Comprehensive Precautions to be Taken by Chartered Accountants and CA Firms

Learning from Recent NFRA Orders, ICAI Disciplinary Cases, and Regulatory Actions

The recent disciplinary orders passed by the National Financial Reporting Authority have demonstrated that the regulator expects auditors not merely to issue audit reports but to independently verify, document, challenge, and conclude every material matter affecting the financial statements.

A recurring observation in almost all NFRA cases is that auditors failed not because fraud existed, but because they failed to maintain sufficient audit evidence proving that they had performed the audit in accordance with Standards on Auditing.

Therefore, every CA Firm should establish a "Defensive Audit Framework" under which every audit file is prepared assuming that one day it may be reviewed by NFRA, ICAI, C&AG, SEBI, RBI, NCLT, Courts, or any other regulator.

 

PART I – PRECAUTIONS BEFORE ACCEPTING AUDIT ASSIGNMENT

1. Verify Validity of Appointment

Before commencement of audit:

Obtain and verify:

  • Board Resolution
  • Shareholders' Resolution
  • Appointment Letter
  • ADT-1 acknowledgement
  • Consent and Eligibility Certificate
  • Previous Auditor Communication
  • Removal/Resignation documents of previous auditor

Risk

Several NFRA orders have held auditors guilty where audits were accepted without valid appointment.

Best Practice

Maintain a separate file:

"Audit Appointment Verification File"

containing:

  • Appointment documents
  • MCA extracts
  • Independence declaration
  • Eligibility certificate

 

2. Conduct Client Acceptance and Continuance Review

Before accepting audit:

Verify

  • Promoters' background
  • Pending litigation
  • Creditworthiness
  • Regulatory history
  • Fraud allegations
  • Related party structure

Obtain

  • PAN
  • CIN
  • GST Registration
  • Memorandum & Articles
  • Financial Statements of previous years

Red Flags

  • Frequent auditor changes
  • Large losses
  • Negative net worth
  • High related-party transactions
  • Unexplained borrowings

 

3. Independence Check

Every partner and team member should certify:

They do not have:

  • Financial interest
  • Loans
  • Guarantees
  • Employment relationship
  • Family relationship affecting independence

Maintain

Annual Independence Register.

 

PART II – AUDIT PLANNING PRECAUTIONS

4. Engagement Letter (SA 210)

Never commence audit without a signed engagement letter.

The letter should contain:

  • Objective of audit
  • Management responsibility
  • Auditor responsibility
  • Reporting framework
  • Access to records
  • Timelines

NFRA frequently notes absence of engagement documentation.

 

5. Understand Business Thoroughly

Document:

Business Model

  • Revenue streams
  • Products
  • Services
  • Customers
  • Vendors

Industry Risks

  • Competition
  • Regulations
  • Economic conditions

Internal Controls

  • Purchase process
  • Sales process
  • Payroll process
  • Inventory process
  • Treasury controls

 

6. Fraud Risk Assessment

Conduct documented brainstorming sessions.

Identify risk of:

Financial Statement Fraud

  • Revenue inflation
  • Fake sales
  • Fictitious debtors
  • Inventory manipulation

Asset Misappropriation

  • Cash theft
  • Expense fraud
  • Vendor fraud

Maintain detailed fraud risk memo.

 

PART III – AUDIT EXECUTION PRECAUTIONS

7. Audit Documentation (SA 230)

The most common NFRA allegation:

"No audit documentation available."

Maintain:

  • Planning papers
  • Risk assessment
  • Sampling basis
  • Audit evidence
  • Correspondence
  • Analytical review
  • Partner review notes

Golden Rule

If not documented,
it is presumed not performed.

 

8. Professional Skepticism

Auditor should never rely merely on management statements.

Always ask:

Why?

How?

Where is the evidence?

Verify independently.

 

9. Revenue Recognition Testing

NFRA has imposed severe penalties where revenue was accepted without verification.

Verify

  • Sales invoices
  • E-way bills
  • Delivery challans
  • LR copies
  • Customer confirmations
  • GST returns

Perform cut-off testing.

 

10. Debtors Verification

Obtain

  • Balance confirmations
  • Subsequent recovery evidence
  • Aging analysis

Investigate:

  • Long outstanding balances
  • Round figure balances
  • Related-party debtors

 

11. Inventory Verification

Attend physical verification whenever possible.

Verify:

  • Existence
  • Ownership
  • Valuation

Obtain:

  • Stock reports
  • Warehouse confirmations
  • Physical verification reports

 

12. Cash and Bank Verification

Obtain

  • Bank confirmations
  • Reconciliation statements

Verify:

  • Fixed deposits
  • Margin money
  • Escrow accounts
  • Loan balances

 

13. Related Party Transactions (SA 550)

One of the most litigated audit areas.

Verify:

  • Related party list
  • Board approvals
  • Shareholding pattern
  • MCA records

Examine:

  • Loans
  • Advances
  • Purchases
  • Sales

 

14. Journal Entry Testing

Review:

  • Year-end entries
  • Manual entries
  • Round figure entries
  • Late-night postings

Identify unusual transactions.

 

PART IV – HIGH-RISK AUDIT AREAS

15. Going Concern Assessment (SA 570)

Examine:

Financial Indicators

  • Losses
  • Negative cash flows
  • Working capital deficits

Operational Indicators

  • Loss of customers
  • Closure of operations

Legal Indicators

  • Litigation
  • Regulatory action

Document detailed conclusion.

 

16. Estimates and Judgements

Review:

  • ECL provisions
  • Impairment
  • Inventory valuation
  • Fair value estimates

Challenge assumptions.

 

17. Consolidation Audit

Verify:

  • Subsidiaries
  • Associates
  • Joint ventures

Review:

  • Consolidation entries
  • Elimination entries
  • Minority interest

 

18. Subsequent Events

Review period from:

Balance Sheet Date
to
Audit Report Date

Verify:

  • Major litigation
  • Fire
  • Natural disasters
  • Defaults
  • Mergers

 

PART V – REPORTING PRECAUTIONS

19. Review CARO Reporting Carefully

Cross-check every clause.

Maintain separate CARO working papers.

Many NFRA observations relate to unsupported CARO conclusions.

 

20. Verify Financial Statement Disclosures

Check:

  • Schedule III
  • Accounting Standards
  • Ind AS
  • Companies Act disclosures

Use disclosure checklist.

 

21. Management Representation Letter

Obtain signed MRL before signing audit report.

However:

MRL cannot replace audit evidence.

 

PART VI – PARTNER LEVEL PRECAUTIONS

22. Engagement Partner Responsibility

Partner must personally review:

  • Significant risks
  • Material transactions
  • Audit conclusions

NFRA consistently holds Engagement Partner primarily liable.

 

23. Engagement Quality Control Review (EQCR)

Applicable engagements should undergo independent review.

EQCR should examine:

  • Significant judgments
  • Risk areas
  • Audit opinion

Maintain signed EQCR file.

 

24. Supervision of Staff

Partner should verify:

  • Work allocation
  • Review notes
  • Resolution of observations

Never sign merely on trust.

 

PART VII – FIRM LEVEL RISK MANAGEMENT

25. Implement SQM Framework

In accordance with:

Institute of Chartered Accountants of India Standards on Quality Management.

Create:

  • Quality Manual
  • Risk Assessment System
  • Monitoring Procedures
  • Corrective Action System

 

26. Maintain Audit Trail

Preserve:

  • Emails
  • WhatsApp instructions
  • Client correspondence
  • Draft accounts

Maintain evidence for minimum statutory period.

 

27. Use Standardized Checklists

Mandatory checklists:

  • SA Compliance Checklist
  • CARO Checklist
  • Independence Checklist
  • Going Concern Checklist
  • Related Party Checklist
  • Disclosure Checklist

 

28. Annual Technical Training

Conduct training on:

  • SAs
  • Companies Act
  • NFRA Orders
  • ICAI Guidelines
  • Audit Documentation

 

PART VIII – SPECIAL NFRA LESSONS

Recent NFRA orders indicate that auditors were penalized for:

Acceptance Failures

  • Invalid appointment
  • Non-independence

Planning Failures

  • No risk assessment
  • No fraud assessment

Execution Failures

  • No confirmations
  • No inventory verification
  • No evidence

Reporting Failures

  • Incorrect audit opinion
  • Wrong CARO reporting

Documentation Failures

  • Missing working papers
  • Missing review notes

Quality Control Failures

  • Ineffective EQCR
  • Lack of supervision

 

NFRA-Proof Audit File – Minimum Documents

Every audit file should contain:

  1. Appointment documents
  2. Independence declarations
  3. Engagement letter
  4. Planning memorandum
  5. Risk assessment
  6. Materiality computation
  7. Fraud risk documentation
  8. Trial balance
  9. Lead schedules
  10. Confirmations
  11. Analytical review
  12. Related party review
  13. Going concern assessment
  14. Subsequent events review
  15. Financial statement disclosure checklist
  16. CARO checklist
  17. MRL
  18. Partner review notes
  19. EQCR notes
  20. Final signed audit report

Conclusion

The modern regulatory environment requires auditors to prove the quality of their work through contemporaneous documentation. An auditor may survive a wrong judgment if it was reached through a documented and reasonable audit process. However, even a correct audit opinion may attract disciplinary action if the audit file cannot demonstrate compliance with Standards on Auditing. Therefore, every CA firm should adopt the principle:

"No Documentation – No Audit; No Evidence – No Conclusion; No Independence – No Acceptance."