Established in 2018, constituted under S. 132 of the Companies Act, 2013 to bolster and keep and oversight on quality of audits of companies, the National Financial Reporting Authority (“NFRA”) functions to recommend to the Central Government on the formulation and laying down of accounting and auditing policies and standards, ensure compliance with these standards, oversee professional service quality, and perform such other functions related thereto. One of the pivotal reasons for creation of NFRA was some of the corporate failures in India resulting in substantial loss to the investors.
S. 132 of the 2013 Act lays down framework for NFRA’s constitution, function, jurisdiction.
Under the powers vested in NFRA by S. 132(4), NFRA has passed quite a few Orders calling attention to various lapses in adherence to principles of accounting standards, standards on auditing and other regulatory requirements which could constitute professional misconduct on part of the auditors and lead to imposition of statutory penalties on part of the reporting entities.
Hence, it has become paramount for the audit and assurance professionals to study these Orders to take notice of lapses faced in various audits as well as the expectations of the regulators from auditors of financial statements. Some of the significant observations in general have been discussed below:
A. Lapses in adherence to principles of accounting standards
A particular entity had offered multiple level of tiers of memberships to its customers. Accordingly, the different tiers enjoyed privileges of varied levels. Ind AS 115 ‘Revenue from Contracts with Customers’ requires an entity to identify each good or service promised in a contract as a separate performance obligation, this includes not only goods or services explicitly stated in a contract but also implied by the entity’s customary business practices, published policies, etc. An entity is to recognise revenue only to the extent of the satisfaction of its performance obligations. As such, entities are expected to have controls in place to identify such satisfaction of performance obligations and ensure that the revenue recognised is compliant with the principles of Ind AS 115. It would be necessary for the entity to demonstrate the controls set in place for ensuring that the different privileges allowed to the varying levels of membership tier were recognised as separate performance obligations and the revenue so recognised adhered to the revenue recognition criteria mentioned in Ind AS 115. Thus, the process and controls for the identification of performance obligation and its satisfaction would be imperative for recognising revenue.
Further the observation was regarding non disclosure of segmental performance figures of some segments which were being reviewed by the Chief Operating Decision Maker (“CODM”). Ind AS 108 ‘Operating Segments’ requires that an entity disclose information relating to segments which engage in revenue generating business activities, the operations of which are regularly reviewed by the CODM and for which discrete financial information is available. It was noted that the CODMs are reviewing the financial performances of segments at a more granular level that as being disclosed in the financial statements. The managements of entities as well as the Audit and Assurance professionals are urged to follow the disclosure norms in letter as well as in spirit. This involves an endeavour towards more positive disclosures improving the quality and transparency of accounts.
Another issue citied by NFRA in its Orders and in a circular is that of non-recognition of interest expenditure on borrowings which have been classified as Non Performing Assets (“NPAs”) by the issuer of the borrowings. In accordance with the prudential norms of RBI, banks and financial institutions cease to book interest income over loans that have been categorised as NPAs. However, this does not absolve the borrower from their contractual liability to pay interest on the outstanding balance of their borrowings. The mere fact that negotiations for settlement of loan liabilities are underway also does not discharge the company of its liability of the interest cost on the borrowings classified as NPA. Such accounting treatment was not found to be in conformity with the principles of Ind AS 109 ‘Financial Instruments’. Such non compliance of Ind AS 109 would warrant an appropriate modification to the auditor’s opinion after consideration of the materiality of the amount of interest expense not recognised, hence understatement of liability and underreporting of loss.
B. Lapses in adherence to requirements of standards of auditing
SA 210 ‘Agreeing to the Terms of Engagement’ requires an auditor to confirm that a common understanding as to the terms of an engagement exists between the auditor and the management of the entity. Though an auditor may not send an engagement letter for each period of a recurring engagement, a fresh engagement letter shall be issued in cases where there has been a significant change in the circumstances of the engagement. NFRA observed that many Audit and Assurance professionals had failed to comply with such requirements and either had failed to issue an engagement letter or failed to reissue a revised engagement letter even after significant changes in the circumstances of the engagement.
Another issue with regards to engagement letters were that of lack of proper description of the responsibilities of the auditor and the management as also the applicable financial reporting framework. An engagement letter must be drafted in a way to ensure a clear communication and mutual understanding between the auditor and the management regarding the objective, scope, responsibilities, timeline, fees, confidentiality, and other relevant terms of the engagement.
It was also observed that the audit files maintained by the auditors lacked documentation regarding fundamental auditing procedures such as -
∞ understanding of the operations,
∞ internal controls,
∞ IT system controls,
∞ audit plan,
∞ determination of materiality,
∞ observations from previous audits, inspection reports,
∞ internal audit reports,
∞ proof of verification of trial balance,
∞ KYC verification, etc.
It is highly imperative that the documentation maintained by Audit and Assurance professionals be prepared, complied and maintained in accordance with applicable SAs. SA 230 ‘Audit Documentation’ has laid down specific guidelines regarding the assembling of audit documents and ultimately that of the audit file in a timely manner. The idiom of “If it’s not documented, it’s not done” must guide Audit and Assurance professionals during this process.
Further, such lack of documentation also leads to auditors not being able to substantiate their stance of expressing an unmodified audit opinion while not being able to provide sufficient documentary evidence to support the basis of such opinion (that the auditor has obtained reasonable assurance that the financial statements are free from material misstatements), thereby issuing audit reports in non-compliance of SA 700 ‘Forming an Opinion and Reporting on Financial Statements’.
It was also observed that the audit plans prepared by auditors lacked all the essentially required elements in an audit plan, such as –
∞ the overall audit strategy regarding characteristics,
∞ scope and objectives of the engagement,
∞ ascertaining the resources required to execute the engagement; and
∞ developing an audit plan which describes the nature, timing and extent of the risk assessment procedures as well as the further audit procedures in response to the assessed risks.
A detailed audit plan documenting the above, as also any significant changes to it made during the audit process must form part of the audit file of any engagement, not only to ensure compliance with SA 300 ‘Planning an Audit of Financial Statements’ but also to ensure that the audit is conducted in an efficient manner and the engagement quality is maintained.
Audit and Assurance firms, in some circumstances, have also failed to appoint an Engagement Quality Control Reviewer (“EQCR”) even while being appointed as auditors of listed entities. Appointment of an EQCR and conduct of an engagement quality control review along with proper documentation of the same, especially where the public is substantially interested, ensures an objective evaluation of significant matters, including identified risks and significant judgments made by the engagement team, and the team's conclusions reached in formulating the engagement report.
Another major lapse observed was regarding the non-compliance of SA 299 ‘Joint Audit of Financial Statements’, wherein the joint auditors either did not formally document the division of work or had relied upon the management to determine the division of work. SA 299 requires that the auditors must mutually agree to the division of work and formally document the same. Failing to document the division of work incurs additional liability over the auditors regarding the work which may not have been performed by them. Also, in the latter case, wherein the joint auditors allowed the management of the entity to determine the division of work were deemed to have compromised on the basic principle of Independence. It is important for the joint auditors must mutually determine the division of work amongst themselves having regard to the resources and capabilities of each firm and document the same.
C. Other Lapses and Non-compliances
Auditors are required by S. 139 of the 2013 Act to verify their appointment as auditors of a company. However, NFRA observed during its investigations that branch auditors had accepted engagements based on appointment letters issued by the managements of the companies without verifying whether the same was approved/ ratified by the members in a general meeting. This rendered the appointment of the branch auditors as well as the consequent reports issued by them to be void ab initio. Audit and Assurance professionals need to ensure that their appointment is made in compliance with the applicable laws and does not violate any principles of the Code of Ethics before acceptance/ commencement of any activities of an engagement.
Further, there were instances observed wherein in the Income-tax Department has issued various assessment orders against the entity, however, the same were not considered by the management in their evaluation of provisions/ contingent liabilities as per Ind AS 37 ‘Provisions, Contingent Liabilities and Contingent Assets’, the auditors response that they had demanded the required details and were denied access to such documents and instead relied upon management representations and documents as provided by the management were considered not justified. Firstly, denial of management in providing information or documents should have been considered as a ‘limitation to the scope of audit’ and dealt with accordingly by the auditors. Secondly, the reliance placed by the auditors on the representations and documents as provided by the management without performing any alternate audit procedures to obtain more corroborative evidence was seen as in direct contract with the principle of Professional Skepticism. Though the auditor is allowed to rely on management representations to obtain sufficient and appropriate evidence to express an opinion, the auditor may not rely solely on representations made by the management without conducting additional audit procedures to verify the accuracy and completeness of the information provided by management. Auditors are required to exercise professional skepticism and obtain corroborating evidence from a variety of sources to support the representations made by management. This may involve performing substantive procedures, such as testing transactions, examining documentation, and making inquiries of third parties.
Conclusion
NFRA’s orders have set the expectations from the audit profession amply clear and though the above are some of the observations of NFRA, those are eye opener and ‘must to-do’ list by auditing professionals. We as auditors not only endeavour but to strive by having robust systems and procedures, enhancing resources and training, etc. and at the same time, embrace technology to meet those expectations.