loss of metadata (timestamps, authorship, edits, history of changes) which affects authenticity and the integrity of the data, and loss of embedded documents. This also obscures evidence of work done by the auditors, loss of formulae and links to establish basis for values and relationships between data, loss of interactive elements of spreadsheets which is crucial for understanding the context and interpretation of the data, amongst loss of other add-on features, thereby impeding evidence of work actually done by the auditor.

 Retention of Audit files

16. Audit files constitute audit evidence. In certain instances, it has been observed that auditors have taken recourse to the suggested seven year period provided in the SQC 1 as the final period upto which they are required to retain the audit file/audit documentation, even when the matter is under regulatory scrutiny or under challenge in Courts.

17. Preservation of evidence is not just the requirement of SQC 1 or Standards of Auditing. Preservation of any document or electronic record which a person may be lawfully compelled to produce as evidence in a Court or in any proceeding lawfully held before a public servant is protected in law from obliteration or being rendered illegible, where done with the intention of preventing the same from being produced or used as evidence before such Court or public servant or after he is required to produce the same for any proceeding that may have been instituted. Therefore, in cases where any legal/regulatory proceedings have been instituted by any court or authority, the audit files are to be retained even beyond the timelines prescribed under SQC-1 or Standards of Auditing.

 Points of compliance for the auditors

18. Audit firms should establish adequate policy, procedures and controls over audit files as required by the professional standards and keep in mind all the relevant Indian laws and regulations including Information Technology Acts/Rules/Regulations. Accordingly, their policy and procedures should address aspects of maintenance, archival and retention of audit files.

19. Final audit files are required to be assembled and archived within the prescribed time limit in SA 230 & SQC 1 i.e., time limit for assembly of final audit files shall not ordinarily be more than 60 days after the date of the auditor’s report. Accordingly, the audit firms should be able to send the audit files to NFRA within short notice, as NFRA’s requests are ordinarily after substantial time gap from the expiry of 60 day time limit mentioned above.

20. While the audit firm’s policy on retention period for audit engagements shall not be ordinarily less than 7 years from the date of the auditor’s report, the policy must include retention beyond this 7 years period in certain circumstances such as when the audit client is subjected to certain enquiry/actions by oversight/investigative agencies.

 1. Audit firms shall be required to preserve their original work papers and send audit documentation to NFRA in the manner requisitioned. Audit evidence obtained or prepared originally in electronic form shall be preserved and maintained in that form only, unless the conversion to any other form can be done without loss of evidentiary value (paragraphs 14 and 15 above). Any modification or addition or alteration to the original workpapers is violative of the requirements in the SAs and SQC 1. If the audit files have been requisitioned by NFRA, audit firms are required to retain the audit files even if the indicated retention period of seven years gets over between the requisition of audit files and completion of proceedings by NFRA.

22. Audit firms may note that any original audit documentation or parts of the original audit documentation which has been subjected to some format conversion before sending the file to NFRA or when printing some electronic form of work papers (e.g. MS-Excel Worksheets) for inclusion in the audit files maintained in paper form, do not fulfil relevant requirements of SAs and SQC 1 and cannot constitute valid audit evidence since they do not ensure authenticity, nature and timing of the audit procedures performed by the auditor.

23. Audit firms are required to note that audit files requisitioned by NFRA are required to be submitted to NFRA in complete form and prescribed manner within 7 days of receipt of the communication from NFRA to submit the Audit Files.

24. In exceptional circumstances, if extensions are necessitated, any request for extension of time needs to be made within 7 days of receipt of the communication from NFRA. Such requests should be accompanied with all the requisite details below:
(a) Description of the exceptional circumstances warranting the extension, and documentary proof substantiating the circumstances.
(b) Total number of pages of paper audit file or paper documents that form part of the audit file, and/or total volume of electronic audit file in MBs.
(c) The index page of the paper audit file and/or logical listing of the electronic audit documentation, showing the list of documents contained in the electronic audit file.
(d) Notwithstanding requirements to send the audit files in complete form as requisitioned by NFRA, advance copies of Audit Strategy and Audit Plan (Paragraph 11 of SA 300³), Risk assessment summary (Paragraph 32 of SA 315⁴), Summary of Corrected and Uncorrected Audit Misstatements (Paragraph 15 of SA 450⁵) and Copies of all communications with Audit Committee or Board (Paragraph 23, SA 260⁶ (revised)) and Paragraphs 10 and 11 of SA 265), as available in the Audit File, are required to be sent with the extension request.

 25. This circular is, therefore, being issued to reiterate the provisions in the Standards of Auditing and SQC 1 including adherence to retention timelines and submission of audit file, and other requirements that are necessary to ensure integrity of audit files, for compliance by the audit firms of the entities that fall under Rule 3 of NFRA Rules 2018.

Authorised for issue by the Executive Body, NFRA.

(Signed)
Vidhu Sood
Secretary

 Copy to:

  1. Secretary, Ministry of Corporate Affairs, Government of India
  2. Governor, Reserve Bank of India
  3. Chairperson, Securities and Exchange Board of India
  4. Chairperson, Insurance Regulatory and Development Authority of India
  5. Director General of Corporate Affairs, Ministry of Corporate Affairs, Government of India
  6. Director General (Commercial-II), O/o CAG of India
  7. Chairman, BSE
  8. MD & CEO, National Stock Exchange
  9. President, The Institute of Chartered Accountants of India
  10. President, The Institute of Company Secretaries of India
  11. Director General, Confederation of Indian Industry (CII)
  12. Director General, Federation of Indian Chamber of Commerce and Industry (FICCI)
  13. Secretary General, The Associated Chambers of Commerce and Industry of India (ASSOCHAM)
  14. Secretary General, PHD Chamber of Commerce and Industry (PHDCCI)
  15. Director, The CFO Board

    LINK TO DOWNLOAD THE ORDER
    https://mytaxexpert.co.in/uploads/1767927211_CircularOfNFRAoncommunicationwithTCWG.pdf