Handbook of Auditing Pronouncements Volume II Compendium of Guidance Notes (As on October 1, 2015) The Institute of Chartered Accountants of India (Set up by an Act of Parliament) New Delhi © The Institute of Chartered Accountants of India All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise without prior permission, in writing, from the publisher. First Edition : 2002 Second Edition : 2003 Third Edition : 2005 Fourth Edition : 2007 Fifth Edition : 2008 Sixth Edition : 2009 Seventh Edition : 2010 Eighth Edition : 2011 Ninth Edition : 2012 Tenth Edition : 2013 Eleventh Edition : 2014 Twelfth Edition : 2015 Committee/ : Auditing and Assurance Standards Board Department E-mail : aasb@icai.in Price : Rs. 900/- (For complete set comprising Volumes I.A, I.B, and II along with CD) ISBN : 978-81-8441-495-0 Published by : The Publication Department on behalf of the Institute of Chartered Accountants of India, ICAI Bhawan, Post Box No. 7100, Indraprastha Marg, New Delhi - 110 002. Printed by : Sahitya Bhawan Publications, Hospital Road, Agra 282 003. October/ 2015/P1848(Revised) Foreword The Engagement and Quality Control Standards issued by the Institute of Chartered Accountants of India (ICAI) are performance benchmarks for members as these Standards represent the best practices in auditing and other assurance services performed by members. These Standards are harmonized with the globally recognized International Standards issued by the International Auditing and Assurance Standards Board (IAASB) and are issued after a due process that includes public consultation. I am happy that the Auditing and Assurance Standards Board has brought out this 2015 edition of the Handbook of Auditing Pronouncements, which is a one stop compendium of Engagement and Quality Control Standards, Statements on Auditing and Guidance Notes on Auditing issued by the ICAI as on date. The Handbook is, therefore, an invaluable resource for Standards, Statements and Guidance Notes related to audit not only for the practitioners but also for the students. I am also happy that this edition of Handbook also includes the text of several Standards and Guidance Notes issued in 2015 like Revised SRS 4410, ‘Compilation Engagements’, Revised SRE 2400, ‘Engagements to Review Historical Financial Statements’, Guidance Note on Reporting on Fraud under Section 143(12) of the Companies Act, 2013, Guidance Note on Reporting under Section 143(3)(f) and (h) of the Companies Act, 2013 and the much awaited Guidance Note on Audit of Internal Financial Controls Over Financial Reporting. I take this opportunity to compliment CA. Abhijit Bandyopadhyay, Chairman, CA. J. Venkateswarlu, Vice Chairman and other members of the Auditing and Assurance Standards Board for bringing out this Handbook. I am sure that the members and other readers will find the publication useful. October 24, 2015 CA. Manoj Fadnis Indore President, ICAI Preface I feel immense pleasure in placing in hands of the members the 2015 edition of the Handbook of Auditing Pronouncements, the benchmark publication of the Auditing and Assurance Standards Board. The Handbook is a one stop reference point for the text of the Engagement and Quality Control Standards, the Statements on Auditing as well as the generic Guidance Notes on Auditing, issued by the Institute of Chartered Accountants of India currently, in force. As always, the Handbook is in two Volumes. Volume I contains the text of the Standards and Statements and Volume II contains the text of the Guidance Notes on auditing. Volume I is further divided into two sub-volumes namely Volume I.A and Volume I.B. Volume I.A contains the text of, inter alia, the Preface, Framework, Glossary of Terms, Standard on Quality Control and the various Engagement Standards. Volume I.B contains the text of Statements on Auditing. This edition of the Handbook contains the text of Standards, Statements and Guidance Notes as on October 1, 2015. Readers may note that this edition of the Handbook also contains the text of following Standards and Guidance Notes issued in 2015. • Revised Standard on Related Services (SRS) 4410, ‘Compilation Engagements’. • Revised Standard on Review Engagements (SRE) 2400, ‘Engagements to Review Historical Financial Statements’. • Guidance Note on Reporting on Fraud under Section 143(12) of the Companies Act, 2013. • Guidance Note on Reporting under Section 143(3)(f) and (h) of the Companies Act, 2013. • Guidance Note on Audit of Internal Financial Controls Over Financial Reporting. Readers may also note that the Council of the Institute had issued the illustrative formats of the audit engagement letter under the Companies Act, 2013 and the illustrative formats of the independent auditor’s report under the Companies Act, 2013.These illustrative formats have been included in the Appendices of relevant Standards, i.e, SA 210, SA 700 and SA 705 in this edition of the Handbook. Finally, I wish to express my deep gratitude to CA. Manoj Fadnis, President, ICAI and CA. M. Devaraja Reddy, Vice President, ICAI for their guidance and support to the activities of the Board. I also wish to thank all my colleagues at the Central Council for their cooperation and guidance in formulating and finalizing the various authoritative pronouncements of the Board. My sincere thanks are also due to my colleagues on the Board, viz., CA. J. Venkateswarlu, Vice Chairman, CA. Prafulla Premsukh Chhajed, CA. Pankaj Inderchand Jain, CA. Nihar Niranjan Jambusaria, CA. Shriniwas Yeshwant Joshi, CA. Dhinal Ashvinbhai Shah, CA. Nilesh S. Vikamsey, CA. Babu Abraham Kallivayalil, CA. K. Raghu, CA. G. Sekar, CA. Sumantra Guha, CA. Shyam Lal Agarwal, CA. Sanjiv Kumar Chaudhary, CA. Naveen N.D. Gupta, CA. Charanjot Singh Nanda, Shri P. K. Mishra, Shri Salil Singhal, Shri R.K. Jain, CA. V. Balaji, CA. Radha Krishna Agrawal, CA. Kamlesh Amlani, CA. Aseem Trivedi, CA. Krishna Kumar T., CA. Rajeevan M and CA. Sanjay Vasudeva for their support and guidance to the Board. I also wish to thank the special invitees to the Board, viz., CA. Vijay Sachdeva, Dr. Sanjeev Singhal, Shri Narendra Rawat, CA. Aniruddh Sankaran and Shri R. Kesavan for their support and guidance to the Board. I am sure that the members and other interested readers would find the publication useful. I look forward to the feedback of readers on the publication. October 24, 2015 CA. Abhijit Bandyopadhyay Kolkata Chairman, Auditing and Assurance Standards Board Contents Foreword Preface 1. Provision for Proposed Dividend .................................................................. 1 2. Auditing of Accounts of Liquidators .............................................................. 3 3. Guidance Note on Independence of Auditors (Revised) .............................. 5 4. Preparation of Financial Statements on Letter-heads and Stationery of Auditors.......................................................................... 22 5. Guidance Note on Certificate to be Issued by the Auditor of a Company Pursuant to Companies (Acceptance of Deposits) Rules, 1975 ................ 23 6. Guidance Note on the Duty Cast on the Auditors under Section 45-MA of the Reserve Bank of India Act, 1934 ............................. 28 7. Guidance Note on Audit Reports and Certificates for Special Purposes ....................................................................................... 39 8. Guidance Note on Section 293A of the Companies Act and the Auditor........................................................................................... 51 9. Guidance Note on Audit of Fixed Assets (Withdrawn) ............................... 62 10. Guidance Note on Audit of Property, Plant and Equipment ....................... 63 11 Guidance Note on Audit of Accounts of Non-Corporate Entities (Bank Borrowers).................................................. 82 12 Guidance Note on Reports in Company Prospectuses (Revised) ........... 133 13 Guidance Note on Audit of Abridged Financial Statements (Withdrawn) . 228 14 Guidance Note on Certification of Documents for Registration of Charges ........................................................................... 229 15 Guidance Note on Audit of Inventories .................................................... 252 16 Guidance Note on Audit of Investments................................................... 272 17 Guidance Note on Audit of Debtors, Loans and Advances ...................... 290 18 Guidance Note on Audit of Cash and Bank Balances.............................. 307 19 Guidance Note on Audit of Liabilities ....................................................... 316 20. Guidance Note on Audit of Revenue ....................................................... 337 21. Guidance Note on Certification of Corporate Governance (Revised) ...... 345 22. Guidance Note on Section 227(3)(e) and (f) of the Companies Act, 1956 (Revised) .............................................................. 429 23. Guidance Note on Audit of Expenses ...................................................... 455 24. Guidance Note on Special Considerations in the Audit of Small Entities (Withdrawn) ................................................ 473 25. Guidance Note on Audit of Miscellaneous Expenditure (Revised) ........... 474 26. Guidance Note on Audit of Consolidated Financial Statements .............. 485 27. Guidance Note on Computer Assisted Audit Techniques (CAATs) ......... 516 28. Guidance Note on Audit of Payment of Dividend ..................................... 532 29. Guidance Note on Audit of Capital and Reserves.................................... 557 30. Guidance Note on Certification of XBRL Financial Statements ............... 581 31. Guidance Note on Reporting on Fraud under Section 143(12) of the Companies Act, 2013..................................................................... 642 32. Guidance Note on Reporting Under Section 143 (3)(f) and (h) of the Companies Act, 2013..................................................................... 763 33. Guidance Note on Audit of Internal Financial Controls over Financial Reporting .......................................................................... 777 Contents of Volume I.A Foreword Preface List of Engagement and Quality Control Standards issued by ICAI Section I: Authority and Preface 1. Announcements of the Council regarding Status of Various Documents Issued by the Institute of Chartered Accountants of India ......................... 1 2. Preface to the Standards on Quality Control, Auditing, Review, Other Assurance and Related Services ................................................... 57 Section II: Glossary of Terms issued by ICAI Glossary of Terms .............................................................................................. 75 Section III: Standards on Quality Control (SQCs) SQC 1: Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements ................................................................................................... 105 Section IV: Framework for Assurance Engagements Framework for Assurance Engagements ......................................................... 139 Section V: Audits and Reviews of Historical Financial Information 100-999 Standards on Auditing (SAs) 100-199 Introductory Matters 200-299 General Principles and Responsibilities 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing ............ 165 210 Agreeing the Terms of Audit Engagements ........................................... 195 220 Quality Control for an Audit of Financial Statements ............................. 233 230 Audit Documentation ............................................................................. 252 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements ....................................................... 266 250 Consideration of Laws and Regulations in an Audit of Financial Statements ............................................................................. 313 260 Communication with Those Charged with Governance ......................... 330 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management ....................................................... 353 299 Responsibility of Joint Auditors .............................................................. 366 300-499 Risk Assessment and Response to Assessed Risks 300 Planning an Audit of Financial Statements ............................................ 370 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment....................................... 384 320 Materiality in Planning and Performing an Audit ................................... 439 330 The Auditor’s Responses to Assessed Risks ....................................... 451 402 Audit Considerations Relating to an Entity Using a Service Organisation ............................................................................ 476 450 Evaluation of Misstatements Identified During the Audit ........................ 501 500-599 Audit Evidence 500 Audit Evidence ....................................................................................... 514 501 Audit Evidence—Specific Considerations for Selected Items ................ 533 505 External Confirmations .......................................................................... 545 510 Initial Audit Engagements – Opening Balances ..................................... 559 520 Analytical Procedures ............................................................................ 574 530 Audit Sampling....................................................................................... 585 540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures ................................... 603 550 Related Parties ...................................................................................... 650 560 Subsequent Events................................................................................ 679 570 Going Concern....................................................................................... 692 580 Written Representations ........................................................................ 710 600-699 Using Work of Other 600 Using the Work of Another Auditor ........................................................ 727 610 Using the Work of Internal Auditors ....................................................... 733 620 Using the Work of an Auditor’s Expert ................................................... 742 700-799 Audit Conclusions and Reporting 700 Forming an Opinion and Reporting on Financial Statements ................ 764 705 Modifications to the Opinion in the Independent Auditor’s Report ......... 819 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report ...................................................... 887 710 Comparative Information—Corresponding Figures and Comparative Financial Statements ............................................................................. 903 720 The Auditor’s Responsibility in Relation to Other Information in Documents Containing Audited Financial Statements ........................... 925 800-899 Specialized Areas 800 Special Considerations—Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks ..................................... 932 805 Special Considerations—Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement ............ 949 810 Engagements to Report on Summary Financial Statements ................. 972 2000-2699 Standards on Review Engagements (SREs) 2400 Engagements to Review Financial Statements ................................... 1000 2400 (Revised) Engagements to Review Historical Financial Statements ... 1025 2410 Review of Interim Financial Information Performed by the Independent Auditor of the Entity......................................................... 1112 Section VI: Assurance Engagements Other Than Audits or Reviews of Historical Financial Information 3000-3699 Standards on Assurance Engagements (SAEs) 3000-3399 Applicable to All Assurance Engagements 3400-3699 Subject Specific Standards 3400 The Examination of Prospective Financial Information ........................ 1161 3402 Assurance Reports on Controls At a Service Organisation ................. 1178 Section VII: Related Services 4000-4699 Standards on Related Services (SRSs) 4400 Engagements to perform Agreed-Upon Procedures Regarding Financial Information ........................................................................... 1233 4410 Engagements to Compile Financial Information .................................. 1244 4410 (Revised) Compilation Engagements .................................................. 1260 Contents of Volume I.B Foreword Preface Announcement on Guidance on Reporting under the Companies (Auditor’s Report) Order, 2015 (CARO, 2015) and Consequential Amendment to the Format of the Auditor’s Report of a Company ........................ 1 1. Statement on the Companies (Auditor’s Report) Order, 2003 [Issued under Section 227 (4A) of the Companies Act, 1956] ................... 6 2. Statement on Reporting under Section 227(1A) of the Companies Act, 1956 ............................................................................ 242 1 PROVISION FOR PROPOSED DIVIDEND* 1. This Statement summarises the Council’s view regarding the responsibility of the auditor relating to the provision for and disclosure of proposed dividend and replaces all earlier statements on this subject. 2. The Council is aware of the fact, that a large number of companies do not provide for the proposed dividend but either carry forward the balance on the profit and loss account or transfer an amount to the General Reserve and charge the dividend to the profit and loss account or to the reserve when payment is made. 3 The Council is of the view that a proposed dividend does not represent a liability nor does it amount to a provision, pending the approval of the shareholders in General Meeting. Since the meeting to approve the accounts would take place after the Balance Sheet date, there could not be any liability in respect of the proposed dividend on the date of the Balance Sheet. The Council is of the opinion that merely because the form requires proposed dividend to be shown under “Current Liabilities and Provisions”, it does not mean that in fact the proposal for the dividend becomes a liability or is necessarily a provision. The Council would draw attention to the forms of accounts laid down under the Insurance Act, 1938 and the Banking Regulation Act, 1949, in both of which it is not a requirement to show “proposed dividend” and it cannot be contended that merely because proposed dividend is not shown in the accounts, that the accounts of Insurance and Banking Companies do not disclose a ‘true and fair’ view. 4. Since, however, the form of Balance Sheet prescribed in Part 1 of Schedule VI requires “proposed dividends” to be shown under “Provisions”, * Published in CICA Newsletter, November, 1975, p.78. Handbook of Auditing Pronouncements-II and since paragraph 3(xiv) of Part II of the same Schedule requires the “proposed dividends” to be disclosed, the Council is of the opinion that, though on correct accounting principles, the proposed dividend does not become a liability for reasons mentioned above, the attention of the shareholders would have to be drawn to the fact that no appropriation has been made for the proposed dividend, the amount in respect of which should be specified. 5. The Council, therefore, recommends that the fact that provision for proposed dividend has not been made should be disclosed by means of a note in the accounts and that the auditor should refer to the note in his report and make his report subject thereto. 2 2 AUDITING OF ACCOUNTS OF LIQUIDATORS* Audit Report under Section 551 of the Companies Act, 1956 Members of the profession are called upon to conduct the audit of the accounts submitted by a Liquidator in a voluntary winding-up under Section 551. There are no statutory provisions in regard to the manner of conducting such audit, nor is there any statutory provision regarding the form in which the auditors' report is to be submitted after such an audit under Section 551. The Research Committee has considered this question in all its aspects and its recommendations in this connection are outlined below: First, the professional skill and audit procedures to be applied in case of an audit under Section 531 would be similar to those applied in the case of the normal audit of a company. Secondly, there should be a fair measure of uniformity in the reports submitted by auditors conducting an audit under Section 551 of the Companies Act, 1956. The Research Committee recommends that the report of the auditor may be on the following lines: (a) Whether he has obtained all the information and explanations, which to the best of his knowledge and belief, were necessary for the purposes of his audit, (b) Whether in his opinion, proper books of account as required by the Companies Act, 1956 and Companies (Court) Rules, 1959 have been * This is an integrated note of the notes published in “The Chartered Accountant”, Feb. 1962, p. 289, and Aug. 1963, p.98. Handbook of Auditing Pronouncements-II kept by the Liquidator, so far as appears from his examination of these books, (c) Whether the Liquidator's Account relating to realisations and disbursements is in agreement with the books and records produced before him, (d) Whether in his opinion, and to the best of his information and according to the explanations given to him, the Liquidator's Account including Annexure I (excepting items included in I (a) in so far as they relate to estimates of the Liquidator and items 4, 5, 6 and 7), Annexure II, III, 1V and V, give the information required by the Companies Act, 1956, and the Companies (Court) Rules, 1059 in the manner so required and give a true and correct view of the realisations and disbursements of the Liquidator. Thirdly, “in order to establish a healthy convention, the Council recommends that, where a chartered accountant acts as a liquidator, the statements of accounts to be filed under Section 551(1) of the Companies Act, 1956, should be audited by a qualified chartered accountant other than the chartered accountant who is the liquidator of the company”. 4 3 GUIDANCE NOTE ON INDEPENDENCE OF AUDITORS (REVISED)* Contents Paragraph(s) Introduction ................................................................................ 1.1-1.13 Threats to Independence ...................................................................2.1 Safeguards to Independence ..................................................... 3.1-3.4 Conclusion .................................................................................. 4.1-4.2 * Issued in January, 2005. This Guidance Note replaces the Guidance Note published in ‘The Chartered Accountant’, June 1968, p. 670--672. Handbook of Auditing Pronouncements-II 1. Introduction 1.1 This Guidance Note aims to clarify the meaning of independence while performing their duties as Auditors. Professional integrity and independence is an essential characteristic of all the professions but is more so in the case of accountancy profession. Independence implies that the judgement of a person is not subordinate to the wishes or direction of another person who might have engaged him, or to his own self-interest. This document shall provide guidance to members about the specific circumstances and relationships that may create threats to independence. The Guidance Note also provides safeguards that should be employed by the auditors to mitigate the risk arising from such circumstances and relationship leading to the threats to independence. 1.2 It is not possible to define “independence” precisely. Rules of professional conduct dealing with independence are framed primarily with a certain objective. The rules themselves cannot create or ensure the existence of independence. Independence is a condition of mind as well as personal character and should not be confused with the superficial and visible standards of independence which are sometimes imposed by law. These legal standards may be relaxed or strengthened but the quality of independence remains unaltered. 1.3 There are two interlinked perspectives of independence of auditors, one, independence of mind; and two, independence in appearance. The Code of Ethics for Professional Accountants, issued by International Federation of Accountants (IFAC) defines the term ‘Independence’ as follows: “Independence is: (a) Independence of mind – the state of mind that permits the provision of an opinion without being affected by influences that compromise professional judgment, allowing an individual to act with integrity, and exercise objectivity and professional skepticism; and (b) Independence in appearance – the avoidance of facts and circumstances that are so significant a reasonable and informed third party, having knowledge of all relevant 6 Independence of Auditors information, including any safeguards applied, would reasonably conclude a firm’s, or a member of the assurance team’s, integrity, objectivity or professional skepticism had been compromised.” 1.4 Independence of the auditor has not only to exist in fact, but also appear to so exist to all reasonable persons. The relationship between the auditor and his client should be such that firstly, he is himself satisfied about his independence and secondly, no unbiased person would be forced to the conclusion that, on an objective assessment of the circumstances, there is likely to be an abridgement of the auditors’ independence. 1.5 In all phases of a Chartered Accountant’s work, he is expected to be independent, but in particular in his work as auditor, independence has a special meaning and significance. Not only the client but also the stakeholders, prospective investors, bankers and government agencies rely upon the accounts of an enterprise when they are audited by a Chartered Accountant. As statutory auditor of a limited company, for example, the Chartered Accountant would cease to perform any useful function if the persons who rely upon the accounts of the company do not have any faith in the independence and integrity of the Chartered Accountant. In such cases he is expected to be objective in his approach, fearless, and capable of expressing an honest opinion based upon the performance of work such as his training and experience enables him to do so. 1.6 The objective of an audit of financial statements, prepared within a framework of recognized accounting policies and practices and relevant statutory requirements, if any, is to enable an auditor to express an opinion on such financial statements. The auditor’s opinion helps determination of the true and fair view of the financial position and operating results of an enterprise. The user, however, should not assume that the auditor’s opinion is an assurance as to the future viability of the enterprise or the efficiency or effectiveness with which management has conducted the affairs of the enterprise. 1.7 The idea of independence is instilled in the minds of Chartered Accountants from the commencement of their training under articles or audit service. It has to be applied in their day-to-day work and their success is dependent entirely upon their integrity, competence and independence of approach. 7 Handbook of Auditing Pronouncements-II 1.8 Dependent as it is on the state of mind and character of a person, independence, is a very subjective matter. One person might be independent in a particular set of circumstances, while another person might feel he is not independent in similar circumstances. It is therefore the duty of every Chartered Accountant to determine for himself whether or not he can act independently in the given circumstances of a case and quite apart from legal rules, in no case to place himself in a position which would compromise his independence. 1.9 The auditor should be straightforward, honest and sincere in his approach to his professional work. He must be fair and must not allow prejudice or bias to override his objectivity. He should maintain an impartial attitude and both be and appear to be free of any interest which might be regarded, whatever its actual effect, as being incompatible with integrity and objectivity. This is not self evident in the exercise of the reporting function but also applies to all other professional work. In determining whether a member in practice is or is not seen to be free of any interest which is incompatible with objectivity, the criterion should be whether a reasonable person, having knowledge of relevant facts and taking into account the conduct of the member and the member’s behaviour under the circumstances, could conclude that the member has placed himself in a position where his objectivity would or could be impaired. 1.10 While performing audit functions, maintaining quality control is the objectives of the quality control and policies to be adopted by an Auditor shall ordinarily incorporate the following: (a) Professional Requirements: Personnel in the firm are to adhere to the principles of Independence, Integrity, Objectivity, Confidentiality and Professional Behaviours. (b) Skills and Competence: The firm is to be staffed by personnel who have attained and maintained the Technical Standards and Professional Competence required to enable them to fulfill their responsibilities with Due Care. (c) Assignment: Audit work is to be assigned to personnel who have the degree of technical training and proficiency required in the circumstances. 8 Independence of Auditors (d) Delegation: There is to be sufficient direction, supervision and review of work at all levels to provide reasonable assurance that the work performed meets appropriate standards of quality. (e) Consultation: Whenever necessary, consultation within or outside the firm is to occur with those who have appropriate expertise. (f) Acceptance and Retention of Clients: An evaluation of prospective clients and a review, on an ongoing basis, of existing clients is to be conducted. In making a decision to accept or retain a client, the firm’s independence and ability to serve the client properly are to be considered. (g) Monitoring: The continued adequacy and operational effectiveness of quality control policies and procedures is to be monitored. 1.11 A member not in practice has a duty to be objective in carrying out his or her professional work whether or not the appearance of professional independence is attainable. Thus a member performing professional work must recognize the problems created by personal relationships or financial involvement, which by reason of their nature or degree might threaten his independence. 1.12 Standing alone, the word “Independence” may lead observers to suppose that a person exercising professional judgment ought to be free from all economic, financial and other relationships. This is impossible, as every member of society has relationships with others. Therefore, the significance of economic, financial and other relationships should also be evaluated in the light of what a reasonable and informed third party having knowledge of all relevant information would reasonably conclude to be unacceptable. 1.13 Many different circumstances, or combination of circumstances, may be relevant and accordingly it is impossible to define every situation that creates threats to independence and specify the appropriate mitigating action that should be taken. In addition, the nature of assurance engagements may differ and consequently different threats may exist, requiring the application of different safeguards. A conceptual framework that requires chartered accountants to identify, evaluate and address threats to independence, rather than merely comply with a set of specific rules in the public interest. 9 Handbook of Auditing Pronouncements-II 2. Threats to Independence 2.1 The Code of Ethics for Professional Accountants, prepared by the International Federation of Accountants (IFAC) identifies five types of threats. These are: 1. Self-interest threats, which occur when an auditing firm, its partner or associate could benefit from a financial interest in an audit client. Examples include (i) direct financial interest or materially significant indirect financial interest in a client, (ii) loan or guarantee to or from the concerned client, (iii) undue dependence on a client’s fees and, hence, concerns about losing the engagement, (iv) close business relationship with an audit client, (v) potential employment with the client, and (vi) contingent fees for the audit engagement. 2. Self-review threats, which occur when during a review of any judgement or conclusion reached in a previous audit or non-audit engagement, or when a member of the audit team was previously a director or senior employee of the client. Instances where such threats come into play are (i) when an auditor having recently been a director or senior officer of the company, and (ii) when auditors perform services that are themselves subject matters of audit. 3. Advocacy threats, which occur when the auditor promotes, or is perceived to promote, a client’s opinion to a point where people may believe that objectivity is getting compromised, e.g. when an auditor deals with shares or securities of the audited company, or becomes the client’s advocate in litigation and third party disputes. 4. Familiarity threats are self-evident, and occur when auditors form relationships with the client where they end up being too sympathetic to the client’s interests. This can occur in many ways: (i) close relative of the audit team working in a senior position in the client company, (ii) former partner of the audit firm being a director or senior employee of the client, (iii) long association between specific auditors and their specific client counterparts, and (iv) acceptance of significant gifts or hospitality from the client company, its directors or employees. 5. Intimidation threats, which occur when auditors are deterred from acting objectively with an adequate degree of professional skepticism. Basically, these could happen because of threat of replacement over 10 Independence of Auditors disagreements with the application of accounting principles, or pressure to disproportionately reduce work in response to reduced audit fees. 3. Safeguards to Independence 3.1 The Chartered Accountant has a responsibility to remain independent by taking into account the context in which they practice, the threats to independence and the safeguards available to eliminate the threats. 3.2 To address the issue, Members are advised to apply the following guiding principles: - • For the public to have confidence in the quality of audit, it is essential that auditors should always be and appears to be independent of the entities that they are auditing. • In the case of audit, the key fundamental principles are integrity, objectivity and professional skepticism, which necessarily require the auditor to be independent. • Before taking on any work, an auditor must conscientiously consider whether it involves threats to his independence. • When such threats exist, the auditor should either desist from the task or, at the very least, put in place safeguards that eliminate them. All such safeguards measure needs to be recorded in a form that can serve as evidence of compliance with due process. • If the auditor is unable to fully implement credible and adequate safeguards, then he must not accept the work. 3.3 Provisions contained under the Companies Act, 1956 3.3.1 In order to ensure independence, the law has made certain provisions which either prohibit the appointment of a person as auditor in certain circumstances or place certain restrictions on his appointment as auditor or put third parties on guard against the possibility of an abridgement of independence by requiring certain disclosures to be made. These provisions are briefly outlined below: 3.3.2 Section 226 of the Companies Act, 1956 prohibits the appointment of a Chartered Accountant as auditor of a Company if he is: (i) an officer or employee of the Company; 11 Handbook of Auditing Pronouncements-II (ii) a partner of a person in the employment of an officer or of an employee of the Company; (iii) a person who is indebted to the company for an amount exceeding Rs. 1000; (iv) a person who has given any guarantee or provided any security in connection with the indebtedness of any third person to the company for an amount exceeding Rs. 1000; (v) a person holding any security of that company. 3.3.3 A person who is disqualified from becoming auditor of any body corporate under the above rules is also disqualified from appointment as auditor of such body’s subsidiary, co-subsidiary or holding company. 3.3.4 Section 314 of the Companies Act, 1956 makes separate provision for the case where an auditor of a Company (whether public or private) is a relative of a director, or manager of a private company of which the director of the company is a director or member. In the case of such a person he may be appointed as auditor of a company only if such appointment if approved with the consent of the company in general meeting obtained by a special resolution. 3.3.5 It will be observed from the above that the Act has specifically provided for cases where the independence of an auditor may be affected by his connection with the company and prohibited or restricted him from acting as auditor under those circumstances. 3.3.6 A question often arises as to whether an indebtedness (as referred in para (iii) above) arises in cases where in accordance with the terms of his engagement by a client (e.g. resolution passed at the general meeting) the auditor recovers his fees on a progressive basis as and when a part of the work is done without waiting for the completion of the whole job. In these circumstances, where in accordance with such terms the auditor recovers his fees on a progressive basis he cannot be said to be indebted to the company at any stage. 3.3.7 A question of indebtedness may also be raised where an auditor of a company purchases goods or services from a company audited by him. In such a case, if the amount outstanding exceeds Rs. 1000/- irrespective of the nature of the purchase or period of credit allowed to other customers the 12 Independence of Auditors provisions concerning disqualification of auditor as contained in Section 226 (3)(d) of the Companies Act, 1956 will be attracted. 3.3.8 Another question which arises for consideration is whether a partner is disqualified from appointment as auditor when the firm of which he is a partner is indebted to the company in excess of the limit prescribed and whether the firm is disqualified from appointment as auditor when a partner of the firm is indebted in excess of the prescribed limit. In both cases, the disqualification will apply, because when a firm is appointed as auditor, each partner is deemed to be so appointed and when a firm is indebted, each partner is deemed to be indebted. 3.3.9 There may also be situations in which, though the appointment is in the individual name of a partner, the work, is, in fact, carried out by the firm and the fees are credited to the account of the firm. In such situations, the firm will be deemed to be acting as auditor and the disqualification will be attracted. 3.4 Provisions contained under the Chartered Accountants Act, 1949, Chartered Accountants Regulations, 1988 and under Code of Ethics to ensure Independence of Auditors 3.4.1 Clause (10) of Part I of the First Schedule to the Chartered Accountants Act, 1949 prohibits acceptance of, what have been described as contingent fees, i.e., fees, which are either based on percentage of profits or otherwise dependent on the finding or the results of employment. 3.4.2 What distinguishes a profession from a business is that professional service is not rendered with the sole purpose of a profit motive. Personal gain is one but not the main or the only objective. Professional opinion, therefore, frowns upon methods where payment is made to depend on the basis of results. It is obvious that a person who is to receive payment in direct proportion to the benefit received by his client, may be tempted to exaggerate the advantage of his service or may adopt means which are not ethical. It will have the effect of undermining his integrity and impairing his independence. Therefore, the members are prohibited from charging or accepting any remuneration based on a percentage of the profits or on the happening of a particular contingency such as, the successful outcome of an appeal in revenue proceedings. 3.4.3 Professional services should not be offered or rendered under an arrangement whereby no fee will be charged unless a specified finding or 13 Handbook of Auditing Pronouncements-II result is obtained or where the fee is otherwise contingent upon the findings or results of such services. However, fee should not be regarded as being contingent if fixed by a Court or other public authority. 3.4.4 The Council of the Institute has framed Regulation 192 which exempts members from the operation of this Clause in certain professional services. The said Regulation 192 is reproduced below: “192. Restriction on fees No chartered accountant in practice shall charge or offer to charge, accept or offer to accept, in respect of any professional work, fees which are based on a percentage of profits, or which are contingent upon the findings, or results of such work: Provided that: (a) in the case of a receiver or a liquidator, the fees may be based on a percentage of the realisation or disbursement of the assets; (b) in the case of an auditor of a co-operative society, the fees may be based on a percentage of the paid up capital or the working capital or the gross or net income or profits; and (c) in the case of a valuer for the purposes of direct taxes and duties, the fees may be based on a percentage of the value of the property valued.” 3.4.5 Attention of the members is invited to the provisions of Clause (4) of Part I of the Second Schedule to the Chartered Accountants Act, 1949 which provides that a Chartered Accountant in practice shall be deemed to be guilty of professional misconduct if he expresses his opinion on financial statements of any business or any enterprise in which he, his firm or a partner in his firm has a substantial interest, unless he discloses his interest also in his report. 3.4.6 If the opinion of auditors are to command respect and the confidence of the public, it is essential that they must disclose every factor which is likely to affect their independence. Since financial interest in the business can be one of the important factors, which may disturb independence, the clause provides that the existence of such an interest direct or indirect should be disclosed. This is intended to assure the public as regards the faith and 14 Independence of Auditors confidences that could be reposed on the independent opinion expressed by the auditors. 3.4.7 The words “financial statements” used in this clause would cover both reports and certificates usually given after an examination of the accounts or the financial statement or any attest function under any statutory enactment or for purposes of income-tax assessments. This would not however, apply to cases where such statements are prepared by members in employment purely for the information of their respective employers in the normal course of their duties and not meant to be submitted to any outside authority. 3.4.8 Public conscience is expected to be ahead of the law. Members, therefore, are expected to interpret the requirement as regards independence much more strictly than what the law requires and should not place themselves in positions which would either compromise or jeopardise their independence. 3.4.9 A Member must take care to see that he does not get into situations where there could be a conflict of interest and duty. For example, where a Chartered Accountant is appointed the liquidator of a company, he should not himself audit the Statement of Account to be filed under Section 551 (1) of the Companies Act, 1956. The audit in such circumstances should be done by a Chartered Accountant other than the one who is the liquidator of the company. Attention of the members is drawn to the audit assignments where appointment is done by the Comptroller & Auditor General of India (C&AG), Reserve Bank of India (RBI) and such other authorities. In addition to ensuring independence during the assignment, it is also essential to avoid any situation in near future which may be interpreted as a threat to independence, as for example, he or any other partner of his firm should not accept any other assignment such as internal audit, system audit and management consultancy services within one year from the completion of audit assignment. 3.4.10 A Chartered Accountant in employment should not certify the financial statements of the concern in which he is employed, or of a concern under the same management as the concern in which he is employed, even though he holds certificate of practice and that such certification can be done by any chartered accountant in practice. This restriction would not however apply where the certification is permitted by any law, e.g. Section 228 (iv) of the Companies Act, 1956 and the Companies (Branch Audit Exemption) Rules 15 Handbook of Auditing Pronouncements-II made thereunder. The Council has decided that a chartered accountant should not by himself or in his firm name:- (i) accept the auditorship of a college, if he is working as a part-time lecturer in the college. (ii) accept the auditorship of a trust where his partner is either an employee or a trustee of the trust. 3.4.11 Many new areas of professional work have been added, e.g., Special Audit under the Statutes, Tax Audit, Concurrent Audit of Banks, Concurrent Audit of Borrowers of Financial institutions, Audit of non-corporate borrowers of banks and financial institutions, audit of stock exchange, brokers etc. The Council wishes to emphasis that the requirement of Clause (4) of Part I of the Second Schedule to the Chartered Accountants Act, 1949 is equally applicable while performing all types of attest functions by the members. 3.4.12 Some of the situations which may arise in the applicability of Clause (4) of Part I of the Second Schedule to the Chartered Accountants Act, 1949 are discussed below for the guidance of members:- 1. Where the member, his firm or his partner or his relative has substantial interest in the business or enterprise. The independence of mind is a fundamental concept of audit and/or expression of opinion on the financial statements in any form and, therefore, must always be maintained. Nothing can substitute for the essential and fundamental requirements of independence. Therefore, the Council’s views are clarified in the following circumstances. (i) An enterprise/concern of which a member is either an owner or a partner The holding of interest in the business or enterprise by a member himself whether as sole-proprietor or partner in a firm, in the opinion of the Council, would affect his independence of mind in the performance of professional duties in conducting the audit and/or expressing an opinion on financial statements of such enterprise. Therefore, a member should not audit financial statements of such business or enterprise. 16 Independence of Auditors (ii) Where the partner or relative of a member has substantial interest The holding of substantial interest by the partner or relative of the member in the business or enterprise of which the audit is to be carried out and opinion is to be expressed on the financial statement, may also affect the independence of mind of the member, in the opinion of Council, in the performance of professional duties. Therefore, the member may, for the same reasons as not to compromise his independence, desist from undertaking the audit of financial statements of such business or enterprise. However, where a member undertakes the audit of such business or enterprise, he should disclose such interest in his report while expressing his opinion on the financial statements of such business or enterprise. 2. Where the member or his partner or relative is a director or in the employment of an officer or an employee of the company Section 226 of the Companies Act, 1956 specifically prohibits a member from auditing the accounts of a company in which he is a director or in the employment of an officer or an employee of the company. Although the provisions of the aforesaid section are not specifically applicable in the context of audits performed under other statutes, e.g. tax audit, yet the underlying principle of independence of mind is equally applicable in those situations also. Therefore, the Council’s views are clarified in the following situations. (i) Where a member is a director In cases where the member is a director of a company the financial statements of which are to be audited and/or opinion is to be expressed, he should not undertake such job and/or express opinion on the financial statements of that company. (ii) Where a partner or relative of the member is a director in the company who has a substantial interest. In such cases for the reason as not to compromise with the independence of mind, the member may desist from undertaking the audit of financial statements and/or expression of opinion thereon. However, if a member feels that his independence is not affected and undertakes the audit of such 17 Handbook of Auditing Pronouncements-II company, he should disclose such interest in his report while expressing his opinion on the financial statements of such company. The meaning of the words “relative” and “substantial interest” shall be the same as are contained in the Resolution passed by the Council in pursuance to Regulation 190A of Chartered Accountants Regulations, 1988 (Appendix 9 of 2002 edition). 3.4.13 An accountant is expected to be no less independent in the discharge of his duties as a tax consultant or as a financial adviser than as auditor. In fact, it is necessary that he should bear the same degree of integrity and independence of mind in all spheres of his work. Unless this is done, the accounts of companies audited by Chartered Accountants or statements made by them during the course of assessment proceedings would not be relied upon as correct by the authorities. 3.4.14 The Members are not permitted to write the books of accounts of their auditee clients. 3.4.15 A statutory auditor of a company cannot also be its internal auditor, as it will not be possible for him to give independent and objective report issued under sub-Section 4A of Section 227 of the Companies Act, 1956 read with the Companies (Auditors’ Report) Order, 2003. 3.4.16 The Council has issued a Notification No.1-CA(37)/70 dated 23rd May, 1970 whereby a member of the Institute in practice shall be deemed to be guilty of professional misconduct, if– I. he accepts appointment as Cost auditor of Company under Section 233B of the Companies Act, 1956 while he - (a) is an auditor of the company appointed under Section 224 of the Companies Act; or (b) is an officer or employee of the company; or (c) is a partner, or is in the employment of an officer or employee of the company; or (d) is a partner or is in the employment of the Company’s auditor appointed under Section 224 of the Companies Act, 1956; or (e) is indebted to the company for an amount exceeding one thousand rupees, or has given any guarantee or provided any security in 18 Independence of Auditors connection with the indebtedness of any third person to the company for an amount exceeding one thousand rupees; OR II. after his appointment as Cost Auditor, he becomes subject to any of the disabilities stated in items I (a) to (e) above and continues to function as a cost auditor thereafter. 3.4.17 The Council has issued a Notification No.1-CA(39)/70 dated 16th October, 1970 whereby a member of the Institute in practice shall be deemed to be guilty of professional misconduct, if he accepts the appointment as auditor of a company under Section 224 of the Companies Act, 1956, while he is an employee of the cost auditor of the Company appointed under Section 233B of the Companies Act, 1956. 3.4.18 The Council has issued a Notification No.1-CA(7)/60/2002 dated 8th March, 2002 whereby a member of the Institute in practice shall be deemed to be guilty of professional misconduct, if he accepts the appointment as statutory auditor of Public Sector Undertaking(s)/ Government Company(ies)/Listed Company(ies) and other Public Company(ies) having turnover of Rs. 50 crores or more in a year and accepts any other work(s) or assignment(s) or service(s) in regard to the same Undertaking(s)/ Company(ies) on a remuneration which in total exceeds the fee payable for carrying out the statutory audit of the same Undertaking/company. 3.4.19 The Council has issued a Notification No.1-CA(7)/63/2002 dated 2nd August, 2002 whereby a member of the Institute in practice shall be deemed to be guilty of professional misconduct, if he accepts appointment as auditor of a concern while he is indebted to the concern or has given any guarantee or provided any security in connection with the indebtedness of any third person to the concern, for limits fixed in the statute and in other cases for amount exceeding Rs. 10,000/-. 3.4.20 To ensure that the professional independence of a member doing attest function does not appear to be jeopardized he should, as far as possible, take care to see that the professional fees for audit and other services received by the firm in which he is a partner, by him and his partners individually and by firm or firms in which he or his partner are partners from one or more clients or companies under the same management does not exceed 40% of the gross annual fees of the firm, firms and partners referred to above. ‘Companies under the same management’ 19 Handbook of Auditing Pronouncements-II here would refer to the definition of this expression as provided in section 370(1-B) of the Companies Act, 1956. Provided that no such ceiling on the gross annual professional fees of a member would be applicable where such fees do not exceed two lakhs of rupees in respect of a member or firm including fees received by the member or firm for other services rendered through the medium of a different firm or firms in which such member or firm may be a partner or proprietor. Provided further that no such ceiling on the gross annual professional fees of a member would be applicable in the case of audit of government companies, public undertakings, nationalized banks, public financial institutions or where appointments of auditors are made by the Government. 3.4.21 Members’ attention is also drawn to Clauses (8) & (9) of Part I of the First Schedule to the Chartered Accountants Act, 1949: “A Member shall be deemed to be guilty of professional misconduct, if he: X XX XXX XXXX (8) accepts a position as auditor previously held by another chartered accountant or a restricted state auditor without first communicating with him in writing; (9) accepts an appointment as auditor of a company without first ascertaining from it whether the requirements of Section 225 of the Companies Act, 1956 in respect of such appointment have been duly complied with.” 3.4.22 Clause (8) of Part I of First Schedule to the Chartered Accountants Act, 1949 emphasized the requirement of mandatory communication with the previous auditor in all types of audit viz., statutory audit, tax audit, internal audit, concurrent audit or any kind of audit and it is equally applicable to audits of both government and non-government entities. 3.4.23 Clause (9) of Part I of First Schedule to the Chartered Accountants Act, 1949 provided that an auditor of the company before accepting the appointment, should ascertain from the auditor whether the requirements of Section 225 of the Companies Act, 1956 in respect of such appointment have been duly complied with. Section 224 of the Companies Act, 1956 contains several provisions in the matter of appointment of auditors in different 20 Independence of Auditors circumstances and situations whereas Section 225 laid down the procedure which must be followed whenever a company desires to change its auditor. Also that the validity of the appointment of an auditor is not challenged or objected to by shareholders or the retiring auditors at a later date, it has been made obligatory to ascertain from the company that the appropriate procedure in the matter of appointment has been faithfully followed. Independence of auditor is a concept to be addressed through its all the possible aspects and the message of Clause (8) & (9) is to ensure that an auditor should be conscious about this aspect from the very point of accepting the position of an auditor. 4. Conclusion 4.1 The Council feels that there are adequate safeguards provided in the Companies Act, 1956 as well as in the Chartered Accountants Act, 1949. The Council is of the view that independence, being a state of the mind, is not necessarily affected by the fact of mere relationship any more than it should be existence if the relationship did not exist. In any case, lest there may be any feeling in the public mind that relationship would affect the independence of auditors, the Council suggests that where, due to near relationship of an auditor, with a Managing or a Whole-Time Director the independence of an auditor is likely to be jeopardized, he should use his good sense, and acting in the best traditions of the profession, refrain from accepting the appointment. 4.2 If the opinion of chartered accountant is to command respect and the confidence of the public, it is essential that they must ensure their independence to assure the public as regards the faith and confidence that could be reposed on them. The Chartered Accountant should ensure his independence in all assurance services including concurrent audit, tax audit and internal audit. The chartered accountant should make it certain that his independence is not jeopardized. Where he feels that his independence is jeopardized, he should refrain from accepting the assignment. 21 4 PREPARATION OF FINANCIAL STATEMENTS ON LETTER-HEADS AND STATIONERY OF AUDITORS∗ The Research Committee's attention has been drawn to the fact that financial statements of some enterprises are prepared on letter-heads and stationery of their auditor carrying the latter's names and address. The Committee wishes to point out that the above practice is liable to be misinterpreted and, as such, should be avoided. The members are, therefore, requested to note and follow the above recommendation. ∗ Published in the August, 1982 issue of ‘the Chartered Accountant’ p. 175. 5 GUIDANCE NOTE ON CERTIFICATE TO BE ISSUED BY THE AUDITOR OF A COMPANY PURSUANT TO COMPANIES (ACCEPTANCE OF DEPOSITS) RULES, 1975∗ 1. The Companies (Acceptance of Deposits) Amendment Rules, 1978 promulgated on 30th March, 1978 to amend the Companies (Acceptance of Deposits) Rules, 1975 issued under Section 58A of the Companies Act, inter alia, have introduced a new requirement of certification of the Return of Deposits to be filed with the Registrar of Companies under Rule 10, by the auditor of the Company. 2. The aforesaid amendment rules have come into force with effect from 1st April, 1978 and, accordingly, all the Returns of Deposits made as on 31st March, 1978 onwards require to be duly certified by the auditors of the companies concerned. 3. Rule 10(1) of the Companies (Acceptance of Deposits) Rules, 1975 as it stands after the amendment referred to above requires, every company to which these rules apply shall, on or before the 30th day of June of every year, file with the Registrar, a return in the form annexed to these rules and furnishing the information contained therein as on 31st day of March of that year, duly certified by the auditor of the Company. It follows, therefore, that every company to which these rules apply shall prepare the return as on 31st March of every year, shall get the return certified by the concerned auditor and shall submit the audited return to the Registrar of Companies by 30th June. ∗ Published in “The Chartered Accountant”, September, 1979, pp. 275-276. Handbook of Auditing Pronouncements-II 4. It may be observed that neither the amended Rule 10 of the Companies (Acceptance of Deposits) Rules, 1975 nor the form of return prescribed thereunder provides the manner in which the auditor should certify the return. Even in the form of return, no space has been provided for auditors' certificate. Consequently, no statutory guidance is available to the auditor as regards the scope, manner and limitations inherent in this requirement of certification. 5. There are inherent practical problems involved in this certification. Having regard to the problems, the Company Law Committee of the Institute has decided to issue this Guidance Note for aiding the members in correctly understanding the implications involved and for securing uniformity in approach. 6. The problems associated with this work of certification include the following: Accounting year ending of companies in large number of cases may not coincide with the date prescribed for making the return i.e., 31st March. As a result the following situations may arise: (a) A part of the accounting data of some of the companies, relating to deposits underlying the balances included in the return of deposit is bound to remain unchecked during the normal cycle of statutory audit. (b) Similarly, companies whose year-end after 31st March will invariably have data to be included in the Return of Deposit covered by the checking of two successive statutory audits, which may not necessarily be by the same auditor. (c) There may also occur a change in the auditors during the reporting period, i.e., between April and June. It is possible in such a case that the retiring auditors hold office for a part of this period and the new auditors hold office for the remaining part. 7. The following can be considered as satisfactory approach in the circumstances enumerated above. (a) The auditor, if the period of his office has not come to an end by the time he certifies the return or he is re-appointed, should carry out the necessary checking of the transactions falling beyond the period covered by statutory audits so as to satisfy himself about the accuracy of the figures, set against various items in the return and the 24 Certificate Pursuant to Companies (Acceptance of Deposits) Rules, 1975 information, if any, contained in the return. If, however, the auditor in view of the volume of transactions in the balance period, is unable to carry out a complete audit for the balance period, he may qualify and indicate the extent of checking done for the balance period. In any case, the auditor who certifies the return should ensure that any residual period not already audited is covered by necessary checking. (b) Where the auditor is faced with a situation that part of the period covered by the return under certification has been statutorily audited by a different auditor, he is in the normal course entitled to rely on the work performed by such auditor as is related to his work in connection with the certification. It may also be pointed out that this principle has been explicitly accepted by the Institute of Chartered Accountants of India in Clause (2) of Part I of the Second Schedule to the Chartered Accountants Act, 1949. However, it would be desirable that the auditor makes a mention of the fact that part of the data underlying the figures in the return have been audited by other auditor and he has relied on such work. In making this mention, the period covered by the audit of the other auditor should also be mentioned. However, if there are circumstances to suggest that the work of the previous auditor may require a review before being relied upon, it would be safer to do the review before deciding whether to place reliance on such work or not. It is emphasised that the need for a review would not in the normal course arise; it is, however, possible that in course of audit of the accounts of the current year, matters may come to the notice of the auditor to warrant a need for review. (c) In the natural course it is expected that the outgoing auditor will do the certification if he has covered longer part of the period for which the return is made. In case, for any reason, the outgoing auditor is not able to undertake this certification, the incoming auditor will certify the return in accordance with the procedure referred to earlier. 8. In terms of Rule 10(1) the auditor is to certify the deposit return. The deposit return is also required to be certified by the Manager of the Company pursuant to the form of return as annexed to the Companies (Acceptance of Deposits) Rules. The Manager has to verify and certify the figures of deposits, liquid assets and interest rates under Parts A, B, and C of the Return form as correctly prepared. In addition, he is to certify the aggregate of the paid-up capital and free reserves, etc., as arrived at on the lines 25 Handbook of Auditing Pronouncements-II indicated in explanation to Rule 3 of the Rules. It is open to debate whether the certificate of the Manager on paid-up capital and free reserves referred to above requires a further certification by the auditor. Rule 10(1) requires the return together with the information contained therein to be duly certified by the auditor of the company. The Manager’s certificate on paid-up capital and free reserves constitutes information contained in the return and accordingly this requires to be covered by the certificate of the auditor. 9. The auditor in drafting the certificate should make clear what he is certifying. The Institute does not approve the issue of a bald certificate such as “Examined and found correct.” Two suggested certificates-an unqualified one and the other a qualified one, are given hereunder for the guidance of the members: (i) “We have examined the books of account and other records maintained by ……………………….. Company Ltd. in respect of the particulars furnished in the Return of Deposits as on 31st March, 19____ and certify that to the best of our knowledge and according to the information and explanations given to us and as shown by the records examined by us, the figures of deposits and interest rates under Parts A, B, and C of the Return are correct. We further certify the correctness of the particulars of the paid-up capital and free reserves, etc., given in the Manager’s Certificate. Place: Date: Chartered Accountants” (ii) “We have verified the figures of deposits and interest recorded in the annexed Return of Deposits of ………. as at 31st March, 19_____ with the register maintained by the Company in accordance with the Companies (Acceptance of Deposits) Rules, 1975 and certify that to the best of our knowledge and according to the information and explanation given to us and as shown by the record shown to us, the annexed Return has been correctly prepared, except that deposits from employees aggregating to Rs._______ have not been treated by the Company as Deposits, for the purpose of this Return but instead indicated in the Return separately in brackets against the respective items of ‘Deposits’. 26 Certificate Pursuant to Companies (Acceptance of Deposits) Rules, 1975 We further certify the correctness of the particulars of the paid-up capital and free reserves, etc., given in the Manager's Certificate. Place: Date: Chartered Accountants” 10. If the auditor has any reservation about the figures stated in the return either due to any error or on account of a particular interpretation being followed by the company in treating items, say as deposits or exempt deposits or otherwise, to which he does not subscribe, he should include a suitable qualification in the Certificate. 11. Statements in the Certificate conveying reliance having been placed on certain documents or representation of the management are superfluous and may cause confusion and therefore such statements should be avoided. 27 6 GUIDANCE NOTE ON THE DUTY CAST ON THE AUDITORS UNDER SECTION 45-MA ∗ OF THE RESERVE BANK OF INDIA ACT, 1934 1. The Reserve Bank of India (Amendment) Act, 1974 has inserted a new Section 45-MA in the Reserve Bank of India Act, 1934 with effect from 13th December, 1974. This Section, which is reproduced below, requires the auditors of non-banking institutions to enquire whether or not the institution, in case it has accepted deposits, has furnished to the Reserve Bank of India statements, information or particulars relating to the ‘deposits’ as are required to be furnished under Chapter IIIB of the Reserve Bank of India Act. It further states that in case the auditor of a non-banking institution is not satisfied about due compliance by it of the aforesaid requirement to furnish statements, information or particulars, it is his duty to make a report to the Reserve Bank giving the aggregate amount of deposits held by the institution. There is an additional part in this requirement specifically concerning company auditors. If a non-banking company has accepted 'deposits' and in the opinion of the auditor, has failed to furnish the required statements, information or particulars, his duty to report to the Reserve Bank has been combined with his duties under Section 227 of the Companies Act. He is to incorporate the Report made or intended to be made to the Reserve Bank in his Report to the company under Section 227 of the Companies Act. ∗ Published in the CICA Newsletter May, 1976, pp.259. Auditor’s Duties u/s 45MA of RBI Act, 1934 “Section 45-MA (1) - It shall be the duty of an auditor of a non-banking institution to inquire whether or not the non-banking institution has furnished to the Bank such statements, information or particulars relating to or connected with deposits received by it, as are required to be furnished under this chapter, and the auditor shall, except where he is satisfied on such enquiry that the non-banking institution has furnished such statements, information or particulars, make a report to the Bank giving the aggregate amount of such deposits held by the non- banking institution. (2) Where, in the case of a non-banking institution, being a company, the auditor has made, or intends to make, a report to the Bank under sub-section (1), he shall include in his report under sub-section (2) of Section 227 of the Companies Act, 1956, the contents of the report which he has made, or intends to make, to the Bank.” 2. The directions issued by the Reserve Bank of India in exercise of the powers vested under Chapter IIIB referred to above are contained in (a) Non- Banking Financial Companies (Reserve Bank) Directions, 1966; and (b) Miscellaneous Non-Banking Companies (Reserve Bank) Directions, 1973. These directions, at present cover only companies as defined in the Companies Act, 1956, including foreign companies. Under Chapter IIIB of the Reserve Bank of India Act, the Non-Banking Non-Financial Companies (Reserve Bank) Directions, 1966 were also issued but they have been withdrawn with effect from 3rd June, 1975 on the promulgation of the Companies (Acceptance of Deposits) Rules, 1975 under Section 58-A of the Companies Act, 1956. Certain classes of companies like banking companies, insurance companies etc., are exempted from these directions and members may go through the directions to see what classes of companies are exempted. 3. The duty of the auditor is confined to making ‘inquiry’. It is worthwhile to note in this connection that Section 227(1A) of the Companies Act also contains a requirement for ‘inquiry’ into several specified matters and in this connection members' attention is invited to Statement 204 of the Members Handbook Series issued by the Council of the Institute. Therefore in the context of the requirement of the Reserve Bank of India, the word “to inquire” simply means “to seek information”. The auditor, under the Reserve Bank Act, should be acquainted with the statements, information or particulars required to be submitted under Chapter IIIB of that Act and should ensure 29 Handbook of Auditing Pronouncements-II that proper evidence is available to show that such statements, information or particulars have been furnished to the Reserve Bank of India. If the auditor is satisfied that sufficient evidence is available about submission of the statement etc., by the non-banking institution, no further duty rests on him; he is not concerned to look into the accuracy of the statements etc. 4. The auditor of a non-banking financial and miscellaneous non-banking company (including a foreign company) should write to each such company along the lines of the enclosed Annexure 'A' irrespective of, whether or not, according to the books of account, any deposits have been obtained by the client. If the client indicates in reply to the enclosed letter that no deposits have been obtained, the auditor should verify this from the records. If deposits have been obtained and the client indicates that he has duly furnished the necessary information and particulars to the Reserve Bank of India, the auditor should ask the client to produce evidence to show that he has done so. If the evidence is satisfactory, the auditor has no further obligation because all that he is required to do by the aforesaid provision of the Amendment Act is to satisfy himself that the necessary information, particulars and statements relating to the deposits have been furnished to the Reserve Bank of India. If the auditor is not satisfied with the evidence indicating that the necessary statements, information or particulars have been furnished to the Reserve Bank of India he should write to the Reserve Bank as per the draft enclosed as Annexure ‘B’. It would be noted that the Report to the Reserve Bank is only to contain the aggregate amount of deposits held and the auditor is not required to report his findings on the inquiry. For this purpose, he should ascertain the aggregate amount of the deposits outstanding at the last date of the financial year in respect of which the audit is conducted. 5. Where the auditor is obliged to write to the Reserve Bank pursuant to the preceding paragraph, he should also include the undernoted paragraph in his statutory report to the shareholders, at the end of the usual reporting requirements: “We have not been satisfied on our inquiry during the course of our audit that the Company has furnished the requisite statements; 30 Auditor’s Duties u/s 45MA of RBI Act, 1934 information or particulars as required to be furnished to the Reserve Bank of India under Chapter IIIB of the Reserve Bank of India Act, 1934, and the aggregate amount of the total deposits outstanding as at the last date of the financial year i.e. ..........................., 19 .............. is Rs....(X or Nil as the case may be).” 6. Since the auditor should be acquainted with the returns, etc., which are to be furnished to the Reserve Bank of India, for the guidance of the members, the specific returns and statements to be furnished by different classes of companies and the due date for each class of company have been indicated in Annexure 'C'. Members should ascertain the class of company involved for the purpose of ensuring that they correctly apply the specifications indicated in Annexure 'C'. 7. Since an auditor can satisfy himself about the compliance with the requirements of submission of returns etc., only during the course of carrying out of the audit, it may be reasonably construed that his duty to verify compliance starts from the time he has assumed the office and stretches to the date of his report on the accounts audited. Consequently, he has to verify whether the audited Balance Sheet and the Profit and Loss Account which were laid in the Annual General Meeting in which he was appointed or re- appointed, have been submitted to the Reserve Bank of India or not. As regards the other returns, he is to enquire whether the particulars as of March 31, in case of non-banking financial companies and as of March 31/September 30, in case of miscellaneous non-banking companies have been filed with the Reserve Bank of India within the following June 30, and December 31, respectively. Obviously, in those cases where the auditor has already issued his report on the accounts of the Company before June 30 or December 31, as the case may be, it could not be said that it is the duty of such auditor to look into the compliance with the requirement of submission of the other returns. In such cases, the responsibility for the inquiry into compliance with this requirement naturally falls on the next auditor. 8. No time limit appears to have been set for the auditor to submit his report to the Reserve Bank in the event he is not satisfied about the furnishing of statements etc., by the non-banking institution. However, it should be submitted to the Reserve Bank within a reasonable time of the auditing work being completed. An auditor is not normally concerned with delays in filing returns etc, with the Reserve Bank and, therefore, he should report on the basis of the returns etc. filed by the date he signs his report on 31 Handbook of Auditing Pronouncements-II the company's accounts or the report of the Reserve Bank of India, whichever is earlier. 9. If the financial figures relating to the deposits are correctly stated in the books of the company, mere non-compliance with the procedural requirement of furnishing the statements, information or particulars to the Reserve Bank of India, will not vitiate the true and fair view of the financial statements of the company nor will it require the auditor to qualify any other part of this report to the shareholders. 10. It is to be noted that this Note is intended as guidance to the members in respect of duty cast on auditors under Section 45-MA of the Reserve Bank of India Act, 1934, and is not intended to be a guidance in respect of matters covered by the Companies (Acceptance of Deposits) Rules, 1975, made under Section 58-A of the Companies Act, 1956. 11. It is to be noted that 'inquiry' to be made as well as the reporting requirement will apply in respect of audit of any financial year of the non- banking institution, undertaken and/or completed on or after 13th December, 1974, even if the financial year may fall before the aforesaid date, so long as the appropriate Directions of the Reserve Bank of India, apply to that financial year, e.g., in the case of a non-banking non-financial company and a non-banking financial company from 1st January, 1967 subject to what has been stated in para 12 as regards non-banking non- financial companies and in the case of a non-banking miscellaneous company from 1st September, 1973. 12. A doubt originally arose as regards the simultaneous operation of Non- Banking Non-Financial Companies (Reserve Bank) Directions, 1966 and the Companies (Acceptance of Deposits) Rules, 1975 which came into operation on 3rd February, 1975, having application on the non-banking non-financial companies, inspite of Rule 12 of the latter Rules which reads as follows: "On the commencement of these rules, all rules, orders or directions in force in relation to any matter for which provision is made in these rules shall stand repealed, except as respects things done or omitted to be done before such repeal." The Reserve Bank of India by Notification No. DNBC. 36/DG (S).75 dated June 3, 1975 has withdrawn the Non-Banking Non-Financial Companies (Reserve Bank) Directions, 1966 with immediate effect and has thereby resolved the doubt. However, for the period falling between 3rd February, 32 Auditor’s Duties u/s 45MA of RBI Act, 1934 1975 and 2nd June, 1975, it seems that non-banking non-financial companies will have to meet the requirements of both the aforesaid Directions and the Rules. With effect from 3rd June, 1975, though the aforesaid Directions have been cancelled, a transitional requirement has been placed on such companies as were covered by the aforesaid Directions to furnish particulars of Deposits held on 31st March, 1975 to the Reserve Bank before 30th September of that year, in Form 'D' and no corresponding duty to inquire and report has been placed on the auditor. It has been made clear by the Reserve Bank of India that the Non- Banking Financial Companies and the Non-Banking Miscellaneous Companies will continue to be governed by the respective Directions which have not been withdrawn and the auditors of such companies are required to carry out the duty specified in Section 45-MA of the Reserve Bank of India Act, 1934. 33 Handbook of Auditing Pronouncements-II Annexure A ABC Company Limited Dear Sirs, Reserve Bank of India Act, 1934 Pursuant to the requirements of Section 45-MA of the above Act, and pursuant to the directions issued by the Reserve Bank of India from time to time, we hereby call upon you to furnish the undernoted information as early as possible in connection with our audit of your accounts for the year/period ended............................ (i) Have you received any deposits of the nature covered by the Reserve Bank of India Act and the directions issued thereunder? (ii) Have you furnished the requisite statements, information or particulars to the Reserve Bank of India as are required to be made by you, if any, under Chapter IIIB of the Act, and can you satisfy us by producing documentary evidence indicating that you have done so? (iii) If your answer to question (ii) is in the negative, please indicate the balance of the deposits outstanding at the last date of the financial year i.e. .............................. Yours faithfully, Chartered Accountants 34 Auditor’s Duties u/s 45MA of RBI Act, 1934 Annexure B Reserve Bank of India, Department of Non-Banking Companies, Post Box No. 571, 15, Netaji Subhas Road, Calcutta-700 001. Dear Sirs, ABC Company Limited Reserve Bank of India (Amendment) Act, 1974 In connection with the inquiry made by us during the audit of the above mentioned Company for the year/period ended.................., please note that we have not been satisfied that the Company has furnished the requisite statements, information or particulars as required to be furnished to the Reserve Bank of India under Chapter IIIB of the Reserve Bank of India Act, 1934, and the aggregate amount of the total deposits outstanding as at the last date of the financial year, i.e. ……………… 197 ………….. is Rs. (X or Nil as the case may be). Yours faithfully, Chartered Accountants 35 Handbook of Auditing Pronouncements-II Annexure C Type of Company Returns of Statements Period and due date to be furnished to the Reserve Bank Non-banking financial (a) Audited Balance (a) The Balance Sheet companies this Sheet as at the last & Profit & Loss includes mainly hire date of the financial Account to be purchase finance year & audited Profit submitted should companies, investment and Loss Account in relate to the period companies, loan respect of that year specified in the companies, housing are to be submitted previous column. finance companies, unless it has been mutual benefit finance done so already within companies and 15 days of the general miscellaneous finance meeting at which they companies. are passed, irrespective of whether or not the company has obtained any deposits during the year. (b) Prescribed returns (b) Other returns are to as per Reserve Bank be submitted as of directions as specified March 31 and should in the First, Second, reach the Reserve Third, Fourth or Fifth Bank before June 30, Schedule to the Non- and such returns are Banking Financial to be submitted Companies (Reserve irrespective of whether Bank) Directions, 1966 or not the company as may be applicable holds any deposits. to the class of the company. (c) Particulars of (c) Original particulars principal officers and to be filed within one 36 Auditor’s Duties u/s 45MA of RBI Act, 1934 directors, changes month from 1-1-73 or therein and specimen From the date of signatures thereof. commencement of business, whichever is later-changes to be filed within one month of date of change. (d) Copy of notice filed (d) Within 7 days of with the Registrar of the filing of the notice Companies under with the Registrar. proviso to sub-section (1) of Section 209 of the Companies Act, 1956, if the Registrar of Deposits is kept at a place other than at Registered Office of company, along with other books of account envisaged in the above sub-section. Miscellaneous Non- (a) Audited Balance (a) The Balance Sheet Banking Companies Sheet as on the last and Profit & Loss not covered above date of each financial Account to be including mutual year and audited Profit submitted should benefit companies, chit & Loss Account in relate to the period fund companies, etc. respect of that year specified in the are to be submitted previous column. unless it has been done so already within 15 days of the general meeting at which they are passed, if they are not submitted earlier, irrespective of whether or not the company has obtained any 37 Handbook of Auditing Pronouncements-II deposits during the year. (b) Prescribed returns (b) Other returns are to as per Reserve Bank be submitted as of directions specified in March 31, and the Schedule to September 30, and Miscellaneous Non- should reach the Banking Companies Reserve Bank before (Reserve Bank) June 30 and Directions, 1973. December 31 respectively, and such returns are to be submitted irrespective of whether or not the company holds any deposits. (c) Particulars of (c) Original particulars principal officers and to be filed within one directors, changes month from 1-9-73 or therein and specimen from the date of signatures thereof. commencement of business, whichever is later changes to be filed within one month of date of change. (d) (see (d) above). (d) (see (d)above). 38 7 GUIDANCE NOTE ON AUDIT REPORTS AND CERTIFICATES FOR SPECIAL PURPOSES* Contents Paragraph(s) Introduction............................................................................................................1 Scope of Special Purpose Audit Reports and Certificates ..............................2 Responsibility for Preparation of Special Purpose Statements ......................3 Scope of a Reporting Auditor’s Function...........................................................4 Contents of Reports and Certificates for Special Purposes ............................5 Extent of Reliance on General Purpose Audit Report ......................................6 Limited Review Report (Withdrawn) ...................................................................7 Reports and Certificates on Specified Accounts or Items of Financial Statements.........................................................................8 Other Engagements (Withdrawn) ........................................................................9 Communication of Report or Certificate ......................................................... 10 Communication with the Previous Reporting Auditor................................... 11 Illustrations ......................................................................................................... 12 Appendices * Issued in March, 1984 Handbook of Auditing Pronouncements-II 1. Introduction 1.1 Government authorities may under various statutes or notifications, require reports or certificates from auditors in support of statements or other information prepared by an enterprise. Reports or certificates on specific matters may also be required from auditors by an enterprise, for its own special purposes. These reports or certificates cater, to specific requirements of the individual users unlike a ‘general purpose report’ e.g., an auditor’s report on financial statements which is intended for general use. An audit report or certificate for special purpose is one to which the format of general purpose audit report is not applicable. 1.2 This note is intended to provide guidance to members who may be called upon to give audit reports or certificates for special purposes (herein referred to as ‘reporting auditors'). Reports on profit and/or financial forecasts and on tax audit do not fall within the scope of this Guidance Note.** 2. Scope of Special Purpose Audit Reports and Certificates 2.1 Audit reports or certificates for special purposes may be issued in connection with: (a) financial statements which are prepared in addition to general purpose financial statements; (b) specified elements, accounts or items of a financial statement; (c) compliance with requirements of any agreement or statute or regulation; (d) financial information given in special purpose formats or schedules; or (e) compilation of statistics or ascertainment of basic figures e.g., for the purpose of fixing quotas or levies. 2.2 A reporting auditor should appreciate the difference between the terms ‘certificate’ and ‘report’. A certificate is a written confirmation of the accuracy of the facts stated therein and does not involve any estimate or opinion. A report, on the other hand, is a formal statement usually made after an enquiry, examination or review of specified matters under report and includes the reporting auditor’s opinion thereon. Thus, when a reporting auditor issues ** These subjects have been dealt with in separate publications of the Institute, viz. ‘SAE 3400, “The Examination of Prospective Financial Information”’ and “Guidance Note on Tax Audit under Section 44AB of the Income Tax Act, 1961”. 40 Audit Reports and Certificates for Special Purposes a certificate, he is responsible for the factual accuracy of what is stated therein. On the other hand, when a reporting auditor gives a report, he is responsible for ensuring that the report is based on factual data, that his opinion is in due accordance with facts, and that it is arrived at by the application of due care and skill. 3. Responsibility for Preparation of Special Purpose Statements The primary responsibility for the contents of a special purpose statement rests with the enterprise and this would be evidenced by a suitable declaration or authentication by the management on the face of the statement. 4. Scope of a Reporting Auditor’s Function 4.1 A reporting auditor should have a clear understanding of the scope and nature of the terms of his assignment. It is desirable for him to obtain the terms in writing to avoid any misunderstanding. 4.2 A reporting auditor is not an expert on purely technical matters and as such, when he is required to report on or certify such matters (e.g., composition or quality of a product) which are of paramount importance and constitute the very basis of the figures contained in the statement, he should state his limitations clearly in the report or certificate. At the same time, he should indicate the extent to which he has been able to exercise his own professional skill and judgement with regard to the matter being reported upon. For instance, he may state that, for the purpose of forming his opinion, he has relied upon a certificate from technical experts. He should, of course, satisfy himself about the technical qualifications of the expert, and subject the expert's certificate to a reasonable review. 5. Contents of Reports and Certificates for Special Purposes 5.1 In many cases, a reporting auditor can choose the form and contents of his report or certificate. In other cases, the form and contents of the report or certificate are specified by statute or notification and cannot be changed. 5.2 Where a reporting auditor is free to draft his report or certificate, he should consider the following: (a) Specific elements, accounts or items covered by the report or certificate should be clearly identified and indicated. 41 Handbook of Auditing Pronouncements-II (b) The report or certificate should indicate the manner in which the audit was conducted, e.g., by the application of generally accepted auditing practices, or any other specific tests. (c) If the report or certificate is subject to any limitations in scope, such limitations should be clearly mentioned. (d) Assumptions on which the special purpose statement is based should be clearly indicated if they are fundamental to the appreciation of the statement. (e) Reference to the information and explanations obtained should be included in the report or certificate. In certain cases apart from a general reference to information and explanations obtained, a reporting auditor may also find it necessary to refer in his report or certificate to specific information or explanations on which he has relied. (f) The title of the report or certificate should clearly indicate its nature, i.e., whether it is a report or a certificate. Similarly, the language should be unambiguous, i.e., it should clearly bring out whether the reporting auditor is expressing an opinion (as in the case of a report) or whether he is only confirming the accuracy of certain facts (as in the case of a certificate). For this, the choice of appropriate words and phrases is important. (g) If the special purpose statement is based on general purpose financial statements, the report or certificate should contain a reference to such statements. However, the report or certificate should not contain a reference to any other statement unless the same is attached therewith. It should be clearly indicated whether or not the statutory audit of the general purpose financial statements has been completed and also, whether such audit has been conducted by the reporting auditor or by another auditor. In case the general purpose financial statements have been audited by another auditor, the reporting auditor should specify the extent to which he has relied on them. He may communicate with the statutory auditor for securing his cooperation and in appropriate circumstances, discuss relevant matters with him, if possible. (h) Where a report requires the interpretation of a statute, the reporting auditor should clearly indicate the fact that he is merely expressing his opinion in the matter. He should take sufficient care to ensure that in respect of matters which are capable of more than one interpretation, his report is not misconstrued as representing a settled legal position. (i) An audit report or certificate should ordinarily be a self-contained document. It should not confine itself to a mere reference to another report or certificate 42 Audit Reports and Certificates for Special Purposes issued by the reporting auditor but should include all relevant information contained in such report or certificate. (j) The reporting auditor should clearly indicate in his report or certificate, the extent of responsibility which he assumes. Where the statement on which he is required to give his report or certificate, includes some information which has not been audited, he should clearly indicate in his report or certificate the particulars of such information. 5.3 In certain cases, the form and/or contents of the report or certificate, as prescribed by a statute or a notification, may not be appropriate or adequate. In such situations, the reporting auditor may consider modifying the report or certificate on the basis of the suggestions made in para 5.2 supra, to the extent applicable. In case this is not possible, he should clearly indicate the limitations in his report or certificate itself. 6. Extent of Reliance on General Purpose Audit Report 6.1 Where a special purpose engagement is undertaken after the statutory audit has been completed, a reporting auditor should invariably review the statutory audit report to ascertain whether there are any matters which have a bearing on his report or certificate. 6.2 In cases, where a reporting auditor is required to report or certify certain specific matters arising from the financial statements taken as a whole, he should not normally issue his report or certificate until the statutory audit has been completed. For instance, a reporting auditor may be required to state whether, in the case of an Indian branch of a foreign company, the profit shown in the accounts represents the remittable surplus of the branch, or he may be asked to report on the computation of 'gross profit' for the purpose of bonus under the Payment of Bonus Act, 1965. In such cases, it would normally not be proper for him to give his report or certificate until the statutory audit has been completed, since he would not really be in a position to state whether the profit shown in the accounts itself has been properly computed. 6.3 Where an audit report or certificate is required before the statutory audit is completed, a reporting auditor should clearly state in his audit report or certificate that he is reporting on or certifying specific matters arising out of the financial statements of the enterprise, the statutory audit of which has not been completed. 6.4 Where the reporting auditor prepares his report or certificate on the basis of duly audited general purpose financial statements he may take the following precautions: (i) He may clearly state in his report or certificate that the figures from the audited general purpose financial statements have been used and relied upon. 43 Handbook of Auditing Pronouncements-II (ii) He may include in his report or certificate a statement showing the reconciliation between the figures in the general purpose financial statements and the figures appearing in his report or certificate. 7. Limited Review Report Section 7, “Limited Review Report” was withdrawn pursuant to issuance of the Guidance Note on Engagements to Review Financial Statements. However, the Guidance Note on Engagements to Review Financial Statements has also been withdrawn with the issuance of SRE 2400***, “Engagements to Review Financial Statements”. 8. Reports and Certificates on Specified Accounts or Items of Financial Statements 8.1 The test of materiality which a reporting auditor uses in connection with special purpose reports may be different, depending upon the circumstances, from the test he would use in connection with a general purpose report. For example, where he is required to express an opinion on specified accounts or items of financial statements, he may judge the materiality of an item solely in relation to such individual accounts of items rather than to the aggregate thereof or to the financial statements as a whole. A reporting auditor’s examination of certain records for an audit report or certificate for special purpose may also be more intensive than the examination of the same records by the statutory auditor for the purpose of expressing an opinion on the general purpose financial statements as a whole. 8.2 Certain accounts or items of financial statements are inter-related, e.g., sales and debtors, purchases and creditors, fixed assets and depreciation, etc. Therefore, where reporting auditor is required to examine and report upon or certify a specified account or items of financial statements, he may also need to examine the related accounts or items to discover the inconsistencies, if any, between these inter-related accounts or items. *** Hitherto known as AAS 33, “Engagements to Review Financial Statements”. 44 Audit Reports and Certificates for Special Purposes 9. Other Engagements Section 9, “Other Engagements” has been withdrawn pursuant to the issuance of the Guidance Note on Members’ Duties regarding Engagements involving Compilation of Financial Statements. However, the Guidance Note on Member’s Duties regarding Engagements involving Compilation of Financial Statements has also been withdrawn with the issuance of SRS 4410@, “Engagements to Compile Financial Information”. 10. Communication of Report or Certificate 10.1 The reporting auditor may address his report or certificate to the client or to the public authority or person requiring it, as the case may be. In appropriate circumstances, a certificate may be issued without reference to any particular person or authority by using the words, ‘To Whomsoever It May Concern’. 10.2 The report or certificate should normally be issued to the client who should be responsible for forwarding the same to the concerned authority, where so required. 11. Communication with the Previous Reporting Auditor It would be a healthy tradition if the practice of communicating with the member who had done the work previously is followed in every case where a member is required to give a report or certificate for a special purpose. 12. Illustrations The appendices to this Note give certain illustrations of audit reports and certificates for special purposes. Appendix I contains certain statutory certificates while Appendix II comprises of specimen certificates of non- statutory nature. It may be noted that there are a large number of other certificates-statutory and non-statutory-which a Chartered Accountant may be called upon to issue under specific circumstances. @ Hitherto known as AAS 31, “Engagements to Compile Financial Information”. 45 Handbook of Auditing Pronouncements-II Appendix-I Illustrations of Statutory Audit Reports and Certificates for Special Purposes (1) Auditor’s certificate in the application for consent to the issue of bonus shares made to the Controller of Capital Issues1: “We have verified the information furnished by the company for issue of bonus shares and find the same as correct. We also certify that we have received all the information required by us for the verification. We hereby certify that the proposal contained in the application for the issue of bonus shares meets all the requirements of the bonus issue guidelines, including the guidelines contained in paragraphs 8, 9, 11 and 13 in force issued by the Government in this regard according to the information furnished to us and to the best of our knowledge.” (2) Auditors’ certificate in the application form2 for issue of securities other than bonus shares under the Capital Issues Control Act, I947. "We have verified the information furnished in the above application of the company for issue of fresh capital and find the same as correct. We also certify that we have received all the information required by us for the verification. We hereby certify that the requirements of clause 5 of the Capital Issues (Exemption) Order, 1969, have been fully met by the company for the issue of acknowledgment/consent by the Controller of Capital Issues according to the information furnished to us and to the best of our knowledge." (3) Chartered Accountant's Certificate3 on Exports Ref No......... Date ....... Place ........ 1 Part E of Schedule B to the Capital Issues (Application for Consent) Rules, 1966, Notification No. G.S.R. 600 dated 29th March 1966, Government of India, Ministry of Finance. 2 Part G of Schedule A to the Capital Issues (Application for Consent) Rules, 1966, Notification No. G.S.R. 600 dated 29th March 1966, Government of India, Ministry of Finance. 3 Annexure XI of Appendix 10 to The Hand Book of Import-Export Procedures, 1983-84, Vol. II, Government of India, Ministry of Commerce, page 162. 46 Audit Reports and Certificates for Special Purposes Chartered Accountant’s Certificate “This is to certify that we have checked and verified the above particulars of exports from the books / documents of M/s..........................................and found the same to be correct.” (Signature of the Chartered Accountant) Official Stamp Full Address...........… Regn. No…......................... (4) Chartered Accountant’s certificate4 on certain matters in the application for grant/renewal of ‘Export House’ certificate under Import- Export Policy 1983-84 Certificate of the Chartered Accountant “We..................................(name and address of the Chartered Accountant) hereby certify that we have checked and verified the above particulars of exports from the books / documents of M/s...........................................and found the same to be correct. We also certify that the exports mentioned in this statement, excluding those exports which were made as associates of the STC/MMTC are direct exports of M/s. …………………... and the export documents viz, export order/contract, bank certificate and invoice were in the name of M/s. ................................... We have verified that each export invoice is properly supported by a purchase voucher.” Signature of the Chartered Accountant Official Stamp Full Address ........ Registration No ......... Dated ........ 4 Annexure XX of Appendix 10 to the Hand Book of Import-Export Procedures, 1983-84, Vol. II, Government of India, Ministry of Finance, page 171. 47 Handbook of Auditing Pronouncements-II (5) Chartered Accountant's Certificate5 on the statement showing consumption of imported raw materials, Components and Consumables under Import-Export Policy 1983-84. 1. “I/We have verified that the applicant unit has duly furnished to the D.G.T.D, Department of Electronics, Textile Commissioner or other sponsoring authorities concerned, its production returns for the year 1982-83 and other prescribed returns/statements for the same year, as it was required to furnish under the provisions of Imports and Exports Control Rules, Industrial (Development and Regulation) Act, Textile Control Order, etc. 2. I/We do hereby certify that consumption as certified in the statement has been verified from the books maintained by M/s. ................. and found the same as correct. I/We have also put my/our office seal and signature on the books from which the information has been verified. 3. I/We also certify that the applicant unit has been maintaining proper account of consumption in the prescribed form as indicated in the Hand Book of Import-Export Procedures, 1983-84. 4. I am not a partner, a Director or an employee of the applicant firm or its associates. 5. I have been duly appointed for the purpose by the Board of Directors of the Company or management as the case may be (In the case of Chartered Accountants/Cost Accountant)” Signature and Seal of Chartered Accountant Name of the Signatory Full address........ Date .......... (Seal) 5 Appendix 11 of the Import and Export Policy, 1983-84, Vol. I, Government of India, Ministry of Finance, page 182. 48 Audit Reports and Certificates for Special Purposes (6) Chartered Accountant's certificate6 regarding certain matters in the Application for Grant of Export Performance Certificate under Import-Export Policy 1983-84. “I/We do hereby certify that the information given in this statement has been verified from the books maintained by M/s ..................................,and found the same as correct. I/We have also put my/our office seal and signature on the books from which the information has been verified. I/We am/are neither a partner, a Director nor an employee of the applicant or its associates.” Place Date Signature and seal of Chartered Accountant Name of the signatory Full address ....... Membership No ......... (Seal) Residential Address ......... 6 Appendix 13 of the Import & Export Policy, 1983-84, Vol. I, Government of India, Ministry of Finance, page 185. 49 Handbook of Auditing Pronouncements-II Appendix-II Illustration of non-statutory audit reports and certificates for special purposes (1) Chartered Accountant’s certificate7 regarding employers’ bonus computation “We have reviewed the figure in the above computation, in comparison with the books and records of X Company Limited, produced to us, the audit of which has already been completed by us and/or another firm of chartered accountants and report that, subject to the notes given on the face of computation, in our opinion, and to the best of our knowledge and belief and according to the information and explanations given to us, the above computation is in due accordance therewith and has been made on a basis reasonably consistent with the provisions of the Payment of Bonus Act, 1965.” (2) Auditor’s certificate8 pursuant to Companies (Acceptance of Deposits) Rules, 1975. "We have examined the books of account and records maintained by ......................................... Company Ltd. in respect of the particulars furnished in the Return of Deposits as on 31st March 19...... and certify that to the best of our knowledge and according to the information and explanations given to us and as shown by the records examined by us, the figures of deposits and interest rates under Parts A, B and C of the Return are correct. We further certify the correctness of the particulars of the paid up capital and free reserves, etc. given in the Manager's Certificate." (3) Chartered Accountant’s Report on the basis of a limited review of interim financial statements@@. (4) Accountants' Report on Unaudited Statements@@@ 7 The Payment of Bonus Act, 1965 – An Accountant's Study, The Institute of Chartered Accountants of India, page 7. 8 A Note on the Companies (Acceptance of Deposits) Rules, 1975, The Institute of Chartered Accountants of India, page 77. @@ Refer to SRE 2400, “Engagements to Review Financial Statements”. @@@ Refer to SRS 4410, “Engagements to Compile Financial Information”. 50 8 GUIDANCE NOTE ON SECTION 293A OF THE COMPANIES ACT AND THE AUDITOR* 1. The hitherto complete ban on any contribution by companies to any political party or for any political purpose was relaxed to a great extent by the Companies (Amendment) Act, 1985, by which the provisions of the then existing Section 293A of the Companies Act, 1956 were totally substituted with effect from 24.5.1985, the day on which the said Amendment Act of 1985 received the assent of the President of India. 2. For ready reference, the old Section 293A as well as the new one are reproduced in an Annexure to this Guidance Note. 3. The new Section 293A provides that – (a) A company (other than a government company) which has been in existence for less than three financial years or any Government company shall not contribute any amount directly or indirectly to any political party or for any political purpose to any person; (b) A company other than the above is permitted to contribute to any political party or for any political purpose to any person provided that the aggregate of the amounts so contributed by it, directly or indirectly, in any financial year does not exceed 5% of its average net profits determined in accordance with the provisions of Sections 349 and 350 of the Act during the three immediately preceding financial years; (c) No such contribution shall be made by a company unless a resolution authorising the making of such contribution is passed at a meeting of its Board of Directors. * Issued in June 1986. Handbook of Auditing Pronouncements-II 4. It will thus be seen that the blanket ban on making of contributions referred to above is continued so far as government companies and those companies which have been in existence for less than three financial years are concerned. It may be noted that Government companies will not include companies governed by Section 619B. Any other company is, however, permitted to make such contributions in the aggregate in any financial year, not exceeding 5% of average net profits of the company computed in accordance with Sections 349 and 350 of the Companies Act, 1956, during the immediately preceding three financial years provided the Board of Directors of the company at a meeting authorises the making of the same by a resolution. 4.1. It may be pointed out that the second proviso to Section 293A(2) provides that no such contribution shall be made by a company unless a resolution authorising the making of such contribution is passed at a meeting of the Board of Directors. 4.2. The point for consideration is whether an ex-post facto resolution of the Board of Directors would regularise a contribution already made. In this connection, attention may be drawn to the interpretation given; to the word "unless'', as appearing in Section 372 (4) by the Calcutta High Court in the case of Mathura Prasad Saraf vs. Company Law Board (1979) 49 Comp. Cas. 371 wherein the Court has interpreted the said expression to mean in the context of the Central Government's approval referred to therein that it could be obtained even after the investment is made. If this analogy is applied, it is possible to take the view that an ex-post facto resolution of the Board of Directors would have the effect of regularising the contribution. A practical difficulty, however, will arise in such a case if the Board refuses to pass such a resolution after a contribution is already made, in retrieving the amount donated. 5. The said limit of 5% of average net profits has to be considered with reference to the aggregate amount or amounts of such contributions made directly or indirectly in a given financial year of the company. However, it is provided that where a portion of the financial year of any company falls before the commencement of the Companies (Amendment) Act of 1985, i. e. before 24.5.85 and a portion falls after such commencement, then the latter portion shall be deemed to be a financial year for this purpose. This would mean that even if a small period of the current financial year of the company falls after the date on which the new Section 293A came into force, namely 52 Section 293A of the Companies Act and the Auditor 24th May, 1985 (e.g. in the case of a company, whose accounting year ends on 31st May, 1985), during this short period the company could make contribution to the extent of full 5% of the said average net profits. 6. Section 293A makes certain specific provisions so as to remove several ambiguities relating to the extent and sweep of the situations/dealings which were intended to be covered in the ambit of this Section and to control certain practices which had been employed in the past to circumvent the previous restrictions. The use of the words "directly or indirectly" (which were absent in the old Section) after the words 'contributes any amount or amounts, appearing in sub-sections (1) and (2) of the new Section appear to cover these several practices, which came to be employed earlier. And though the word 'amount' is not defined even in the new Section, yet taking the provisions made as a whole, it should not be difficult to judge the dealings which will be hit by this new Section. In this context, the Committee is of the view that the expression "amount" used in this Section is not necessarily linked with money. Anything capable of quantification can be expressed as "amount". Consequently, any assistance, donation and contribution to a political party or for a political purpose, made through means other than money, but which is quantifiable and capable of being expressed in monetary terms is also covered by Section 293A. 7. The Section clarifies what will be considered to be a political purpose. Any donation or subscription or payment made or caused to be given by or on behalf of a company to a person who is carrying on any activity which can reasonably be regarded as likely to effect public support for a political party shall be deemed to be a contribution to such person for a 'political purpose' [Sub-section (3) (a)]** 8. The Section also expressly provides that expenditure incurred directly or indirectly on advertisements for the advantage of a political party will be deemed to be a contribution of the kind covered by this Section. And if the advertisement is in any publication by or on behalf of a political party, the expenditure thereon will be deemed to be a contribution to such political party. Where such publication is not by or on behalf of a ‘political party’ as such, but, for the advantage of a political patty then the expenditure on ** It may be mentioned that the explanation of the term "political purpose" in sub- Section (3) (a) largely conforms to the opinion expressed by the Institute earlier (vide paragraph 17 of the previous edition of the guidance note on the subject). 53 Handbook of Auditing Pronouncements-II advertisement will be deemed to be a contribution for a political purpose' to the person publishing it. Therefore, such expenditure should also be included in reckoning whether the limit of 5% of average net profit is exceeded or not. It may be noted that Section 293A(3)(b) applies to advertisement in any publication, being the publication in the nature of a souvenir, brochure, tract, pamphlet or the like, but will not include a newspaper. Therefore, if an advertisement is given in a newspaper run by a political party and a genuine quid pro quo is evident in the transaction, the payment for the advertisement should be treated as being outside the ambit of the prohibition. The auditor will have to exercise his judgment regarding the element of ''quid pro quo'' based on the facts and circumstances of the case. 9. Any amount/amounts contributed by a company which fall under this Section, i.e., amounts contributed to any political party or for political purposes, are required to be disclosed separately in its profit and loss account, giving particulars of the total amount contributed and the name of the party or the person to which or to whom such amount has been contributed. 10. The penal consequences for a company for making any contributions in contravention of these provisions are severe as it will be liable to be punished with a fine which may extend to three times the amount contributed in contravention of the Section (as against the limit of Rs. 5,000/- in the old Section). However, the punishment for every officer in default is the same as in the old Section, namely, that he or they shall be liable to imprisonment for a term which may extend to three years in addition to fine. 11. Though the language of the revised Section 293A is clear to convey the broad intention of the Legislature, the following terms, phrases and expressions (some of which did not exist in the earlier Section) used therein require a careful study and examination to comprehend the implications of its provisions as a whole. (a) ‘Political Party’ The Election Commission in exercise of the powers conferred on it by Article 324 of the Constitution of India read with rule 5 and rule 10 of the Conduct of Election Rules, 1961 (framed under the Representation of People Act, 1951) has made an order defining ‘Political party’ under paragraph 2(h) of the Election Symbols (Reservation and Allotment) Order, 1968. “Political party” means an association or body of individual citizens of India 54 Section 293A of the Companies Act and the Auditor registered with the Commission as a political party under paragraph 3 and includes a political party deemed to be registered with the Commission under the proviso to sub-paragraph (2) of that paragraph.” (b) ‘Political Purpose’ The term 'Political Purpose' is explained in sub-section (3) as under: Any activity which can reasonably be regarded as likely to effect public support for a political party will be deemed to be political purpose. Any payment therefore made to a person who carries on such activity will be a contribution for political purpose. (c) ‘Directly or Indirectly’ These words are added as suffix to the words “contribute any amount or amounts” in sub-sections (1) and (2). These words were not there in the old Section 293A. It is, therefore, necessary to analyse the significance thereof. Several practices of helping political parties or political purposes, monetarily or non-monetarily which were being followed till now, will fall within the ambit of this Section due to the word “indirect” used herein. The following items will be covered now by the Section due to the addition of the words “directly or indirectly” and the same should be aggregated to determine whether the contributions covered by this Section are within the permissible limits: (i) Contribution made directly to a political party whether in cash or in other form. (ii) Expenditure incurred on printing and distribution of posters and leaflets, either directly concerned or connected with elections or otherwise for a political purpose. (iii) Contribution made directly to a political party whether in cash or in other form for running an educational institution or for undertaking philanthropic activities. (iv) A donation, contribution, or other form of support to a Trust, Society or Association in any of the under noted circumstances: (a) If the Trust, Society or Association has any political objectives either wholly or even partially. (b) If the Trust, Society or Association is formed for any political purpose either wholly or even partially. 55 Handbook of Auditing Pronouncements-II (c) If the Trustees or Governing Council or Committee of the Trust, Society or Association have the discretion of using the funds wholly or partially for a political purpose or in furtherance of a political objective. On the other hand, the mere fact that some of the objects of a particular Trust, Society or Association are similar to the objects of a particular political party but are not of a political nature should not act as a disqualification. (v) Expenditure incurred on remuneration (including other benefits) to employees or on other establishment where the services of the employees are made available in connection with the activities of some political party, such as elections to legislative assembly, Parliament, etc. (vi) Making available vehicles owned by the company to any political party or to any candidate seeking election to any local authority, assembly, Parliament, etc., either free of cost, or at less than market rate. (d) ‘Person’ The word ‘Person’ has now been used in sub-section (1) (b) (ii) and (2) (b) instead of the words 'individual or body' used in the corresponding provisions of the old Section 293 A. It appears that the word ‘Person’ is intended to cover a wider area of recipients than what could be covered in the words ‘individual or body’. (e) ‘Average Net Profits’ These words used in the first proviso to sub-section (2) do not need much explanation. Profits determined in accordance with Sections 349 and 350 of the Act for the immediately preceding three financial years, would have to be averaged. The companies which write off ‘Depreciation’ on a basis other than that as per Section 350 would have to recompute depreciation and consequently the net profits for this purpose. In this connection, a doubt which is likely to arise is whether in view of the 'Explanation' below the first proviso to sub-section (2) and as noted in para (5) herein above, the latter portion of the financial year which falls after the date 24-5-1985, and which is to be deemed to be a financial year, will be taken as one full financial year for averaging net profits. The problem may arise at the time of considering such contributions made during the financial year ending in 1988. The proper view, however, in this context, would be that for the purpose of calculating average net profits, three complete financial years should be taken into account. 56 Section 293A of the Companies Act and the Auditor 12. If any kind of service or facility is made available to a political party or for a political purpose, no element of political contribution should be deemed to arise if a charge is made for the service or facility on a reasonable basis. If, on the other hand, no charge is made or the charge is patently or grossly unreasonable, the shortfall should be regarded as a political contribution and treated accordingly. In determining a reasonable charge for the service or facility made available to a political party or for a political purpose, regard shall be had only to the direct cost of providing such service or facility. No attempt need ordinarily be made to determine the comprehensive cost of facility or service by including a part of the company's normal overheads. Auditor’s Duties 13. The Committee is of the view that when an auditor is satisfied that political contribution has been made in excess of the limit prescribed in Section 293A, he should bring this to the attention of the shareholders by qualifying his audit report and making a mention of the excess amount involved, if ascertainable. This is because making a donation in excess of the prescribed limit amounts to an illegal application of the company's funds. 14. Where the limit laid down under Section 293A is adhered to and the facts are properly disclosed then the auditor has no further duty. Where, however, the facts regarding such contributions are not properly disclosed, then the auditor should qualify his report and state the facts therein. Where he has a genuine doubt regarding the applicability of the Section, he should ensure that the fact is properly disclosed in his audit report. 15. If, on the facts of a particular contribution, the company has obtained legal opinion indicating that it does not contravene the provisions of this Section and the auditor in the exercise of his judgment accepts that opinion, no need of disclosure should arise, provided that the matter is one which is not covered by this Guidance Note. If, on the other hand, the matter is covered by the Institute’s Guidance Note, the auditor should insist upon disclosure, even though the client has obtained a contrary legal opinion, and should qualify his report. The same position would also arise in the case where even though the matter is not covered by the Institute's Guidance Note, the auditor, in the exercise of his judgment, is unable to accept the legal opinion. In such a case, he should ensure that the facts are disclosed in an adequate manner and should also qualify his audit report. 57 Handbook of Auditing Pronouncements-II 16. It will be advisable to obtain a certificate from the company's Board of Directors to the effect that all amounts of contributions to political parties or for any political purpose to any person falling under the provisions of Section 293A have been brought into the books of account of the company and that no amounts of such nature other than those so included in the books have been paid/given directly or indirectly. 17. An auditor's duty, as such is to examine and report on the accounts of the company in accordance with the requirements of Section 227 of the Companies Act. The auditor, therefore, has no specific duty to make any special enquiry to unearth cases of unauthorised political contributions if they are not readily apparent from the examination of the accounts made in the normal course of the audit. If any unauthorised political contribution (or such contribution in excess of the permissible limit, as the case may be) has been skillfully concealed by a company or it has not come to the notice of the auditor in the normal course of his audit, an auditor would be responsible only to the extent it can be established that in the conduct of that audit he acted without reasonable care and skill. 58 Section 293A of the Companies Act and the Auditor Annexure Section 293A before amendment Section 293A after amendment (1) Notwithstanding anything (1) Notwithstanding anything contained in any other provision of contained in any other provision of this this Act, neither a company in Act – general meeting nor its Board of (a) no Government Company; and Directors shall after the commencement of the Companies (b) no other company which has been (Amendment) Act, 1969, contribute in existence for less than three any amount or amounts – financial years; shall contribute any amount or amounts directly or (a) to any political party, or indirectly – (b) for any political purpose to (i) to any political party; or any individual or body. (ii) for any political purpose to (2) If a company contravenes the any person. provisions of sub-section (1), then- (2) A company, not being a company (i) the company shall be referred to in clause (a) or clause (b) of punishable with fine which sub-section (1), may contribute any may extend to five thousand amount or amounts, directly or rupees; and indirectly – (ii) every officer of the company (a) to any political party who is in default shall be punishable with imprisonment (b) for any political purpose to any for a term which may extend person; to three years and shall also Provided that the amount or, as the be liable to fine. case may be, the aggregate of the amounts which may be so contributed by·a company in any financial year shall not exceed five per cent of its average net profits determined in accordance with the provisions of sections 349 and 350 during the three immediately preceding financial years. Explanation - Where a portion of a financial year of the company falls before the commencement of the Companies (Amendment) Act, 1985, and a portion falls after such commencement, the latter portion shall 59 Handbook of Auditing Pronouncements-II be deemed to be a financial year within the meaning, and for the purposes, of this sub-section; Provided further that no such contribution shall be made by a company unless a resolution authorising the making of such contribution is passed at a meeting of the Board of Directors and such resolution shall, subject to the other provisions of this section, be deemed to be justification in law for the making and the acceptance of the contribution authorised by it. (3) Without prejudice to the generality of the provisions of sub- sections (1) and (2) – (a) a donation or subscription or payment caused to be given by a company on its behalf or on its account to a person who, to its knowledge, is carrying on any activity which at the time at which such donation or subscription or payment was given or made, can reasonably be regarded as likely to effect public support for a political party shall also be deemed to be contribution of the amount of such donation, subscription or payment to such person for a political purpose; (b) the amount of expenditure incurred directly or indirectly by a company on advertisment in any publication (being a publication in the nature of a souvenir, brochure, tract, pamphlet or the like) by or on behalf of a political party or for its advantage shall also be deemed— 60 Section 293A of the Companies Act and the Auditor (i) where such publication is by or on behalf of political party, to be a contribution of such amount to such political party, and (ii) where such publication is not by or on behalf of but for the advantage of a political party, to be a contribution for a political purpose of the person publishing it. (4) Every company shall disclose in its Profit and Loss Account, any amount or amounts contributed by it to any political party or for any political purpose to any person during the financial year to which that account relates, giving particulars of the total amount contributed and the name of the party or person to which or to whom such amount has been contributed. (5) If a company makes any contribution in contravention of the provisions of this section, (a) the company shall be punishable with fine which may extend to three times the amount so contributed; and (b) every officer of the company who is in default, shall be punishable with imprisonment for a term which may extend to three years and shall also be liable to fine. 61 9 GUIDANCE NOTE ON AUDIT OF FIXED ASSETS The Guidance Note has been withdrawn pursuant to the issuance of the Guidance Note on Audit of Property, Plant and Equipment. The entire text of the Guidance Note has been given in Vol.II of the Handbook of Auditing Pronouncements - 2010 edition. 10 GUIDANCE NOTE ON AUDIT OF PROPERTY, PLANT AND EQUIPMENT Contents Paragraph(s) Introduction ........................................................................................ 6-9 Risks associated with Property, Plant and Equipment ............... 10-13 Inherent Risks ............................................................................... 10 Fraud Risks and Errors ............................................................ 11-13 Internal Controls ................................................................................. 14 Substantive Procedures ................................................................ 15-41 Verification of Records ............................................................. 18-36 Opening Balances.......................................................... 18-19 Capital Work in Progress ............................................... 20-22 Additions to PPE ............................................................ 23-28 Ownership of PPE.......................................................... 29-30 Impairment of PPE .............................................................. 31 Deletions from PPE........................................................ 32-36 Physical Verification ................................................................. 37-41 Recognition .................................................................................... 42-45 Valuation ........................................................................................ 46-73 Carrying Cost of PPE ............................................................... 46-57 PPE Acquired on/or as Government Grants............................. 58-60 Depreciation ............................................................................. 61-64 Useful Life of PPE ......................................................................... 65 Impairment of PPE ................................................................... 66-69 Revaluation of PPE .................................................................. 70-73 Disclosure ........................................................................................... 74 Audit in IT Environment ................................................................ 75-77 Handbook of Auditing Pronouncements-II The following is the text of the Guidance Note on Audit of Property, Plant and Equipment (PPE) issued by the Auditing and Assurance Standards Board (AASB) of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the "Preface to the Standards on Quality Control, Auditing, Review, Other Assurance and Related Services” issued by the Institute. 1. Paragraph 26 of the "Preface to the Standards on Quality Control, Auditing, Review, Other Assurance and Related Services” states that “Guidance Notes are issued to assist professional accountants in implementing the Engagement Standards and the Standards on Quality Control issued by the AASB under the authority of the Council. Guidance Notes are also issued to provide guidance on other generic or industry specific audit issues, not necessarily arising out of a Standard. Professional accountants should be aware of and consider Guidance Notes applicable to the engagement. A professional accountant who does not consider and apply the guidance included in a relevant Guidance Note should be prepared to justify the appropriateness and completeness of the alternate procedures adopted by him to deal with the objectives and basic principles set out in the Guidance Note." 2. This Guidance Note, does not supersede the Institute's publications which provide guidance on audit of Property, Plant and Equipment (PPE) with special reference to certain statutory requirements, e.g., the guidance contained in the Statement on the Companies (Auditor's Report) Order, 2003. 3. The Guidance Note has been prepared considering the relevant Revised Accounting Standard 16, “Property, Plant & Equipment” (corresponding to IAS 16) which is being issued by the Institute pursuant to the decision to converge with the International Financial Reporting Standards (IFRS) in respect of accounting periods commencing on or after April 1, 2011 and the existing Accounting standards, AS 10 “Accounting for Fixed assets” and AS 6 “Depreciation Accounting” which are applicable to the entities who are not required to comply with the relevant Revised AS. Both the categories of the Accounting Standards are collectively referred to as the “relevant applicable AS”. 4. The Guidance Note does not apply to audit of Investment Property and 64 Audit of Property, Plant and Equipment Intangible Assets. 5. In the event of a possible or perceived contradiction between the Guidance Note and a Standard on Auditing (SA) issued by the Institute, the Standard shall prevail. Introduction 6. The term Property, plant and equipment in respect of those entities which are required to comply with the relevant Revised AS refers to such tangible items that: (a) are held for use in the production or supply of goods or services, for rental to others, or for administrative purposes; and (b) are expected to be used during more than one period. In respect of such entities which need to apply AS 10 and AS 6, the term “Property, Plant and Equipment” comprises assets held for the purpose of providing or producing goods or services and which are not meant for sale in the normal course of business. Judgement is required to be exercised in recognizing what constitutes an item of property, plant and equipment having regard to an entity’s specific circumstances. For example, major spare parts, servicing equipment, and stand-by equipment, which an entity expects to use during more than one period, can be recognised as PPE as per the relevant Revised AS. 7. An asset can be classified as a PPE or otherwise, depending upon the use to which it is put or intended to be put. For example, assets which are classified as PPE in one type of business may be considered as current assets in another. Similarly, the same asset may be classified differently in an entity at different points of time. The recognition of Property, Plant and Equipment should be done as per the principles laid down in the “relevant applicable AS”. 8. PPE normally constitute a significant portion of the total assets, particularly in a manufacturing entity. Audit of PPE, therefore, assumes considerable importance. 9. The following features of PPE have an impact on the related audit procedures: 65 Handbook of Auditing Pronouncements-II (a) By their very nature, PPE are turned over much slower than current assets which are held for sale. Normally, PPE are carried over from year to year. (b) The average unit of PPE is normally of a relatively larger rupee value. (c) Since PPE are high value items, their acquisition is normally more closely controlled. The control aspect assumes special significance where PPE are self-constructed. (d) PPE are generally accounted for once unlike other assets like stock, because of which any error would affect the financial statements permanently or at least for a significant period of time. (e) In an inflationary situation, where cost model is adopted, normally, the book values of PPE are considerably lower than their replacement values. Risks Associated with Property, Plant and Equipment Inherent Risks 10. The auditor needs to obtain an understanding of the client and its environment to consider inherent risk, including fraud risks, related to property, plant, and equipment. This includes: (a) Obtaining an understanding of the internal control over property, plant, and equipment. For example, preparation of and review of capital budgets, etc. (b) Assessing the risks of material misstatement and designing tests of controls and substantive procedures that cover the following aspects: (i) Substantiate the existence of property, plant, and equipment. PPE may include assets that should have been derecognised following sale, other transfer of rights or abandonment. Auditor should verify title deeds, agreements or other ownership documents. (ii) Establish the completeness of recorded property, plant, and equipment. Expenditure that should have been recognised as property, plant and equipment but has not been so recognized, 66 Audit of Property, Plant and Equipment including capitalised finance costs, failure to account for assets held under finance leases or hire purchase agreements. (iii) Verify the cutoff of transactions affecting property, plant, and equipment. (iv) Determine that the client has the rights to the recorded property, plant, and equipment. (v) Establish the proper valuation or allocation of property, plant, and equipment and the accuracy of transactions affecting PPE. (vi) Determine the correctness and appropriateness of classification of property, plant and equipment. For example, incorrect split between land and buildings or between long term and short term leaseholds. Classification may have a significant impact on the application of the accounting policies. As per relevant Accounting Standard, the entities have to follow the component approach, as may be applicable. (vii) Depreciation value - Depreciation may have been incorrectly calculated on account of factors such as: • mechanical error; or • incorrect application of accounting policy; or • inappropriate assessment of remaining useful life; or • inappropriate assessment of residual value; or • incorrect classification of the asset. (viii) Carrying cost - Where a valuation model is followed - carrying amount may not reflect fair value due to factors including: • failure to update valuations for current circumstances; or • failure to brief valuers correctly, use of invalid assumptions or data, etc., or • valuations not performed by competent personnel. (ix) Existence / valuation - tangible assets acquired in a business combination may not have been initially recognised at their fair value at that date. 67 Handbook of Auditing Pronouncements-II (x) Value of impairment - failure to recognise impairment or reversal of impairment. (xi) Determine that the presentation and disclosure of property, plant, and equipment are appropriate. Fraud Risks and Errors 11. Some of the potential misstatements in PPE on account of frauds and errors include: (a) Purchase of an asset at an inflated price especially from a related party. (b) Wrong write-off of the asset as scrap, obsolescence, missing, donated, or destroyed. (c) Expenditures for repairs and maintenance recorded as PPE or vice versa. (d) Capitalisation of expenditure which are not normally attributable to the cost of the PPE. (e) Recording of an asset purchased, which in effect has not actually been received by the entity at all. (f) Removal of an asset paid for by the entity or use of an asset of the entity for the benefit of a person other than the entity. 12. Such errors and frauds could occur because of weak internal controls in the entity including: (a) Inadequate involvement of management in overseeing employees with access to cash or other assets susceptible to misappropriation. (b) PPE which are small in size, marketable, or lacking observable identification of ownership. (c) Lack of complete and timely verification and reconciliations of assets. (d) Inadequate physical safeguards over PPE. (e) The misuse of the entity’s assets by an employee. (f) Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or a loan to a related party). (g) The asset is intentionally sold below fair market value. 68 Audit of Property, Plant and Equipment 13. The auditor should perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatements. These would include: (a) Inquiries of management and others within the entity to identify the risks. For example, control procedures, entity’s objectives and strategies, incentive policies, etc. (b) Analytical procedures, for example, Ratios, etc. (c) Observation and inspection of the entity’s premises and plant facilities. Internal Controls 14. An auditor should review the system of internal controls relating to PPE, particularly the following: (a) Control over expenditure incurred on PPE acquired or self-constructed- An effective method of exercising this control is capital budgeting, which, apart from ensuring proper authorisation of the expenditure incurred, also shows, in general, how effectively such expenditure is being controlled through periodical comparisons of actuals with budgeted figures. It also ensures that amounts expended do not exceed the amounts authorized, and controls allocation of expenditure between capital and revenue in the case of self constructed assets. (b) Accountability and utilisation controls - Accountability over each PPE (or each class or component of PPE (in the case of companies following the relevant Revised AS)) is established, among other things, by maintaining appropriate records. This facilitates control over custodianship of such assets, for example, physical verification by the management or establishment of procedures relating to disposal of PPE. On the other hand, utilisation controls ensure that the individual PPE have been properly used for meeting the objectives of the entity. (c) Information controls - These controls ensure that reliable information is available for calculating and allocating depreciation, recording disposals or retirements, preparing tax returns, establishing the amount of insurance coverage, filing insurance claims, controlling repairs and maintenance charges or expenses incurred for inspection to assess the condition of the asset, replacement cost of specific parts, useful life of 69 Handbook of Auditing Pronouncements-II assets or specific parts, eg, specified number of hours of use, etc. (d) Safeguarding of assets - These controls ensure that the assets owned by the entity are safeguarded and any loss on damage / destruction of such assets are made good, through for example, insurance of assets, warranties, etc. The entity may have a process by which responsibility to safeguard the assets could be identified to specific personnel. Substantive Procedures 15. Verification of PPE consists of examination of related records and physical verification. The auditor should, normally, verify the records with reference to the documentary evidence and by evaluation of internal controls. Physical verification of PPE is primarily the responsibility of the management. 16. The auditor must also consider the appropriateness of the accounting policies, including policies for determining which costs are capitalised, whether a cost or valuation model is followed and depreciation (including assessment of residual values) appropriately calculated. 17. As per the relevant Revised AS, the auditor should ensure that the entity has capitalised the assets as per the component approach, whereby a component or part of an asset which is significant in value compared to the total value of the asset or the useful life of which is different from that of the asset, has to be capitalised separately. Verification of Records Opening Balances 18. The opening balances of the existing PPE should be verified from records such as the schedule of PPE, ledger or register balances. In the case of initial engagements, as per SA 510 (Revised), “Initial Audit Engagements – Opening Balances”, for the purpose of ascertaining the accuracy of the opening balance of PPE, some audit evidence may be obtained by examining the accounting records and other information underlying the opening balances. 19. The auditor would also need to obtain summary of changes to PPE and reconcile the same to the ledgers. 70 Audit of Property, Plant and Equipment Capital Work in Progress 20. The auditor must verify records to ensure that the assets under construction or pending installation and not yet ready for intended use are classified as work in progress. 21. Capital work in progress should be verified with reference to the underlying contractor bills, work orders, certification of work performed by independent persons, comparison of the progress and the costs incurred up- to-date with the budgets, capital asset management policy and plan, pending commitments, etc. 22. It must be ensured that an appropriate system is in place to capture all directly identifiable costs, which can be capitalized, to be so accumulated to the capital work in progress (WIP) whilst expenses which are not eligible for being capitalized are identified and charged to revenue in the normal course. The auditor should reconcile the movement of capital work in progress from opening to closing, specifically verifying additions during the year, capital assets completed during the years and impairment of any opening capital work in progress items. The closing work in progress value should be bifurcated asset class wise or project wise so that reconciliation of the capital WIP is made easier and more logical. The Capital work in progress should be reviewed with respect to the intention and ability of the management to carry forward and bring the asset to its state of intended use. The auditor should also specifically verify the date on which the assets are moved from the capital work in progress account to the fixed assets (the date on which the asset is ready for intended use), so that the depreciation on fixed assets may be computed correctly. Additions to PPE 23. Acquisition of new PPE and improvements to the existing ones should be verified with reference to supporting documents such as orders, invoices, receiving reports and title deeds and applicable customs or excise documents. Due care needs to be taken when the purchase is from a related party. The auditor may employ procedures such as possible comparative prices prevalent in a ready market, evaluation, justification and approvals for the purchase. 71 Handbook of Auditing Pronouncements-II 24. Self-constructed PPE and improvements thereto should be verified with reference to the supporting documents such as contractors' bills, work-order records, installation certification, completion certificates and independent confirmation of the work performed. 25. The auditor should make appropriate enquiries and examine lease contracts to provide evidence that PPE acquired under finance leases or hire purchase agreements have been properly capitalized. 26. In respect of the additions to PPE during the year, the supporting documentation and information for the date on which the asset was put to use / was ready to use is required to be verified. 27. Assets acquired in exchange for a non monetary asset(s) should be verified with reference to the supporting documents for the commercial substance of the transaction (cash flows from the assets acquired against those given up) and the value of the asset given up. 28. The auditor should review expense accounts (e.g., Repairs and Renewals) to ascertain that new capital assets and improvements have not been included therein. Ownership of PPE 29. The ownership of assets, like land and buildings, may be verified by examining the title deeds. In case the title deeds are held by other persons, such as solicitors or bankers, confirmation should be, at least where significant, obtained directly by the auditors through a request signed by the client. 30. The auditor would also need to perform procedures to obtain corroborating evidence that the client actually possesses the rights associated with the assets under consideration. For example, the fact that the cash flows or economic benefits associated with it are actually accruing to the client. Impairment of PPE 31. The auditor needs to consider whether there are circumstances as per AS that indicate a possible impairment of property, plant and equipment and if such circumstances exist, how the same have been dealt with by the entity. 72 Audit of Property, Plant and Equipment Decline in the market value of assets, changes in technological, legal or economic environment in which the entity operates, evidence of physical damage of assets, are some indications of impairment. Deletions from PPE 32. Where PPE have been written-off or fully depreciated in the year of acquisition/construction, the auditor should examine whether these were recorded in the PPE register before being written-off or depreciated. 33. In respect of PPE retired, i.e., destroyed, held for sale, scrapped or sold, the auditor needs to examine the following aspects, inter alia: (a) whether the retirements have been properly authorised and appropriate procedures for invitation of quotations have been followed wherever applicable; (b) whether the assets and depreciation accounts have been properly adjusted; (c) whether the sale proceeds, if any, have been fully accounted for; and (d) whether the resulting gains or losses, if material, have been properly adjusted and disclosed in the Profit and Loss Account. 34. It is possible that certain assets destroyed, scrapped or sold during the year have not been recorded. The auditor may use the following procedures to ascertain such omissions: (a) Review work orders/physical verification reports to trace any indicated retirements. (b) Examine major additions to ascertain whether they represent additional facilities or replacement of old assets, which may have been retired. (c) Make enquiries of key management and supervisory personnel. (d) Obtain a certificate from a senior official and/or departmental managers that all assets scrapped, destroyed or sold have been recorded in the books. 35. The auditor would also need to review the board minutes and other 73 Handbook of Auditing Pronouncements-II correspondence for indications of significant asset acquisitions, disposals or retirements. 36. Where there has been a change of use, the auditor would need to consider whether this gives rise to a need to change classification of the asset (eg, to inventory), assets held for sale, investment property, etc. Physical Verification 37. It is the responsibility of the management to carry out physical verification of PPE at appropriate intervals in order to ensure that they are in existence. However, the auditor should satisfy himself that such verification was done by observing the verification being conducted by the management wherever possible and by examining the written instructions issued to the staff by the management and the relevant working papers. The auditor should also satisfy himself that the persons conducting the verification, whether the employees of the entity or outside experts have the necessary competence. 38. The auditor should examine whether the method of verification was reasonable in the circumstances relating to each asset. For example, in the case of certain process industries, verification by direct physical check may not be possible in the case of assets which are in continuous use or which are concealed within larger units. SA 501,”Audit Evidence – Specific Considerations for Selected Items” contain principles related to the auditor’s responsibilities and procedures in respect of attendance at physical inventory counting undertaken by the management. It would not be realistic to expect the management to suspend manufacturing operations for conducting a physical verification of the PPE, unless there are compelling reasons which would justify such an extreme procedure. In such cases, indirect evidence of the existence of the assets may suffice. For example, the very fact that an oil refinery is producing at normal levels of efficiency may be sufficient to indicate the existence of the various process units even where each such unit cannot be verified by physical or visual inspection. It may not be necessary to verify assets like building by measurement except where there is evidence of alteration/demolition. At the same time, in view of the possibility of encroachment, adverse possession, etc., it may be necessary for a survey to be made periodically of open land. Where the PPE can be 74 Audit of Property, Plant and Equipment moved and where verification of all assets cannot be conducted at the same time, they should be marked with distinctive numbers. 39. The auditor should apply appropriate emphasis on the verification of assets by the management of the assets which are outside the premises of the company, with third parties. This may be by way of a process of physical verification by the management or by way of obtaining confirmation from the third party holding the asset, depending on the management’s risk assessment of such assets and the materiality of such assets. 40. The auditor should examine whether the frequency of verification was reasonable in the circumstances of each case. Where the assets are few and can be easily verified, an annual verification may be considered as reasonable. However, where the assets are numerous and difficult to verify, verification, say, once every three years by rotation - so that all assets are verified at least once in every three years – may be sufficient. 41. The auditor should test check the records of PPE with the physical verification reports. He should examine whether discrepancies noticed on physical verification have been properly dealt with. In this regard the auditor should use his judgement as to whether having regard to the circumstances, the discrepancy is material enough to warrant an adjustment in the accounts and/or modification in the internal control system. Recognition 42. The auditor should ensure that the cost of an item of property, plant and equipment is recognised as an asset only when the costs have been reliably measured and it has been ascertained by the management that future economic benefits will flow to the entity. 43. The auditor should also verify that the entity has recognised a fixed asset in accordance with the generally accepted accounting principles applicable to the entity. 44. Capital work in progress: The auditor should verify that PPE under construction are recognized as capital work in progress until such time they are ready for intended use. The auditor should also verify that only those costs that could be capitalised are included under work in progress. 75 Handbook of Auditing Pronouncements-II 45. Component approach: As per the relevant revised AS, in the component approach of accounting for the PPE, the auditor should verify that the relevant PPE are capitalised as components where the useful life of the components significantly vary from the useful life of the entire asset (e.g., Cost of relining a furnace, aircraft seats which require replacement at regular intervals and, thus, have a varying useful life from the rest of the furnace or aircraft, respectively). Each major part of the item of PPE with a cost that is significant in relation to the total cost of the item is depreciated separately. However, where the entity has originally not recognised a component separately, but subsequently replaces the part or a component, the auditor needs to verify that such replacements are capitalised only if the capacity or useful life of the asset increased, or quality of output improved or operating costs were reduced over and above that which was originally intended or estimated for the asset. The replaced part is derecognised. Valuation Carrying Cost of PPE 46. The auditor should satisfy himself that the PPE have been valued in the financial statements according to the generally accepted bases of accounting and as per the applicable reporting framework which are determined by law, professional pronouncements of the Institute and the prevailing industry practices. 47. After initial recognition of the asset, in the case of subsequent measurement, the auditor should verify that the value of the asset is as per the model chosen by the entity as cost or revaluation model. 48. The auditor should also satisfy himself that the method by which the fair value has been determined is reasonable for the asset under consideration. For example, the market value method, income approach or the depreciated cost approach. 49. The auditor should also satisfy himself that the value has been determined with the help of a person competent to value the assets under consideration. 50. As per the relevant Revised AS, the auditor should verify that costs of major inspections, cost of spares used in connection with an asset and expected to be 76 Audit of Property, Plant and Equipment used for more than one period are added to cost of asset and derecognized earlier cost as per generally accepted accounting principles. 51. The auditor should consider whether the entity has reviewed the carrying value of its assets and how it determines the recoverable amount of the asset. 52. As per the relevant Revised AS, where several assets have been purchased for a consolidated price, the auditor should examine the method by which the consideration has been apportioned to the various assets. In case this has been done on the basis of an expert valuation, he should examine whether the same appears reasonable and based on adequate facts. 53. Where an entity owns assets jointly with others (otherwise than as a partner in a firm) the auditor should examine the relevant documents such as title deeds, agreements, etc., in order to ascertain the extent of the entity's share in such assets. The assets are used to obtain benefits for the entity and /or the entity recognizes its share of the assets. The auditor needs to verify the underlying agreements and the benefits which the entity receives or expects to receive as per generally accepted accounting principles. 54. As per the relevant Revised AS, where the entities have obligations to dismantle, remove and restore items of property, plant and equipment, the cost of an item of plant and equipment have to include such costs. The auditor should examine the method and process of identification, estimation and treatment of such costs based on the model in which the asset is measured in accordance with the generally accepted accounting principles. 55. The auditor must ensure that the cost of self constructed assets include all the items of costs which are to be capitalized including specific direct expenses related to the asset and appropriate borrowing costs. 56. As per the relevant Revised AS, the auditor should ensure that the cost of self constructed assets do not include cost of abnormal wastage of material labour or other resources. 57. As per the relevant Revised AS, the auditor should also verify the payment towards the assets beyond the normal credit terms to confirm the cost which can be capitalized. 77 Handbook of Auditing Pronouncements-II PPE Acquired on/or as Government Grants 58. When the entity acquires land or other fixed assets as government grants at concessional rates, then the entity has to account for such assets at the acquisition cost. In case the asset is acquired free of cost, it should be accounted at nominal value. 59. The grant can be shown as a deduction from the gross value of assets or the asset can be shown in the balance sheet at the net value. 60. Entity following relevant Revised AS should capitalise the assets at the full value and account for the grant according to the relevant applicable Standard. Depreciation 61. The auditor should test check the calculations of depreciation and the total depreciation arrived at should be compared with that of the preceding years to identify reasons for variations. He should particularly examine whether the depreciation charge is adequate keeping in view the generally accepted bases of accounting for depreciation. 62. As per the relevant Revised AS, the auditor must check that each part of an item of property, plant and equipment with a cost that is significant in relation to the total cost of the item is depreciated separately. Such part of an item may also have different useful life over which the asset is to be depreciated. For example, it may be appropriate to depreciate separately the airframe and engines of an aircraft, whether owned or subject to a finance lease. 63. The auditor should review the depreciation method applied to the asset at least at the end of each financial year to confirm that the depreciation charge reflects the usage. A change in the method of depreciation should be treated appropriately as a change in an accounting estimate. 64. The auditor must verify that those assets under construction or installation are not depreciated until such time they are ready for intended use but these should be tested for impairment, if any. Useful Life of PPE 78 Audit of Property, Plant and Equipment 65. The auditor should ensure that the management has reviewed the useful life and the residual value of the asset at least annually. The useful life is, ordinarily, estimated based on the future economic benefits embodied in the asset or such other factors prescribed by the Standard or the asset management policy of the entity. Impairment of PPE 66. An asset is impaired when the carrying amount of the asset exceeds its recoverable amount. If the recoverable amount of an asset is less than its carrying amount, the carrying amount of the asset should be reduced to its recoverable amount. 67. The auditor should enquire whether any compensation is receivable from third parties for items of PPE which are impaired, lost or given up and credit the same to the Profit & Loss Account when the amount becomes receivable. 68. An impairment loss recognised for an asset in prior accounting periods should be reversed if there has been a change in the asset’s recoverable amount since the last impairment loss was recognised. If this is the case, the carrying amount of the asset should be increased to its recoverable amount. That increase is a reversal of an impairment loss. 69. The increased carrying amount of an asset due to a reversal of an impairment loss should not exceed the carrying amount that would have been determined (net of amortisation or depreciation) had no impairment loss been recognised for the asset in prior accounting periods. Revaluation of PPE 70. Revaluation of PPE implies restatement of their book values on the basis of systematic scientific appraisal which would include ascertainment of working condition of each unit of PPE, technical estimates of future working life and the possibility of obsolescence. This is done where the fair value of the asset can be reliably measured. As per SA 620 (Revised), “Using the Work of an Auditor’s Expert”, if expertise in a field other than accounting or auditing is necessary to obtain sufficient appropriate audit evidence, the auditor needs to determine whether to use the work of an auditor’s expert. For example, an expert may be used for valuation of land and buildings or plant and machinery. Such an 79 Handbook of Auditing Pronouncements-II appraisal is usually made by independent and qualified persons such as engineers, architects, etc. To the extent possible, the auditor should examine these appraisals. As long as the appraisals appear reasonable and based on adequate facts, he is entitled to accept the revaluation made by the experts. 71. Where valuation is performed internally, the auditor should consider the basis on which it was done, the adequacy of the evidence obtained to support the valuation and the overall reasonableness of the result. 72. The auditor must also satisfy himself that the frequency of revaluation is adequate and appropriate so that the fair value of the revalued asset does not materially differ from the carrying value of the asset. 73. The auditor should verify the basis of de-recognition and the accounting treatment of an asset on disposal or when no future economic benefits are expected from its use. Disclosure 74. The auditor should verify that the entity has made relevant disclosures for PPE (or class of PPE) on depreciation methods, measurement bases, details of additions and deletions, the existence of rights and restrictions, carrying amount during the course of construction, contractual commitments, impairment of assets, revaluation of assets, etc, as per the Standards applicable to the entity. Audit in IT environment 75. The auditor needs to check the controls based on the use of manual or automated elements which affect the manner in which transactions are initiated, recorded, processed and reported. The IT environment benefits the entity by: (i) Providing consistency in application of pre defined policies. For example, application of depreciation rate based on asset classification or useful life. (ii) Enhancing timeliness and accuracy of information, for example, monthly account closure procedures like passing depreciation entries. (iii) Generating analytical information, for example, Ratios, comparative information, etc. (iv) Reducing risks that controls can be circumvented, for example, authorisation for purchase of fixed assets. 80 Audit of Property, Plant and Equipment 76. The IT environment, however, may pose control threats like: (i) Reliance on systems which may inaccurately process data. (ii) Unauthorised access to data leading to data loss or destruction. For example, the Fixed Assets Register may be tampered with by other personnel. (iii) Unauthorised changes to data in master file. (iv) Inappropriate manual intervention. (v) Inability to access data as required. 77. The auditor needs to determine that the automated control is functioning as intended. Subsequently, the following also need to be verified: (a) That the changes to programs are subject to controls. (b) That the authorised version of the program is used. (c) Other general controls. (d) Inspection of the record of administration of IT. 81 11 GUIDANCE NOTE ON AUDIT OF ACCOUNTS OF NON-CORPORATE ENTITIES (BANK BORROWERS)* Contents Paragraph(s) Introduction .................................................................................. 1.1-1.4 Reserve Bank of India Circular ................................................... 2.1-2.7 Books of Account and Records .................................................. 3.1-3.2 Formats of Financial Statements ................................................ 4.1-4.3 Auditor .......................................................................................... 5.1-5.6 Audit Procedure ......................................................................... 6.1-6.12 Audit Report ................................................................................. 7.1-7.3 Special Audit Report.......................................................................... 8.1 Non-Corporate Entities and Credit Facility ................................ 9.1-9.3 Financial Statements ............................................................... 10.1-10.9 Profit and Loss Account ....................................................... 11.1-11.16 Depreciation ..................................................................................... 12.1 Taxation .................................................................................... 13.1-13.3 Balance Sheet .......................................................................... 14.1-14.9 Funds Flow Statement ............................................................. 15.1-15.2 Reporting Requirements ......................................................... 16.1-16.9 Special Audit .......................................................................... 17.1-17.10 Appendices * Issued in June, 1985. Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Introduction 1.1 Companies, public sector corporations, cooperative societies and public trusts (hereinafter referred to as the corporate entities) are required by law to maintain books of accounts and records get them audited and submit their audited financial statements to regulating agencies and others. Over a period of years, the utility of accounting discipline has been recognised by the users of financial statements who place great reliance on audited statements. 1.2 The need for extending this discipline to non-corporate entities has been felt for quite some time. Most of the business enterprises in the non- corporate sector depend on public finance. The Government has, therefore, started laying emphasis on maintenance of proper books of accounts and records and audit thereof by an independent agency in the non-corporate sector. 1.3 It is in this context that the Government has issued a notification on 31st May, 1984 that all active members of recognised Stock Exchanges should maintain accounts and records as specified in Rule 15 of the Securities Contracts (Regulation) Rules 1957, and get these accounts audited by chartered accountants. This provision applies in respect of the accounting year commencing on or after 1st April, 1984. The form of the audit report has also been prescribed and the same is to be filed by the stock broker with the Stock Exchanges and the Government within the specified time limit. The objective behind this requirement is to safeguard the interest of small investors and to ensure that the stock brokers remain within the financial and accounting discipline. 1.4 Similarly, the Finance Act, 1984, has inserted Section 44AB in the Income Tax Act and has provided for audit of all assessees having business turnover exceeding Rs. 40 lakhs and professional gross receipts exceeding Rs. 10 lakhs. This requirement is effective from the previous year relevant to assessment year 1985-86. This provision is intended to ensure that the books of accounts and other records are properly maintained and faithfully reflect the true income of the tax payer. The form of audit report prescribed by the Central Board of Direct Taxes (CBDT) requires the auditor to express his opinion in the case of a non-corporate assessee about the true and fair view of the state of affairs of the assessee. The auditor is also required to give certain particulars in a separate annexure to enable the tax authorities 83 Handbook of Auditing Pronouncements-II to speedily dispose of the assessments on the basis of the information provided in the report. Reserve Bank of India Circular 2.1 The Reserve Bank of India (RBI) had issued a circular on 22nd December, 1977 advising all scheduled banks to consider the feasibility of implementing the suggestion that annual accounts of all industrial and other borrowers enjoying aggregate credit limits of Rs. 10 lakhs and above for working capital from the banking system be audited by chartered accountants. The above proposal was examined by the Indian Banks’ Association (IBA) with a view to consider whether uniform formats of financial statements and audit report could be recommended for the purpose of the above audit requirements. The IBA in consultation with the Institute of Chartered Accountants of India (ICAI) prepared the formats of financial statements for trading and manufacturing entities, funds flow statements, auditor’s report and special audit report for consideration of RBI. 2.2 The above proposal has since been considered by RBI. In this context, it was noted by RBI that the Finance Act, 1984 provided for audit of the accounts of all assessees carrying on business having turnover exceeding Rs. 40 lakhs and of professionals with gross receipts exceeding Rs. 10 lakhs by chartered accountants. The forms of audit reports for the above purpose have also been prescribed by CBDT. As this statutory requirement would cover all non-corporate borrowers enjoying working capital limits of Rs. 10 lakhs and above from the banking system, the RBI has advised all scheduled banks, vide its circular dated 12th April, 1985 that the banks should ensure that such non-corporate borrowers get their accounts audited by chartered accountants. 2.3 For the above purpose ‘working capital’ will include all funds based loans given by banks to non-corporate entity to meet working capital requirements. In other words, it will include the following loans: (a) Packing credit facilities; (b) Cash credit facilities; (c) Loans-secured or unsecured; (d) Overdraft-secured or unsecured; 84 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) (e) Loans against Book Debts/L.M. Pledge; (f) Bill discounting facility; and (g) Any other credit facility (other than term loans, guarantees, letter of credit etc.). 2.4 This requirement will apply in respect of the accounting year of the non- corporate entity commencing on or after 1.4.1984. It will be necessary for the non-corporate entity enjoying such credit facility to submit the audited statements and audit report to the concerned bank as early as possible but in any case not later than 6 months from the close of the accounting year. 2.5 The financial statements will have to be prepared in the formats which have been approved by RBI. Two separate formats have been approved for this purpose. The first format relates to non-corporate entities engaged in trading activities and the second format relates to non-corporate entities engaged in manufacturing activities. 2.6 Similar circular is expected to be issued in respect of non- corporate entities enjoying credit facilities from urban, rural and other co-operative banks. This Guidance Note will apply to audit of accounts of such entities also after such circular is issued. 2.7 The formats of financial statements have been so designed that they will provide adequate information about the financial health of the borrowing entities and will assist the bank in their appraisal of the credit needs of such entities. The form of Audit Report is so devised that a non-corporate entity which is required to get the accounts audited under tax audit provisions of Section 44AB of the Income-tax Act (where sales, turnover or gross receipts exceed Rs. 40 lakhs in business or Rs. 10 lakhs in profession) will be able to get its accounts audited under the requirements of the RBI circular at a reasonable cost. In other words, there will be no duplication in audit effort and the auditor will be able to conduct the audit concurrently keeping in view the requirements of Tax Audit and RBI Circular. It may be noted that in the Guidance Note on Tax Audit Under Section 44AB of the Income-tax, Act issued by the institute, it is suggested that in the case of a non-corporate entity, the auditor should get the financial statements prepared in the same formats as recommended by RBI in the above circular. This will ensure that the financial statements of a non-corporate entity will be prepared in the same form for purposes of tax audit as well as audit of borrowers from banks 85 Handbook of Auditing Pronouncements-II and it will be possible to bring uniformity in the preparation and presentation of the financial statements. Books of Account and Records 3.1 The primary responsibility for maintenance of books of accounts and records is that of the non-corporate entity. Since there is no legislation prescribing the books of account to be maintained by a non- corporate entity, it will be necessary for a chartered accountant to advise his clients in the non-corporate sector about the form and contents of the books and records to be maintained. Attention of the member is drawn to the publication of the Institute entitled ‘Monograph on Compulsory Maintenance of Accounts’. The monograph provides guidance regarding maintenance of proper books of accounts by an entity. 3.2 It is suggested that a non-corporate entity should maintain a cash book/bank book, sales/purchase journals or registers and ledgers. Besides, it should also maintain quantitative details of principal items of stores, raw materials and finished goods. It is also necessary to maintain proper evidence in the form of bills, vouchers, receipts etc., to support entries in the above books. Formats of Financial Statements 4.1 Two separate sets of format of Balance Sheet and Profit and Loss Account have been approved. Format applicable to a trading entity is given in Appendix I and the format applicable to a manufacturing entity is given in Appendix II. Besides, the entity is also required to prepare a Funds Flow Statement given in Appendix III. 4.2 In the formats of financial statements, emphasis is given on the following matters:- (a) Uniformity in presentation; (b) Computation of cost of goods sold in the case of a trading entity; (c) Computation of cost of production in the case of a manufacturing entity; (d) Any item of expenditure which forms a significant proportion, say 5% or more of the total sales (5% or more of cost of production in the case of 86 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) a manufacturing entity) or has special significance otherwise, should be shown separately under appropriate heads; (e) Withdrawals made by partners or proprietors by way of remuneration or otherwise; (f) Investment made or loans given to partnership firms or associate concerns where the proprietor or partners or their relatives are interested directly or indirectly to ascertain whether the funds have been diverted for non-business purposes. (g) Overdue statutory liabilities; (h) Accumulated losses (i.e., cash losses and depreciation); and (i) Method of valuation of stock 4.3 The Funds Flow statement for the period summarises the changes in the financial position, including the sources from which funds were obtained by the entity and the specific uses to which such funds were applied. Auditor 5.1 The audit is to be conducted by a chartered accountant (or a firm of chartered accountants). The non-corporate entity is free to choose any practising chartered accountant to conduct this audit. Similarly, such entity will be free to change the auditor. In the event of any such change, it is necessary for the incoming auditor to communicate with the outgoing auditor before accepting the assignment, as required by the Chartered Accountants Act. He should also ensure that he does not resort to under-cutting while accepting any such assignment. 5.2 The appointment of the auditor for the purpose of this audit can be made by a partner or the proprietor or by any other person authorised by the non- corporate entity. It is possible for the non-corporate entity to have two or more chartered accountants as joint auditors for carrying out this audit, in which case the audit report will have to be signed by the joint auditors. 5.3 The auditor should obtain from the entity a letter of appointment before accepting the audit. It is suggested that the letter should state that the auditor has been appointed for the purpose of conducting the audit as required by the lending bank. It should also state the name and address of the previous auditor, if any. Besides, it should clarify that the auditor shall 87 Handbook of Auditing Pronouncements-II have the power to call for the books of accounts, information, documents and explanations and he shall have access to all books and records. A specimen of letter of appointment is given in Appendix VI as an example. It should be varied according to individual requirements and circumstances. 5.4 It should be noted that as per the decision of the Council (Code of Conduct under clause (4) of Part I of Second Schedule), a chartered accountant who is in employment of a concern or in any other concern under the same management cannot be appointed as auditor of that concern. Therefore, an employee of an entity or of a concern under the same management cannot audit the accounts of the entity. It may also be noted that under the Second Schedule to the Chartered Accountants Act, if a member gives an audit report in the case of a concern in which he and/or his relatives have substantial interest, it will be necessary for him to disclose his interest in the audit report. 5.5 The auditor is required to submit his report to the person appointing him i.e., the non corporate entity and not to the bank directly. However, with the consent of the non-corporate entity, he can submit the report to the lending bank. 5.6 The auditor signing the report (in his individual capacity or partner of the audit firm) should state his name in the report and should also give his membership number below his name. Audit Procedure 6.1 The auditor should study the constitution of the non-corporate entity which may be evidenced by a deed of partnership, a deed of association or a deed of trust. It will be necessary for him to ensure that the accounts are drawn up in conformity with the above documents / agreements and the terms thereof are complied with. The minutes and other records relating to decisions taken by the owners or trustees of the entity should also be studied. If there are any material violations of the terms of the above documents and records, he should take them into consideration during the course of audit and make an appropriate report. 6.2 The auditor should carry out the audit of non-corporate entities in the same way as he conducts the audit of all corporate entities. However, there are certain special features pertaining to the audit of non-corporate borrowers from banks which are discussed in the Guidance Note. 88 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) 6.3 This Guidance Note is supplementary to the existing publications of the Institute and the members are advised to follow them where applicable. Particular attention is invited to the following publications of the Institute: (i) Guidance Note on Terms Used in Financial Statements. This Note shall be of relevance since the terms used in the preparation and presentation of the financial statements have the same meaning as explained in this Note; (ii) Statement on Auditing Practices;1 (iii) A Guide to Company Audit; (iv) Statement on Manufacturing and Other Companies (Auditors’ Report) Order, 1975;** (v) Statement on Qualification in Auditor’s Report;2 (vi) Statements on Standard Auditing Practices; and *** (vii) Accounting Standards. 6.4 The auditor is required to express his opinion as to whether the financial statements give a true and fair view of the state of affairs of the entity. In giving this report, the auditor will have to use his professional skill and expertise and apply such audit tests as the circumstances of the case may require. Considering the contents of the audit report, he will have to conduct the audit by applying the same principles which are applicable for an audit in the corporate sector. He can apply the technique of test audit depending on the type of internal control procedures followed by the entity. If he finds that there is no internal control, it would not be advisable for him to conduct the audit by applying test checks. The auditor will also have to keep in mind the concept of materiality depending upon the circumstances of each case. He would be well advised to refer to the “Statement on Auditing Practices” while determining the extent of test check and materiality in each particular case. 1 Withdrawn in March, 2005. ** Currently, the Statement on the Companies (Auditor’s Report) Order, 2003 (Revised 2005) is in force. 2 The Council, at 269th meeting, held from July 18 to 20, 2007, decided to withdraw the “Statement on Qualification in Auditor’s Report” except paragraphs 2.1 to 2.30 dealing with reporting under section 227 (1A) of the Companies Act, 1956 and to rename the Statement as “Statement on Reporting under section 227(1A) of the Companies Act, 1956”. *** Now known as the Engagement Standards. 89 Handbook of Auditing Pronouncements-II 6.5 Section 227 of the Companies Act gives certain powers to the auditors to call for the books of accounts, information, documents, explanations, etc. and to have access to all books and records. In the case of audit of a non- corporate entity, it will be in the interest of the entity to furnish all the information and explanations and produce books of accounts and records required by the auditor. If, however, the entity, refuses to produce any particular record or to give any specific information or explanation, the auditor will be required to report the same and qualify his report. 6.6 Where the non-corporate entity covered under the audit requirements is also covered by the audit requirements under Section 44AB of the Income Tax Act, the auditor should frame his audit programme in such a manner that the requirements of audit under the Income-tax Act are also covered and the audit is conducted concurrently without any duplication of work. 6.7 If a non-corporate entity has branches and separate accounts are maintained at the branches, the entity can request the auditor to visit these branches for auditing the accounts. In the alternative, the entity can appoint any chartered accountant as auditor for any of the branches. The branch auditor in such a case, will have to give an audit report in the same form to the management or to the auditor appointed for audit of the head office accounts. The auditor appointed for the head office can rely on the audited accounts and the report of branch auditors subject to such checks and verifications he may choose to make and shall submit his report on the consolidated financial statements of the head office and branch accounts. The auditor appointed for the head office, while making his consolidated report on the head office and branch accounts should make a comment in his audit report as under:-- “I/We have taken into consideration the audit report and the audited statements of accounts received from the auditors of the branches not audited by me/us”. 6.8 The RBI circular does not provide for any exemption from audit of a branch of a non-corporate entity. If, however, the accounts of a particular branch are not audited, the auditor should suitably qualify his report and also state the reasons why the branch accounts are not audited. 6.9 The procedure for appointment of branch auditors will be the same as explained in para 5 above. 90 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) 6.10 In order that the auditor may be in a position to explain any question which may arise later, it is necessary that he should keep detailed notes about the evidence on which he has relied upon while conducting the audit and also maintain all his working papers properly. Such working papers should include his notes on the following, amongst other matters: (a) What books and records were examined and by whom; (b) Brief note on the system of internal control and procedure followed in the entity; (c) The extent to which test checks were applied in the course of audit; (d) What explanations and information were given to him during the course of the audit and by whom; and (e) What decisions on the various points were taken. 6.11 It may be noted that when any question relating to audit conducted by an auditor arises, he is answerable to the Council of the Institute under the Chartered Accountants Act. In all matters concerning the audit, the Institute’s disciplinary jurisdiction will prevail. 6.12 The following Standards on Auditing (SAs) issued by the Institute are given in Appendices VII and VIII@. (i) Basic Principles Governing an Audit: SA 200 (Appendix VII) (ii) Objective and Scope of the Audit of Financial Statements: SA 200A (Appendix VIII) Audit Report 7.1 The form of audit report is given in Appendix IV. The first part of the report is on the same lines as applicable for audit of accounts of non- corporate assessees under section 44AB of Income Tax Act (Form 3CB). In the second part, instead of giving the statement of particulars (Form 3CD) the auditor has to give a statement in respect of various matters stated in para 2 of the report. It will be noticed that this statement is on the same lines as the audit report to be given under section 227 (4A) of Companies Act. @ Not reproduced. Members may refer to the Handbook of Auditing Pronouncements-2010 Edition. 91 Handbook of Auditing Pronouncements-II 7.2 Where any of the matters stated in the report is answered in the negative, the report shall state the reasons therefor. If the qualifications materially affect the true and fair view of the financial statements, the auditor should state all qualifications in the audit report itself so that the same becomes a comprehensive report and the user of the audited ·financial statements can realise the impact of such qualifications. The auditor should follow the guidance given by the Institute in the matter of qualifications in the audit report in the “Statement on Qualifications in Audit Reports”. Chapter 3 of this Statement is reproduced in Appendix IX@@. 7.3 As the audit report is to be submitted by the non-corporate entity to the lending bank, the auditor should keep in mind his obligation to this specific user. In order that the report may assist the lending bank, it is recommended that the following additional information is given in the statement accompanying the auditor’s report: (a) non-fulfillment of any of the terms and conditions on which the loan was sanctioned, if it has a bearing on the financial statements; (b) diversion of borrowed funds to use other than those for which they were sanctioned. Special Audit Report 8.1 A separate format of a special audit report is also prescribed by the Reserve Bank of India (See Appendix V). The lending bank may, in special cases, require the non-corporate entity to obtain special audit report from the auditor. In any such case, the auditor will have to give his report in the specified format. Non-Corporate Entities and Credit Facility 9.1 Non-corporate entities which are required to get their accounts audited under RBI circular will include partnership firms, proprietary concerns, @@ Appendix IX not published. Members may refer to the Statement on Qualifications in Auditor’s Report, published in the Handbook of Auditing Pronouncements-I : Compendium of Statements and Standards (2007 edition). The Council, at 269th meeting, held from July 18 to 20, 2007, decided to withdraw the “Statement on Qualification in Auditor’s Report” except paragraphs 2.1 to 2.30 dealing with reporting under section 227 (1A) of the Companies Act, 1956 and to rename the Statement as “Statement on Reporting under section 227(1A) of the Companies Act, 1956”. 92 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) association of persons and private trusts which are engaged in trading or manufacturing activities. 9.2 The RBI circular provides that audit should be conducted in the case a non-corporate entity enjoying credit facilities of Rs. 10 lakhs and above from any scheduled bank. The above credit facilities relate to fund based loans given to the non-corporate entity to meet its working capital requirements. In particular this will include the following credit facilities: (i) Packing credit facilities; (ii) Cash credit facilities; (iii) Loans-secured or unsecured; (iv) Overdraft-secured or unsecured; (v) Loans against-Book Debts/L.M. Pledge; (vi) Bill discounting facilities; and (vii) Any other credit facilities (other than term loans, guarantees, letter of credit etc.). 9.3 It may be noted that the requirement for audit is with reference to the credit facilities enjoyed by the entity. Thus, even if the actual borrowing during the year or as at the close of the year is less than Rs. 10 lakhs, the entity would be covered under this requirement if the total credit facility enjoyed by it is Rs. 10 lakhs or more. Financial Statements 10.1 The purpose of preparation and presentation of financial statements in the applicable formats is to assist the lending bank to know whether proper books of accounts are maintained. This will also ensure evaluation of: (i) Financial health of the entity; and (ii) Movement of funds, in particular, the application of the borrowed funds. 10.2 While separate formats of financial statements for trading entities and manufacturing entities have been suggested, no formats have been designed for other types of entities, such as investment entities, service entities, etc. It is suggested that for these entities, financial statements should be prepared in the form as close as possible to the form applicable to trading entities. In 93 Handbook of Auditing Pronouncements-II respect of entities engaged in processing of goods, the financial statements should be prepared in the form as close as possible to the form applicable to manufacturing entities. 10.3 In case an entity undertakes multiple activities, it is necessary to determine the relative significance of each activity. For instance, an entity which is predominantly engaged in manufacturing activity, may also purchase a relatively small quantity of finished goods in the open market for direct sale to its customers. In such a case, it should prepare its accounts in the formats applicable for manufacturing entities. However, it is suggested that the financial statements should be so prepared as to highlight the important aspects of each major activity. 10.4 The proforma of the Profit and Loss Account is in the vertical form, whereas that of the balance sheet is in the horizontal form. The entities can, at their option, present both, the Balance Sheet and the Profit and Loss Account, in the same form-either vertical or horizontal provided the information as required in the formats is given. 10.5 The information required to be given under any item or sub-item of the financial statements, if it cannot be conveniently given on the face of the financial statements, may be given by way of separate schedules or through notes annexed to and forming part of such financial statements. 10.6. The figures relating to the previous year should be given in a manner so as to enable meaningful comparison. If the accounts of such previous year are not audited, the fact should be indicated by way of a note. The auditor should also report this fact in his audit report. 10.7 The primary responsibility of maintenance of proper books of account and preparation of the financial statements lies with the management of the entity. The accounts should clearly disclose the results of the working of the entity for the year, every material feature, transactions of an exceptional and recurring nature and also transactions pertaining to earlier years, if material. Further, the accounts should be prepared in conformity with the generally accepted accounting principles followed consistently. Any deviation, if material either from the accepted principles or from the accounting policy followed in the previous year, should be clearly brought out in the notes. 10.8 In the preparation of financial statements, the overall consideration should be that they give a true and fair view of the working of the entity. Moreover, these statements should also assist the lending bank in its 94 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) evaluation of the loan proposals and in ensuring financial discipline in the matter of repayment schedule of loans. 10.9 It should be noted that the terms used in the formats of financial statements given in Appendices l & II have the same meaning as in Schedule VI to the Companies Act 1956, unless otherwise stated. Profit and Loss Account 11.1 The purpose of any Profit and Loss Account is to disclose clearly the result of working of the entity during the period covered by it. The formats of Profit and Loss Account for trading as well as manufacturing entities are identical in many respects and hence separate discussion is not called for except in respect of special items. 11.2 The Profit and Loss Account should be so made out as to disclose every material feature, including transactions of non-recurring and exceptional nature. Adjustments in respect of prior period items, if material, should be separately disclosed. 11.3 In the case of a trading entity, the “cost of goods sold” is to be separately shown. In the case of a manufacturing entity “cost of production” is to be shown separately. In arriving at the cost of goods sold the figures of opening stock, purchases (less returns) and closing stock have to be separately shown. The amount of direct expenses incurred for the goods dealt in have also to be separately shown. Such direct expenses would include freight, transport, insurance, etc. 11.4 The cost of production is required to be separately worked out in the case of a manufacturing entity. This would imply that overheads relating to the manufacturing process will have to be segregated and shown under the manufacturing expenses. The auditor should examine whether factory overheads have been properly charged to the cost of production. 11.5 It is necessary to disclose the consumption of the raw materials. Members are advised to refer to the ‘Statement on the Amendments to Part II of Schedule VI to the Companies Act, 1956’, for a detailed discussion on what constitutes ‘raw materials consumed’. 11.6 Certain entities follow the practice of writing off the stores/spares to the Profit and Loss Account in the year of purchase, whether or not they are consumed. This fact should be brought out in the notes to the financial 95 Handbook of Auditing Pronouncements-II statements. The auditor should evaluate the effect of this practice and if the effect is material, he should qualify his report. The auditor should also examine whether adequate provision has been made in respect of slow moving and damaged stores and spares and in respect of discrepancies noticed on physical verification. The amount of such provision or write off should be separately disclosed. The auditor should also check the valuation of stores and spare parts to ensure that it is in accordance with the normally accepted accounting principles and that a consistent basis of valuation is being followed. 11.7 Salaries and wages paid to the proprietor or to the partners should be disclosed separately. 11.8 The various manufacturing expenses should be listed out under the head ‘Other Manufacturing Expenses’ in a manner that all significant items are separately disclosed. 11.9 Inventories often form a significant proportion of the assets of a non- corporate entity. The duties of the auditor as regards inventories are explained in the ‘Statement on Auditing Practices’. However, the auditor should obtain a certificate regarding the existence, title and value of the stocks held by the entity as at the end of the year and also at the time of submission of stock statement to the bank. While It is the duty of the management to take the physical verification, the auditor should review the procedure and observe the physical verification at the year end or at periodical intervals. He should also look into the discrepancies between the book records and the physical quantities. The auditor should particularly examine the method of valuation of stock and whether the method is as per the normally accepted accounting principles. If there is any change in the basis of valuation of stock, the auditor should report the change and its effect. Appendix X reproduces Chapter 5 of Statement on Auditing Practices relating to ‘Inventories’. 11.10 The figure of gross profit (or loss) is to be indicated separately. This is arrived at by deducting from net sales, any increase/decrease in finished goods, the cost of goods sold/cost of production. 11.11 Various expenses under the heads “Sales and Administrative Expenses “ should be disclosed under appropriate heads. 11.12 The item ‘Interest and other over heads’ includes interest and financial expenses such as commitment charges, bank charges, bill discount charges, 96 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) etc. If the amounts are material, interest may be bifurcated for the purpose of disclosure as below: (i) Interest to partners/proprietor; (ii) Interest on secured loans; (iii) Interest on unsecured loans; and (iv) Interest on other loans. 11.13 Separate disclosure should be made in case interest paid on funds borrowed for the purpose of acquisition of a fixed asset is capitalised. The auditor should qualify his audit report if such capitalisation has been resorted to with regard to interest accruing after the commencement of production. 11.14 Various items of income and expenses should be separately disclosed under the heading ‘Other Income or Other Expenses’. In case an item is significant, it should be disclosed separately, 11.15 In case of a trading entity, any item of expenditure which is significant, say 5% or more of “total sales”, should be separately shown under the appropriate heads, In the case of a manufacturing entity, the item of expenditure should be separately shown if it is 5% or more of the “Cost of production”. Further, if the item has special significance otherwise, it should be separately shown. Such items of expenditure should be classified under the heads (i) Salary (ii) Commission (ii) Perquisites (iv) Travelling etc. 11.16 Any allocation out of profit (e.g., transfer to investment allowance reserve) should be separately shown. Final allocation of net profits to partners/members of the entity should be verified with reference to the terms of deed of partnership or other documents concerning the constitution of the entity. Depreciation 12.1 Depreciation on fixed assets is to be separately shown. Since there is no specific provision for calculation of depreciation in any law governing non- corporate entities, it is suggested that depreciation should be calculated on written down value method (WDV) or straight line method (SLM) as provided in section 205 of the Companies Act, 1956. The method once adopted should be consistently followed. If there is a change in the method of providing depreciation, the effect of such change should be brought out in the financial 97 Handbook of Auditing Pronouncements-II statements and audit report for the year in which such change is made. In some non corporate entities, there may not be any proper system of providing depreciation in earlier years. In such cases, the book value on the first day of the year in which the above audit requirement has become applicable, be considered as the original cost of the assets and the rate of depreciation applicable under WDV method or SLM should be applied to the above assumed original cost. If, in any year, the depreciation provided is less than the amount required to be provided under WDV/SLM which is adopted by the entity, the shortfall/arrears of depreciation should be shown by way of a note in the balance sheet. Taxation 13.1 In the case of non-corporate entities, the provision for taxation will relate to the tax liability of the entity engaged in trading or manufacturing activity. Therefore, it will be necessary to consider the status of the entity under the Income-tax Act. If the entity is a registered firm (RF), the tax liability in respect of RF tax should be provided in the accounts. If the status is URF, AOP or trust, the tax liability should be provided on that basis. 13.2 In the case of an individual who is the proprietor of the entity, it is possible that he may be having other income (e.g., income from house property, dividends, and other sources) which is not credited in the books relating to the business entity which is being audited. In such a case, it would be necessary to find out the total tax liability of the individual in respect of his total income from all sources and provision for proportionate tax relatable to the business income from trading/manufacturing entity should be made in the accounts under audit. In such a case, a specific note should be given that the tax liability has been provided in the financial statements on a proportionate basis. 13.3 For working out the tax liability in any year reference should be made to past tax records for ascertaining disallowance of expenses etc. The liability should be estimated by taking into consideration the provisions of the Income-tax Act applicable to the relevant year. Balance Sheet 14.1 Where the original cost of fixed assets is not available, the book value of the fixed assets on the first day of the financial year under audit can be 98 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) taken as the original cost of the fixed assets. However, a clarificatory note should be given on the balance sheet explaining the position. Similarly, where it is not possible or practicable to determine the details of the revaluation of assets undertaken in the previous five years, a note should be given. The auditor may make a qualification on this ground only if he finds that it affects the true and fair view of the financial position. 14.2 In the non-corporate sector, it may be a common practice to treat certain capital expenditure as revenue and vice versa. Material violation of the fundamental principle of segregation between capital and revenue expenditure would be required to be brought out by the auditor by way of a qualification in the auditor’s report. 14.3 The questions relating to accounting of fixed assets and valuation and verification thereof assume importance when the non-corporate entity has invested significant funds for acquiring and installation of fixed assets. Chapter 3 of Statement on Auditing Practices dealing with ‘Fixed Assets’ is reproduced in Appendix XI. Guidance Note on Audit of Fixed Assets is given in Appendix XII. 14.4 Investments in concerns wherein proprietor/partners or their relatives are interested, are to be shown separately under the head “Investments”. Similarly, loans to proprietors/partners or associated concerns have to be shown separately under the head “Loans”. Similar information is also required to be given in respect of receivables, and loans and borrowings. The terms “relative” and “associated concern” have not been defined. As regards the term “relative”, it will have to be given the same meaning as defined for the purpose of Schedule VI to the Companies Act. In other words, this term will have the same meaning as defined in Section 6 of the Companies Act 1956. As regards, the term “associated concern”, there is no definition in the Companies Act. It is, therefore, suggested that if the proprietor or partner of the entity has a substantial interest in any other concern (a corporate or non- corporate entity), such concern should be treated as an associated concern. For this purpose, the proprietor or partner shall be considered as having a substantial interest in a concern if (a) the proprietor, partners or their relatives beneficially own in aggregate 20% or more of the voting power at any time during the year in a company or (b) the proprietor, partners or their relatives are entitled in the aggregate, at any time during the year, to 20%, or more of the profits of such concern. 99 Handbook of Auditing Pronouncements-II 14.5 It may be noted that in respect of loans given by the non- corporate entity, the amounts due within one year of the date of the balance sheet have to be shown separately. Similarly, instalments of deferred receivables due within one year have to be shown separately. On the liability side, under the head ‘loans and borrowings’, the amounts due for repayment within one year of the balance sheet date have to be shown separately. The current liabilities, which are due to payment beyond one year from the date of the balance sheet have also to be shown separately. 14.6 Chapter 7 of Statement on Auditing Practices dealing with ‘Debtors, Loans and Advances, is reproduced in Appendix XIII. Chapter 9 of the above Statement dealing with’ Liabilities is reproduced in Appendix XIV. 14.7 The accummulated losses have to be shown in the Balance Sheet and they should be bifurcated into (a) cash losses; and (b) accummulated depreciation. In the case of a partnership firm, the losses will have to be divided among the partners and, therefore, the question of disclosing the figure of accummulated losses will not arise. 14.8 Capital Reserves, if any, have to be separately shown in the Balance Sheet. In the case of a non-corporate entity, an item of Capital Reserve will appear in the Balance Sheet if such a reserve is created on revaluation of assets. It is open to a non-corporate entity to credit the surplus on revaluation of assets to capital reserve account or credit the same to the capital accounts of the partners or proprietor. Whatever treatment is given in the accounts on revaluation of assets, the same should be disclosed in the financial statements. 14.9 If the entity is a partnership firm, it is necessary to state by way of a note (i) whether, the firm is registered with the Registrar of Firms, (ii) registration number, (iii) date of registration, and (iv) the State in which it is registered. Funds Flow Statement 15.1 The Funds Flow Statement summarises, for the period covered by it, changes in the financial position, including the sources from which funds were obtained by the entity and the specific uses to which such funds were applied. A Funds Flow Statement may also be called ‘Statement of Changes in Financial Position’ or ‘Statement of Sources and Application of Funds’. 100 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) 15.2 The following are some of the general considerations to be borne in mind while preparing or auditing the Funds Flow Statement: (i) This statement is not prescribed by law for corporate entities, though a number of companies now a days voluntarily publish this statement as part of the annual accounts. There are no prescribed rules and hence the general rules for preparation of this statement should be followed. (ii) The most important of such rules is that the statement should bring out the significant factors which have led to the change in the funds position of the entity. (iii) A statement should be prepared for the period covered by the Profit and Loss Account and for the corresponding previous period. It should be noted that the auditor should not certify the future projection of the entity. (iv) The prescribed form is not exhaustive in its contents, and hence, the necessary information not covered by any of the items listed may be disclosed under any appropriate heading. (v) Attention is invited to the Accounting Standard 3 on ‘Changes in Financial Statements’ from which guidance may be obtained.@@@ (vi) Attention is also invited to the part dealing with ‘Reporting Requirements’ where the duties of the Auditor in respect of the funds flow statements are outlined. Reporting Requirements$ 16.1 The auditor has to make a report on the accounts examined by him, and on every Balance Sheet, Profit and Loss Account and Funds Flow Statement and on every other document annexed to the Balance Sheet or Profit and Loss Account and Funds Flow Statement (herein referred to as financial statements). The audit report shall state, whether in his opinion and to the best of his information and according to the explanations given to him, the said Balance Sheet, Profit and Loss Account and Funds Flow Statement give a true and fair view: @@@ The AS 3 is now known as Cash Flow Statements. $ Refer to Revised SA 700, “Forming an Opinion and Reporting on Financial Statements”. 101 Handbook of Auditing Pronouncements-II (i) In the case of the Balance Sheet, of the state of affairs of the entity as at the Balance Sheet date; and (ii) in the case of the Profit and Loss Account, of the profit or loss of the entity for the accounting period; and (iii) in the case of the Funds Flow Statement, the movement of funds during the accounting period. 16.2 The auditor’s report shall also state: (a) Whether he has obtained all the information and explanations which to the best of his knowledge and belief were necessary for the purposes of his audit. (b) Whether, in his opinion, proper books of account have been kept by the head office and branches of the entity so far an appears from his examination of those books. (c) Whether the Company’s Balance Sheet and Profit and Loss Account and Funds Flow Statement dealt with by the report are in agreement with the books of account at head office and branches. 16.3 Where any of the matters referred to above is answered in the negative or with a qualification, the auditor’s report shall state the reason for the answer. Where in the auditor’s report, the answer to any of the questions referred to in the Statement annexed to the financial statements is unfavourable or qualified, the auditor’s report shall also state the reasons for such unfavourable or qualified answer, as the case may be. Where the auditor is unable to express any opinion in answer to a particular question, his report shall indicate such fact together with the reasons why it is not possible for him to give an answer to such a question. 16.4 The audit report is in two parts. The first part of the report is in the conventional form and is on the same lines as Form 3CB prescribed for Tax Audit purposes. The second part is in the form of a statement to be annexed to the main audit report. There are 17 clauses in the statement in the second part. These clauses are identical to the matters covered in the audit report 102 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) under Section 227(4A)$$ of the Companies Act. These requirements can be summarised as under: (i) Whether the entity is maintaining proper records about fixed assets and whether such records show the particulars about the situation of the assets. It is also necessary to state as to whether the management have physically verified the fixed assets during the year and whether the discrepancies noticed on such verification have been properly dealt with in the books of accounts. In the event of revaluation of fixed assets the basis of revaluation should be indicated. Paragraphs 22 and 23 of the Statement on MAOCARO$$$ deal with the requirements relating to maintenance of records, and verification of fixed assets. These are reproduced in Appendix XV. (ii) It is also necessary that the management should carry out physical verification of finished goods, raw materials, stores and spare parts at reasonable intervals. The auditor has to report whether the discrepancies on such verification as compared to book records have been properly dealt with in the books of accounts. The auditor should also specify whether the valuation of stocks is fair and proper in accordance with the normally accepted accounting principles and that there is no deviation from the method followed in the earlier years. If there is any material effect because of the change in the method of valuation, the same should be quantified reported by the auditor. Para 24 of the statement on MAOCARO dealing with aspects of inventory valuation and verification is reproduced in Appendix XVI. (iii) If the entity has taken any loan (secured or unsecured) from firms, companies or other parties, it will be necessary for the auditor to state whether the rate of interest and the terms and conditions of such loans are prima facie prejudicial to the interest of the entity. This requirement will apply only in respect of loans from partners, proprietors or their relatives and from firms, companies or other parties who fall within the category of associated concerns. $$ The Department of Company Affairs has notified the Companies (Auditor’s Report) Order, 2003 in June 2003 in terms of the powers given to it under section 227(4A) of the Companies Act, 1956. $$$ Currently, the Statement on the Companies (Auditor’s Report) Order, 2003 (Revised 2005) is in force. 103 Handbook of Auditing Pronouncements-II (iv) If the entity has given loans or advances which are in the nature of loans, it will be necessary for the auditor to report as to whether such loans are being repaid as stipulated and whether the interest is being regularly recovered. It is also necessary to report as to whether reasonable steps are being taken by the entity for recovery of the principal and interest. (v) The auditor has to report on the adequacy of internal control procedure, depending upon the size of the entity and nature of business. This requirement applies to internal control procedures relating to purchases of stores, raw materials, components, plant and machinery, equipments and other assets. Para 27 of the Statement on MAOCARO dealing with the topic of internal control is reproduced in Appendix XVII. (vi) If the entity has made purchase of stores, raw materials or components from associated concerns or from other parties in which the partners/proprietors are interested, it will be necessary for the auditor to report as to whether the prices paid for such items are reasonable as compared to the prices of the similar items supplied by other parties if such purchases exceed Rs. 10,000/- in value for each type of items. (vii) It is also necessary to report whether unserviceable or damaged stores and raw materials are determined and provision for loans have been made in the accounts. (viii) The entity is also required to maintain reasonable records for the sale and disposal of realisable by-products and scrap. If such records are not maintained, it will be necessary for the auditor to report. (ix) In the case of an entity whose capital at the commencement of the financial year exceeds Rs. 25 lakhs, it is necessary for such entity to have an internal audit system commensurate with its size and nature of its business. The auditor has to report as to whether such an internal audit system exists in the case of such an entity. Para 32 of the Statement on MAOCARO dealing with internal audit system is reproduced in Appendix XVIII. (x) The auditor has also to report as to whether the entity is depositing provident fund dues with the appropriate authorities. If there are any arrears of provident fund dues he has to indicate the same in his audit report. 104 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) 16.5 In the case of an entity engaged in rendering services, besides the report on the above items (to the extent applicable), the auditor has also to report as to whether the entity has a reasonable system of recording receipts, issues and consumption of materials and stores commensurate with its size and nature of its business. Such system should provide for a reasonable allocation of the material and man hours consumed for the relative jobs. Further, the auditor should ensure that there is reasonable system of authorisation at proper levels with necessary control on the issue of stores and allocation of stores and labour to jobs, and there should also be a proper system of internal control depending on the size of the entity and the nature of its business. 16.6 In the case of a trading entity the auditor has to report on the items (to the extent applicable) mentioned in para 16.4 above and he has also to state as to whether damaged goods have been determined and that adequate provision has been made in respect of loss, if the value of the damaged goods was significant. 16.7 In the case of an entity which is engaged in the business of finance, investment, chit fund, nidhi or mutual benefit society the auditor will have to report on the items (to the extent applicable) stated in para 16.4 above and also state as to whether adequate documents and records are maintained in respect of loans and advances granted on the basis of security by way of pledge of shares, debentures and similar other securities. He has also to mention in his report as to whether the provisions of the special statute applicable to such an entity have been duly complied with. If the entity is dealing or trading in shares, securities, debentures and other investments, the auditor should report as to whether proper records have been maintained in respect of the transactions and contracts in such business and whether timely entries have been made in such records. It is also necessary to report as to whether such shares, securities, etc., are held by the entity in its own name. 16.8 In the Statement on MAOCARO, there is a detailed discussion in respect of each of the above items and therefore these items are not separately discussed in this Guidance Note. Members are requested to refer to detailed discussion in the above Statement issued by the Institute. Members should follow the guidelines given in the above Statement while conducting the audit under RBI Circular and also give the report on the basis of the above 105 Handbook of Auditing Pronouncements-II guidelines. Paragraphs 22, 23, 24, 27 and 32 of the above Statement have been given in the Appendices XV to XVIII for ready reference. 16.9 It may be noted that in the above audit report, the auditor has to give his opinion that the fund flow statement giving the movement of funds during the relevant year gives a true and fair view. This requirement is new. Such a requirement does not exist in the case of a corporate entity although a number of companies voluntarily publish this statement as part of their annual accounts. Since this requirement is new the auditor should take care that the funds flow statement (i.e., statement of changes in the financial position) is properly prepared and the figures given in this statement have been properly verified. Since figures of the previous year have to be stated in this statement, the auditor should qualify his report if the accounts of the previous year are not audited and figures are given in the statement on the basis of unaudited accounts. The auditor should also note that he is not required to certify future projections of the entity in this statement. Special Audit 17.1 A lending bank may, in special cases, require the non-corporate entity to obtain a special audit report from the auditor. Such a report can be called by a lending bank if it finds that it is necessary to have more information about the working of the entity. In such a case, the report will have to be given by the auditor on a quarterly basis. 17.2 The special audit report which is to be given on a quarterly basis in the specified form (Appendix V) is in addition to the normal audit report which is to be given by the auditor on an yearly basis. 17.3 In the quarterly special audit report, the auditor will have to give information relating to the operating data for each quarter. This information will have to be classified in the following manner: (i) Actual production; (ii) Actual production as a percentage of rated capacity; (iii) Sales; (iv) Cost of goods sold/cost of production; (v) Gross margin; (vi) Interest on bank borrowing; and 106 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) (vii) Interest to others. It is not necessary to work out the actual fixed cost for this purpose. 17.4. The age-wise classification of raw materials and finished goods is to be given. For this purpose age-wise classification is to be made in the following manner in respect of raw materials and finished goods separately: (i) Inventory for more than one year; (ii) Between 6 months and one year; (iii) Between three months and 6 months; and (iv) Below 3 months. Similar information about the work-in-progress, i.e., the number of days production which remains in progress should also be given. 17.5 The basis of valuation of raw material and finished goods should be given. For this purpose the following information is to be given: (i) The manner of determination of cost (i.e., components of cost). (ii) The method of valuing stock i.e., FIFO, LIFO etc. It is also necessary to state if there is any discrepancy between the quantity and value of the stock as furnished to the bank and as appearing in the books. The reasons for such discrepancy should be given in the audit report. 17.6 Age-wise classification of bills receivable and other receivables with reference to the bills due from domestic parties and bills in respect of exports should be given. The age-wise classification is to be done on the same basis as the classification for raw materials and finished goods as stated in para 17.4 above. 17.7 The information in respect of the following items is also to be given: (i) Balances at the end of each month of the quarter for major categories of stock, receivables and bills receivables; (ii) Tax assessments and payments made during the quarter; (iii) Actual disbursement of capital expenditure during the quarter; (iv) Outstanding contracts on capital account at the end of the quarter giving the details about the names of parties and amounts outstanding; 107 Handbook of Auditing Pronouncements-II (v) The contingent liability which may or may not materialise during the financial year succeeding the relevant quarter; (vi) Investments made during that quarter and the income from such investments including profit on sale of investments; (vii) Loans given during the quarter; (viii) Loans raised during the quarter from banks and from others. Separate figures to be given; (ix) Overdue statutory liability at the end of the quarter; (x) Amounts due but not paid at the end of the quarter in respect of (a) loans from banks (b) public deposit and (c) other loans; and (xi) Figures of cash losses during the last 2 years to be stated on the basis of the annual accounts. If such accounts were not audited this fact should be stated. 17.8 Purchases and sales transactions of the entity exceeding Re. 10,000/- per annum from companies, partnership firms or other entities in the same group should be in the normal course of business and the same should be at prices which are reasonable as compared to the prices of similar items in the market. If the auditor finds that such transactions have not been entered into in the normal course of business or at prices which are unfavourable to the entity it will be necessary for him to give details of such transactions. 17.9 The funds obtained from the lending banks have to be utilised for the purpose for which they are given by the banks. If the auditor finds that these funds have been diverted for the purposes other than those for which they were given by the bank, he will have to give the details of the diversion for such other purposes. 17.10 In order that the lending bank may be able to ascertain the correct financial position and financial health of the entity it is necessary for the auditor to give information about the following ratios: (a) Current ratio (b) Acid test ratio (c) Raw materials- turnover ratio (d) Finished goods-turnover ratio 108 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) (e) Receivables-turnover ratio (f) Return on investment (g) Interest cover ratio (h) Net margin ratio (i) Capital turnover ratio (j) Debt equity ratio (k) Operating Cash Flow 109 Handbook of Auditing Pronouncements-II Appendix I Form of Balance Sheet (For Non-Corporate) Trading Entities Name of Entity/Entities Balance Sheet as at Properties and Previous Year Previous Year Current Year Current Year Capital and Figures for Figures for Figures for Figures for Liabilities Assets I. CAPITAL (In case of I. FIXED ASSETS partnership, these particulars to 1. Under each head the be given separately for each original cost the additions partner and if possible, the fixed thereto, the deductions there capital accounts may be from during the year and the segregated from the current total depreciation written off accounts) as at the beginning of or provided upto the end of the year. the year to be stated. Add/Deduct, Net Profit/Net 2. Where the assets have Loss during the year. been revalued, the revalued Interest on capital figures to be shown. Each Drawings balance sheet for the first five years subsequent to the date Any other items (give details) of revaluation to state the amount of revaluation. 3. Distinguishing as far as possible between expenditure upon: a) Goodwill b) Land c) Buildings d) Leaseholds e) Railway sidings f) Plant and Machinery g) Furniture and Fittings h) Development of property i) Patents, trademarks and designs j) Livestock k) Vehicles etc. 1. Cost 2. Less : Depreciation II. ADVANCES AND II. RESERVES (Give details DEPOSITS ON CAPITAL under each head) ACCOUNT 110 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) 1. Capital reserves (if any) 2. Other Reserves (including retained profits to the extent not already added to the capital, give details) 3. Sinking Funds (if any) III. LOANS AND III. INVESTMENTS BORROWINGS (Attach details of investment I. Interest accrued and due on showing in each case nature each category to be shown of investment and mode of separately. valuation, e.g., cost or market 2. In case of secured loans the value) nature of security to be 1. Investment in shares, specified. debentures or bonds 3. Amounts due for repayments (Note: Investments in within one year from the concerns wherein proprietor, balance sheet date to be shown partner or their relatives are separately. interested to be shown 4. Loan from partners, relatives separately) of the proprietors or partners to 2. Immovable properties. be shown separately 3. Investments in the capital a. Loans from financial of partnership firms institutions. 4. Other investments. b. Loans and borrowings from banks (Specify the name of the bank, the relevant amount and the nature of the borrowing, e.g., cash credit term-loans, overdraft, packing credit etc., (separately) c. Fixed deposits (from public and others) d. Others (Give details) IV. CURRENT LIABILITIES IV. LOANS AND PROVISIONS 1. The nature, security (if (Amounts due for payment any) and amount of each beyond one year from the date type of loan to be specified. of the balance sheet to be 2. Amounts due within one shown separately). year to be shown separately. A. CURRENT LIABILITIES 3. Loans to proprietors, 1. Sundry creditors for goods partners or associated supplied. concern (to be shown 2. Sundry creditors (Others) separately) 3. Advances/ Progress 4. Loans considered bad or Payments from customers/ doubtful to be separately deposits from dealers-selling stated. agents, etc. Less: Provision for bad and 4. Interest and other charges doubtful loans. 111 Handbook of Auditing Pronouncements-II accrued but not due for payment. 5. Bills payable. 6. Statutory liabilities (Overdue amounts to be shown separately) 7. Other current liabilities and provisions (Major items to be shown separately) B. PROVISIONS 1. For taxation Less: Advance tax paid 2. For Provident Fund 3. For Contingencies 4. Other provisions A foot note to the Balance Sheet may be added to show separately: 1. Claims against the entity not acknowledged as debts. 2. Uncalled liability on shares partly paid 3. Estimated amount of contracts remaining to be executed to capital account and not provided for. 4. Contingent liability for bills discounted. 5. Other moneys for which the entity is contingently liable (give details) 6. Aggregate amount of arrears of depreciation if any. Notes on Balance Sheet (i) In case of partnership firms, state whether it is registered with the Registrar of Firms, registration number, date of registration and the state in which it is registered. (ii) Unless otherwise indicated the terms used herein have the same meaning as they have in Schedule-V1 to the Companies Act, 1956. V. CURRENT ASSETS A. INVENTORIES (The mode of valuation to be 112 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) shown separately) 1. Stock in Trade 2. Supplies and sundries. (If the trading organisation is also involved in any processing activity/ies other categories of inventories e.g. raw material. and work-in- progress, should be separately disclosed. B. RECEIVABLES 1. Debts due and outstanding for a period exceeding six months (to be shown separately.) 2. Instalments of deferred receivables due within one year to be shown separately. 3. Debts considered bad or doubtful to be shown separately. 4. Amount due from proprietors, partners or associated concerns (to be shown separately) i) On account of sales on deferred payment basis. ii) On account of exports iii) Others iv) Total receivables v) Less: Provision for bad and doubtful debts. C. BILLS OF EXCHANGE (Same information to be given as for 'Receivables') D. ADVANCES ON CURRENT ACCOUNT (Same information to be given as for loans). 1. Advances to suppliers of raw-material and stores/ spares/ consumables; 2. Advance payment of taxes (in excess of tax payable) 3. Pre-paid expenses. 4. Others. E. CASH AND BANK BALANCES 113 Handbook of Auditing Pronouncements-II 1. Fixed deposit account 2. Current and savings account 3. Cash in hand VI. MISCELLANEOUS EXPENDITURE To the extent not written off or adjusted (specify the nature and amount of each item). VII. ACCUMULATED LOSSES, if any i) before depreciation. ii) depreciation. TOTAL RUPEES TOTAL RUPEES Proforma of Profit and Loss Account for a Trading Entity Name of the entity Profit & Loss Account for the year ending ................. Last Year This Year Rs. Rs. 1. Sales (Net of Sales tax) (Income from services may be shown separately) 2. Cost of Goods sold (a) Opening Stock Add: Purchases (Less returns) Less: Closing Stock (b) Other direct Expenses (if any) 3. Gross Profit (1-2) 4. Sales and administrative expenses 5. Other income/expenses* Net (±) 6. Interest 7. Profit before depreciation and tax [(item 3 minus item (4+5+6)] 8. Depreciation 9. Taxation (for example for registered firms)** 10. Profit after depreciation & taxation item minus item (8+9) * Note: Any item of expenditure which forms a significant proportion, say 5% or more of the total sales or has special significance otherwise should be shown separately under appropriate heads for example (i) salary (ii) commission (iii) perquisites and money value thereof. ** Registered firms are subject to tax, before the profit is apportioned amongst partners. 114 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Appendix II Form of Balance Sheet (For Non-Corporate Manufacturing Entities) Name of Entity Balance Sheet as at Properties and Previous Year Previous Year Current Year Current Year Capital and Figures for Figures for Figures for Figures for Liabilities Assets I. CAPITAL (In case of I. FIXED ASSETS partnership, these particulars to be given separately for each 1. Under each head the partner and if possible the fixed original cost, the additions capital accounts may be thereto, the deductions segregated from the current therefrom during the year accounts) As at the beginning of and the total depreciation the year. written off or provided up to the end of the year to be Add/Deduct net profit/net loss stated. during the year 2. Where the assets have Interest on capital been revalued, the revalued figures to be shown. Each Drawings balance sheet for the first five Any other item (give details) years subsequent to the date of revaluation to state the amount of revaluation. 3. Distinguishing as far as possible between expenditure upon a) Goodwill b) Land c) Buildings d) Leaseholds e) Railway sidings f) Plant and machinery g) Furniture and fittings h) Development of property i) Patents, trademarks and designs j) Livestock k) Vehicle etc. 115 Handbook of Auditing Pronouncements-II 1. Cost 2. Less: Depreciation II. RESERVES (Give details II. ADVANCES AND under each head) DEPOSITS ON CAPITAL 1. Capital reserves (if any) ACCOUNT 2. Other Reserves (including retained profits to the extent not already added to the capital, give details) 3. Sinking funds (if any) III. LOANS AND III. INVESTMENTS (attach BORROWINGS details of investment showing 1. Interest accrued and due on in each case nature of each category to be shown investment and mode of separately) valuation e.g. cost or market 2. In case of secured loans the value). nature of security to be 1. Investment in shares, specified. debentures or bonds 3. Amounts due for repayments (Investments in concerns within one year from the wherein proprietor/partner or balance sheet date to be shown their relatives are interested separately. to be shown separately) 4. Loan from partners relatives 2. Immovable properties of the proprietors or partners to 3. Investments in the capital be shown separately. of partnership firms i) Loans from Financial 4. Other investments. Institutions. ii) Loans and borrowings from banks (specify the name of the bank the relevant amount and the nature of borrowing e.g. Cash credit, term-loans, overdraft, packing credit etc. separately) iii) Fixed deposits (from public and others) iv) Others (give details) IV. CURRENT LIABILITIES IV. LOANS AND PROVISIONS 1. Nature of security (if any) (Amounts due for payment and amounts of each type of beyond one year from the date of loan to be specified. the balance sheet to be shown 2. Amount due within one separately) year to be shown separately. A. CURRENT LIABILITIES 3. Loans to proprietors, a) Sundry creditors for goods partners or associated supplied concerns to be shown b) Sundry creditors (Others) separately. 116 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) c) Advances/ progress payments 4. Loans considered bad or from customers/deposits from doubtful to be shown dealers selling agents etc. separately. d) Interest and other charges Less: Provision for bad and accrued not due for payment. doubtful Loans. e) Bills payable. f) Statutory liabilities (Overdue amounts to be shown separately) g) Other current liabilities & provisions (major items, to be shown separately) B. PROVISIONS 1. For taxation less advance tax paid 2. For Provident Fund 3. For Contingencies 4. Other Provisions. A Footnote to the balance sheet may be added to show separately: 1. Claims against the entity not acknowledged as debts. 2. Uncalled liability on shares partly paid. 3. Estimated amount of contracts remaining to be executed to capital account and not provided for. 4. Contingent liability for bills discounted. 5. Other moneys for which the entity is contingently liable (give details) 6. Aggregate amount of arrears of depreciation, if any. NOTES ON BALANCE SHEET 1. In case of partnership firms state whether it is registered with registrar of firms, registration number, date of registration and the state in which it is registered. 2. Unless otherwise indicated the terms used herein have the same meaning as they have in Schedule VI to the Companies Act, 1956. 117 Handbook of Auditing Pronouncements-II V. CURRENT ASSETS A. INVENTORIES (The mode of valuation to be shown separately) 1. Raw materials (including stores and other items used in the process of manufacture) 2. Work in progress. 3. Finished goods 4. Consumable stores and spare parts. 5. Loose Tools. 6. Others. VI. RECEIVABLES 1. Debts due and outstanding for a period exceeding six months to be shown separately. 2. Instalments of deferred receivables due within one year to be shown separately. 3. Debts considered bad or doubtful to be shown separately. 4. Amount due from proprietors, partners or associated concerns to be shown separately. 1. On account of sales on deferred payment basis. 2. On account of exports. 3. Others 4. Total receivables 5. Less: Provision for bad and doubtful debts. C. BILLS OF EXCHANGE (Same information to be given as for receivables) D. ADVANCES ON CURRENT ACCOUNT (Same information to be given as for (Loans)) 1. Advances to suppliers of merchandise supplies and sundries etc. and 118 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) stores/spares/consumables. 2. Advance payment of taxes (in excess of tax payable) 3. Prepaid expenses. 4. Others. E. CASH AND BANK BALANCES 1. Fixed deposit account 2. Current and savings account 3. Cash in hand VI. MISCELLANEOUS EXPENDITURE To the extent not written off or adjusted. (Specify the nature and amount of each item) VII. ACCUMULATED LOSSES: if any 1. Before depreciation 2. Depreciation. TOTAL TOTAL Proforma of Profit and Loss Account of a Non-Corporate Manufacturing Entity Name of the entity ............. Profit & Loss Account for the year ending ................. (000’s omitted) Previous Current year Year (actuals) 1. Sales (Income from services may be shown separately) 2. Less: Excise duty 3. Net Sales (Item No.1 minus Item 2) Add/Deduct/Increase/Decrease in Finished Goods Closing stock Less: Opening Stock 4. Cost of Production (a) Raw materials consumption (i) Opening stock Add: Purchases Less: Closing stock 119 Handbook of Auditing Pronouncements-II (b) Stores and spare consumption (c) Salaries and wages (d) Other manufacturing expenses, excluding depreciation Sub-total Add: Opening stocks-in-process Deduct: Closing stocks-in-process Cost of Production 5. Gross profit/loss (item 3 minus item 4) 6. Sales and administration expenses 7. Interest and other overheads 8. Other income/expenses net (+) 9. Profit/Loss before depreciation & tax (Item 5 minus item) (6+7+8) 10. Depreciation 11. Profit after depreciation 12. Taxation 13. Profit after tax. Notes: 1. Any item of expenditure which forms a significant proportion, say 5% or more, of the total cost of production or has special significance otherwise should be shown separately under appropriate heads for example (i) salary (ii) commission (iii) perquisites and money value thereof. 2. If audited accounts for the previous year are not available, the fact should be stated. 120 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Appendix III FORM OF FUNDS FLOW STATEMENT FOR NON-CORPORATE BORROWERS NAME OF THE ENTITY …….. FUNDS FLOW STATEMENT FOR THE YEAR ENDING ……… (000’S omitted) ____________________________________________________________________________ Current Previous PARTICULARS Year Year ____________________________________________________________________________ SOURCES Profit before tax .................... ................ Add: Depreciation .................... ................ Add: Interest on capitals of partners/ proprietors .................... ................ Add: Salaries, Commission etc. Paid/payable to partners/ proprietors .................... ................ Gross funds generated .................... ................ .................... ................ Less : Taxes/ paid payable on the profits of the firm (relating to the year) .................... ................ __________ ................. ................ (applicable only to partnership firms) Less : Withdrawals (including personal taxes paid /payable on income of the partners/proprietor out of the income of the entity) by the Partners/proprietors Less: Salaries, commission etc. paid to partners/ proprietors ________ _______ A. SUB-TOTAL ................. ................ ________ _______ Increase in capital (only the fresh capital introduced – by the partners/ proprietor during the year) ................. ................ Increases in term loans/ deferred payment liabilities ................. ................ Increase in fixed deposits ................. ................ Increase in loans from partners, Increase in loans from relatives, friends etc. ................. ................ Decrease in fixed assets ................. ................ 121 Handbook of Auditing Pronouncements-II Decrease in investments in other partnerships/ business .................... ................ Decrease in advances and deposits on capital account ................. ................ ________ _______ B. SUB-TOTAL ................. ................ ________ _______ Increase in short-term bank borrowings ................. ................ Increase in other current liabilities ................. ................ Decrease in inventory ................. ................ Decrease in receivables ................. ................ Decrease in loans to partners/ proprietors/ associated concerns etc. ................. ................ Decrease in other loans ................. ................ Decrease in bills of exchange ................. ................ Decrease in advances on current Account ................. ................ Decrease in cash and bank balances ................. ................ --------------- --------------- C. SUB-TOTAL ................. ................ --------------- --------------- TOTAL FUNDS AVAILABLE (A + B + C) ................. ................ -------------- --------------- USES Decrease in term loans/ deferred payments liabilities ................. ................ Decrease in fixed deposits ................. ................ Increase in fixed assets ................. ................ Increase in investments of other partnerships/business etc. ................. ................ Increase in advances and deposits on capital account ................. ................ _________ --------------- D. SUB-TOTAL ................. ................ --------------- --------------- Decrease in short-term bank borrowings ................. ................ Decrease in other current liabilities ................. ................ Increase in inventory ................. ................ Increase in receivables ................. ................ Increase in loans to partners/proprietors/ associated concerns etc. ................. ................ Increase in other loans. ................. ................ Increase in bills of exchange ................. ................ Increase in advances on current account ................. ................ Increase in cash and bank balances ................. ................ --------------- --------------- E. SUB-TOTAL ................. ................ --------------- --------------- 122 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Loss (See Note – 3) ................. ................ Less : Depreciation: Less: interest on capitals of partners/proprietors ................. ................ Less: Salaries, commissions etc. paid/payable to partners/proprietors ................. ................ _________ _________ Balance i.e. Gross funds lost (-) or Gross funds generated (+) ................. ................ Add: Taxes paid/payable on the profits of a registered firm (relating to the year) (applicable only to partnership firms) ................. ................ Add: Withdrawals (including personal taxes paid/payable on incomes of the partner/proprietors ................. ................ Add: Salaries, commissions etc. paid to partners/proprietors ................. ................ _________ _________ F. SUB TOTAL ................. ................ ======== ======== TOTAL FUNDS USED (D + E + F) ................. ................ ======== ======== SUMMARY Long term sources ................. ................ Less: Long term uses ................. ................ Changes in Net working capital ( ± ) ................. ................ Short term sources ................. ................ Less: Short term uses ................. ................ --------------- --------------- ................. ................ --------------- --------------- NOTES: 1. The valuation of current assets or current liabilities and recording of income and expenses in these forms should be on the same basis as adopted for the Balance Sheet submitted to the Bank and should be applied on a consistent basis. 2. Under the items increase/ decrease in term loan/deferred payments liabilities, together with the names of the concerned lending/guaranteeing institutions should be indicated separately. 3. Figures should be filled in here only when the total effect is net funds lost. In case of loss, if loss, taxes, withdrawals etc., are more than compensated by depreciation, interest on capital, etc., the amount of loss should be shown under ‘Sources’ against the item ‘Profit before tax’ with a negative figure. 123 Handbook of Auditing Pronouncements-II Appendix IV Audit Report for Non-Corporate Borrowers 1. I/We have examined the Balance Sheet of …………………………………………………… as at ……….…. and the Profit and Loss Account and the funds flow statement for the year ended on that date which are in agreement with the books of account maintained at the head office at …………………………………………………….………..……………………………… …… and branches at ………………………………………………………………….. (i) I/We have obtained all the information and explanation which to the best of my/our knowledge and belief were necessary for the purpose of my/our audit. (ii) In my/our opinion, proper books of account have been kept by the head office and the branches of the entity so far as appears from my/our examination of such books, subject to the comment given below: - (iii) In my/our opinion and to the best of my/our information and according to the explanations given to me/us, the said accounts and the funds flow statement give a true and fair view: (a) in the case of the balance sheet of the state of affairs of the entity as at …. and (b) in the case of the Profit and Loss Account of the profit or loss of the entity for the account year ending on …. (c) In so far as it relates to the funds flow statement of the movement of funds during the year ending on that date. 2. The auditor’s report on the accounts of the entities shall be accompanied by a statement in respect of the following matters, viz. A. In the case of a manufacturing, mining or processing entity: (i) Whether the entity is maintaining proper records to show full particulars, including quantitative details and situation of fixed assets, whether these fixed assets have been physically verified by the management and if any serious discrepancies were noticed on such verification, whether the same have been properly dealt with in the books of account. (ii) In a case where the fixed assets have been revalued during the year the basis of revaluation should be indicated. (iii) Has physical verification been conducted by the management at reasonable periods in respect of finished goods stores, spare parts and raw materials, and if any significant discrepancies have been 124 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) noticed on such verification as compared to book records, whether or not the same have been properly dealt with in the books of account; whether the auditor is satisfied that the valuation of these stocks is fair and proper in accordance with the normally accepted accounting principles and is on the same basis as in the earlier years; if there is any deviation in the basis of valuation, the effect of such deviation, if material, is to be reported. (iv) If the entity has taken any loan whether secured or unsecured from firms, companies or other parties, whether the rate of interest and the terms and conditions of such loans are prima-facie prejudicial to the interest of the entity. (v) Whether the parties to whom the loans or advances in the nature of loans have been given by the entity are repaying the principal amounts as stipulated and are also regular in payment of the interest and if not, whether reasonable steps have been taken by the entity for recovery of the principal and interest; (vi) Is there an adequate internal control procedure commensurate with the size of the entity and the nature of its business, for the purchase of stores, raw materials including components, plant and machinery, equipment and other assets. (vii) Wherein stores, raw materials or components exceeding Rs. 10,000/- in value for each types thereof are purchased during the year from the associate firms or other parties in which the partners proprietors are/is interested, whether the prices paid for such items are reasonable as compared to the prices of similar items supplied by other parties. (viii) Whether any unserviceable or damaged stores and raw-materials are determined and whether provision for the loss, if any, has been made in the accounts. (ix) Is the entity maintaining reasonable records for the sale and disposal of realisable by products and scraps where applicable and significant. (x) In relation to entities the capital of which at the commencement of the financial year concerned exceeds Rs. 25 lakhs, whether the entity has an internal audit system commensurate with its size and nature of its business. (xi) Is the entity regular in depositing provident fund dues with the appropriate authorities and if not, the extent of arrears of provident fund dues shall be indicated by the auditor. B. In the case of a service entity: (i) All the matters specified in clause (A) to the extent to which they are applicable. 125 Handbook of Auditing Pronouncements-II (ii) Whether the entity has a reasonable system of recording receipts, issues and consumption of materials and stores commensurate with its size and nature of its business and whether such system provides for a reasonable allocation of the materials and man hours consumed to the relative jobs. (iii) Whether there is a reasonable system of authorisation at proper levels with necessary control on the issue of stores and allocation of stores and labour to jobs and whether there is any system of internal control commensurate with the size of the entity and the nature of its business. C. In the case of a Trading Entity: (i) All the matters specified in Clause (A) to the extent to which they are applicable, (ii) Have damaged goods been determined and if the value of such goods is significant, has provision been made for the loss. D. In the case of finance, investment, chit fund, nidhi or mutual benefit entity – (i) All the matters specified in Clause (A) to the extent to which they are applicable, (ii) Whether adequate document and records are maintained in a case where the entity has granted loans and advances on the basis of security by way of pledge of shares, debentures and other similar securities, (iii) Whether the provisions of any special statute applicable to chit fund, nidhi or mutual benefit society have been duly complied with, (iv) If the entity is dealing or trading in shares, securities debentures and other investments, whether proper records have been maintained of the transactions and contracts and whether timely entries have been made therein; also whether the shares, securities, debentures and other investments have been held by the entity in its own name. NOTE: In the above statement, the answer to any of the questions referred to as in 2 above is unfavourable or qualified, the auditor’s shall also state the reasons for such unfavourable or qualified answer, as the case may be. Where the auditor is unable to express any opinion in answer to a particular question, he shall indicate such fact together with the reasons why it is not possible for him to give an answer to such question. 126 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Appendix V Special Audit Report In the case of accounts perceived by the Bankers as important for regular and active monitoring, the following audit report may be given. I/We have examined the information given below relating to quarter ending at ……….. In my/our opinion and to the best of my/our information and according to the explanations given to me/us. 1. The important operating data for the quarter is as below:- Actual Production ...................... Actual Production as a percentage of rated capacity. ...................... Sales ...................... Cost of goods sold ...................... Gross Margin ...................... Interest on bank borrowings ...................... Interest on others ...................... (Actual fixed costs need not be worked out) 2. The age wise classification of raw materials inventory and finished goods as at ……. is as below : Raw Materials Finished goods (a) Above one year ...................... ...................... (b) Between six months and one year ...................... ...................... (c) Between three months and six months ...................... ...................... (d) Below three months ...................... ...................... 3. The work in process of Rs…………..as at ……………..represents ……days production. 4. The raw materials are valued at ………. The stock-in-trade is valued at ……… (give detailed basis for valuation including the manner of determination of cost e.g. first in first out etc). Accordingly, the value of raw materials and the finished goods is as below: The said valuation of stock is fair and proper in accordance with the normal accepted accounting principles, and is on the same basis as in the earlier quarter. The discrepancies (if any) between the value given here and that shown in the stock statements to the bank and the reasons thereof are given below: 5. The age-wise classification of total bill receivables and receivables outstanding as at………is as below: Domestic Exports (a) Above one year ............... .............. (b) Between six months and one year ............... .............. (c) Between three months and six months ............... .............. (d) Below three months. ............... .............. 127 Handbook of Auditing Pronouncements-II 6. The month and balances of the stocks, bills receivables and receivables are as below. (Give the balances as at the end of each month in the quarter for major categories of a stocks, receivables and bills receivable. 7. The assessments and payments made during the quarter were as below: 8. Actual disbursements for capital expenditure during the quarter were as below: 9. Outstanding contracts on capital account as on ……………are as below:- Name of the Party Amount (Rs.) 1................................................................................ .................. 2................................................................................ .................. 3................................................................................ .................. 10. Contingent liabilities which may or may not materialise, as on ……….during the financial year, immediately succeeding the quarter in relation to which this information pertains. 11. (i) Investments made during the quarter were as below: (ii) Income from investments including profit on sale thereof was as below: 12. Loans given by the entity during the quarter were as below: 13. Details of loans raised during the quarter are as below: and (a) from banks (give details) (b) from others 14. The purchase and sale transactions of the entity exceeding Rs. 10,000/- per annum from/to the companies, partnership firms or other entities in the same group appear to be in the normal course of business and the transacted prices of such items are/are not reasonable as compared to the prices of similar items in the market (if not give details). 15. The funds from the bank have been utilised for the purpose for which they were lent. Details of the funds diverted for purposes other than for those for which they were lent are given below: 16. The overdue statutory liabilities as at the end of the quarter are as below: (give details) 17. As per the annual accounts the cash losses during the last two years are as below: (State whether the accounts were audited or not) 18. At the end of the quarter, the following were amounts due but not paid: (a) Loans from Banks (b) Other Loans (c) Public Deposits 19. We give below some important ratios of the entity as per the last audited accounts: Assets realisable within a year (a) Current Ratio = -------------------------------------------------------------- Liabilities due to be paid within a year 128 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Cash + Bank balance + marketable Securities + debtors due within two months (b) Acid Test Ratio = -------------------------------------------------------------- Liabilities due to be paid within next six months Raw materials consumed during the year (c) Raw materials =--------------------------------------------------------------- turnover ratio Average raw materials stock Sales during the year (d) Finished goods = --------------------------------------------------------------- turnover ratio Average finished goods in stock Credit sales during the year (e) Receivables = -------------------------------------------------------------- turnover ratio average receivables Earnings before interest and tax (f) Return on investment = --------------------------------------------------------------- Net capital employed Earnings before interest and tax (g) Interest over ratio = ------------------------------------------------------------ Interest charge payable Earnings before interest and tax (h) Net margin ratio = ------------------------------------------------------------- Sales Sales (i) Capital turnover ratio = ------------------------------------------------------------- Net capital employed Liabilities to outsiders (j) Debt equity ratio = ------------------------------------------------------------ Capital Reserves – Miscellaneous expenditure (k) Operating cash flow (Debit plus depreciation)/Sales (Net of excise) 129 Handbook of Auditing Pronouncements-II Appendix VI Example of Letter of Appointment A & Bros., ....….. Lane, New Delhi. Date: M/s. X.Y. & Co., Chartered Accountants New Delhi. Dear Sir, We are happy to inform you that you have been appointed as auditors of our Firm/our Branch at ............ for the purpose of audit of accounts for the year ending.......……….for submitting our audited accounts and report to.............. Bank as per the requirement of the Reserve Bank of India. You will be paid a total remuneration of Rs. __________ including / excluding your travelling and other incidental expenses for conducting the audit and submitting the audit reports to us as per the requirements of the bank. I may inform yon that the audit of accounts for the last year i.e., year ending ................……………………………. for this purpose was conducted by M/s. N. & M. & Co., Chartered Accountants of............... New Delhi -1.# Please acknowledge this letter in token of your acceptance and intimate the date you intend to commence the audit work. Needless to say, you shall get full co- operation from us for conducting the audit and you shall have access to all our books of accounts and records. You can call for any information or explanation which you may need for the purpose of your audit. We hereby authorise you to file a copy of the audited accounts and audit report with the above bank. Yours faithfully, ( ) Partner # In case there was no previous auditor, the letter may confirm this fact. 130 Audit of Accounts of Non-Corporate Entities (Bank Borrowers) Appendix X Inventories (Chapter 5 of the Statement on Auditing Practices) The section on audit of inventories has been withdrawn upon the issuance of the Guidance Note on Audit of Inventories by the Auditing Practices Committee of the Council of the Institute of Chartered Accountants of India in August, 1994. Appendix XI Fixed Assets (Chapter 3 of the Statement on Auditing Practices) The section on audit of fixed assets has been withdrawn upon the issuance of the Guidance Note on Audit of Fixed Assets by the Auditing Practices Committee of the Council of the Institute of Chartered Accountants of India in April, 1985. Appendix XII Guidance Note on Audit of Fixed Assets Refer to the Guidance Note on Audit of Fixed Assets published in the Handbook of Auditing Pronouncements - 2010 Edition. Appendix XIII Debtors, Loans and Advances (Chapter 7 of the Statement on Auditing Practices) The section on audit of debtors, loans and advances has been withdrawn upon the issuance of the Guidance Note on Audit of Debtors, Loans and Advances issued by the Auditing Practices Committee of the Council of the Institute of Chartered Accountants of India in June, 1994. The Guidance Note has been published elsewhere in this Compendium. Appendix XIV Liabilities (Chapter 9 of the Statement on Auditing Practices) The section on audit of liabilities has been withdrawn upon the issuance of the Guidance Note on Audit of Liabilities issued by the Auditing Practices Committee of the Council of the Institute of Chartered Accountants of India in December, 1995. The Guidance Note has been published elsewhere in this Compendium. 131 Handbook of Auditing Pronouncements-II Appendix XV Maintenance of Fixed Assets Register [Statement on the Manufacturing and Other Companies (Auditor’s Report) Order 1975] Refer to Paragraphs 44 and Paragraphs 45 of the Statement on the Companies (Auditor’s Report) Order, 2003##. Appendix XVI Verification and Valuation of Inventories [Statement on the Manufacturing and Other Companies (Auditor’s Report) Order 1975 (Para 24)] Refer to Paragraphs 47 to Paragraphs 49 of the Statement on the Companies (Auditor’s Report) Order, 2003. Appendix XVII Internal Control [Statement on the Manufacturing and Other Companies (Auditor’s Report) Order 1975 (Para 27)] Refer to Paragraphs 54 of the Statement on the Companies (Auditor’s Report) Order, 2003. Appendix XVIII Internal Audit [Statement on the Manufacturing and Other Companies (Auditor’s Report) Order 1975 (Para 28)] Refer to Paragraphs 58 of the Statement on the Companies (Auditor’s Report) Order, 2003. ## The Statement on the Companies (Auditor’s Report) Order, 2003 has been published in the Handbook of Auditing Pronouncements, Volume I.B: Compendium of Statements. 132 12 GUIDANCE NOTE ON REPORTS IN COMPANY PROSPECTUSES1 (REVISED) Contents Paragraph(s) Legal Aspects .............................................................................. 1.1-1.5 Who are Eligible to Make the Reports ........................................ 1.6-1.8 Fees for Issuing the Reports..............................................................1.9 Signing the Report ............................................................................1.10 Consent Letters ................................................................................1.11 Comfort Letters .................................................................................1.12 Liability for Misstatement in Prospectus ............................... 1.13-1.15 Reports and Certificates ..................................................................1.16 Rights and Powers................................................................... 1.17-1.18 To Whom Should the Report be Made ............................................1.19 Overview of Part II of Schedules II, III and IV of the Act.................1.20 Financial Information of the Issuer Company ....................... 1.21-1.40 Accounting and Auditing Aspects.............................................. 2.1-2.9 Appendices 1 This Guidance Note was issued In October, 2006. With the issuance of this Guidance Note, the Guidance Note on Audit Reports/ Certificates on Financial Information in Offer Documents, issued by the Institute in January 1997 shall stand withdrawn. Handbook of Auditing Pronouncements-II Legal Aspects 1.1 The purpose of this Guidance Note is to provide guidance on compliance with the provisions of the Companies Act, 1956 (hereinafter referred to as “the Act” unless otherwise specified), and the Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000 (herein after referred to as the “DIP Guidelines”), relating to the reports required to be issued by chartered accountants in prospectus/statement in lieu of prospectus issued by the companies for the offerings made in India. 1.2 The relevant provisions of the Act dealt with in this Guidance Note are: (a) Section 2(36) – definition of prospectus; (b) Section 44(1)(b) – requirements to be complied with by a private company which becomes a public company by altering its Articles of Association; (c) Sections 55 to 68B – relating to issuance, contents and other matters with respect to prospectus; (d) Sections 603 to 608 – relating to prospectus issued by companies incorporated outside India; and (e) Schedules II, III and IV, containing details of contents required to be stated and reports to be set out in a prospectus or in a statement in lieu of prospectus. The Guidance Note also deals with relevant aspects of SEBI (DIP) Guidelines, 2000. 1.3 Section 2 (36) of the Companies Act, 1956 defines 'Prospectus' as any document described or issued as a prospectus and includes any notice, circular, advertisement or other document inviting deposits from the public or inviting offers from the public for the subscription or purchase of any shares in, or debentures of, a body corporate. The object of issuing a prospectus is, therefore, to invite the public to invest their moneys in the company. In order to enable the potential investors to take a well-informed decision in the matter, the Act and chapter VI of the DIP Guidelines spell out, in details, the information to be given in a prospectus. Furthermore, to ensure that the information required to be stated in a prospectus is truthfully disclosed, the relevant statutes prescribe severe penalties for untrue statements in a prospectus, the object of the law being to protect the potential investors. 134 Reports in Company Prospectuses 1.4 Schedule II to the Act deals with the matters to be specified in the prospectus and the reports to be set out therein. Schedules III and IV to the Act contain similar provisions with regard to statement in lieu of prospectus required to be delivered to the Registrar2. Requirements of Schedule II to the Act and Chapter VI of the DIP Guidelines are to be complied with when a company invites the public to subscribe its shares or debentures. Schedule III to the Act applies to a Company, which issues a statement in lieu of prospectus, or which has issued a prospectus but has not proceeded to allot any of the shares offered to the public for subscription. Schedule IV to the Act is applicable to a private company which becomes a public company by altering its Articles of Association. The provisions of Schedules II, III and IV are broadly similar. Part I of each of these Schedules specifies the matters to be stated; Part II, the reports to be set out; and Part III, the provisions which apply to Parts I and II. 1.5 Clauses 1, 2, 3, 4, and 5 of Part IIB of Schedule II deal with the reports to be set out in a prospectus and clauses 1 and 2 of Part II of Schedule III and Schedule IV deal with the reports to be set out in a statement in lieu of prospectus. Clauses 1, 2, 3 of Part IIB of Schedule II require a report by the auditors of the company, containing the particulars specified in the said clauses. Clauses 4 and 5 of Part IIB of Schedule II and clauses 1 and 2 of Part II of Schedule III and Schedule IV under the circumstances specified therein require a report, containing the specified particulars, by accountants, as named in the prospectus or the statement in lieu of prospectus. Clauses 6.10.2.1 to 6.10.2.5 of Chapter VI of the DIP Guidelines require the same reports to be set out in the prospectus as provided in clauses 1 to 5 of Part IIB of Schedule II to the Companies Act, 1956. Who are Eligible to Make the Reports 1.6 The report to be included in a prospectus under Clauses 1, 2, 3 of Part IIB of Schedule II should be made by the auditors of the Company. In case the Company has joint auditors, the report should be signed by all the joint auditors in accordance with the principles enunciated in Standard on Auditing (SA) 299, “Responsibility of Joint Auditors”. The report under clauses 4 and 5 should be 2 Attention of the members is drawn to notification no. 56(E) of February 10, 2006, issued by the Ministry of Company Affairs. In terms of the said notification, a new sub-rule (3) has been inserted in Rule 3 of the Companies (Central Government’s) General Rules and Forms, 1956. Pursuant to this insertion, e-filing of the forms mentioned in Annexure A to this sub rule is permitted. Form No. 2A which has been prescribed for providing the salient features of the prospectus is also one of the forms which can be e-filed. The conditions subject to which such e-filing of forms can be done have also been given in aforementioned notification. 135 Handbook of Auditing Pronouncements-II made by the accountant(s) who shall be named in the prospectus. According to clause 21(a) of Part III of Schedule II to the Act, the accountant shall be a person qualified under the Act for appointment as auditor of the Company. Clause 21(b) of Part III of Schedule II further states that the report shall not be made by any accountant who is an officer or servant or a partner or in the employment of an officer or servant of the Company or of the Company's subsidiary or holding company or of a subsidiary of the Company's holding company. It has been clarified that the expression "Officer" does not include an auditor. Schedules III and IV to the Act also contain identical provisions. 1.7 Further, in terms of Section 226(3)(d) and (e) of the Act, a chartered accountant who is indebted to the Company for an amount exceeding one thousand rupees, or who has given any guarantee or provided any security in connection with the indebtedness of any third person to the Company for an amount exceeding one thousand rupees or holds any security of that Company, is disqualified for appointment as its auditor. “Security” for this purpose means any instrument which carries voting rights. 1.8 From the above paragraph, it is clear that the intention of the Act is that even the ‘accountant’ should not have incurred any disqualification mentioned in section 226 (3) of the Act. Fees for Issuing the Reports 1.9 Clause 1 of Part IIB of Schedule II and clause 6.10.2.1 of the DIP Guidelines state that the report shall be made by the auditor(s) of the Company. An auditor appointed under Section 224 of the Act at the annual general meeting holds office until the conclusion of the next annual general meeting on a fee fixed under Section 224(8) of the Act. In terms of section 224 (8) of the Act, the remuneration of the auditor is fixed in such manner as the company in a general meeting may determine. Normally, the shareholders at the general meeting authorize the Board of Directors to fix up the fee of the auditor(s). The fee for issuance of the reports in the company prospectus is a part of the remuneration of the statutory auditor in terms of section 224(8) of the Act. It is, therefore, advisable for the members to ensure, before accepting the appointment for issuing the report in the prospectus, that the Board of Directors has requisite authority with them to fix the auditor’s fee. The amount of fee for making the reports is a matter of agreement between the company and the reporting member and is determined on the basis of factors such as the quantum of work involved, extent of the reporting auditor’s/accountant's responsibility, etc. 136 Reports in Company Prospectuses Signing the Report 1.10 Where the report is issued in a firm name, it should be signed by the member in his individual name, as partner/proprietor, as the case may be, for and on behalf of the firm, as in the case of other company audit reports, along with his membership number as required under Standard on Auditing (SA) 700, “The Auditor’s Report on Financial Statements”, issued by the Institute. Consent Letters 1.11 Section 60(3) of the Act requires that a prospectus delivered to the Registrar of Companies for registration, should be accompanied by the consent, in writing, of the persons named therein as the auditor, legal adviser, attorney, solicitor, banker or broker of the Company, to act in that capacity. Section 60(1) of the Act requires that the prospectus should have an endorsement thereon, or attached thereto, any consent required by section 58 from any person who is an expert in terms of section 58 of the Act. As stated above, a chartered accountant whose report is included in the prospectus is to be treated as an expert. According to Section 58, the expert should give his written consent to the issue of the prospectus, with his statement or report included in the form and context in which it is included. The prospectus should further state that he has not withdrawn his consent as aforesaid. A specimen format of the consent letter has been given in Appendix 1 to the Guidance Note. Comfort Letters 1.12 In certain circumstances, the issuer company may request the auditor(s) to provide a comfort letter on the financial information of the company to the Lead managers, legal counsel etc. The purpose of comfort letter is to assist Lead managers, legal counsels, etc., in performing a “due diligence review” process of the prospectus. The scope of comfort letter needs to be agreed with the underwriters, lead managers, etc. Comfort letters are not required under the DIP Guidelines, 2000 and copies of the same are not required to be filed with SEBI. It may, however, be noted that issuance of comfort letters is in the nature of an assurance engagement and thus, the fees received on account of issuance of comfort letter would not be considered in the ceiling on fees from an individual client. A brief overview of the concept of comfort letters, has been provided in Appendix 2 to the Guidance Note. 137 Handbook of Auditing Pronouncements-II Liability for Misstatement in Prospectus 1.13 In terms of the requirements of section 65 of the Act, a statement in the prospectus is deemed to be untrue, if it is misleading in the form and context in which it is included. Section 65 further provides that where the omission from a prospectus of any matter is calculated to mislead, the prospectus shall be deemed, in respect of such omission, to be a prospectus in which an untrue statement is included. However, a person liable to pay compensation may claim contribution as provided in Section 62(5) of the Act. Further, Section 15HB of the Securities and Exchange Board of India Act, 1992, also provides that whoever fails to comply with any of the provisions of the aforementioned Act, the rules or the regulations made thereunder or directions issued by SEBI thereunder, for which no separate penalty has been provided, shall be liable to a penalty which may extend to one crore rupees. 1.14 Every person who authorizes the issue of the prospectus is, in terms of Section 62 of the Act, liable to pay compensation to every person who subscribes for shares or debentures on the faith of the prospectus, for any loss or damage that the latter may have sustained by reason of any untrue statement included therein. However, a chartered accountant giving his consent under Section 58 or 60(3), shall be liable, only in respect of an untrue statement, if any, made by him in his capacity as an expert provided he fulfils the obligations mentioned in that Section. 1.15 The reporting auditor/accountant while carrying out such engagements, should also comply, to the extent practicable, with the principles enunciated in the Engagement and Quality Control Standards issued by the Institute. Since such types of engagements are subject to peer review requirements of the Institute, the auditor should properly document all the working papers necessary to provide evidence of the procedures performed and the basis of his conclusions therefrom. The member would also need to ensure compliance with the requirements of the Code of Ethics issued by the Institute of Chartered Accountants of India. Reports and Certificates 1.16 Clause 1 of Part IIB of Schedule II begins with the words "a report by the auditor..............", but later in the paragraph below sub-clause (b) of the said clause 1, the words "together with certificate from the auditor" have been used. The certificate as to the correctness referred to therein is required to be issued in respect of broken period only. Accordingly, the auditor may be required to apply 138 Reports in Company Prospectuses additional and/or more extensive procedures to be able to certify the correctness of the financial statements for the broken period. The concept of broken period has been explained further in paragraph 1.24. Rights and Powers 1.17 The next point for consideration is the rights and powers which a Chartered Accountant enjoys for performing his onerous duties in such engagement. In this connection it should be noted that only the report required by clauses 1, 2 and 3 of Part IIB of Schedule II and clauses 6.10.2.1, 6.10.2.2 and 6.10.2.3 of the DIP Guidelines is to be made by the Company's auditors; all other reports (clauses 4 and 5 of Part IIB of Schedule II and clauses 6.10.2.4, and 6.10.2.5 of the DIP Guidelines; clauses 1 and 2 of Part II of Schedules III and IV) are to be made by accountants to be named in the prospectus or statement in lieu of prospectus, and not necessarily by the Company's auditors. 1.18 In cases falling under clause 1, 2 and 3 of Part II of Schedule II to the Act, the report is to be given by the auditors, who, in turn, are empowered, by section 227(1) of the Act, to have a right of access at all times to the books and accounts of the company and to require from the officers of the Company, necessary information and explanations. Thus, they are vested with sufficient powers to discharge their duties. As mentioned in clause 21 of Part III of Schedule II to the Act, the reporting accountant envisaged in clauses 4 and 5 of Part IIB of Schedule II should be a Chartered Accountant but not an officer or a servant of the company. It may also be noted that such accountant has no statutory powers. Therefore, he should ensure that necessary authority is given to him by the Board of Directors to discharge his duties and must mention the need for such powers in the engagement letter issued by him for this engagement. To Whom Should the Report be Made 1.19 There are no provisions either in the Act or in the DIP Guidelines as to whom the report should be made. The usual practice is to address the report to the Board of Directors of the Company. Overview of Part II of Schedules II, III and IV of the Act 1.20 For convenience, IIB (1, 2 & 3) will denote clauses 1, 2 and 3, respectively of Part II of Schedule II to the Act and IIB (4) and IIB (5) will denote clauses 4 and 5 of Part II of Schedule II to the Act, respectively. Similarly, III (1) and III (2) will denote clauses (1) and (2) of Part II of Schedule III to the Act, respectively, and IV (1) and IV (2) will refer to clauses (1) and (2) of Part II of Schedule IV to 139 Handbook of Auditing Pronouncements-II the Act, respectively. Clause IIB (1, 2 & 3) deals with a company, and its subsidiaries, if any. Clauses IIB (4), III (1) and IV (1) deal with the purchase of a business. The variations in the detailed requirements among these clauses have been dealt separately. Clauses IIB (5), III (2) and IV (2) deal with acquisition of a subsidiary company. Financial Information of the Issuer Company 1.21 Clause IIB (1) of the Act and clause 6.10.2.1 of the DIP Guidelines require that the prospectus issued by the Issuer Company should contain a report by its auditors with respect to: (a) profits and losses and assets and liabilities, in accordance with sub clause (2) or (3), as the case may require (these have been dealt with in paragraph 1.26 and 1.27, respectively); and (b) the rates of dividends, if any, paid by the issuer company in respect of each class of shares in the issuer company for each of the five financial years immediately preceding the issue of the prospectus, giving particulars of each class of shares on which such dividends have been paid and particulars of the cases in which no dividends have been paid in respect of any class of shares for any of those years. Clause II B(1) also requires that where no accounts have been made up in respect of any part of the period of five years ending on a date three months before the issue of the prospectus, a statement of that fact should also be given. The report should also be accompanied by a statement of the account of the Issuer Company in respect of that part of the said period up to a date not earlier than six months of the date of issue of the prospectus indicating the profit or loss for that period and the assets and liabilities position as at the end of that period together with a certificate from the auditors that such account has been examined and found correct by them. The said statement may indicate the nature of provision or adjustments made or are yet to be made. 1.22 It may be noted that though the law requires the auditors to certify the correctness of the financial statements of the broken period, yet having regard to the fact that such financial statements would invariably involve accounting and other estimates, the members should make it clear in their reports on prospectus that they have carried out their examination of the financial statements for the broken period in accordance with the Engagement and Quality Control Standards. The Engagement and Quality Control Standards require that the 140 Reports in Company Prospectuses auditor plan and perform the audit to obtain reasonable assurance in respect of the subjected financial statements/ information. Further, the Engagement and Quality Control Standards also provide that while performing the audit procedures to obtain such reasonable assurance, the auditor should also consider the concept of materiality. 1.23 In general, the requirement is to give the figures of profits and losses for the five financial years preceding the issue of the prospectus or statement in lieu of prospectus. If the entity has been carrying on business for less than five financial years, the figures are to be given for the actual period. Where the five financial years immediately preceding the issue of the prospectus cover a period less than five years, i.e., 60 months (this can happen if the Company has changed its accounting period), the report should cover as many financial years as may be necessary, so that the aggregate period covered is not less than five years (60 months) having regard to Clause 19 of Part III of Schedule II which states that if the five financial years cover a period less than 5 years then financial year would be substituted by year. 1.24 The Company Law Board in consultation with the Ministry of Law has clarified vide its communication no. 5/72, CL VI, 65 dated 11th November 1968, that the period of “five years” refers to simple period of five years ending on a date three months before the issue of the prospectus. Hence, every company will have to furnish in the prospectus, accounts up to a date not earlier than six months from the date of issue of the prospectus, irrespective of the fact whether or not the financial year of the Company closes on a date three months before the issue of the prospectus. To illustrate, suppose a Company's accounting year ends on 31st March 2006 and it issues a prospectus when its accounts for the year ended March 2006 have been made up. In such case, no accounts for the part of the period is required to be given if the prospectus is issued before 30th September 2006. The auditor is required to give his report on simple five years, equivalent to sixty months, irrespective of number of financial years, in case company changes its accounting period. To illustrate, let us assume that the accounting periods of the company are as follows: I April 2004 - March 2005 : 12 months II June 2003 - March2004 : 10 months III October 2002 - May 2003 : 8 months IV April 2002 - September 2002 : 6 months 141 Handbook of Auditing Pronouncements-II V October 2000 - March 2002 : 18 months VI April 2000 - September 2000 : 6 months In present case though going backward, five financial years end on Oct 2000, the report should take into account another accounting year to complete period equivalent to 60 months. In this case, another accounting year consists of 6 months only. However, even if it consists of more than six months say 12 months, say ending on October 1999 (exceeding period of 60 months), the auditor will have to report for the entire accounting period i.e., upto October, 1999, and not restrict to the fraction of the year. However, if the accounts for the year ended March 2006 have not been made up, then if the prospectus is issued, say on 30th June 2006, the Company would be required to give a statement of account made up to at least 31st Dec, 2005 and if the prospectus is issued on or after 1st July, 2006, say on 31st July, a statement of accounts made up to, at least, 31st January, 2006 is required to be given. 1.25 Sections 60(1)(b)(ii) and 70(2), Clause 203 of Part III of Schedule II of the Act and clause 6.10.2.7 (b) of the DIP Guidelines require that the auditor’s report should also, either: (a) indicate by way of note, any adjustments as regard the figures of any profits or losses or assets and the liabilities dealt with by the report which appear necessary to the persons making the report; or (b) make these adjustments and indicate that adjustments have been made. In the case of (b), the reporting auditor/accountant should also give a signed statement setting out the adjustments and the reasons therefor and such statement is to be delivered to the Registrar along with the prospectus. For an illustrative statement of adjustments, members are requested to refer to Annexure IV of Appendix 6 to the Guidance Note. 1.26 In terms of clause IIB (2) of the Act and clause 6.10.2.2 of the DIP Guidelines, if the issuer Company has no subsidiaries, the report issued should cover the following: (a) the profits or losses of the issuer Company (distinguishing items of a non- recurring nature) for each of the five financial years immediately preceding the issue of the prospectus; and 3 It may be noted that section 60 of the Act refers to clause 32 of Schedule II which has since been amended and the new clause number is 20 of Part III of Schedule II. 142 Reports in Company Prospectuses (b) the assets and liabilities of the issuer company at the last date to which the accounts of the issuer Company were made up. 1.27 Clause IIB(3) of the Act and clause 6.10.2.3 of the DIP Guidelines provide that if the issuer company has subsidiaries, the report issued would cover: (a) separately, the Issuer Company’s profits or losses as provided above in paragraph 1.26 and in addition, deal either: (i) as a whole with the combined profits or losses of its subsidiaries, so far as they concern the members of the issuer Company; or (ii) individually with the profits or losses of each subsidiary, so far as they concern the members of the issuer Company. Alternatively, instead of dealing separately with the issuer Company’s profits or losses, the report may deal as a whole with the profits or losses of the issuer Company, and with the combined profits or losses of its subsidiaries so far as they concern the members of the issuer Company; and (b) separately, the issuer Company’s assets and liabilities as provided above in paragraph 1.28 and in addition, deal either: (i) as a whole with the combined assets and liabilities of its subsidiaries, with or without the issuer Company’s assets and liabilities; or (ii) individually with the assets and liabilities of each subsidiaries; In addition, the report should also indicate as respects the assets and liabilities of the subsidiaries, the allowance to be made for persons other than the members of the issuer Company. 1.28 From the provision of the Act and DIP Guidelines as stated in paragraph 1.27 above, it can be seen that there are various methods for incorporating the financial information of the issuer Company and its subsidiaries in the prospectus. The methods are explained below: (a) Consolidated financial information in respect of the issuer Company along with the issuer Company’s interest in the subsidiary Companies, and stand alone financial information of the issuer Company; or (b) Information of the issuer Company and issuer Company’s interest in the subsidiary Companies be combined for all such subsidiaries; or 143 Handbook of Auditing Pronouncements-II (c) Information of the issuer Company and issuer Company’s interest in the subsidiary Companies to be given individually in respect of each such subsidiary. However, presenting the information as per method (a) should be preferred as it is in line with the requirements of Accounting Standard (AS) 21, “Consolidated Financial Statements” and the consolidation should be done in accordance with the principles outlined in AS 21. 1.29 It may be noted that the DIP guidelines and Schedule II are silent as to the interest in partnership(s), joint ventures, and associates. It is recommended that wherever consolidated financial statements are presented, accounting in respect of investments in joint ventures and associates should be done as per the requirements of Accounting Standard (AS) 23 “Accounting for Investments in Associates” and Accounting Standard (AS) 27 “Accounting for Investments in Joint Ventures” and a suitable disclosure of the same should be made in the financial statements. It is also recommended that in case where consolidated financial statements are not required to be presented, the issuer Company should also disclose interest in the joint ventures and associates. 1.30 There may be cases where the holding company has been in existence for a period shorter than the subsidiary. In such cases, the figures have to be given for the holding company for the period it has been in existence, and for the subsidiary only for the period for which it has been such holding Company's subsidiary company or partnership firm. 1.31 It may be noted that as per Clause 6.10.3 of the DIP Guidelines, the issuer Company is required to disclose information with respect to its group companies, but the auditor is not required to report on the same. 1.32 Clause IIB(4) and clause 6.10.2.4 of the DIP Guidelines also require a report made by an accountant (who would be named in the prospectus) in case the proceeds, or any part of the proceeds, of the issue of the shares or debentures are, or is, to be applied directly or indirectly: (a) in the purchase of any business; or (b) in the purchase of an interest in any business and by reason of that purchase, or anything to be done in consequence thereof, or in connection therewith; the issuer Company will become entitled to an interest as respects either the capital or profits and losses or both, in such business exceeding fifty percent, thereof. 144 Reports in Company Prospectuses The abovementioned report would cover the following aspects: (i) the profits or losses of the business of each of the five financial years immediately preceding the issue of the prospectus; and (ii) the assets and liabilities of the business at the last date to which the accounts of the business were made up, being a date not more than one hundred and twenty days before the date of the issue of the prospectus. 1.33 Similarly, clause III(1) requires an accountant’s report on specified aspects in case where the issuer company proposes to acquire a business. The accountant’s report should cover the following aspects: (a) the profits or losses of the business in respect of each of the five financial years immediately preceding the delivery of the statement in lieu of prospectus to the Registrar; and (b) the assets and liabilities of the business at the last date to which the accounts of the business were made up. 1.34 Also, in terms of clause IV(1), where the unissued shares or debentures of the Company are to be applied in the purchase of a business, the prospectus should also contain an accountant’s report upon: (a) the profits or losses of the business in respect of each of the five financial years immediately preceding the delivery of the statement in lieu of prospectus to the Registrar; and (b) the assets and liabilities of the business at the last date to which the accounts of the business were made up. 1.35 The above clauses are similar to the extent they deal with the acquisition of a business. The accountant is required to report on the profits or losses of the business for each of the five financial years immediately preceding the issue of the prospectus or the delivery of the statement in lieu of prospectus to the Registrar, as the case may be. The reporting accountant should also report upon the assets and liabilities of the business at the last date to which the accounts of the business are made up. Clause IIB (4) and clause 6.10.2.4 of DIP Guidelines stipulate that such date should not be more than 120 days prior to the date of issue of the prospectus. However, there is no such period for the reports under clauses III (1) and IV (1). 1.36 Further, the proceeds, or any part of the proceeds of the issue of the shares or debentures, are or is to be applied directly or indirectly, (i) in the 145 Handbook of Auditing Pronouncements-II purchase of any business, or (ii) in the purchase of an interest in any business, and by reason of that purchase or anything to be done in consequence thereof, or in connection therewith, the Company will become entitled to an interest, as respects either the capital or profits and losses or both, in such business exceeding fifty per cent thereof. Clause IV (1) prescribes the following further condition for the clause to apply: "If unissued shares or debentures of the company are to be applied in the purchase of a business." Therefore, it may appear that if the business is to be acquired by allotting shares or debentures; (i.e., not by cash payment), clause IIB(4) would not apply. Similarly, if the business is to be acquired by cash payment, clause IV(1) will not apply. However, the interpretation as to the non-applicability of clause IIB(4) if the business is acquired by allotting shares or debentures, does not seem to be correct since even in such cases, the shares or debentures so allotted will have to be serviced and the potential investors must know about these matters. Therefore, having regard to the purpose of the accountants' report, the clause should be interpreted liberally, and thus, the constructive receipt of cash and the application thereof for the acquisition of the business (which is implicit in the allotment of shares or debentures for acquiring a business), should be viewed as application of the "proceeds" of the issue. Further, clause (10) of Part IIC of Schedule II requires the disclosure of details of "the amount paid or payable in cash, shares or debentures to the vendor" in respect of any property "purchased or acquired by the company or proposed to be purchased or acquired which is to be paid for wholly or partly out of the proceeds of the issue offered for subscription." In view of this, it would appear that if the business (or interest therein) is acquired by the allotment of shares or debentures then also the accountants should report upon the profits and losses and assets and liabilities of the business, as explained in paragraph 1.35 above. A point to be noted is that the particulars are required only if the Company's interest in the capital, or the profits/losses of the business, or both, exceeds 50% thereof; anything up to and including 50% does not require such a report. It also appears that investment in a partnership or a joint venture, or a lease of a business will be covered by the expression "interest in a business." 1.37 Further, in terms of the requirements of clause IIB(5) of the Act and clause 6.10.2.5 of the DIP Guidelines: (a) If: (i) the proceeds, or any part of the proceeds, of the issue of the shares or debentures are or is to be applied directly or indirectly in any 146 Reports in Company Prospectuses manner resulting in the acquisition by the issuer Company of shares in any other body corporate; and (ii) by reason of that acquisition or anything to be done in consequence thereof or in connection therewith, that body corporate will become a subsidiary of the issuer Company; the prospectus should also contain a report made by accountants (who shall be named in the prospectus) upon: (i) the profits or losses of the other body corporate for each of the five financial years immediately preceding the issue of the prospectus; and (ii) the assets and liabilities of the other body corporate at the last date to which its accounts were made up. The clause also requires that the report should: (i) indicate how the profits or losses of the other body corporate dealt with by the report would, in respect of the shares to acquired, have concerned members of the issuer company and what allowance would have fallen to be made, in relation to assets and liabilities so dealt with for holders of other shares, if the issuer company had at all material times held the shares to be acquired; and (ii) where the other body corporate has subsidiaries, deal with the profits or losses and the assets and liabilities of the body corporate and its subsidiaries in the manner provided by sub-clause (a)(ii) above in relation to the issuer company and its subsidiaries. 1.38 Clause III(2) states that where the Issuer Company proposes to acquire shares in a body corporate which by reason of the acquisition or anything to be done in consequence thereof or in connection therewith will become a subsidiary of the company, a report should be made by the accountant with respect to the profits and losses and assets and liabilities of the other body corporate in accordance with sub-clause (2) or (3) of this clause, as the case may require, indicating how the profits or losses of the other body corporate dealt with by the report would, in respect of the shares to be acquired, have concerned members of the company, and what allowance would have fallen to be made, in relation to assets and liabilities so dealt with, for holders of other shares, if the company had at all material times held the shares to be acquired. 147 Handbook of Auditing Pronouncements-II If the other body corporate has no subsidiaries, the report referred to in sub- clause (1) should - (a) deal with the profits or losses of the body corporate in respect of each of the five financial years immediately preceding the delivery of the statement to the Registrar; and (b) deal with the assets and liabilities of the body corporate as at the last date to which the accounts of the body corporate were made-up. If the other body corporate has subsidiaries, the report referred to in sub-clause (1) should- (a) deal separately with the other body corporate’s profits or losses as provided by sub-clause (2) and in addition deal either– (i) as a whole with the combined profits or losses of its subsidiaries so far as they concern members of the other body corporate; or (ii) individually with the profits or losses of each subsidiary, so far as they concern members of the other body corporate; Alternatively, instead of dealing separately with the other body corporate's profits or losses, the report may deal as a whole with the profits or losses of the other body corporate, and so far as they concern members of the other body corporate, with the combined profits or losses of its subsidiaries; and (b) so far as regards assets and liabilities, deal separately with the other body corporate's assets and liabilities as provided by sub-clause (2) and, in addition, deal either- (i) as a whole with the combined assets and liabilities of its subsidiaries, with or without the other body corporate's assets and liabilities; or (ii) individually with the assets and liabilities of each subsidiary; and shall indicate, as respects the assets and liabilities of the subsidiaries, the allowance to be made for persons other than members of the company. 1.39 Clause IV (2) states that if unissued shares or debentures of the company are to be applied directly or indirectly in any manner resulting in the acquisition of shares in a body corporate which by reason of the acquisition or anything to be done in consequence thereof or in connection therewith will become a subsidiary of the company, a report should be made by accountants (who shall be named in the 148 Reports in Company Prospectuses statement) with respect to the profits and losses and assets and liabilities of the other body corporate in accordance with sub-clause (2) or (3) of this clause, as the case may require, indicating how the profits or losses of the other body corporate dealt with by the report would, in respect of the shares to be acquired, have concerned members of the company, and what allowance would have fallen to be made, in relation to assets and liabilities so dealt with, for holders of other shares, if the company had at all material times held the shares to be acquired. If the other body corporate has no subsidiaries, the report referred to in sub- clause (1) should– (a) deal with the profits or losses of the body corporate in respect of each of the five financial years immediately preceding the delivery of the statement to the Registrar; and (b) deal with the assets and liabilities of the body corporate as at the last date to which the accounts of the body corporate were made-up. If the other body corporate has subsidiaries, the report referred to in sub-clause (1) should– (a) deal separately with the other body corporate's profits or losses as provided by sub-clause (2), and in addition deal either- (i) as a whole with the combined profits or losses of its subsidiaries, so far as they concern members of the other body corporate; or (ii) individually with the profits or losses of each subsidiary, so far as they concern members of the other body corporate; Alternatively, instead of dealing separately with the other body corporate's profits or losses, the report may deal as a whole with the profits or losses of the other body corporate and, so far as they concern members of the other body corporate, with the combined profits or losses of its subsidiaries; and (b) so far as regards assets and liabilities, deal separately with the other body corporate's assets and liabilities as provided by sub-clause (2) and in addition, deal either- (i) as whole with the combined assets and liabilities of its subsidiaries, with or without the other body corporate; assets and liabilities; or (ii) individually with the assets and liabilities of each subsidiary; and shall indicate, as respects the assets and liabilities of the subsidiaries, the 149 Handbook of Auditing Pronouncements-II allowance to be made for persons other than members of the company. 1.40 The clauses mentioned in paragraphs 1.39 are similar in nature as they deal with the acquisition of shares in any other body corporate which would lead to making it a subsidiary company of the Issuer Company. The accountants are required to report on the profits or losses of the said subsidiary for each of the five financial years immediately preceding the issue of the prospectus or the delivery of the statement in lieu of prospectus. The reporting accountant should also report upon the assets and liabilities of the subsidiary at the last date to which its accounts were made up. It may be noted that these clauses, unlike Clause IIB(4), do not prescribe a ceiling on the time-lag between the date to which the accounts are made up, and the date of the prospectus (or the delivery of the statement in lieu of prospectus). The relevant rules also require that the accountant's report should deal with the subsidiaries, if any, or the subsidiary to be acquired, in the same manner as stated in Clause IIB (3). Accounting and Auditing Aspects 2.1 As stated earlier in preceding paragraphs, the reporting auditor/accountant is required to report on the profits and losses (distinguishing items of non- recurring nature) for the preceding five years and on the assets and liabilities, after making such adjustments as explained in paragraph 2.2 below. The term non-recurring has not been defined either in the Act or in the DIP Guidelines. The reporting accountant should therefore keep in mind the object of the law viz., the protection of potential investors, and accordingly, his report should provide the information that he considers will be relevant for a reader to make decisions regarding investment in the Company. Since what constitutes “non recurring” has been defined neither in the Act nor the DIP guidelines, members should draw guidance in this regard from the Accounting Standard (AS) 5, “Net Profit or Loss for the Period, Prior Period Items and Changes in Accounting Policies”. 2.2 The Statements of Assets and Liabilities and Profit and Loss Account or any other financial information needs to be adjusted in the following manner. (a) Adjustments for all incorrect accounting practices or failure to make provisions or other adjustments, which resulted in audit qualification. It is relevant to note here that in case of prospectus, the auditor/ accountant reports on the Statement of Assets and Liabilities and the Profit and Loss Account extracted from the audited financial statement and approved by the Board of Directors to which further adjustments may be required. 150 Reports in Company Prospectuses Accordingly, it is expected that all quantifiable adjustments are carried out and only non-quantifiable qualifications remain unadjusted. Any non- quantifiable qualification should, however, be dealt with in the auditor’s/accountant’s report appropriately in accordance with the provisions of SA 700. (b) As per DIP Guidelines, material amounts relating to adjustments for previous years should be adjusted in arriving at the profits for the years to which they relate irrespective of the year in which event triggering the profit or loss has occurred. In other words, where there are material facts which would have been taken into consideration while preparing the accounts for the respective years, had those facts been known at that time, the same should be considered in the year to which it relates. The auditor should, therefore, review the relevant information in respect of earlier years, such as, settlement of significant litigations items already reported as prior period adjustments, extraordinary items identified and adjusted in the respective years etc. (c) Where there has been a change in accounting policy, the profits or losses of the earlier years (required to be shown in the prospectus) and of the year in which the change in accounting has taken place should be recomputed to reflect the profits or losses of those years that would have been if a uniform accounting policy was followed in each of these years. It should be noted that, if for any of these years, the change is not quantifiable, the same needs to be brought out in the report of the auditor/accountant. It is likely that the companies would have changed accounting policies to comply with several of the Accounting Standards that have become mandatory in the recent past. The Standards become applicable from a particular date specified in the Standard and some Standards have transitional provisions as well. In this regard, the date when the Standard became mandatory should be ignored and the same should be applied as if the Standard was mandatory throughout the period covered by the auditor/accountant. However, in case of practical problems in adoption of a Standard in earlier years for making the adjustment, the fact should be adequately brought out in the auditor’s/accountant’s report as an emphasis of matter paragraph or a qualification, as may be necessary, depending upon the facts and circumstances of each case. (d) Statement of profit or loss should disclose either the profit or loss arrived at before and after considering the profit or loss from extraordinary items. The turnover disclosed in the Profit and Loss Statement should be bifurcated 151 Handbook of Auditing Pronouncements-II into: (i) turnover of products manufactured by the issuer company; (ii) turnover of products traded in by the issuer company; and (iii) turnover in respect of products not normally dealt in by the issuer company but included in (ii) above, should be mentioned separately. Further, in all cases where other income (net of related expenses) exceeds 20% of the net profit before tax, then the details of such income is also required to be disclosed. Such disclosure should include: (i) the sources and other particulars of such income; and (ii) an indication as to whether such income is recurring or non-recurring, or has arisen out of business activities/ other than the normal business activities. (iii) The statement of assets and liabilities should be prepared after deducting the balance outstanding on revaluation reserve account both from fixed assets and reserves and the net-worth arrived at after such deductions. 2.3 In addition to above, clause 6.10.2.7 of the DIP Guidelines requires the following other information to also be disclosed by the issuer Company: (i) the changes (with quantification, wherever possible) in the activities of the issuer company which may have had a material effect on the statement of profit/ loss for the five years, including discontinuance of lines of business, loss of agencies or markets and similar factors. (ii) the accounting and other ratios for each of the accounting periods for which the financial information is given. These ratios, as explained below are computed on the basis of restated financial statement. a. Earnings Per Share: This ratio is calculated after excluding extra ordinary items and as per the provisions of Accounting Standard (AS) 20, “Earnings Per Share”. b. Return on Net Worth: This ratio is calculated excluding revaluation reserves as section 2(29A) of the Act defines net worth as the sum total of paid up share capital and free reserves and free reserves do not include reserves created by revaluation of assets, write back of depreciation provisions and amalgamation. Further, the debit balance of profit and loss account, if any, should be adjusted against the free reserves before calculating the ratio. c. Net Asset Value Per Share: This ratio is calculated excluding revaluation reserves. 152 Reports in Company Prospectuses (iii) A Capitalisation Statement showing total debt, net worth, and the debt/equity ratios before and after the issue is made. The same is sometimes not possible as the post issue capitalization can only be determined after final pricing of the issue based on the book building process and this fact needs to be disclosed. Also, in case of any change in the share capital since the date as of which the financial information has been disclosed in the prospectus, a note explaining the nature of the change should be given. An illustrative capitalization statement is given in Appendix 3 to the Guidance Note. (iv) The break-up of total outstanding unsecured loans taken by the issuer company along with the terms and conditions, including interest rates and the repayment schedule. Further, the fact whether the loan can be recalled by the lenders at any time needs to be disclosed in the risk factors. (v) The following disclosures along with explanations for understanding the future tax incidence on the Company: (i) permanent differences and timing differences (ii) timing differences which can be reversed in the future, for example, the difference between book depreciation and tax depreciation. The term tax shelter has not been defined in any of the statutes. However, the dictionary meaning of the term is “an investment intended to reduce the income tax liability”. Tax shelter statement requires to disclose tax at the notional rate and other adjustments which could be in the nature of permanent and timing differences as identified in accordance with Accounting Standard (AS) 22, “Accounting for Taxes on Income”. These adjustments may be verified with the income tax returns and other records giving effect of the appeal and other assessment orders in those respective assessment years. In nutshell, the tax shelter statement is a reconciliation between provision for tax according to the Income-tax Act, 1961 and tax expense as explained in AS 22 after considering the effect of permanent differences. (vi) The issuer company, if it so desires, may include in the prospectus, the financial statements prepared on the basis of more than one accounting practice, subject to disclosure of the material differences arising because of different accounting practices. (vii) The accountant will have to consider whether all the Significant Accounting Policies and Notes on Accounts appearing in the published accounts need 153 Handbook of Auditing Pronouncements-II to be reproduced. It may well be that many of them can be omitted. It may equally be found necessary to add certain new items. In any case, all significant accounting policies and standards followed in the preparation of the financial statements based on which the Statement of Assets and Liabilities and Statement of Profit and Loss has been extracted should be disclosed. It must be appreciated that the usual Profit and Loss Account and Balance Sheet are general-purpose financial statements. While using such financial statements for a specific purpose, it may be necessary to make certain adjustments in view of the nature of information required. Such adjustments, however, do not imply any criticism of the accounts as originally drawn up since the adjustments are to be made because of the differences in perspective. In making the adjustments, the accountant should exercise his professional judgment and independence. (viii) As the figures to be given in the financial information are to be given for five financial years (minimum of 60 months), therefore, there may be accounts which have not been audited by the auditor giving report at the time of issue of prospectus. Accordingly, in such cases, reports from the auditors of the respective periods covered in the period of 60 months will have to be taken and the same would be relied upon by the auditor giving the final report. The audit procedures to be followed in such case should be in line with the procedures stated in the Standard on Auditing (SA) 600, “Using the Work of Another Auditor”. The fact that the financial statements audited by other auditors have been relied upon for reporting in the prospectus needs to be disclosed in the report given by the auditor. (ix) Similar disclosure as in (viii) would also be required in case of branch accounts, project operations, associate companies, joint ventures, partnership firms and subsidiary companies which have been incorporated in the financial information or which have been stated in the report set out in the prospectus and which have been audited by the auditors other than that/those issuing the report in the prospectus. (x) Report given by the accountant also would disclose reliance, if any, on the accounts audited by other auditor(s) as the accountant may not be the auditor of the Company or the business/body corporate being purchased/acquired. 154 Reports in Company Prospectuses (xi) The law does not specify whether the report should show the profits before or after taxes. The usual practice, and the recommended procedure, is to show the profit before tax, the charge for tax, and the profit after tax. 2.4 As explained in paragraph 1.23, it may become necessary to prepare accounts for part of the current accounting period. This need should be identified as early as possible so that there is adequate time to organise for the preparation of accounts for such broken period and for their audit. In preparation of accounts for the broken period, the recognition and measurement principles laid down in Accounting Standard (AS) 25, “Interim Financial Reporting” should be applied. AS 25 requires that an enterprise should apply the same accounting policies in its interim financial statements as are applied in its annual financial statements, except for accounting policy changes made after the date of most recent audited financial statements that are to be reflected in the next annual financial statements. The preparation of interim financial statements should not affect the measurement of its annual results. Revenues that are received seasonally or occasionally within a financial year should not be anticipated or deferred as of an interim date if anticipation or deferral would not be appropriate at the end of the enterprise’s financial year. Similarly, costs that are incurred unevenly during an enterprise’s financial year should be anticipated or deferred for the broken period if, and only if, it is also appropriate to anticipate or defer that type of cost at the end of the financial year. If it is identified during the preparation of the interim financial statement that there is a change in the accounting policy or that there is an error of the past, the same needs to be adjusted not only in the Statement of Profit or Loss or Statement of Assets and Liabilities or other financial information for the broken period but also in the years being reported upon by the auditor/ accountant in the same principles as setout in paragraph 2.2 above. 2.5 The report on profits to be included in the prospectus is usually fairly detailed, starting from the sales turnover, and showing the cost of sales with varying degrees of detail, ending up with profits before tax, provision for taxation and profits after tax. The statement of assets and liabilities may be so arranged that liabilities are deducted from the assets ending with the owner's funds (share capital and reserves). Refer Appendix 3 to the Guidance Note for the format prescribed in the DIP Guidelines. A specimen format of the report of auditors in Company prospectuses is given as Appendix 4 to this Guidance Note. Also, in case of a report by an accountant who is not the auditor, the same format can be modified as necessary. A specimen format of the report of auditors’ on consolidated financial statements and information in the Company Prospectus is 155 Handbook of Auditing Pronouncements-II given as Appendix 5 to the Guidance Note. An illustrative format of the restated financial statements to be given in the prospectus is given as Appendix 6 to the Guidance Note. 2.6 In the interest of both client and auditor, the auditor/reporting accountant should send an engagement letter, preferably before the commencement of the engagement, to help avoid any misunderstandings with respect to the engagement. In this regard, the auditor/ reporting accountant should conform to the requirements of Standard on Auditing (SA) 210, “Terms of Audit Engagement” issued by the Institute. An illustrative format of the Engagement letter is given as Appendix 7 to the Guidance Note. 2.7 The auditor should obtain evidence that management acknowledges its responsibility for the appropriate preparation and presentation of financial information and that management has approved the financial information including the restatement as detailed in paragraph 2.2 above. In this regard it is advisable to get the financial information adopted by the Board of Directors. The auditor should also obtain other representations from management, as considered appropriate in terms of Standard on Auditing (SA) 580, “Representations by Management” issued by the Institute. Since the reporting accountant would, in due course, be required to give his consent to the inclusion of his report in the prospectus in the form and context in which it is so included. For this purpose, he should study the prospectus carefully and also take note of: (a) the manner in which the directors, in their estimate of current and future profits, would deal with figures shown in the accountant's report and with matters to which attention has been drawn in that report; (b) the manner in which the directors have dealt with any special circumstances, where the reporting accountant has decided that no reference thereto is necessary in his report. He should also obtain the necessary management certificates and representations as stated above and only after satisfying himself of the above, should he provide the Company with the consent letter. 2.8 If, after giving his report but before the issue of the prospectus, or after the issue of the prospectus and before allotment thereunder, the reporting accountant/auditor becomes aware of any important information which significantly affects the report given by him, he would need to consider whether he should withdraw his consent by writing to the company, the Registrar of Companies, the stock exchanges, and through suitable press publicity. The 156 Reports in Company Prospectuses subject is complex and it will be prudent for the members to seek legal advice in case such a situation arises. 2.9 For a further reading on some common issues associated with prospectus, readers are requested to refer Appendix 8 to the Guidance Note, containing an extract of some frequently asked questions in respect of prospectus as prepared and answered by SEBI. 157 Handbook of Auditing Pronouncements-II Appendix 1 Specimen Format of the Consent Letter (Refer paragraph 1.11) [Date] The Board of Directors [Name and Address of the Company] Dear Sirs, Proposed Offering of securities in India by [name of the issuer] (the “Issuer”). We hereby consent to use in this Draft Red Herring Prospectus, the Red Herring Prospectus and the Prospectus of [name of the issuer] (the “Issuer”) to be submitted/filed with the Securities Exchange Board of India (SEBI) and the Registrar of Companies (ROC) our reports dated [date] relating to [financial information prepared under SEBI (Disclosure and Investor Protection) Guidelines, 2000, as amended (the “Guidelines”) and Part IIB of Schedule II to the Companies Act, 1956, Statement of Tax Benefits, and specify others], which appears in such Prospectus. We also consent to the references to us as [“Auditors”] or [“Reporting Accountant”]* under the headings “[Definitions and Abbreviations]”, “[General Information]”, and “[other sections]” in such Prospectus. The above consents are subject to the condition that we do not accept any responsibility for any reports or matters (including information sent to Merchant Bankers) or letters included in the offer documents. Neither we nor our affiliates shall be liable to any investor or merchant bankers or any other third party in respect of the proposed offering. Further, the Company agrees to indemnify us and our affiliates and hold harmless from all third party (including investors and merchant bankers) claims, damages, liabilities and costs arising consequent to our giving consent. For ABC and Co. Chartered Accountants Signature [Name of the Member] Designation** Place of Signature: Membership Number Date: * Chartered Accountants providing consents separately as “Auditors” and as “Reporting Accountant” should provide consents by issuing two separate consent letters. ** Partner or proprietor, as the case may be. 158 Reports in Company Prospectuses Appendix 2 Comfort Letters (Refer Paragraph 1.12) 1. A prospectus is issued with the intention of inviting the public to subscribe to the securities being offered by the issuer. The decision to invest in the securities is dependent to a large extent on the financial and other information contained in the prospectus. To help investors make an informed decision, the prospectus contains huge amounts of data, prepared with the help of a number of experts. Over the period, a number of mechanisms have developed in the securities market to provide the general public easier and fair access to securities of the issuer. The need for comfort letters has arisen mainly due to the emergence of the concept of underwriting. Therefore, before understanding the concept of “comfort letters” it may be useful to understand what is underwriting. 2. Underwriting involves selling of securities from the issuer to the public to ensure successful distribution. There can be two types of underwriting agreements, one, hard underwriting and two, soft underwriting. Hard underwriting is when an underwriter agrees to buy his commitment at its earliest stage. The underwriter guarantees a fixed amount to the issuer from the issue. Thus, in case the shares are not subscribed by investors, the issue is devolved on underwriters and they have to bring in the amount by subscribing to the shares. The risk borne by the underwriter in case of hard underwriting is much higher as compared to that in soft underwriting. Soft underwriting is when an underwriter agrees to buy the shares at later stages as soon as the pricing process is complete. He then, immediately places those shares with institutional players. The risk faced by the underwriter as such is reduced to a small window of time. Also, the soft underwriter has the option to invoke a force majeure clause in case there are certain factors beyond the control that can affect the underwriter’s ability to place the shares with the buyers.4 3. From the above, it is clear that the underwriters and lead managers (hereinafter referred to as “requesting parties”) to the issue face a lot of risk while dealing in public issues. Added to this is the fact that the regulator of the securities markets are normally very sensitive in the matters of ensuring free, fair and transparent issue process so that no body is able to obtain an undue advantage of the offer. Accordingly, most of the securities regulations provide 4 Source: SEBI. 159 Handbook of Auditing Pronouncements-II heavy penalties in case any of the market players is found wanting on the grounds of the issue process or the information provided to the investors in the prospectus. For example, section 15HB of the Securities and Exchange Board of India Act, 1994 provides for penalty upto Rupees one crore. As a consequence, underwriters and lead managers normally undertake a due diligence process on the information contained in the prospectus. As a part of that process, they also seek to obtain an added level of comfort from the auditors on a various aspects of the prospectus (in the form of a comfort letter), in addition to the report of the auditors already contained in the prospectus. This comfort letter is not to be filed with the regulator/ stock exchange(s). Normally, the need for a comfort letter is set out as a precondition in the underwriting agreement itself. 4. Since the auditor’s association with the financial information contained in the prospectus is limited to the five financial years and the broken period, the requesting parties usually seek comfort letters in respect of such financial information in respect of which there is no report by the auditor but wherefor the requesting parties need a due diligence to be carried out to ensure correctness of such information. The extent of examination required to be done in respect of such financial information as would satisfy the requesting parties would need to be decided by themselves. The auditor(s) should carefully read the underwriting agreement and the agreement with the lead manager(s) to ascertain the scope of the comfort letter. 5. The comfort provided by the auditor would, however, be subject to certain limitations. One of the major limitations is that the auditor can comment in their professional capacity only on matters to which their professional expertise is substantially relevant. The second limitation is that the auditor would be able to provide only negative assurance on the information subjected to such examination. Thus, the requesting parties run a risk that the auditors might have provided negative assurance in respect of such conditions or matters that may later prove to have existed. Process for Issuing a Comfort Letter 6. The auditor should obtain a copy of the agreement containing the request for a comfort letter and the scope thereof to adjudge whether they will be able to furnish a comfort letter as a desired in the agreement. The auditor should hold a meeting with the client as well as the requesting parties to discuss the scope of the comfort letter. Such a discussion would also help in clarifying as to 160 Reports in Company Prospectuses the procedures that the latter expects to be followed by the auditor. The auditor should, however, make it clear that his acceptance of the engagement to provide a comfort letter does not in any way indicate his assurance about the sufficiency of the procedures that the requesting parties expect the auditor to perform. The fact should also be adequately brought out in the comfort letter issued by him. Further, the auditor should not agree to provide in the comfort letter any kind of assurance on his report already issued on the financial information contained in the prospectus. 7. In the interest of the auditor, client and the requesting parties, it is advisable that the auditor furnishes a draft comfort letter in accordance with the scope of such a letter as specified in the underwriting agreement. The draft comfort letter, to the extent possible, should cover all such matters as are to be covered in the final comfort letter, using exactly the same terms as to be used in the final letter. The auditor should, however, make it adequately clear: (i) that the letter is a draft comfort letter; and (ii) that the comments that would be contained in the final comfort letter cannot be given until the auditor has performed the underlying procedures. The draft comfort letter provides an opportunity to the concerned parties to discuss further the expected procedures to be followed by the auditor, as indicated in the draft comfort letter and request additional procedures. Where the additional procedures so requested are within the professional competence of the auditor, he would normally, be willing to perform them. It is advisable that the auditor then also furnishes a revised draft of the comfort letter. The fact that the requesting parties have accepted the draft comfort letter and subsequently, the final comfort letter, is an indication enough for the auditor that the former accept the auditor’s procedures as being sufficient for their purposes. Thus, it is essential that the auditor’s procedures are clearly set out in the draft as well as the final comfort letter. As mentioned earlier, the auditor does not undertake to assess the sufficiency or otherwise of the procedures that the underwriter/ lead manager expects the former to perform. Accordingly, statements, whether express or implied, to the effect that the auditor has carried out such procedures as they consider necessary should, normally, be avoided since this may create misunderstanding as to the responsibility for sufficiency of the procedures for the purposes of the requesting parties. Following is an illustrative wordings of the necessary caveats that may used in a draft comfort letter: 161 Handbook of Auditing Pronouncements-II “This draft is furnished solely for the purpose of indicating the form of letter that we would expect to be able to furnish __________ [name of underwriter] in response to their request, the matters expected to be covered in the letter, and the nature of the procedures that we would expect to carry out with respect to such matters. Based on our discussions with __________[name of underwriter], it is our understanding that the procedures outlined in this draft letter are those they wish us to follow. Unless [name of underwriter] informs us otherwise, we shall assume that there are no additional procedures they wish us to follow. The text of the letter itself will depend, of course, on the results of the procedures, which we would not expect to complete until shortly before the letter is given and in no event before the cutoff date indicated therein.” 8. Further, before agreeing to provide a comfort letter, the auditor should also obtain a written representation from the requesting parties to the effect that they are aware of their responsibility to carry out a due diligence process and that and that the comfort letter provided by the auditor would not be a substitute for such a due diligence process required to be carried out by them. Thus, the representation letter issued by the requesting parties should, inter alia, clearly mention that: (a) the requesting parties are knowledgeable with respect to the due diligence review process required under Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000, as amended; and (b) in connection with the offering of Securities, the review process performed by the requesting parties is substantially consistent with the due diligence review process required under Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000, as amended. This fact also should be brought out in the comfort letter. The representation letter may also make references to the review process to be undertaken by the requesting parties in connection with the prospectus. This specific reference is necessary because the extent of that review (carried out in accordance with the principles enunciated in SRE 2400, “Engagements to Review Financial Statements”) is fairly well understood by chartered accountants, lead managers, lawyers etc., and would provide the auditors with an objective basis against 162 Reports in Company Prospectuses which the auditor can determine the level of assurance that he is willing to provide to the underwriter, given the inherent legal risk involved in being associated with a public offering of securities. Auditors should agree to provide negative assurance only where the requesting parties provide them with such a representation. In case the requesting parties refuse to provide such a representation, the auditors should, ordinarily, not undertake to provide a negative assurance in their comfort letters. In such a case, the procedures to be performed by the auditor should be agreed between the auditor and the requesting parties and adequately brought out in the engagement letter as well as the comfort letter. Thus, in the latter situation, the auditor would also need to bear the principles enunciated in the SRS 4400, “Engagements to Perform Agreed upon Procedures regarding Financial Information”. A specimen representation letter is given in Annexure A to this Appendix. Engagement Letter 9. The terms of the engagement letter should clearly mention that the procedures do not constitute an audit conducted in accordance with the Standards on Auditing issued by the Institute of Chartered Accountants of India and that accordingly, the same might not reveal all matters of significance. As a corollary, the engagement letter should clearly bring out the caveats associated with the procedures to be performed by the auditor, whether for providing a negative assurance as in case of a review or as agreed between the auditor and the requesting parties. 10. In case the comfort letter is being issued by a member who was not the auditor of the financial statements of the immediately preceding year, he should obtain knowledge about the internal controls of the company over financial reporting. 11. Comments regarding subsequent changes typically relate to whether there has been any change in paid up share capital , increase in long-term debt or decreases in other specified financial statement items during a period, known as the “change period,” subsequent to the date and period of the latest financial statements included (incorporated by reference) in the Prospectus. These comments would also address such matters as subsequent changes in the amounts of (a) net current assets or stockholders’ equity and (b) net sales. The member will ordinarily be required to read minutes and make inquiries of company officials relating to the whole of the change period. For the period between the date of the latest financial statements made available and the cutoff 163 Handbook of Auditing Pronouncements-II date, the members must base their comments solely on the limited procedures actually performed with respect to that period (which, in most cases, will be limited to the reading of minutes and the inquiries of company officials) and their comfort letter should make this clear. 12. The underwriting agreement or other arrangements with requesting parties usually specifies the dates as of which, and periods for which, data at the cutoff date and data for the change period (change period is period in which changes subsequent to the date and period of the latest balance sheet occurred and it ends on cut off date) are to be compared. For balance sheet items, the comparison date is normally that of the latest balance sheet included (that is, immediately prior to the beginning of the change period). 13. For income statement items, the comparison period or periods might be one or more of the following: (a) the corresponding period of the preceding year, (b) a period of corresponding length immediately preceding the change period, (c) a proportionate part of the preceding fiscal year, or (d) any other period of corresponding length chosen by the underwriter. Whether or not specified in the underwriting agreement, the date and period used in comparison should be identified in the comfort letter in both draft and final form so that there is no misunderstanding about the matters being compared and so that the underwriter can determine whether the comparison period is suitable for their purposes. 14. The member should ensure that comments are made only with respect to information: (a) that is expressed in reporting currency (or percentages derived from such rupee amounts) and that has been obtained from accounting records that are subject to the entity’s controls over financial reporting or (b) that has been derived directly from such accounting records by analysis or computation. The member may also comment on quantitative information that has been obtained from an accounting record if the information is subject to the same controls over financial reporting as the reporting currency amounts. 164 Reports in Company Prospectuses 15. The member generally should not comment on matters: (a) merely because they happen to be present and are capable of reading, counting, measuring, or performing other functions that might be applicable. Examples of matters that, unless subjected to the entity’s controls over financial reporting (which is not ordinarily the case), should ordinarily not be commented on by the member include the square footage of facilities, number of employees (except as related to a given payroll period), etc. (b) like tables, statistics, and other financial information relating to an unaudited period unless: (i) they have performed an audit of the client’s financial statements for a period including or immediately prior to the unaudited period or have completed an audit for a later period or (ii) they have otherwise obtained knowledge of the client’s internal control. For example for the proper understanding of the control they should take some additional procedures, like, opening balances. In addition, the member should not comment on information subject to legal interpretation, such as beneficial share ownership. Members are further advised to not include any such matter in the comfort letter, which is already covered in their report on the financial information contained in the prospectus. 16. To avoid ambiguity, the specific information commented on in the letter should be identified by reference to specific captions, tables, page numbers, paragraphs, or sentences. Descriptions of the procedures followed and the findings obtained may be stated individually for each item of specific information commented on. 17. In comments concerning tables, statistics, and other financial information, the expression “true and fair view” (or a variation of it, for example, “presented fairly”) should not be used, as it is not an audit. That expression, when used by member, ordinarily relates to presentations of financial statements and should not be used in commenting on other types of information. 18. At times, it may happen, there is a time lag between the date the balance sheet / accounts for the broken period are signed and the date of 165 Handbook of Auditing Pronouncements-II comfort letter exceeds more than 90 days period. Since no review /audit have been applied on financial information flowing from this period, it is suggested that the review procedures should be carried out for this period (at least for the quarter subsequent to reported period) before concluding on the comfort letter. Use of Services of Other Auditors 19. There may be situations in which more than one auditor is involved in the audit of the financial statements of an entity and in which the reports of more than one auditor appears in the Prospectus. For example, certain significant divisions, branches, or subsidiaries may be audited by other auditors, or during the 5 years’ period there might have been a change in the auditors also. In such a case, either of the following is possible: (a) separate comfort letters in respect of such past years are issued by the respective past auditors for submission as such to the requesting parties; (b) comfort letters are issued in respect of such past years by the respective past auditors and submitted to the principal auditor who in turn considers these comfort letters while issuing the comfort letter in respect of the entire five years; (c) the past auditors express their inability to provide comfort letters in respect of the financial statements of the past years audited by them. In case of (a) and (b) above, the client should, at the earliest practicable date, advise such other auditors as to the Comfort Letter that may be required from them and should arrange for them to receive a draft of the underwriting agreement so that they (other auditors) may make necessary arrangements at an early date for the preparation of a draft of their letter (a copy of which should be furnished to the principal auditors) and for the performance of their procedures. The principal auditors when asked to give a comfort letter with regard to information expressed on a overall basis, should read the letters of such other auditors. Such letters should contain statements similar to those contained in the comfort letter prepared by the principal auditor, including statements about their independence. The principal auditor should state in their comfort letters that (a) reading letters of the other auditors was one of the procedures followed, and (b) the procedures performed by the principal auditors (other than reading the letters of the other auditors) relate solely to companies audited by the principal auditor and to the overall financial statements. In case of (c) above, the principal auditor would need to carry out procedures necessary to provide the comfort letter for all the past five years, including such years in which he was not the auditor. 166 Reports in Company Prospectuses Elements of a Comfort Letter 20. A comfort letter normally includes the following elements: (i) Addressee – The comfort letter should be addressed only to the client and the party requesting the comfort letter (for example, the underwriters). (ii) A statement as to the independence of the auditors. (iii) Introductory paragraph – The introductory paragraph of the comfort letter should draw attention to the report of the auditor on the financial information contained in the prospectus, adequately identifying the financial information as well in the prospectus. The auditor should not, however, reproduce his said report in the comfort letter. The introductory paragraph should also make a reference to any other report issued by the auditor in connection with the prospectus, identifying adequately the subject matter of the report. (iv) Scope paragraph –This paragraph would outline the scope of work of the auditor and the procedures to be performed by him, as agreed with the client and the parties requesting the comfort letter. Any limitations, agreed among the parties, subject to which the procedures would be performed, should also be appropriately brought out in this paragraph. However, where the auditor has been requested to provide negative assurance (i.e., carry out a review) in respect of certain information, it is not necessary for the auditor to describe the procedures performed by him. (v) Report paragraph – This paragraph should contain the findings or opinion reached by the auditor after performing the procedures outlined in the scope paragraph. Any limitations, in addition to those described in the scope paragraph should also be disclosed in the report paragraph alongwith the impact, if any, of such limitations. (vi) Concluding paragraph – In order to avoid misunderstanding as to the purpose and intended use of the comfort letter, it is advisable that the comfort letter also includes a paragraph as to the purpose and intended use of the comfort letter. (vii) Signatures of the auditor (viii) Date (ix) Place An illustrative format of a comfort letter is given in the Annexure B to this Appendix. 167 Handbook of Auditing Pronouncements-II Annexure A Specimen Format of Representation Letter (Refer paragraph 7 of Appendix II) [Name and Address of the Chartered Accountant] Dear Sirs: [Name of the Financial Intermediary], each, as principal or agent, in the placement of [identify securities] to be issued by [name of issuer] (the “Issuer”), will be reviewing certain information relating to the Issuer that will be included in the Draft Red Herring Prospectus/ Red Herring Prospectus/ Prospectus which may be accessible to prospective investors and utilized by them as a basis for their investment decision. This review process, applied to the information relating to the Issuer, is (will be) consistent with the due diligence review process that we are required to perform in connection with the filing of the Draft Red Herring Prospectus/ Red Herring Prospectus/ Prospectus pursuant to the Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000, as amended (the “Guidelines”). We are knowledgeable with respect to the due diligence review process under the Guidelines. We would require you to deliver us "comfort" letters as and when requested by us concerning the [financial statements] of the Issuer and certain statistical and other data included in the Draft Red Herring Prospectus/ Red Herring Prospectus/ Prospectus. We will contact you to identify the procedures we wish you to follow and the form we wish the comfort letters to take. This letter is solely for the information and use of [name of the Chartered Accountant Firm] in issuing comfort letters in connection with the proposed offering of securities in India of the Issuer and it is not to be used, circulated, quoted or otherwise referred to in the Draft Red Herring Prospectus/ Red Herring Prospectus/ Prospectus or any other document. Yours sincerely, [Name of the Lead Manager/ Underwriter] [Name of the Lead Manager/ Underwriter] as representatives of the several underwriters Place Date 168 Reports in Company Prospectuses Annexure B Specimen Format of the Comfort Letter (Refer paragraph 18 of Appendix II) [Name of the Company & Address]5 and [Name of the LM 1 & Address] and [Name of the LM 2 & Address] and [Name of the LM 3 & Address] and [Name of the LM 4 & Address] The latter four addressees above is referred to herein as Lead Managers and on behalf of the several Managers (as defined below) Dear Sirs: Proposed Offering of ……….Equity Shares of Rs……each (the “Securities”) pursuant to an Initial Public Offering in India of [Name of the Company] (the “Company”) We have audited the [consolidated] financial statements of [Name of the Company] (the "Company") as of [dates] and also for each of the [no. of years] years in the period ended [last date audited] and [no. of months in interim period, if any] period ended [interim periods ended last date for current year and previous year] included in the Company’s [Draft Red Herring Prospectus/Red Herring Prospectus].( State number of years not audited by the Principal Auditor and state the reliance placed on the work done by other auditors) We did not audit the financial statements of certain subsidiaries, whose financial statements reflect total assets of Rs. xxx as at [dates] and total revenues of Rs. xxx for the years ended on [dates] respectively. Further, we did not audit the financial statements of associates and Joint ventures whose financial statements reflect the consolidated entities’ share of profits of Rs. xxx for the years ended 5 The letter is addressed to the company for information only. 169 Handbook of Auditing Pronouncements-II [dates] respectively. These financial statements have been audited by other auditors whose reports have been furnished to us, and our opinion, insofar as it relates to the amounts included in respect of such subsidiaries, associates and joint ventures, is based solely on the report of the other auditors.6 The consolidated financial statements referred to above have been prepared in accordance with the generally accepted accounting principles in India and are included in the [Draft Red Herring Prospectus / Red Herring Prospectus] for the proposed offering of securities pursuant to an Initial Public Offering in India of the Company. Our reports with respect thereto are also included in the [Draft Red Herring Prospectus / Red Herring Prospectus]. The [Draft Red Herring Prospectus / Red Herring Prospectus] dated [xxx] is herein referred to as the [DRHP / RHP]. This letter is being furnished in reliance upon your representation to us that: a. You are knowledgeable with respect to the due diligence review process required under Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000, as amended. b. In connection with the offering of Securities, the review process you have performed is substantially consistent with the due diligence review process required under Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000, as amended. In connection with the [DRHP / RHP]: 1. We are independent Chartered Accountants with respect to the Company. 2. We have not audited any financial statements of the Company as of any date or for any period subsequent to [latest audited date]; although we have conducted an audit for the year ended [latest audited date], the purpose (and therefore the scope) of the audit was to enable us to express an opinion on the [consolidated] financial statements as of [latest audited date] and for the year then ended, but not on the financial statements for any interim period within that year. Therefore, we are unable to and do not express any opinion on the unaudited [consolidated] balance sheet as of [latest interim review date] and the unaudited [ consolidated] statements of income and cash flows for the [no. of months for which limited review is done] periods ended [latest interim review date and the corresponding previous period date] in the DRHP / RHP, or on the 6 This paragraph is applicable only in cases where all the entities are not audited by principal auditor and he has relied on other auditors. 170 Reports in Company Prospectuses financial position, results of operations, or cash flows as of any date or for any period subsequent to [latest audited date]. 3. For purposes of this letter, we have read the [mention the year] minutes of the meetings of the shareholders, the Board of Directors, and (include other appropriate committees, if any) of the Company and [its subsidiaries] as set forth in minute books as of [cut-off date – generally three business day before the date of the comfort letter], officials of the Company having advised us that the minutes of all such meetings through that date were set forth therein (except for the minutes of the [dates] Board of Directors meeting which were not approved in final form, for which drafts were provided to us; officials of the Company have represented that such drafts include all substantive actions taken at such meeting), and have carried out other procedures to [cut-off date] (our work did not extend to the period from [cut-off date to date of comfort letter], inclusive), as follows: a. With respect to the [mention no. months] periods ended [current period and corresponding previous period], we have performed the procedures (completed on [mention date of limited review opinion]) specified by the listing agreements of respective stock exchanges and as described in Standard on Review Engagements (SRE) 2400, “Engagements to Review Financial Statements” issued by the Institute of Chartered Accountants of India, on the unaudited [ consolidated] balance sheet as of [latest interim review date] and the unaudited [ consolidated] statements of income and of cash flows for the [no. of months for which limited review is done] periods ended [latest interim review date and the corresponding previous period date] in the DRHP / RHP. b. With respect to the period from [date after the latest interim review date] to [agreed period end], we have: (i) read the unaudited [consolidated] financial data of the Company for [the periods] of both [latest year] and [previous year], furnished to us by the Company, officials of the Company having advised us that no such financial data as of any date or for any period subsequent to [agreed period end], were available. The financial information for [the periods] of both [latest year] and [previous year] is incomplete in that it omits the statements of cash flows and other disclosures. 171 Handbook of Auditing Pronouncements-II (ii) inquired of certain officials of the Company who have responsibility for financial and accounting matters whether the unaudited financial data referred to in b(i) are stated on a basis substantially consistent with that of the audited financial statements [included or incorporated by reference] in the DRHP / RHP. The foregoing procedures do not constitute an audit made in accordance with Standards on Auditing in India. Also, they would not necessarily reveal matters of significance with respect to the comments in the following paragraph. Accordingly, we make no representations regarding the sufficiency of the foregoing procedures for your purposes. 4. Nothing came to our attention as a result of the foregoing procedures, however, that caused us to believe that: a. any material modifications should be made to the unaudited [consolidated] financial statements described in 3a. for them to be in conformity with generally accepted accounting principles, or (i) at [agreed period end], there was any change in paid-up capital, increase in long-term debt or any decrease in [consolidated] net current assets (working capital) or shareholders’ equity of the Company and subsidiaries [consolidated] as compared with amounts shown on the [latest interim review date] unaudited [ consolidated] balance sheet included in the DRHP/RHP, or (ii) for the period from [date after the latest interim review date] to [agreed period end], there were any decreases, as compared to the corresponding period in the preceding year, in total [consolidated] net sales, income from operations or net income, except in all instances for increases or decreases that the DRHP/RHP discloses have occurred or may occur. 5. As mentioned in 3b, Company officials have advised us that no [consolidated] financial data as of any date or for any period subsequent to [agreed period end], are available; accordingly, the procedures carried out by us with respect to changes in financial statement items after [agreed period end], have, of necessity, been even more limited than those with respect to the periods referred to in 3. We have inquired of certain officials of the Company who have responsibility for financial and accounting matters whether (i) at [cut-off date] 172 Reports in Company Prospectuses there was any change in the paid-up capital, increase in long-term debt or decrease in [consolidated] net current assets (working capital) or shareholders’ equity of the Company as compared with amounts shown on the [latest interim review date] unaudited [ consolidated] balance sheet included in the DRHP/RHP; or (ii) for the period from [date after the latest interim review date] to [cut-off date], there were any decreases, as compared with the corresponding period in the preceding year, in total [consolidated] net sales, income from operations or net income7. On the basis of these inquiries and our reading of the minutes as described in 3, nothing came to our attention that caused us to believe that there was any such change, increase or decrease, except in all instances that the DRHP/RHP discloses have occurred or may occur. 6. For purposes of this letter, we have also read the items identified by you on the attached copy of the [DRHP / RHP] and have performed the following procedures, which were applied as indicated with respect to the letters explained below. a. Compared the amount identified to a corresponding amount in the Company’s audited consolidated financial statements, included in the [DRHP / RHP] for the period indicated and found such amount to be in agreement. b. Compared the amount identified to a corresponding amount included in the Company’s accounting records for the period indicated and found such amount to be in agreement. c. Compared the amount identified to a schedule prepared by the officials of the Company from its accounting records for the period indicated and found such amount to be in agreement. We (a) compared the amounts on the schedule to the corresponding amounts appearing in the accounting records and found such amounts to be in agreement and (b) determined that schedule was mathematically correct. However, we make no comment with respect to classification of items included on the schedule and with respect to reasons given for the changes between periods. d. Recomputed the mathematical accuracy of the amounts, total, percentage and ratio for the period indicated from amounts appearing in the financial statements or accounting records, as defined in the [DRHP / RHP]. 7 In the absence of information, it may not be possible to provide comforts and hence care needs to be taken under this paragraph while reporting on many of the information. Therefore, comfort should be provided only where information has been provided appropriately. 173 Handbook of Auditing Pronouncements-II However, we make no comment as to the appropriateness with respect to classification of such item and with respect to reasons given for the changes between periods. e. Proved the arithmetic accuracy of the conversion of the corresponding amount in Rupees to US dollars (as rounded off), or vice versa, at the applicable exchange rate and found them to be in agreement. Member should exercise judgment on what level of comfort i.e. item (a) to (e) above can be given to a particular information according to the circumstance of each case. Wherever reliance has been placed on the work done by other auditor, it is advisable that reference of same should be made specifically and copy of the comfort letter should also be enclosed. 7. Our audits of the consolidated financial statements for the periods referred to in the introductory paragraph of this letter comprised audit tests and procedures deemed necessary for the purpose of expressing an opinion on such financial statements taken as a whole. For none of the periods referred to therein, or any other period, did we perform audit tests for the purpose of expressing an opinion on individual balances of accounts or summaries of selected transactions such as those enumerated above and, accordingly, we express no opinion thereon. 8. The procedures enumerated in paragraphs 6 do not constitute an audit conducted in accordance with Standards on Auditing in India. Accordingly, we make no representations regarding the sufficiency of the foregoing procedures for your purposes. 9. It should be understood that we make no representations regarding questions of legal interpretation or regarding the sufficiency for your purposes of the procedures enumerated in the preceding paragraphs; also, such procedures would not necessarily reveal any material misstatement of the amounts or percentages listed above. Further, we have addressed ourselves solely to the foregoing data as set forth in the DRHP/RHP and make no representations regarding the adequacy of disclosure or regarding whether any material facts have been omitted. It should be noted that certain information contained in the [DRHP / RHP] are not measures of operating performance or liquidity as defined by generally accepted accounting principles and may not be comparable to similarly titled measures presented by other companies. We make no comment about the Company’s definitions, calculations or presentations of the above- mentioned information in the [DRHP / RHP] or its usefulness for any purpose. 174 Reports in Company Prospectuses 10. This letter is solely for the information of the addressees and to assist the Lead Managers in conducting and documenting its investigation of the affairs of the Company in connection with the proposed offering of securities covered by the DRHP/RHP solely in India, and it is not to be used, circulated, quoted, or otherwise referred to for any other purpose, including but not limited to the registration, purchase or sale of securities, nor is it to be filed with or referred to in whole or in part in the DRHP/RHP or any other document, except that reference may be made to it in any list of closing documents pertaining to the proposed offering of securities covered by the DRHP/RHP. 11. This letter has not been prepared in connection with, nor is it intended for use in connection with, any offer or sale of the securities outside India. We will accept no duty or responsibility to and deny any liability to any party in respect of any use of this letter in connection with an offer or sale of the Securities outside India/any other specific jurisdiction. For ABC and Co. Chartered Accountants Signature [Name of the Member] Designation8 Membership Number Place of Signature: Date: 8 Partner or proprietor. 175 Handbook of Auditing Pronouncements-II Appendix 3 Capitalisation Statement [Refer Paragraph 2.3(iii)] [Schedule XIII – Clause 6.10.2.7 (g) (iii)] (Rupees in lacs) Pre-issue as at Post-issue 30.06.2006 position after adjustments*** Short-Term Debt 1870 Long Term Debt 4370 Shareholders Funds Share Capital 4000 Reserves 14570 Total Shareholders Funds 18570 Long Term Debt/Equity 0.24:1 Note: ***In case the issue price of share is not known at the time of bringing out the prospectus then post issue position cannot be presented. In such case footnote explaining the same should be given. 176 Reports in Company Prospectuses Appendix 4 Specimen Auditors’ Report on Financial Information in Relation to Prospectus (on stand alone financial information of the issuer Company) (Refer paragraph 2.5) To The Board of Directors, ………….…...........................Ltd. Dear Sirs, 1) We have examined the attached financial information of.................…...Ltd (name of the Company), as approved by the Board of Directors of the Company, prepared in terms of the requirements of Paragraph B, Part II of Schedule II of the Companies Act, 1956 (“the Act”) and the Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000 as amended to date (SEBI Guidelines) and in terms of our engagement agreed upon with you in accordance with our engagement letter dated XX.XX. 2XX5 in connection with the proposed issue of Equity shares of the Company. 2) These information have been extracted by the Management from the financial statements for the year ended XX.XX.2XX1, 2XX2, 2XX3, 2XX4 and 2XX5. Audit for the financial year ended XX.XX.2XX1 and 2XX2 was conducted by previous auditors, XYZ & Co., and accordingly reliance has been placed on the financial information examined by them for the said years@. The financial report included for these years, i.e., 2XX1 & 2XX2 are based solely on the report submitted by them. M/s XYZ & Co. have also confirmed that the restated financial information has been made after incorporating: (a) Adjustments for the changes in accounting policies retrospectively in respective financial years to reflect the same accounting treatment as per changed accounting policy for all the reporting periods. @ Applicable only when some of the reported financial years were audited by an auditor other than the current auditor. 177 Handbook of Auditing Pronouncements-II (b) Adjustments for the material amounts in the respective financial years to which they relate. (c) And there are no extra-ordinary items that need to be disclosed separately in the accounts and qualification requiring adjustments. 3) We have also examined the financial information of the Company for the period XX.XX.2XX5 to XX.XX.2XX5 prepared and approved by the Board of Directors for the purpose of disclosure in the offer document of the Company mentioned in Paragraph (1) above (the broken period ending not before six months from the date of prospectus). The financial information for the above period was examined to the extent practicable, for the purpose of audit of financial information in accordance with the Engagement Standards issued by the Institute of Chartered Accountants of India. Those Standards require that we plan and perform our audit to obtain reasonable assurance, whether the financial information under examination is free of material misstatement. Based on the above, we report that in our opinion and according to the information and explanations given to us, we have found the same to be correct and the same have been accordingly used in the financial information appropriately. 4) In accordance with the requirements of Paragraph B of Part II of Schedule II of the Act, the SEBI Guidelines and terms of our engagement agreed with you, we further report that: (a) The Restated Summary Statement of Assets and Liabilities of the Company9, including as at XX.XX.2XX1, and 2XX2 examined and reported upon by M/s XYZ & Co., on which reliance has been placed by us, and as at XX.XX.2XX3, 2XX4, 2XX5 and 2XX5 examined by us, as set out in Annexure to this report are after making adjustments and regrouping as in our opinion were appropriate and more fully described in Significant Accounting 9(a) Members may note that in case the company is having subsidiaries but no consolidated accounts are prepared, the auditor should also provide opinion on the statement of assets and liabilities of subsidiary as required by paragraph 3 of part II of Schedule II to the Companies Act, 1956 and paragraph 6.10.2.3 of the DIP Guidelines. (b) At times, the issuer company may also request the auditor to provide his report on the cash flow statement included in the prospectus. In such circumstances, the members’ report would also include a reference to such cash flow statement examined by them. 178 Reports in Company Prospectuses Policies, Note and Changes in Significant Accounting Policies (Refer Annexures). (b) The Restated Summary Statement of Profit or Loss of the Company for the year then ended, including for the year ended XX.XX.2XX1, and 2XX2 examined by XYZ & Co. and who have submitted their report on which reliance has been placed by us, and for the year ended XX.XX.2XX3, 2XX4 and 2XX5 and for the period XX.XX.2XX5 to XX.XX.2XX5 examined by us, as set out in Annexure to this report are after making adjustments and regrouping as in our opinion were appropriate and more fully described in Significant Accounting Policies, Note and Changes in Significant Accounting Policies (Refer Annexures). (c) Based on above and also as per the reliance placed on the reports submitted by the previous auditors, XYZ & Co. for the respective years, we are of the opinion that that the restated financial information have been made after incorporating: (i) adjustments for the changes in accounting policies retrospectively in respective financial years to reflect the same accounting treatment as per changed accounting policy for all the reporting periods. (ii) Adjustments for the material amounts in the respective financial years to which they relate. (iii) And there are no extra-ordinary items that need to be disclosed separately in the accounts and qualification requiring adjustments. (d) We have also examined the following other financial information setout in Annexures prepared by the management and approved by the Board of Directors relating to the Company for the year ended XX.XX.2XX3, X4, X5 and period from XX.XX.2XX5 to XX.XX.2XX5. In respect of the years ended XX.XX.2XX1 and 2XX2 these informations have been included based upon the reports submitted by previous auditors XYZ & Co. and relied upon by us. (i) Statement of Dividend paid/proposed included in Annexure________. 179 Handbook of Auditing Pronouncements-II (ii) Statement of Accounting Ratios included in Annexure_________. (iii) Statement of Capitalisation as at XX.XX.2XX5 included in Annexure_______. (iv) Statement of Secured and Unsecured Loans included in Annexure_______. (v) Statement of Other Income included Annexure _______. (vi) Statement of Tax Shelter included in Annexure _________. In our opinion the financial information contained in Annexure ---- to ---- of this report read along with the Significant Accounting Policies, Changes in Significant Accounting Policies and Notes (Refer Annexures) prepared after making adjustments and regrouping as considered appropriate have been prepared in accordance with Part IIB of Schedule II of the Act and the DIP Guidelines. 5) Our report is intended solely for use of the management and for inclusion in the offer document in connection with the proposed issue of equity shares of the Company. Our report and should not be used for any other purpose except with our consent in writing. For ABC and Co. Chartered Accountants Signature [Name of the Member] Designation10 Membership Number Place of Signature: Date: 10 Partner or proprietor. 180 Reports in Company Prospectuses Appendix 5 Specimen Auditors’ Report on Financial Information in relation to Prospectus (on consolidated financial information of the issuer Company) (Refer paragraph 2.5) To The Board of Directors, …...........................Ltd. Dear Sirs, 1) We have examined the attached consolidated financial information of.................…...Ltd (name of the Company) and its subsidiaries and joint ventures (include as applicable), as approved by the Board of Directors of the Company prepared in terms of the requirements of Paragraph B, Part II of Schedule II of the Companies Act, 1956 (the Act) and the Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000 as amended to date (SEBI Guidelines) and terms of our engagement agreed with you in accordance with our letter dated XX.XX.2XX5 in connection with the proposed issue of Equity shares of the Company. 2) These information have been prepared by the Management from the financial statements for the year ended XX.XX.2XX1, 2XX2, 2XX3, 2XX4 and 2XX5. Audit for the financial year ended XX.XX.2XX1, and 2XX2 was conducted by previous auditors, XYZ & Co11., and accordingly reliance has been placed on the consolidated financial information examined by them for the said years. The financial report included for these years are based solely on the report submitted by them. We did not audit the financial statements of the subsidiaries, and joint ventures (as applicable) for the financial years ended ….., ……, ……, ……, and ……, whose Financial Statements reflect total assets of Rs. XXX and total revenue of Rs. XXX (to be reported for each of the financial years). These financial statements have been audited by another firm of 11 Applicable only when some of the reported financial years were audited by an auditor other than the current auditor. 181 Handbook of Auditing Pronouncements-II Chartered Accountants ABC & Co., whose reports have been furnished to us and our opinion in so far as it relates to the amounts included in these Consolidated Restated Summary Statement of Asset & Liabilities and Consolidated Restated Summary Statement of Profit & Loss Account are based solely on the report of other auditors. These other auditors (of the Company & Subsidiaries, Joint Ventures) have confirmed that the restated consolidated financial information has been made after incorporating: (i) adjustments for the changes in accounting policies retrospectively in respective financial years to reflect the same accounting treatment as per changed accounting policy for all the reporting periods. (ii) Adjustments for the material amounts in the respective financial years to which they relate. There are no extra-ordinary items that need to be disclosed separately in the accounts and qualification requiring adjustments. 3) We have also examined the consolidated financial information of the Company and its subsidiaries and joint ventures (include as applicable) for the period XX.XX.2XX5 to XX.XX.2XX5 prepared and approved by the Board of Directors for the purpose of disclosure in the offer document of the Company mentioned in Paragraph (1) above (the broken period ending not before six months from the date of prospectus). The consolidated financial information for the above period was examined to the extent applicable for the purpose of audit of financial information in accordance with the Engagement Standards issued by the Institute of Chartered Accountants of India. Those Standards require that we plan and perform our audit to obtain reasonable assurance, whether the consolidated financial information under examination is free of material misstatement. Based on the above, we report that in our opinion and according to the information and explanations given to us, we have found the same to be correct and the same have been used in the consolidated financial information appropriately. We did not audit the financial statements of the subsidiaries and joint ventures for the period ended XX.XX.2XX5 whose Financial Statements 182 Reports in Company Prospectuses reflect total assets of Rs. XXX and total revenue of Rs. XXX. These financial statements have been audited by another firm of Chartered Accountants, M/s ABC & Co., whose reports have been furnished to us and our opinion in so far as it relates to the amounts included in these Consolidated Summary Statement of Asset & Liabilities and Summary Statement of Profit & Loss Account are based solely on the report of other auditors. 4) In accordance with the requirements of Paragraph B of Part II of Schedule II of the Act, the SEBI Guidelines and terms of our engagement agreed with you; we further report that: (a) The Consolidated Restated Summary Statement of Assets and Liabilities12 of the Company and its subsidiaries and joint ventures (include as applicable), including as at XX.XX.2XX1 and 2XX2 examined by XYZ & Co. and who have submitted their report on which reliance has been placed by us, and as at XX.XX.2XX3, 2XX4, 2XX5 and XX.XX.2XX5 examined by us, as set out in Annexure to this report are after making adjustments and regrouping as in our opinion were appropriate and more fully described in Significant Accounting Policies, Note and Changes in Significant Accounting Policies (Refer Annexures). (b) The Consolidated Statement of Restated Summary Statement of Profit or Loss of the Company and its subsidiaries and joint ventures (include as applicable) for the year than ended, including for the year ended XX.XX.2XX1, and X2 examined by XYZ & Co. and who have submitted their report on which reliance has been placed by us, and for the year ended XX.XX.2XX3, 2XX4, and 2XX5 and for the period XX.XX.2XX5 to XX.XX.2XX5 examined by us, as set out in Annexure to this report are after making adjustments and regrouping as in our opinion were appropriate and more fully described in Significant Accounting Policies, Note and Changes in Significant Accounting Policies (Refer Annexures). 12 At times, the issuer company may also request the auditor to provide his report on the cash flow statement included in the prospectus. In such circumstances, the members’ report would also include a reference to such cash flow statement examined by them. 183 Handbook of Auditing Pronouncements-II (c) Based on above and also as per the reliance placed on the reports submitted by the previous auditors, XYZ & Co., and other auditors, ABC & Co., for subsidiaries/joint ventures, for the respective years, we confirm that that the restated financial information has been made after incorporating: (i) Adjustments for the changes in accounting policies retrospectively in respective financial years to reflect the same accounting treatment as per changed accounting policy for all the reporting periods. (ii) Adjustments for the material amounts in the respective financial years to which they relate. (iii) Further, there are no extra-ordinary items that need to be disclosed separately in the accounts and qualification requiring adjustments. (d) We have also examined the following consolidated other financial information setout in Annexures prepared by the management and approved by the Board of Directors relating to the Company and its subsidiaries and joint ventures for the year ended XX.XX.2XX3, 2XX4, and 2XX5 and for the period XX.XX.2XX5 to XX.XX.2XX5. In respect to the year ended XX.XX.2XX1 and 2XX2 these informations have been included based upon the reports submitted by the previous auditors, XYZ & Co., and relied upon by us. (i) Statement of Dividend paid/proposed included in Annexure_______. (ii) Statement of Accounting Ratios included in Annexure_______. (iii) Statement of Capitalisation as at XX.XX.2XX5 included in Annexure_______. (iv) Statement of Secured and Unsecured Loans included in Annexure _______. (v) Statement of Other Income included Annexure __________. (vi) Statement of Tax Shelter included in Annexure_________. 184 Reports in Company Prospectuses (Please include additional statements, if any on which the assurance is provided) In our opinion the financial information contained in Annexure ---- to ---- of this report read along with the Significant Accounting Policies, Notes and Changes in Significant Accounting Policies (Refer Annexure) prepared after making adjustments and regrouping as considered appropriate have been prepared in accordance with Part IIB of Schedule II of the Act and the DIP Guidelines. 5) Our report is intended solely for use of the management and for inclusion in the offer document in connection the proposed issue of equity shares of the Company. Our report and should not be used for any other purpose except with our consent in writing. For ABC and Co. Chartered Accountants Signature [Name of the Member] Designation@@ Membership Number Place of Signature: Date: @@ Partner or proprietor, as the case may be. 185 Handbook of Auditing Pronouncements-II Appendix 6 Illustrative Format of Restated Financial Statements (Refer Paragraph 2.5) ANNEXURE 1 : Summary Statement of Assets and Liabilities, as restated (Amount INR ’000) PARTICULARS 31-Mar-05 31-Mar-04 31-Mar-03 31-Mar-02 31-Mar-01 FIXED ASSETS Gross Block 3,085,112 3,134,793 2,273,697 1,785,194 1,719,217 Less: Depreciation – 1,184,634 – 1,060,145 – 715,210 – 559,755 – 438,106 Net Block 1,900,478 2,074,648 1,558,487 1,225,439 1,281,111 Less: Revaluation Reserve(See Note No. 5 of Annexure IV) – 61,265 –77,929 –95,725 – 111,976 – 128,227 Net Block after adjustment for Revaluation Reserve 1,839,213 1,996,719 1,462,762 1,113,463 1,152,884 Capital Work in Progress including Capital Advances 71,472 16,552 82,747 70,845 14,375 INTANGIBLE ASSETS 261,822 314,738 4,115 5,601 7,293 INVESTMENTS 274,291 459,743 495,659 314,555 394,409 CURRENT ASSETS, LOANS AND ADVANCES Inventories 1,983,713 1,536,933 660,523 500,250 496,885 Sundry Debtors 1,557,715 1,078,605 1,147,991 646,138 333,616 Cash and bank Balances 151,696 158,651 347,300 92,288 38,641 186 Reports in Company Prospectuses Other Current Assets 26,535 19,978 6,498 4,034 4,825 Loans and Advances 740,559 816,793 1,056,870 691,939 550,748 Total 6,907,016 6,398,712 5,264,465 3,439,113 2,993,676 LIABILITIES & PROVISIONS Secured Loans 2,264,892 2,987,191 2,630,611 1,559,968 1,307,826 Unsecured Loans 584,190 208,606 73,626 71,240 129,800 Current liabilities 1,388,424 1,668,535 1,381,579 777,778 538,701 Provisions 37,735 21,585 6,334 5,181 18,995 Deferred Payments – 32 545 545 1,204 Deferred Tax liability 288,184 285,910 252,879 – – Total 4,563,425 5,171,859 4,345,574 2,414,712 1,996,526 Net Worth 2,343,591 1,226,853 918,891 1,024,401 997,150 New worth represented by Share Capital 126,174 103,233 103,224 103,224 103,224 Reserves & Surplus 2,278,682 1,206,155 919,892 1,047,607 1,048,625 Less : Revaluation Reserve(See Note No. 5 of Annexure IV) – 61,265 – 77,929 – 95,725 – 111,976 – 128,227 Reserves & Surplus (Net of Revaluation Reserves) 2,217,417 1,128,226 824,167 935,631 920,398 Less: Miscellaneous Expenditure – – 4,606 – 8,500 – 14,454 – 26,472 187 Handbook of Auditing Pronouncements-II (to the extent not written off or adjusted) Net Worth 2,343,591 1,226,853 918,891 1,024,401 997,150 Note: The above statement should be read with the notes on Adjustments to Restated Financial Statements, Significant Accounting policies and notes to Accounts as appearing in Annexures IV and IV-A. 188 Reports in Company Prospectuses ANNEXURE II : Summary Statement of Profits and Losses, as restated. (Amount in INR’000) PARTICULARS 31-Mar-05 31-Mar-04 31-Mar-03 31-Mar-02 31-Mar-01 INCOME Contract Revenue 7,147,143 7,001,201 3,864,767 2,216,922 2,47,1449 Other Income 240,751 73,510 17,526 45,310 32,900 Unspent Liabilities written back - 9,180 ISP Division 0 0 0 0 (see Note No. 8a of Annexure IV 0 0 0 0 0 Waiver of funded interest (See Note 65,000 No. 13 of Annexure IV-B) 0 0 0 0 Total Income 7,462,074 7,074,711 3,882,293 2,262,232 2,504,349 EXPENDITURE Materials Consumed and Cost of Goos Sold 1,887,500 1,953,553 1,238,261 864,261 694,302 Staff Cost 861,818 613,888 260,135 193,537 255,565 Selling and Distribution Expenses 9,300 13,403 12,310 9,108 7,198 Operating and Administrative 3,900,301 Expenses 3,293,146 1,786,409 786,839 1,067,241 Interest 368,987 437,479 284,278 230,157 211,989 Miscellaneous Expenditure Written 23,052 Off 11,171 5,954 12,019 10,497 Depreciation/Amortization 358,909 353,273 131,299 113,302 104,963 Total Expenditure 7,409,867 6,675,913 3,718,646 2,209,223 2,351,755 PROFIT BEFORE TAX 52,207 398,798 163,647 53,009 152,594 PROVISION FOR TAX 0 0 0 0 0 Current Tax 16,031 49,799 32,500 11,250 35,587 Deferred Tax – 4,540 30,118 26,263 0 0 TOTAL 11,491 79,917 58,763 11,250 35,587 NET PROFIT BEFORE ADJUSTMENTS 40,716 318,881 104,884 41,759 117,007 Adjustments (See Note No. 2 of Annexure IV) – 66,971 – 12,891 29,386 – 21,256 50,632 189 Handbook of Auditing Pronouncements-II Current Tax Impact of Adjustments 36,198 25,369 -18,728 2,693 – 29,726 Deferred Tax Impact of Adjustments – 6,814 – 2,913 2,366 0 0 Total of adjustments after Tax Impact – 37,587 9,565 13,024 – 18,563 20,906 NET PROFIT AS RESTATED 3,129 328,446 117,908 23,196 137,913 Profit and loss amount at the beginning of the year 764,834 420,224 326,066 562,573 470,179 Transfer From Debenture Redemption Reserve 41,652 0 0 0 0 Transfer From Foreign Project Utilised Reserve 7,500 76,750 0 0 0 Balance available for appropriation, as restated 817,115 825,420 443,974 585,769 608,092 APPROPRIATIONS Transfer to General Reserve 10,000 31000 12,500 4,000 10,000 Transfer to Foreign Project Reserve 0 3750 11,250 5,000 11,250 Transfer to Debenture Redemption Reserve 0 2513 0 10,050 10,050 Dividend 0 0 0 0 0 Equity 9,119 20646 0 0 12,903 Interim Dividend 0 0 0 7,226 0 Tax on Dividend 1,279 2678 0 737 1,316 TOTAL 20,398 60,586 23,750 27,013 45,519 BALANCE CARRIED FORWARDS RESTATED 796,717 764,834 420,224 558,756 562,573 Note : 1. The above statement should be read with the Notes on Adjustments to Restated Financial Statements, Significant Accounting Policies and Notes to Accounts as appearing in Annexures IV and IV-A. 2. The reconciliation between the audited and restated accumulated profit and loss balance as at April 01, 2000 is given in Note No. 6 of Annexure IV. 190 Reports in Company Prospectuses * The company adopted Accounting Standard 22, (AS-22) – Accounting for Taxes on Income issued by the Institute of Chartered Accountants of India for the first time in preparing the financial statements for the year ended March 31, 2003. The above amount is after adjusting Rs. 232691 thousand related to Deferred Tax Liability for earlier years. ANNEXURE III : Statement Of Cash Flows, As Restated (Amount in INR’000) 31-Mar-05 31-Mar-04 31-Mar-03 31-Mar-02 31-Mar-01 Cash Flow From Operating Activities Profit before Tax – 14,765 385,907 193,033 31,754 203,227 Adjustment for - 0 0 0 0 0 Depreciation/Amortizati on (Including Goodwill) 306,768 358,661 154,225 120,486 111,627 Miscellaneous Expenditure written off 4,606 29,616 5,953 12,019 10,498 Loss on Sale of Fixed Assets (NET) 28,644 1,702 4,040 7,193 29,265 (Profit/Loss on sale of Long Term Investments (Net) – 71,596 20,115 0 6,940 0 Interest Income – 12,428 – 4,542 – 2,579 – 1,331 – 8,686 Waiver of Funded Interest – 65,000 0 0 0 0 Dividend on Long Term Investments – 2,564 – 697 – 3,242 – 13,550 – 7,365 Depletion in value of Long Term Investment 688 0 0 0 0 Amortisation/Depletion in value of Inventory 4,113 0 0 0 0 Interest Income 346,774 450,795 290,117 228,904 166,426 Provision for Doubtful Debtors (Net) 4,150 0 0 0 0 Provision for Doubtful Debts and Advances(Net) 0 456 0 0 0 191 Handbook of Auditing Pronouncements-II Operating Profit before working capital changes 529,390 1,242,013 641,547 392,415 504,992 Movements in Working Capital (Increase)/Decrease in Sundry Debtors – 483,261 82,131 – 501,852 – 312,523 – 53,479 (Increase)/Decrease in Loans and Advances 165,642 351,890 – 375,878 – 117,003 – 47,172 (Increase)/Decrease in Other Current Assets 4,084 – 13,365 – 1,779 – 60 0 (Increase)/Decrease in Inventories – 450,893 – 858,792 – 160,273 – 3,365 – 19,324 (Increase)/Decrease in Current Liabilities and Provisions – 276,875 145,290 603,717 242,312 173,776 (Increase)/Decrease in Miscellaneous Expenditure 0 0 0 0 -15,208 Cash generated from operations – 511,913 949,167 205,482 201,776 543,585 Direct Tax Refunds / Paid (Net) – 54,895 – 108,991 – 40,282 – 34,799 – 34,114 New cash from/(Used in) Operating Activities – 566,808 840,176 165,200 166,977 509,471 Cash flow from investing Activities Purchase of Fixed Assets – 261,977 – 277,133 – 534,365 – 155,715 – 236,973 Purchase of Investments – 28,079 – 96,671 – 181,105 – 6,377 – 204,411 Proceeds from Sale of Investments 284,439 46,125 0 79,291 0 Proceeds from sale of Fixed Assets 82067 1,901 16,387 12,678 31,462 Dividend Received 2,564 697 3,242 13,550 7,365 Interest Received 1,787 4,427 1,894 2,181 6,273 Exchange Fluctuation Reserve – 3,572 – 1,062 – 390 0 0 Net Cash From(Used in) Investing activities 77,229 – 321,716 – 694,337 – 54,392 – 396,284 192 Reports in Company Prospectuses Cash flows from Financing Activities Proceeds of Share Capital 22,941 0 0 0 0 Proceeds of Securities Premium 1,100,031 0 0 0 0 Increase/(Decrease) in Working Capital Loans – 242,283 – 254,344 155,923 229,683 172,982 Increase/(Decrease) in secured Term Loans – 415,016 108,573 928,054 36,001 – 46,419 Redemption of Debentures – 6,060 – 19,393 – 19,393 – 19,394 0 Increase/(Decrease) in Unsecured Loans 381,644 -88,795 8,446 – 52,500 – 67,444 Increase/(Decrease) in Deferred Payments – 32 – 513 0 – 659 0 Interest Paid – 345,697 – 449,724 – 288,880 – 231,941 – 164,429 Dividend Paid – 12904 – 7,741 0 – 20,129 – 12,903 Net Cash From/(Used in) Financing activities 482,624 – 711,937 784,150 – 58,939 – 118,213 Net increase in Cash and Cash Equivalents(A+B+C) -6,955 – 193,477 255,013 53,646 – 5,026 Cash and Equivalents inflow consequent to merger 0 4,828 0 0 0 Cash and Cash Equivalents at the beginning of the year 158,651 347,300 92,288 38,642 43,668 Cash and Cash Equivalents at the end of the year 151,696 158,651 347,301 92,288 38,642 Components of Cash and Cash Equivalents Cash in Hand 10,687 12,676 11,228 4,914 3,707 0 0 0 0 0 Balance with Scheduled Banks 0 0 0 0 0 Current Account 31,214 66,951 115,843 39,952 19,415 0 0 0 0 0 193 Handbook of Auditing Pronouncements-II EEFC Account 5,039 15,452 49,124 11 1,363 Fixed Deposits 13,763 61,201 92,396 30,377 13,921 Balances with Non Scheduled Banks 0 0 0 0 0 Current Accounts 15,129 2,371 78,711 17,034 236 EEFC Account 75,864 0 0 0 0 Note : 1. The Cash Flow Statement has been prepared under indirect method as set out in Accounting Standard-3 on Cash Flow Statement issued by the Institute of Chartered Accountants of India. 2. Negative figures have been shown in brackets. ANNEXURE IV : Notes on Adjustments for Restated Financial Statements 1. The Company adopted Accounting Standard 22, (AS-22) – Accounting for Taxes on Income as issued and required by the Institute of Chartered Accountants of India for the first time in preparing the financial statements for the year ended March 31, 2003. For the purpose of this statement, AS-22 has not been applied for the years ended March 31, 2002 and 2001 as the same was not applicable in those years. Consequently, the deferred tax impact on account of timing difference has not been recognized in this statement for the year ended March 31, 2002 and 2001. 2. Below mentioned is the summary of results of restatement made in the audited accounts for the respective years and its impact on the profits of the company. 31-Mar-05 31-Mar-04 31-Mar-03 31-Mar-02 31-Mar-01 Adjustments for Gain on foreign currency transactions (See Note No. 3a below. 0 (1,800) 0 0 0 Depreciation on gain on foreign currency 180 1 0 0 0 194 Reports in Company Prospectuses transactions (See Note No. 3a below) Provision for leave encashment (See Note No. 3b below) 0 4,864 (749) (542) (1,294) Work in Progress- Projects (See Note No. 3c below) 0 (61,223) (10,333) 4621 (4,587) Change in Accounting treatment of Scaffolding Materials (See Note No. 4a below) (29,077) 16,348 16,120 (1,268) (1,190) Fixed assets 1617 (604) (411) (335) (157) capitalized related to earlier years (See Note No. 4b below) 0 0 0 0 0 Change in the rate of depreciation on fixed assets (See Note No. 4c below) 0 27,010 (6,186) (7,996) (7,585) Prior period items (See Note No. 4d below) 58,281 (26,288) (9,951) (13,294) (827) Unspent liabilities written-back (See Note No. 4e below) (32,210) 19,672 2,730 1,545 3,180 195 Handbook of Auditing Pronouncements-II Interest on hire purchase (See Note No.4f below) 18,860 (9,898) (5,834) 1,253 45,563 Deferred revenue expenditure (See Note No. 4g below) 18,446 (18,446) 0 0 0 Accounting of Unincorporated JV (See Note No. 4h below) (26,231) 21,530 6,964 0 0 Provision for doubtful debts (See Note No. 4i below (28,803) 0 28,803 0 0 Accounting of insurance claims (See Note No. 4j below) (15,204) 13,365 1,779 61 0 Contract revenue ( See Note No. 4k below) 0 0 0 (6,164) 0 Works contract tax(See Note No. 4l below) 0 2,579 6,453 863 17,529 Interest on Claims(Auditor Qualification)(See Note No. 9a below) (32,830) 0 0 0 0 Sub Total (66,971) (12,890) 29,385 (21,256) 50,632 Current tax impact (See Note No. 4m below) 36,198 25,369 (18,728) 2,693 (29,726) Deferred tax (6,814) (2,913) 2,367 0 0 196 Reports in Company Prospectuses impact (See Note No. 4n below) Sub total 29,385 22,456 (16,362) 2,693 (29,726) Total (37,587) 9,566 13,024 (18,563) 20,906 3. Changes in Accounting Policies13 a. GAIN OF FOREIGN CURRENCY TRANSACTIONS During the year ended march 31, 2004, the Company had accounted for gain arising on restatement / settlement of liabilities incurred for acquiring fixed assets in Profit and Loss Account in compliance with the AS-11 issued by Institute of Chartered Accountants of India. Since the consequential change was not brought by the legislature in Schedule VI to the Companies Act, 1956 and on subsequent clarification by the Institute of Chartered Accountants of India that requirement of Schedule VI shall prevail, the same has been restated and adjusted to the cost of the fixed assets. Accordingly, depreciation on the same has been recomputed for the years ended March 31, 2005 and 2004. b. PROVISION FOR LEAVE ENCASEMENT During the year ended March 31, 2004, provision for leave encasement was made on the basis of actuarial valuation in compliance of the Accounting Standard – 15 issued by the Institute of Chartered Accountants of India, which was earlier accounted for on cash basis. Accordingly, provision for leave encashment has been recomputed on actuarial valuation basis for each preceding year and consequently the adjustments have been made in the expense for leave encasement for the years ended March 31, 2004, 2003, 2002 and 2001 and the brought forward balance in Profit and Loss Account as at April 1, 2000. c. WORK IN PROGRESS - PROJECTS Till the year ended March 31, 2003, Work in progress- projects was valued on the basis of the percentage completion method 13 The list is illustrative only. 197 Handbook of Auditing Pronouncements-II at the rates provided in the contract reduced by an estimated percentage towards expected profit. From the year ended March 31, 2004, Work in progress- projects to the extent of work done but not billed is valued at net realizable value without reducing estimated percentage towards expected profit. Accordingly, the figures have been restated for the years ended March 31, 2003, 2002 and 2001 and the brought forward balance in Profit and Loss Account as at April 1, 2000. 4 Other Adjustments a. ACCOUNTING TREATMENT OF SCAFFOLDING MATERIALS During the year ended March 31, 2005, the Company has decided to reclassify scaffolding materials as inventory and to value these at cost less amortization charge based on the estimated useful life, which is determined as ten years by the management. Hitherto, such material was capitalized as fixed assets in some years while in some other years, it was charged to revenue, based on the management's perception of the same being of capital or revenue nature. Consequent to this change, the Company has decapitalised the fixed assets and recognized the same as inventories and also brought back to books the materials charged off in earlier years and amortised the same on the basis stated above. As a result of the above, adjustments for inventory earlier shown as fixed assets or expensed off to Profit and Loss account have been made to the financial statements, as restated, for the years ended March 31, 2004, 2003, 2002 and 2001 and the brought forward balance in Profit and Loss Account as at April 1,2000. b. FIXED ASSETS CAPITALISED RELATED TO EARLIER YEARS During the year ended March 31, 2005, certain fixed assets have been identified by the Company, which were required to be capitalised in earlier years, since these were acquired and put to use in those years. The same have now been capitalised and related in the years in which these were actually put to use. Consequently the depreciation on these fixed assets, so capitalised, has also been charged in the relevant years. 198 Reports in Company Prospectuses c. CHANGE IN THE RATE OF DEPRECIATION ON FIXED ASSETS Till the year ended March 31, 2003, certain fixed assets were mistakenly identified with the inappropriate group of assets and accordingly depreciation on such assets was charged at the rates as applicable to such group of assets, as per policy of the Company. During the year ended Marcil 31, 2004, such fixed assets were so identified and were accordingly re-classified under the appropriate group of assets and depreciation thereon was charged at the appropriate applicable rates of depreciation. Accordingly, depreciation has been recomputed and adjusted based on the revised rates of depreciation on such fixed assets for the year ended March 31, 2003, 2002 and 2001 and the brought forward balance in Profit and Loss Account as at April 1, 2000. d. PRIOR PERIOD ITEMS In the financial statements for the years ended March 31, 2005, 2004, 2003, 2002 and 2001, certain items of income/expenses have been identified as prior period items. For the purpose of this statement, such prior period items have been appropriately adjusted in the respective years. e. UNSPENT LIABILITIES WRITTEN BACK In the financial statements for the years ended March 31, 2005, 2004, 2003, 2002 and 2001, certain liabilities created in earlier years were written back. For the purpose of this statement, the said liabilities, wherever required, have been appropriately adjusted in the respective years in which the same were originally created. f. INTEREST ON HIRE PURCHASE Till the year ended March 31, 2004, hire purchase charges were charged off evenly throughout the term of Hire Purchase. During the year ended Mar h 31, 2005, hire purchase charges have been re-calculated and charged off on the basis of internal rate of return (IRR) and accordingly, adjustments relating to earlier years have been made in the year ended March 31, 199 Handbook of Auditing Pronouncements-II 2005. Accordingly Hire Purchase charges have been adjusted for the years ended March 31, 2004, 2003, 2002 and 2001 and the balance brought forward in Profit and Loss Account as at April 1,2000. g. DEFERRED REVENUE EXPENDITURE Deferred Revenue Expenditure brought forward in relation to restructuring of loan taken from ICICI Bank was charged to Profit & Loss Account in the year ended March 31, 2005. This deferred revenue expenditure has been reapportioned to year ended March 31, 2004 and year ended March 31, 2005 on the basis of amount of loan repaid during the respective years and accordingly adjustments have been made to the financial statements, as restated, for the years ended March 31, 2005 and 2004. h. ACCOUNTING OF UNINCORPORATED JOINT VENTURE The Company had entered into an unincorporated joint venture on 50:50 sharing basis with XYZ Co. on September 20, 2002 for execution of a pipeline construction contract in Turkey. Such arrangement was inappropriately identified as 'jointly controlled entity' by the Company and thus the Company's share of income, expenses, assets and liabilities in the joint venture were not recognized in the Company's financial statements in respective years. During the year ended March 31, 2005, such arrangement has been appropriately identified as 'joint controlled operation' and consequent to such change in identification, the financial results of the joint venture from September 20, 2002 till March 31, 2005 have been incorporated in the year ended March 31, 2005. For the purpose of this statement, the revenue, expenses, assets and liabilities for the years ended March 31, 2005, 2004 and 2003 have been restated on the basis of the audited financial statements of the joint venture for the respective years. i. PROVISION FOR DOUBTFUL DEBTS Debts, which were considered doubtful and written off in the year ended March 31, 2003 and which have been subsequently recovered during the year ended March 31, 2005, have been 200 Reports in Company Prospectuses adjusted in the years when such debts were originally written off. Accordingly, adjustments have been made to the summary statement of profits and losses, as restated, for the years ended March 31, 2005 and 2003. j. ACCOUNTING OF INSURANCE CLAIMS The Company is following the policy of accounting for insurance claims on settlement with the insurers. For the purpose of this statement, the said income has been appropriately adjusted in the respective years in which the claims were lodged. Accordingly, adjustments have been made to the financial statements, as restated, for the years ended March 31, 2005, 2004, 2003 and 2002. k. CONTRACT REVENUE The Company had accounted for extra claims made on the customers at the time of their acceptance in principle by the customers. For the purpose of this statement, the said income has been appropriately adjusted in the respective years in which such claims were made. Accordingly, adjustments have been made to the financial statements, as restated, for the years ended March 31, 2002 and the balance brought forward in Profit and Loss Account as at April 1, 2000. I. WORKS CONTRACT TAX The Profit and Loss Accounts of some years include amounts paid/ provided for in respect of shortfall/ excess works contract tax arising out of assessments, appeals etc. The same has now been restated and accordingly adjustments have been made to the financial statements, as restated, for the years ended March 31, 2005, 2004, 2003, 2002 and 2001 and the balance brought forward in Profit and Loss Account as at April 1, 2000. m. INCOME TAX REFUNDS/ PROVISION The Profit and Loss Account of some years include amounts paid/ provided for or refunded/written back, in respect of shortfall/ excess income tax arising out of assessments, appeals etc. which has now been adjusted in the respective years. Also, 201 Handbook of Auditing Pronouncements-II income tax (current tax and deferred tax) has been computed on adjustments made as detailed above and has been adjusted in the restated profits and losses for the years ended March 31, 2005, 2004, 2003, 2002 and 2001 and the balance brought forward in Profit and Loss Account as at April 1, 2000. 5. ASSET REVALUATION RESERVE In accordance with Clause 6.10.2.7 (b) (vi) of the Disclosure & Investor Protection Guidelines, 2000 issued by Securities and Exchange Board of India (SEBI), the statement of assets and liabilities as restated has been prepared after deducting the balance in revaluation reserve from the carrying amount of fixed assets and reserves & surplus. 6. PROFIT AND LOSS ACCOUNT AS AT APRIL 01, 2000 (Restated) (Amount in INR'OOO) Particulars Amount Profit and Loss Account as at April 0 I, 2000 (Audited) XXXX Provision for leave encashment (See Note No. 3b above) (2,279) Work in Progress- Projects (See Note No. 3c above) 71,523 Change in accounting Treatment of scaffolding Materials(See Note No. 4a above) (934) Fixed assets capitalized related to earlier years (See Note No. 4b above) (110) Change in date rate of depreciation on fixed assets (See Note No. 4c above) (5,244) Prior period items (See Note No. 4d above) (7,922) Unspent liabilities written-back (See Note No. 4e above) 5,083 Interest on hire purchase (See Note No. 4f above) (49,944) Contact revenue (See Note No. 4k above) 6,163 Works contract tax (See Note No. 41 above) (27,423) Current tax impact (See Note No. 4m above) (2,267) Profit and Loss Account as at April, 2000 (Restated) XXXX 202 Reports in Company Prospectuses 7. MATERIAL REGROUPING a. Upto the year ended March 31, 2004, retention money, which is realizable on the satisfactory completion of the project, was included under the group Advances Recoverable in cash or in kind or for value to be received and hence classified as part of Loans and Advances. During the year ended March 31, 2005, the same has been classified under the head Sundry Debtors. In the statement of Assets and Liabilities as restated, for the years ended March 31, 2004, 2003, 2002 and 2001, such retention money has been regrouped and disclosed accordingly. b. Upto the year ended March 31, 2004, share application money (paid) was classified under the head investments. During the year ended March 31,2005, the same has been shown as Advances for Proposed Investments and grouped under the head Loans and Advances. In the statement of Assets and Liabilities as restated, for the years ended March 31, 2004, 2003, 2002 and 2001, such share application money has been regrouped and disclosed accordingly. 8. NON-ADJUSTMENT ITEMS a. UNSPENT LIABILITIES WRITTEN BACK - ISP DIVISION During the year ended March 31, 2004, ISP Division of PQR Co. has been merged with the Company with effect from April 01, 2003. During the year ended March 31,2005, certain liabilities of earlier years of the ISP Division were written back which are related to the period prior to merger. For the purpose of this statement, the said liabilities have not been adjusted in the respective years as ISP Division was not a part of the Company's operation in those years. b. UNUSED MATERIALS During the year ended March 31, 2005, certain unused materials at construction sites closed during the year have been transferred to other sites/ central warehouse at the lower of cost and estimated realizable values as against the hitherto followed for of transferring these at Nil values in earlier years. Adjustments on this account have not been made in the financial statements for the years ended March 31,2005, 2004, 2003, 2002 and 2001 and the brought forward balance in Profit and Loss Account as at April 1,2000 in the absence of available information. However, in the opinion of the Company, 203 Handbook of Auditing Pronouncements-II the impact of the same on the summary statement of profits and losses, as restated, is not material. Auditor's Qualifications: a. The Company had executed two projects of Sulphur Recovery Units (SRU) of ABC Co. in an earlier year on back-to-back basis for LMN Co. who was the main contractor. ABC Co. had withheld payments from LMN Co. on account of duties and taxes and LMN Co. had in turn withheld Rs.155,358 thousand in an earlier year, which are outstanding as debts at the close of the year ended March 31, 2005. LMN Co. had gone into arbitration against ABC Co and lodged claims for recovery of above amount along with interest and also some other claims amounting to Rs.193542 thousand. During the year ended March 31, 2005, the Company has initiated the arbitration proceedings for recovery of withheld amounts and other claims including interest. The arbitration proceedings are in advanced stages and the Company has been advised legally that it entitled to the recovery of amount withheld along with interest. Accordingly, the Company, during the year, has taken a credit for interest of Rs. 32830 thousand on conservative estimated basis. The statutory auditors' have qualified their opinion on the financial statements for the year ended March 31, 2005 on account of credit taken for interest of the abovementioned amount, which is not in accordance with Accounting Standard 9 on Revenue Recognition issued by the Institute of Chartered Accountant of India. Accordingly, adjustments are made to the statement of financial statements, as restated for the year ended March 31,2005 to reverse such credit of internal income. b. Other Audit qualifications, which do not require any corrective adjustment in the financial information are as follows: i. Financial year ended March 31,2005 CARO, 2003 Due to physical verification not being carried out at Georgia branch, discrepancies, if any, with the books could not be ascertained. Internal Control in respect to accounting of purchase of inventory and fixed assets needs strengthening. 204 Reports in Company Prospectuses Coverage of the internal audit system requires to be enlarged to cover controls over information technology (IT) related risks. There are delays in the early part of the year, which are not serious, in depositing undisputed statutory dues including provident fund, investor education and protection fund, employees state insurance, income tax, sales tax, wealth tax, service tax, custom duty, excise duty and cess. ii. Financial period ended March 31, 2004 CARO, 200314 The company is regular with some delays in depositing with appropriate authorities, undisputed statutory dues including Provident Fund, Investor Education Protection Fund, Employees' State Insurance, Income Tax, Sales Tax, Wealth Tax, Custom Duty, Excise Duty, Cess and other statutory dues applicable to the company. Long-term funds (retained profit) have been used for short-term purposes. ANNEXURE IV-A: Significant Accounting Policies For The Year Ended March 31, 2005 (a) Basis of preparation The Company maintains its accounts on accrual basis following the historical cost convention, (except for the revaluation of certain fixed assets), and in accordance with Accounting Standards referred to in section 21l(3c) of the Companies Act, 1956 and other requirements of the Act. The accounting policies have been consistently applied by the Company and are consistent with those used in previous period. (b) Use of estimates The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and the disclosure of contingent liabilities as at the date of the financial statements and reported amounts of revenues and expenses during the reporting period. Actual results could differ from these estimates. 14 Revised in 2005. 205 Handbook of Auditing Pronouncements-II (c) Fixed assets Fixed assets are stated at cost, (other than some fixed assets which are stated at values as determined by the valuer), less accumulated depreciation and impairment losses, if any. Cost comprises the purchase price and any attributable cost of bringing the asset to its working condition for its intended use. Financing costs relating to acquisition of fixed assets are also included to the extent they relate to the period till such assets are ready to be put to use. The carrying amount of fixed assets are reviewed at each balance sheet date if there is any indication of impairment based on internal vs. external factors. An impairment loss is recognized wherever the carrying amount of an asset exceeds its recoverable amount. The recoverable amount is the greater of the asset's net selling price and value in use. In assessing the value in use, the estimated future cash flows are discounted to their present value at the weighted average cost of capital. (d) Method of depreciation (i) Depreciation on the fixed assets is charged on straight line method, at the rates specified in Schedule XIV of the Companies Act, 1956, (except to the extent stated in para ii and vi below), which are based on the useful lives of the assets. (ii) Depreciation on the following fixed assets of Internet Service division is charged on straight-line method at the rates, based on useful lives of the assets as estimated by the management, which are equal to or higher than the rates specified by Schedule XIV. Asset Description Depreciation Rate Plant and machinery 10% Networking equipment* 10% Office equipment 10% Ducts and optical fiber cables* 4.75% *Included under Plant & Machinery. 206 Reports in Company Prospectuses iii) Amount added to assets on account of foreign exchange fluctuation is depreciated prospectively over the remaining useful lives of the respective assets. iv) No amortization is made for leasehold land, which is under perpetual lease. v) Assets costing less than Rs. 5,000 each are depreciated @ 100 % vi) Depreciation on Company's share of fixed assets of an unincorporated joint venture is provided on straight-line method at the following rates based on their useful lives as estimated by the management of the joint venture. Asset Description Depreciation Rate Buildings 10% Plant & Machinery 20% Vehicles 20% Furniture, fixtures & office equipments 20% 207 Handbook of Auditing Pronouncements-II Appendix 7 Illustrative Format of the Engagement Letter for the Entire Engagement to Issue Report on the Prospectus (refer paragraph 2.6) Date Name of Company Address Letter of Engagement Dear Sirs, We are writing to confirm our understanding of the scope and limitations of the work to be performed by us in connection with ____________[Draft Red Herring Prospectus/Red Herring Prospectus/Prospectus (“DRHP/RHP/Prospectus”), dated [Date] prepared in connection with the filing of an offer document a proposed issue of _________________[Insert name and type of security] (the “Equity Shares/Notes/Security”) by _________________ (name of the company) (the “Company”) with the Securities and Exchange Board of India (“SEBI”) and the Registrar of Companies, _______________ [Insert name of the State]. This letter is not to be used in connection with the sale of securities in the ____________________ (name of the Country). We accept no duty or responsibility to and deny any liability to any party in respect of any use of this letter in connection with the sale of securities in the ________________________ (name of the country) As part of the offer document, the Company will prepare financial information for the period from ------------------- to ---------- and for the quarter ended -------, along with the adjusted profits (i.e., after adjustments as required by the SEBI {Disclosure and Investor Protection) Guidelines 2000 (‘the Guidelines’)} for each of the five years ended -________and for the quarter ended ………………… in a manner consistent with the accounting policies being adopted for the quarter ended ---------. Further, the Company will prepare financial information of its subsidiaries for the period from ------------ to -------------, along with the recasted financial information (as per the Guidelines) for each of the 5 years ended --------- 208 Reports in Company Prospectuses ----- and for the quarter ended -------- in a manner consistent with the accounting policies being adopted for the quarter ended --------. The Company will prepare other financial information to be included in the offer document as required by the Guidelines issued by the SEBI in pursuance of section 11 of the Securities and Exchange Board of India Act, 1992. A. Accordingly, we will examine the following information to be included in the offer document of the Company (together with the ‘Financial Information’) as required by Part II of Schedule II to the Companies Act, 1956: (a) adjusted profits of the Company for each of the five financial years ended --------- and for the quarter ended -------- assets and liabilities of the Company as at ------------and significant accounting policies and notes thereto (b) dividend declared by the Company for each of the five years ended ---------- and for the quarter ------------. (c) adjusted profits of each subsidiary company of the Company for each of the five financial periods/years ended --------------- and quarter ended -----------, assets and liabilities of each subsidiary company of the Company as at ----------along with significant accounting policies and notes thereto. (d) Cash flow statement for each of the five financial year ended -------- --- and for the quarter ended ------------ (e) Statement of tax shelters for the Company for each of the ----- financial year ended ------------ (f) Capitalisation statement for the Company as at -----------; (g) Accounting ratios for the Company for each of the five financial years ended ----------- and for the quarter ended ---------; (h) Details of secured and unsecured loans as at -------------- and for the five years ended ------------ ; and In connection with the offering of Equity Shares/Notes/Security, we will perform all necessary procedures, in order to issue an auditors’ report to the Company, in accordance with the Guidance Notes on Reports in Company Prospectuses , issued by the Institute of Chartered Accountants of India ('the Guidance Note). 209 Handbook of Auditing Pronouncements-II Our work and findings shall not in any way constitute advice or recommendations (and we accept no liability in relation to any advice or recommendations) regarding any commercial decisions associated with the issue of the _________________(name of the security). B. Upon completion of our examination, we will provide you with our report on the adjusted Financial Information referred to above, and bring to your attention any material errors of which we become aware during our examination. C. It should be understood that we make no representation regarding questions of legal interpretation or regarding the sufficiency for your purposes of the procedures enumerated above; also, such procedures would not necessarily reveal any material misstatement of the amounts or percentages listed above. Further, we will address ourselves solely to the foregoing data as set forth in the offer document and will make no representation regarding the adequacy of disclosure or regarding whether any material facts have been omitted or appropriateness of comparative information for evaluation. D. We will conduct our examination in accordance with auditing standards generally accepted in India and the Guidance Note. Those standards require that we plan and perform our engagement to obtain reasonable assurance that the Financial Information, are free of material misstatement whether caused by errors or fraud. However, having regard to the test nature of our examination, persuasive rather than conclusive nature of audit evidence together with any inherent limitations of any accounting and internal control system, there is an unavoidable risk that even some material misstatements of the Financial Information, resulting from fraud, and to a lesser extent error, if either exists, may remain undetected. Also, our examination is not designed to detect error or fraud that is immaterial to the Financial Information. As part of our examination, we will consider, solely for the purpose of planning our work and determining the nature, timing, and extent of our audit procedures, the Company’s internal control environment. This consideration will not be sufficient to enable us to provide assurance on internal control or to identify all reportable conditions. We will determine that appropriate members of management are informed of fraud and illegal acts, unless they are clearly inconsequential, of which we 210 Reports in Company Prospectuses become aware in the regular course of our examination focused on the Financial Information. In addition, we will inform appropriate members of management of significant adjustments and of reportable conditions noted during our examination. E. For our examination, we will place reliance on the following: i) The financial statements of ABC Ltd for the year ended ------------------------ -, which have been audited and reported upon by us, vide our reports dated --------------, respectively. ii) The financial statements of ABC Ltd for the financial years ended ----------- , which have been audited and reported upon by -------------------- , Chartered Accountants hereafter referred as ---------------. {if required} iii) The financial statements of below mentioned subsidiaries for the year ended -----------, which have been audited and reported by us, vide our reports mentioned there against, hereafter referred as the ------------ Subsidiaries Financial Statements: Name of subsidiaries Auditor report’s date iv) The financial statements of the below mentioned subsidiaries of ABC Ltd which have been audited and reported upon by their auditors, the names of which and the period of their audit are mentioned thereagainst. Name of subsidiaries Name of the Auditors v) The un-audited financial statements of below mentioned subsidiaries of ABC for the quarter ended -----------. Name of subsidiaries 211 Handbook of Auditing Pronouncements-II Our audit of the financial statements for the period referred to in paragraphs F (i) and F(iii) of this letter comprises such audit tests and procedures as deemed necessary for the purpose of expressing an opinion on such financial statements taken as a whole. For none of the other periods referred to in paragraph F we will perform audit tests for the purpose of expressing an opinion on individual balances of accounts or summaries of selected transactions such as those enumerated above and accordingly, we express no opinion thereon. F. Consent Letters We will issue consent letters to act as an auditor and to permit the inclusion of our report in the offer document. In connection with the issuance of our consent, we will perform certain procedures as required by professional standards. These include, but are not limited to, the following: (a) Reading the offer document; and (b) Obtaining a representation letter from management (and other matters as appropriate) Based on the results of our procedures, we will consider whether the Financial Information referred above and/or our auditors' report needs to be modified in order to consent to the inclusion of our reports in the offer document. G. Management's responsibilities and representations The Financial Information are the responsibility of the management of the Company, which is also responsible for establishing and maintaining effective internal control, for properly recording transactions in the accounting records, for safeguarding assets, for prevention and detection of fraud and error, for complying with accounting standards and for the overall fair presentation of the Financial Information and Other Financial Information. Management of the Company is also responsible for identifying and ensuring that the Company complies with the laws and regulations applicable to its activities. Management is responsible for adjusting the Financial Information to correct material misstatements and for affirming to us in its representation letter that the effects of any unadjusted differences identified by us during the work are immaterial, both individually and in the aggregate, to the Financial Information taken as a whole. 212 Reports in Company Prospectuses As an integral part of our procedures and as required by auditing standards generally accepted in India, and the Guidance Notes, we will request letters of representation from officers and other executives, including the chief executive, financial, and accounting officers, responsible for financial and accounting matters of the Company. This includes making specific inquiries of management about the representations contained in the Financial Information and the effectiveness of the internal control structure. The responses to those inquiries, written representations and the results of our examination tests comprise the evidential matter we intend to rely upon in forming an opinion on the Financial Information. Because of the importance of management's representations to effective examination and review, the Company agrees to release [Auditor Name], Chartered Accountants and its personnel from any liability and costs relating to our services under this letter attributable to any misrepresentations by management. In order to enable us to fulfil our responsibilities, you agree on request, to provide us with complete, accurate and timely information and to carry out any obligations ascribed to or undertaken by you or others under your control. Management’s failure to provide requisite information on a timely basis may cause us to delay our report, modify our procedures, or even terminate our engagement. You agree that any commercial decisions that you make, are not within the scope of our duty of care and in taking such decisions you should take into account the restrictions on the scope of our work and other factors, commercial and otherwise, of which you and your other advisers are, or should be, aware from sources other than our work. H. Other Terms (a) If you intend to publish or otherwise reproduce the Financial Information together with our report (or otherwise make reference to our firm) in a document other than that which contains other information, you agree to (i) provide us with a draft of the document to read, and (ii) obtain our approval for inclusion of our report, before it is printed and distributed. (b) Under this arrangement, we have no responsibility to update our reports for events and circumstances occurring after the date of our report. 213 Handbook of Auditing Pronouncements-II (c) The working papers prepared in conjunction with our examination's are the property of our firm, constitute confidential information and will be retained by us in accordance with our firm's polices and procedures. I. Fees and Billing arrangements Our fees for the engagement covered under this letter of engagement will be ___________________ [insert amount]. We will also charge for any expenses incurred during the engagement and we will add applicable taxes to charges and expenses. Any fee estimate agreed with you is necessarily based on the assumption that the information required for our work is made available in accordance with agreed timetables, and that your key executives and personnel are available during the course of our work. If delays or other unanticipated problems which are beyond our control occur this may result in additional fees for which invoices will be raised. Should the scope of our work require any modification, including reporting on the financial statements or financial information for any broken period subsequent to [insert period-end date], we will discuss the matter with you immediately and only proceed to incur additional fees with your prior approval. We will be entitled to submit invoices for services provided and expenses incurred on an interim basis as the work progresses. Invoices are payable upon presentation. We reserve the right, where fees have been invoiced and payment is outstanding to us, to exercise a lien in respect of those outstanding fees over any documents belonging to you which may be in our possession. Our billing is payable upon the presentation of our fee note. Our fees, expenses and applicable taxes are payable by the Company. We shall be grateful if you will acknowledge receipt of this letter by signing and returning to us the duplicate copy of this letter, which is enclosed. If the contents are not in accordance with your understanding of our agreement, we shall be pleased to receive your further observations and to give you any further information you require. We also wish to draw your attention to the fact that our examination process is subject to peer review under the Chartered Accountants Act, 1949. The reviewer may examine our working papers during the course of the peer review. 214 Reports in Company Prospectuses For ABC and Co. Chartered Accountants Signature [Name of the Member] Designation@@@ Membership Number Place of Signature: Date: By: ______________________ [Name] __________________________ [Title] __________________________ [Date] @@@ Partner or proprietor, as the case may be. 215 Handbook of Auditing Pronouncements-II Appendix 8 Some Frequently Asked Questions on Public Issues (refer paragraph 2.9) Note: The following questions and answers have been extracted from the website of the Securities and Exchange Board of India (SEBI) and have been included in this publication for the ease of understanding and knowledge of the readers. The Institute of Chartered Accountants of India is not liable for any action taken or not taken on the basis of these questions and answers. The complete text of the following and other related questions can be found at the website of SEBI (www.sebi.gov.in). Q1. What are the different kinds of issues? Primarily, issues can be classified as a Public, Rights or preferential issues (also known as private placements). While public and rights issues involve a detailed procedure, private placements or preferential issues are relatively simpler. The classification of issues is illustrated below: ISSUES Private Placement Public Rights Private placement Preferential Qualified Institutions (For Unlisted Issue Placement companies) (For listed (For listed companies) companies) Initial Public Offering Further Public Offering (For unlisted companies) (For listed companies) Fresh Issue Offer for sale Fresh Issue Offer for sale 216 Reports in Company Prospectuses Public issues can be further classified into Initial Public offerings and further public offerings. In a public offering, the issuer makes an offer for new investors to enter its shareholding family. The issuer company makes detailed disclosures as per the DIP guidelines in its offer document and offers it for subscription. The significant features are illustrated below: Initial Public Offering (IPO) is when an unlisted company makes either a fresh issue of securities or an offer for sale of its existing securities or both for the first time to the public. This paves way for listing and trading of the issuer’s securities. A Further public offering (FPO) is when an already listed company makes either a fresh issue of securities to the public or an offer for sale to the public, through an offer document. An offer for sale in such scenario is allowed only if it is made to satisfy listing or continuous listing obligations Rights Issue (RI) is when a listed company which proposes to issue fresh securities to its existing shareholders as on a record date. The rights are normally offered in a particular ratio to the number of securities held prior to the issue. This route is best suited for companies who would like to raise capital without diluting stake of its existing shareholders unless they do not intend to subscribe to their entitlements. A private placement is an issue of shares or of convertible securities by a company to a select group of persons under Section 81 of the Companies Act, 1956 which is neither a rights issue nor a public issue. This is a faster way for a company to raise equity capital. A private placement of shares or of convertible securities by a listed company is generally known by name of preferential allotment. A listed company going for preferential allotment has to comply with the requirements contained in Chapter XIII of SEBI (DIP) Guidelines pertaining to preferential allotment in SEBI (DIP) guidelines which inter alia include pricing, disclosures in notice etc, in addition to the requirements specified in the Companies Act. A Qualified Institutions Placement is a private placement of equity shares or securities convertible in to equity shares by a listed company to Qualified Institutions Buyers only in terms of provisions of Chapter XIIIA of SEBI (DIP) guidelines. The Chapter contains provisions relating to pricing, disclosures, currency of instruments etc. 217 Handbook of Auditing Pronouncements-II Q2. What are “DIP” guidelines? The primary issuances are governed by SEBI in terms of SEBI (Disclosures and Investor protection) guidelines. SEBI framed its DIP guidelines in 1992. Many amendments have been carried out in the same in line with the market dynamics and requirements. In 2000, SEBI issued “Securities and Exchange Board of India (Disclosure and Investor Protection) Guidelines, 2000” which is compilation of all circulars organized in chapter forms. These guidelines and amendments thereon are issued by SEBI India under section 11 of the Securities and Exchange Board of India Act, 1992. SEBI (Disclosure and investor protection) guidelines 2000 are in short called DIP guidelines. It provides a comprehensive framework for issuances buy the companies. Q3. What is the difference between an offer document, RHP, a prospectus an abridged prospectus, letter of offer, abridged letter of offer and Placement document? What does it mean when someone says “draft offer doc”? “Offer document” means Prospectus in case of a public issue or offer for sale and Letter of Offer in case of a rights issue which is filed Registrar of Companies (ROC) and Stock Exchanges. An offer document covers all the relevant information to help an investor to make his/her investment decision. “Draft Offer document” means the offer document in draft stage. The draft offer documents are filed with SEBI, atleast 21 days prior to the filing of the Offer Document with ROC/ SEs. SEBI may specifies changes, if any, in the draft Offer Document and the issuer or the Lead Merchant banker shall carry out such changes in the draft offer document before filing the Offer Document with ROC/ SEs. The Draft Offer document is available on the SEBI website for public comments for a period of 21 days from the filing of the Draft Offer Document with SEBI. “Red Herring Prospectus” is a prospectus which does not have details of either price or number of shares being offered or the amount of issue. This means that in case price is not disclosed, the number of shares and the upper and lower price bands are disclosed. On the other hand, an issuer can state the issue size and the number of shares are determined later. An RHP for and FPO can be filed with the RoC without the price band and the issuer, in such a case will notify the Frequently Asked Questions on Issues and use of ECS for Refunds – For Reference Only 6 floor price or a price band by way of an advertisement one day prior to the opening of the issue. In the case of book-built issues, it is a process 218 Reports in Company Prospectuses of price discovery and the price cannot be determined until the bidding process is completed. Hence, such details are not shown in the Red Herring prospectus filed with ROC in terms of the provisions of the Companies Act. Only on completion of the bidding process, the details of the final price are included in the offer document. The offer document filed thereafter with ROC is called a prospectus. “Abridged Prospectus” means the memorandum as prescribed in Form 2A under sub-section (3) of section 56 of the Companies Act, 1956. It contains all the salient features of a prospectus. It accompanies the application form of public issues. “Letter of offer” means the offer document prepared by company for its rights issue and which is filed with the Stock Exchanges. The letter of offer contains all the disclosures as required in term of SEBI(DIP) guidelines and enable shareholder in making an informed decision. “Abridged letter of offer” means the abridged version of the letter of offer. Listed company is required to send the abridged letter of offer to each and every shareholder who is eligible for participating in the rights issue along with the application form. A company is also required to send detailed letter of offer upon request by any Shareholder. “Placement Document” means document prepared by Merchant Banker for the purpose of Qualified Institutions placement and contains all the relevant and material disclosures to enable QIBs to make an informed decision. Q4. Who decides the price of an issue? Indian primary market ushered in an era of free pricing in 1992. Following this, the guidelines have provided that the issuer in consultation with Merchant Banker shall decide the price. There is no price formula stipulated by SEBI. SEBI does not play any role in price fixation. The company and merchant banker are however required to give full disclosures of the parameters which they had considered while deciding the issue price. There are two types of issues one where company and LM fix a price (called fixed price) and other, where the company and LM stipulate a floor price or a price band and leave it to market forces to determine the final price (price discovery through book building process). 219 Handbook of Auditing Pronouncements-II What are Fixed Price offers? An issuer company is allowed to freely price the issue. The basis of issue price is disclosed in the offer document where the issuer discloses in detail about the qualitative and quantitative factors justifying the issue price. The Issuer company can mention a price band of 20% (cap in the price band should not be more than 20% of the floor price) in the Draft offer documents filed with SEBI and actual price can be determined at a later date before filing of the final offer document with SEBI/ROCs. What does “price discovery through book building process” mean? “Book Building” means a process undertaken by which a demand for the securities proposed to be issued by a body corporate is elicited and built up and the price for the securities is assessed on the basis of the bids obtained for the quantum of securities offered for subscription by the Frequently Asked Questions on Issues and use of ECS for Refunds – For Reference Only 8 issuer. This method provides an opportunity to the market to discover price for securities. Q5. Book Building in Detail: How does Book Building work? The logic: Book building is a process of price discovery. Hence, the Red Herring prospectus does not contain a price. Instead, the red herring prospectus contains either the floor price of the securities offered through it or a price band along with the range within which the bids can move. The applicants bid for the shares quoting the price and the quantity that they would like to bid at. Only the retail investors have the option of bidding at ‘cut-off’. After the bidding process is complete, the ‘cut- off’ price is arrived at on the lines of Dutch auction. The basis of Allotment (Refer Q. 15.j) is then finalized and letters allotment/refund is undertaken. The final prospectus with all the details including the final issue price and the issue size is filed with ROC, thus completing the issue process. What is a price band? As stated in the answer to Q. 7.a above, the red herring prospectus may contain either the floor price for the securities or a price band within which the investors can bid. The spread between the floor and the cap of the price band shall not be more than 20%. In other words, it means that the cap should not be more than 120% of the floor price. 220 Reports in Company Prospectuses The price band can have a revision and such a revision in the price band shall be widely disseminated by informing the stock exchanges, by issuing press release and also indicating the change on the relevant website and the terminals of the syndicate members. In case the price band is revised, the bidding period shall be extended for a further period of three days, subject to the total bidding period not exceeding thirteen days. Who decides the price band? It may be understood that the regulatory mechanism does not play a role in setting the price for issues. It is up to the company to decide on the price or the price band, in consultation with Merchant Bankers. The basis of issue price is disclosed in the offer document. The issuer is required to disclose in detail about the qualitative and quantitative factors justifying the issue price. What is firm allotment? A company making an issue to public can reserve some shares on “allotment on firm basis” for some categories as specified in DIP guidelines. Allotment on firm basis indicates that allotment to the investor Frequently Asked Questions on Issues and use of ECS for Refunds – For Reference Only 9 is on firm basis. DIP guidelines provide for maximum % of shares which can be reserved on firm basis. The shares to be allotted on “firm allotment category” can be issued at a price different from the price at which the net offer to the public is made provided that the price at which the security is being offered to the applicants in firm allotment category is higher than the price at which securities are offered to public. Q6. Understanding the role of intermediaries: Who are the intermediaries in an issue? Merchant Bankers to the issue or Book Running Lead Managers (BRLM), syndicate members, Registrars to the issue, Bankers to the issue, Auditors of the company, Underwriters to the issue, Solicitors, etc. are the intermediaries to an issue. The issuer discloses the addresses, telephone/fax numbers and email addresses of these intermediaries. In addition to this, the issuer also discloses the details of the compliance officer appointed by the company for the purpose of the issue. 221 Handbook of Auditing Pronouncements-II Who is eligible to be a BRLM? A Merchant banker possessing a valid SEBI registration in accordance with the SEBI (Merchant Bankers) Regulations, 1992 is eligible to act as a Book Running Lead Manager to an issue. What is the role of a Lead Manager? (pre and post issue) In the pre-issue process, the Lead Manager (LM) takes up the due diligence of company’s operations/ management/ business plans/ legal etc. Other activities of the LM include drafting and design of Offer documents, Prospectus, statutory advertisements and memorandum containing salient features of the Prospectus. The BRLMs shall ensure compliance with stipulated requirements and completion of prescribed formalities with the Stock Exchanges, RoC and SEBI including finalisation of Prospectus and RoC filing. Appointment of other intermediaries viz., Registrar(s), Printers, Advertising Agency and Bankers to the Offer is also included in the pre-issue processes. The LM also draws up the various marketing strategies for the issue. The post issue activities including management of escrow accounts, coordinate non-institutional allocation, intimation of allocation and dispatch of refunds to bidders etc are performed by the LM. The post Offer activities for the Offer will involve essential follow-up steps, which include the finalization of trading and dealing of instruments and dispatch of certificates and demat of delivery of shares, with the various agencies connected with the work such as the Registrar(s) to the Offer and Bankers to the Offer and the bank handling refund business. The merchant banker shall be responsible for ensuring that these agencies fulfill their functions and enable it to discharge this responsibility through suitable agreements with the Company. A merchant banker is required to do the necessary due diligence in case of QIP mechanism. What is the role of a registrar? The Registrar finalizes the list of eligible allottees after deleting the invalid applications and ensures that the corporate action for crediting of shares to the demat accounts of the applicants is done and the dispatch of refund orders to those applicable are sent. The Lead manager coordinates with the Registrar to ensure follow up so that that the flow of applications from collecting bank branches, processing of the applications and other matters till the basis of 222 Reports in Company Prospectuses allotment is finalized, dispatch security certificates and refund orders completed and securities listed. What is the role of bankers to the issue? Bankers to the issue, as the name suggests, carries out all the activities of ensuring that the funds are collected and transferred to the Escrow accounts. The Lead Merchant Banker shall ensure that Bankers to the Issue are appointed in all the mandatory collection centers as specified in DIP Guidelines. The LM also ensures follow-up with bankers to the issue to get quick estimates of collection and advising the issuer about closure of the issue, based on the correct figures. Question on Due diligence The Lead Managers state that they have examined various documents including those relating to litigation like commercial disputes, patent disputes, disputes with collaborators etc. and other materials in connection with the finalization of the offer document pertaining to the said issue; and on the basis of such examination and the discussions with the Company, its Directors and other officers, other agencies, independent verification of the statements concerning the objects of the issue, projected profitability, price justification, etc., they state that they have ensured that they are in compliance with SEBI, the Government and any other competent authority in this behalf. Q7. Guide to understand an Offer Document This section basically tries to tell the reader about the structure of presentation of the content in the Offer Document. This is with a view to help the reader navigate through the content of an offer document. Cover Page The Cover Page of the offer document covers full contact details of the issuer company, lead managers and registrars, the nature, number, price and amount of instruments offered and issue size, and the particulars regarding listing. Other details such as Credit Rating, IPO Grading, if opted for, risks in relation to the first issue, etc are disclosed if applicable. Risk Factors Here, the issuer’s management gives its view on the Internal and external risks faced by the company. Here, the company also makes a note on the forward looking statements. This information is disclosed in the initial pages of the 223 Handbook of Auditing Pronouncements-II document and it is also clearly disclosed in the abridged prospectus. It is generally advised that the investors should go through all the risk factors of the company before making an investment decision. Introduction The introduction covers a summary of the industry and business of the issuer company, the offering details in brief, summary of consolidated financial, operating and other data. General Information about the company, the merchant bankers and their responsibilities, the details of brokers/syndicate members to the Issue, credit rating (in case of debt issue), debenture trustees (in case of debt issue), monitoring agency, book building process in brief and details of underwriting Agreements are given here. Important details of capital structure, objects of the offering, funds requirement, funding plan, schedule of implementation, funds deployed, sources of financing of funds already deployed, sources of financing for the balance fund requirement, interim use of funds, basic terms of issue, basis for issue price, tax benefits are covered. About us This presents a review of on the details of the business of the company, business strategy, competitive strengths, insurance, industry-regulation (if applicable), history and corporate structure, main objects, subsidiary details, management and board of directors, compensation, corporate governance, related party transactions, exchange rates, currency of presentation dividend policy and management's discussion and analysis of financial condition and results of operations are given. Financial Statements Financial statement, changes in accounting policies in the last three years and differences between the accounting policies and the Indian Accounting Policies (if the Company has presented its Financial Statements also as per Either US GAAP/IAS are presented. Legal and other information Outstanding litigations and material developments, litigations involving the company and its subsidiaries, promoters and group companies are disclosed. Also material developments since the last balance sheet date, government 224 Reports in Company Prospectuses approvals/licensing arrangements, investment approvals (FIPB/RBI etc.), all government and other approvals, technical approvals, indebtedness, etc. are disclosed. Other regulatory and statutory disclosures Under this head, the following information is covered: authority for the Issue, prohibition by SEBI, eligibility of the company to enter the capital market, disclaimer clause, disclaimer in respect of jurisdiction, distribution of information to investors, disclaimer clause of the stock exchanges, listing, impersonation, minimum subscription, letters of allotment or refund orders, consents, expert opinion, changes in the auditors in the last 3 years, expenses of the issue, fees payable to the lead managers, fees payable to the issue management team, fees payable to the registrars, underwriting commission, brokerage and selling commission, previous rights and public issues, previous issues for cash, issues otherwise than for cash, outstanding debentures or bonds, outstanding preference shares, commission and brokerage on, previous issues, capitalization of reserves or profits, option to subscribe in the issue, purchase of property, revaluation of assets, classes of shares, stock market data for equity, shares of the company, promise vis-à-vis performance in the past issues and mechanism for redressal of investor grievances. Offering information Under this head, the following information is covered: Terms of the Issue, ranking of equity shares, mode of payment of dividend, face value and issue price, rights of the equity shareholder, market lot, nomination facility to investor, issue procedure, book building procedure if applicable, bidform, who can bid, maximum and minimum bid size, bidding process, bidding bids at different price levels, escrow mechanism, terms of payment and payment into the escrow collection account, electronic registration of bids, build up of the book and revision of bids, price discovery and allocation, signing of underwriting agreement and filing of prospectus with SEBI/ROC, announcement of statutory advertisement, issuance of confirmation of allocation note("can") and allotment in the issue, designated date, general instructions, instructions for completing the bid form, payment instructions, submission of bid form, other instructions, disposal of application and application moneys, , interest on refund of excess bid amount, basis of allotment or allocation, method of proportionate allotment, dispatch of refund orders, communications, undertaking by the company, 225 Handbook of Auditing Pronouncements-II utilization of issue proceeds, restrictions on foreign ownership of Indian securities, etc., Other Information This covers description of equity shares and terms of the Articles of Association, material contracts and documents for inspection, declaration, definitions and abbreviations, etc., Q8. I have heard a lot about these new terms. What do they mean? Green-shoe Option A Green Shoe option means an option of allocating shares in excess of the shares included in the public issue and operating a post-listing price stabilizing mechanism for a period not exceeding 30 days in accordance with the provisions of Chapter VIIIA of DIP Guidelines, which is granted to a company to be exercised through a Stabilizing Agent. This is an arrangement wherein the issue would be over allotted to the extent of a maximum of 15% of the issue size. From an investor’s perspective, an issue with green shoe option provides more probability of getting shares and also that post listing price may show relatively more stability as compared to market. Safety Net Any safety net scheme or buy-back arrangements of the shares proposed in any public issue shall be finalized by an issuer company with the lead merchant banker in advance and disclosed in the prospectus. Such buy back or safety net arrangements shall be made available only to all original resident individual allottees limited up to a maximum of 1000 shares per allottee and the offer is kept open for a period of 6 months from the last date of dispatch of securities. The details regarding Safety Net are covered under Clause 8.18 of DIP Guidelines. Syndicate Member The Book Runner(s) may appoint those intermediaries who are registered with the Board and who are permitted to carry on activity as an ‘Underwriter’ as syndicate members. The syndicate members are mainly appointed to collect and entre the bid forms in a book built issue. 226 Reports in Company Prospectuses Hard underwriting Hard underwriting is when an underwriter agrees to buy his commitment at its earliest stage. The underwriter guarantees a fixed amount to the issuer from the issue. Thus, in case the shares are not subscribed by investors, the issue is devolved on underwriters and they have to bring in the amount by subscribing to the shares. The underwriter bears a risk which is much higher in soft underwriting. Soft underwriting Soft underwriting is when an underwriter agrees to buy the shares at later stages as soon as the pricing process is complete. He then, immediately places those shares with institutional players. The risk faced by the underwriter as such is reduced to a small window of time. Also, the soft underwriter has the option to invoke a force Majeure (acts of God) clause in case there are certain factors beyond the control that can affect the underwriter’s ability to place the shares with the buyers. Cut Off Price In Book building issue, the issuer is required to indicate either the price band or a floor price in the red herring prospectus. The actual discovered issue price can be any price in the price band or any price above the floor price. This issue price is called “Cut off price”. This is decided by the issuer and LM after considering the book and investors’ appetite for the stock. SEBI (DIP) guidelines permit only retail individual investors to have an option of applying at cut off price. 227 13 GUIDANCE NOTE ON AUDIT OF ABRIDGED FINANCIAL STATEMENTS* The Guidance Note has been withdrawn pursuant to the issuance of the Standard on Auditing (SA) 810, “Engagements to Report on Summary Financial Statements” applicable for audits of financial statements for periods beginning on or after April 1, 2011. The entire text of the Guidance Note has been given in Vol.II of the Handbook of Auditing Pronouncements (2009 Edition). * Issued in August, 1990. 14 GUIDANCE NOTE ON CERTIFICATION OF DOCUMENTS FOR REGISTRATION OF CHARGES* Contents Paragraph(s) Introduction .................................................................................. 1.1-1.2 Provisions of Law ........................................................................ 2.1-2.5 Form and Documents .................................................................. 3.1-3.5 Form No. 8 ................................................................................... 3.1 Form No.10 .................................................................................. 3.2 Form No.17 .................................................................................. 3.3 Form No.13 .................................................................................. 3.4 Form No. 21 ................................................................................. 3.5 Verification of Forms ................................................................... 4.1-4.5 General ........................................................................................ 4.1 Registration of Charges ............................................................... 4.2 Modification in Charges................................................................ 4.3 Satisfaction of Charges ................................................................ 4.4 Register of Charges ..................................................................... 4.5 Format of Certificate ............................................................................. 5 Annexures * Issued in January, 1994. Handbook of Auditing Pronouncements-II 1. Introduction 1.1 Companies registered under the Companies Act, 1956 ('the Act') are required to file periodically, various forms and documents with the Registrar of Companies, as prescribed under the Act. The Department of Company Affairs has issued two circulars, whereunder Registrars of Companies ('the Registrar') are to take on record documents relating to charges filed by companies, duly certified as correct by a chartered accountant/cost accountant/company secretary, in practice, within a reasonable period. The text of the circulars is reproduced hereunder: (a) Circular No. 14/90, dated 5.9.1990, vide No. 1/1/90 CL.V, issued by the Department of Company Affairs: "I am directed to say that with a view to taking on record the documents relating to charges/modification of charges/satisfaction of charges, it has been decided that as and when the aforesaid documents are filed by the companies or the creditors concerned, duly certified as correct by a chartered accountant/cost accountant/company secretary in practice, the same may be taken on record within a reasonable period of say, ten (10) days. You are also advised that in case the relevant certificate of charge etc., is not collected by the company's representative concerned within seven (7) days thereafter, the same may be sent by post." (b) Circular No.5/91, dated 26.2.1991, vide Nos. 1/3/91-CL.V, 3/10/91- CL.V, issued by the Department of Company Affairs: "This has reference to this Department's Circular No.14/90 dated 5.9.1990 on the above mentioned subject. It has been decided that all documents required to be filed with you by companies be taken on record within a reasonable period, say, ten days, if the same are duly certified as correct by a company secretary/chartered accountant/ cost accountant, in practice." 1.2 This Guidance Note seeks to deal with the certification of the forms relating to registration, modification and satisfaction of charges by a practicing chartered accountant and provide guidance on the important aspects, which should be kept in mind while certifying the forms. 230 Certification of Documents for Registration of Charges 2. Provisions of Law 2.1 Sections 124 to 145 of the Companies Act, 1956 deal with registration of charges. Section 125 lays down as below: "125.(1) Subject to the provisions of this Part, every charge created on or after the 1st day of April, 1914, by a company and being a charge to which this section applies shall, so far as any security on the company's property or undertaking is conferred thereby, be void against the liquidator and any creditor of the company, unless the prescribed particulars of the charge, together with the instrument, if any, by which the charge is created or evidenced, or a copy thereof verified in the prescribed manner, are filed with the Registrar for registration in the manner required by this Act within thirty days after the date of its creation. Provided that the Registrar may allow the particulars and instrument or copy as aforesaid to be filed within thirty days next following the expiry of the said period of thirty days on payment of such additional fee not exceeding ten times the amount of fee specified in Schedule X as the Registrar may determine, if the company satisfies the Registrar that it had sufficient cause for not filing the particulars and instrument or copy within that period. (2) Nothing in sub-section (1) shall prejudice any contract or obligation for the repayment of the money secured by the charge. (3) When a charge becomes void under this section, the money secured thereby shall immediately become payable. (4) This section applies to the following charges: (a) charge for the purpose of securing any issue of debentures; (b) a charge on uncalled share capital of the company; (c) a charge on any immovable property, wherever situated, or any interest therein; (d) a charge on any book debts of the company; (e) a charge not being a pledge, on any movable property of the company; 231 Handbook of Auditing Pronouncements-II (f) a floating charge on the undertaking or any property of the company including stock-in-trade; (g) a charge on calls made but not paid; (h) a charge on a ship or any share in a ship; (i) a charge on goodwill, on a patent or a licence under a patent, on a trade mark, or on a copyright or a licence under a copyright. (5) In the case of a charge created out of India and comprising solely property situate outside India, thirty days after the date on which the instrument creating or evidencing the charge or a copy thereof could, in due course of post and if dispatched with due diligence, have been received in India, shall be substituted for thirty days after the date of the creation of the charge, as the time within which the particulars and instrument or copy are to be filed with the Registrar. (6) Where a charge is created in India but comprises property outside India, the instrument creating or purporting to create the charge under this section or a copy thereof verified in the prescribed manner, may be filed for registration, notwithstanding that further proceedings may be necessary to make the charge valid or effectual according to the law of the country in which the property is situate. (7) Where a negotiable instrument has been given to secure the payment of any book debts of a company, the deposit of the instrument for the purpose of securing an advance to the company shall not, for the purposes of this section, be treated as a charge on those book debts. (8) The holding of debentures entitling the holder to a charge on immovable property shall not, for the purposes of this section, be deemed to be an interest in immovable property." 2.2 Section 125 of the Act, thus requires that the prescribed particulars with regard to creation of the charge, are filed with the Registrar, within thirty days of the date of its creation. However, if the company has sufficient cause to justify the delay, (to the satisfaction of the Registrar), it may be allowed to file such particulars within thirty days next following the expiry of the said period of thirty days, on payment of such additional fees, not exceeding ten times the fees specified in the Schedule X to the Act, as the Registrar may determine. 232 Certification of Documents for Registration of Charges If the particulars of charge are not filed, even within the period extended as per proviso to section 125(1) of the Act, a petition would be required to be made to the Company Law Board in terms of the Company Law Board Regulations, 1991 read with the provisions of section 141(1) of the Act, for further extension of time. 2.3 The Companies (Central Government’s) General Rules and Forms, 1956 set forth the forms for various particulars, documents, etc., required to be filed with the Registrar under the Act. The forms relating to registration/ modification/satisfaction of charges are Form nos. 8,10,13, 1 7 & 21**. They respectively deal with: Form No.8 (Pursuant to sections 125, 127 and 135) Particulars of charges created by a company in India/subject to which property has been acquired by a company registered in India/ modification of charges. Form No. 10 (Pursuant to sections 128 and 129) Particulars of a series of debentures, containing or giving by reference to any other instrument, any charge to the benefit of which the debenture holders of the said series are entitled pari passu, created by a company registered in India and also of any issue of debentures in a series. Form No.13 (Pursuant to sections 130,135,137 and 138) Register of charges, to be kept by the Registrar. Form No.17 (Pursuant to section 138) Memorandum of complete satisfaction of charge. Form No.21 (Pursuant to section 141) Notice of Company Law Board's order to the Registrar. 2.4 Under section 143(1) of the Act, every company is required to keep at its registered office, a register of charges and enter therein all charges ** These are reproduced as Annexure 'A' to this Note. 233 Handbook of Auditing Pronouncements-II specifically affecting property of the company and all floating charges on the undertaking or any property of the company giving in each case – (i) a short description of the property charged; (ii) the amount of the charge; and (iii) except in the case of securities to bearer, the names of the persons entitled to the charge. Section 143(2) of the Act lays down that if any officer of the company knowingly omits, or wilfully authorises or permits the omission of, any entry required to be made in pursuance of section 143(1), he shall be punishable with fine which may extend to five hundred rupees. 2.5 Rule 6 and Rule 6A of the Companies (Central Government’s) General Rules and Forms, 1956 also contain certain provisions regarding registration of charges. The same are reproduced below: “6. Sections 125, 127 and 128 - A copy of every instrument or deed creating or evidencing any charge and required to be filed with the Registrar in pursuance of sections 125, 127 or 128 shall be verified as follows: (i) Where the instrument or deed relates solely to property situate outside India, the copy shall be verified by a certificate either under seal of the company, or under the hand of a responsible officer of the company or under the hand of some person interested in the mortgage or charge on behalf of any person other than the company, stating that it is a true copy. (ii) Where the instrument or deed relates, whether wholly or partly, to property situate in India, the copy shall be verified by a certificate of a responsible officer of the company stating that it is a true copy or by certificate of a public officer given under and in accordance with the Provisions of section 76 of the Indian Evidence Act 1872 (1 of 1872). 6A. Section 130 – (1) Every company shall forward to the Registrar, the particulars of charges in Form 13 with a fee of rupees ten, for being entered in the register of charges. (2) Form 13 shall be filed along with the relevant Form 8, or Form 10 or Form 17, as the case may be. 234 Certification of Documents for Registration of Charges (3) The register kept in pursuance to sub-section (3) of section 130 shall be open to inspection by any person on payment of a fee of rupees ten for each inspection." 3. Forms and Documents It will be worthwhile to examine various forms in detail along with documents to be attached to them to enable easier understanding of the verification procedures to certify the correctness of the forms. 3.1 Form No. 8 (a) Form No.8 is required to be filed with the Registrar for filing particulars of- (i) charges created by a company (ii) property acquired by a company, which is subject to an existing charge; and (iii) any modification in an existing charge. (b) The contents of Form No. 8 are as follows: (i) Important particulars of the company creating charge, e.g., name, registration number and nominal capital. (ii) Date and description of the instrument (e.g., trust deed, mortgage or debenture) creating the charge. The term 'charge' includes mortgage. (iii) Amount secured by the charge/amount owing on security of the charge. (iv) Short particulars of the property charged. If the property acquired is subject to charge, date of acquisition of property should be given. (v) Gist of the terms and conditions, and extent and operation of the charge. Amount or rate percent of the commission, allowance or discount (if any) paid or made either directly or indirectly by the company to any person in consideration of his subscribing, or agreeing to subscribe, whether absolutely or conditionally, or procuring or agreeing to procure subscriptions, whether absolute 235 Handbook of Auditing Pronouncements-II or conditional, for any of the debentures included in the return should also be given under this item. (vi) Names, addresses and description of the persons entitled to charge. ‘Persons entitled to charge’ include mortgagees. (vii) Date and brief description of the instrument modifying the charge. (viii) Particulars of modification, specifying the terms and conditions or the extent or operation of the charge in which modification is made, and the details of the modification. (ix) Name, designation and signature of the person presenting the Form. (c) Documents to be enclosed with Form No.8 are as follows: (i) Original instrument creating or modifying charge or certified copy of the instrument. (ii) In the case of mortgage by deposit of title deeds, copy of memorandum of deposit of title deeds. (iii) Copy of loan sanction letter issued by the bank or financial institution. (iv) Copy of demand promissory note. (v) Form No. 13 alongwith proof of payment of the requisite filing fee of rupees ten. 3.2 Form No.10 Form No.10 is required to be filed with the Registrar (a) where a series of debentures containing or giving by reference to another instrument, any charge to the benefit of which the debentureholders of that series are entitled pari passu is created by the company, and (b) for registration of the particulars of any issue of debentures in a series. (a) The contents of Form No. 10 are as follows: (i) Name of the company, its registration number and nominal capital. (ii) Total amount secured by the whole series. (iii) Amount of the present issue of series. 236 Certification of Documents for Registration of Charges (iv) Dates of resolution authorising the issue of the series. (v) Date of the covering deed (if any) by which the security is created or defined; or if there is no such deed, the first execution of any debenture of the series. (vi) General description of the property charged. (vii) Gist of the terms and conditions and extent and operation of the charge. (viii) Names and addresses of the trustees (if any) for the debentureholders. (ix) Date of registration of the series. (x) Date of present issue. (xi) Amount of present issue. (xii) Gist of the terms and conditions and extent and operation of the charge. (xiii) Particulars as to the amount or rate per cent of the commission, allowances or discount (if any) paid, or made either directly or indirectly by the company to any person in consideration of subscribing or agreeing to subscribe, whether absolutely or conditionally, or procuring or agreeing to procure subscription whether absolute or conditional, for any of the debentures included in the return. (xiv) Name, designation and signature of the person presenting the Form. (b) Documents to be enclosed with Form No. 10 are: (i) Covering deed containing charge or a copy of the deed verified in the prescribed manner. (ii) If there is no covering deed, one debenture of the series. (iii) Trust-deed. (iv) Certified copy of the resolution authorising the issue of debentures. 237 Handbook of Auditing Pronouncements-II (v) Copy of certificate of registration of the issue of series of debentures. (vi) Form No. 13 alongwith proof of payment of the requisite filing fee of rupees ten. It may be noted that as per provisions of sections 134 and 135 of the Act it shall be the duty of the company to file with the Registrar, the particulars of every charge created by it or any modification in terms thereof, and every issue of debentures of a series requiring registration. The registration of any such charge may also be effected on the application of any person interested therein, such as mortgagee, charge-holder and a director of the company. However, in view of the decision of hon’ble Kerala high court, in case of C.K. Siva Sankra Panicker vs. Kerala Financial Corporation (1980) 50 Comp. Cas. 817(08), (Ker), the primary responsibility to file the particulars of any charge so created or modified, lies with the company only. 3.3 Form No.17 Form No. 17 is a memorandum of complete satisfaction of a charge. It gives notice to the Registrar of satisfaction in full of a registered charge. (a) The contents of Form No. 17 include the date of satisfaction of the charge, a description of the instrument creating or evidencing the charge, and details of the registration of the charge. It may be noted that Form No. 17 can be filed by the company only. (b) Form No. 13 alongwith proof of payment of prescribed fee is required to be attached with Form No. 17. 3.4 Form No.13 Form No.13 is required to be filed alongwith Form Nos. 8, 10, or 17 for being entered in the register of charges maintained by the Registrar. 3.5 Form No. 21 Form No.21 is required to be filed for giving notice of Company Law Board's order to the Registrar. (a) The contents of Form No. 21 are as follows: (i) Name of the company, its registration number and nominal capital. 238 Certification of Documents for Registration of Charges (ii) Location of Company Law Board's bench which passed the relevant order. (iii) Date of passing the order. (iv) Section of the Act under which the order has been passed. (v) Name, designation and signature of the person presenting the Form. (b) Documents to be enclosed with Form No. 21 are as follows: · (i) Authenticated copy of the relevant order of Company Law Board. (ii) Proof of payment of prescribed fee. 4. Verification of Forms A chartered accountant in practice may be called upon to certify the correctness of the various forms to be filed with the Registrar in respect of registration of the creation, modification or satisfaction of charges. A suggestive check-list of the important points which one should look into, before certifying the correctness of such forms, i.e., Form Nos.8, 10,13,17 and 21 relating to registration, modification and satisfaction of charges, is given hereunder. It may however be clarified that a specific situation may warrant other tests also. 4.1 General The auditor should verify that – (i) The original documents creating the charge have been executed on the stamp paper of the appropriate value as required by the Indian Stamp Act, 1899 and are duly sealed, signed and dated. (ii) The name of the company is correctly mentioned in the return as on the original document creating the charge and the memorandum of association of the company. (iii) The return of charges to be filed with the Registrar, is dated after the date of creation, modification or satisfaction of the charge, as the case may be. 239 Handbook of Auditing Pronouncements-II (iv) The name and designation of the person(s) who has/have executed the document and signed the Form are written legibly on the copy of the document. (v) The copy of the instrument enclosed with the return discloses the value of stamp paper used for the execution of the document. (vi) The copy of the document enclosed is duly certified to be true by a director, manager or secretary of the company, or by the person who is interested in the mortgage or the charge. (vii) The registration number and the amount of nominal capital of the company is correctly mentioned in the documents being filed. (viii) The column for name of the director/manager/secretary who is filing the document, has been properly filled up. 4.2 Registration of Charges (i) The property charged and the amount of the charge has been clearly stated in the documents creating the charge. In case the amount of charge is stated in terms of foreign currency, its equivalent in Indian rupee should also be stated. (ii) In case of charge on properties acquired which are subject to an existing charge, apart from the instrument evidencing the acquisition of such property, the original instrument which created the charge on the property is also enclosed. (iii) The document contains the terms relating to mode of repayment, rate of interest, margin and the type of charge, i.e., first, second, joint or inter se, pari passu etc. (iv) The date of creation of the charge and the description of the instrument creating the charge has been correctly mentioned in the return and is in conformity with the original document creating the charge. (v) The amount secured by the charge, as mentioned in the return, tallies with the amount mentioned in the document creating the charge. In case the charge extends to cover interest, costs, damages, etc., this fact should also be clearly indicated in the Form. (vi) The particulars of property mentioned in the return tallies with what is stated in the document. 240 Certification of Documents for Registration of Charges (vii) In case of acquisition of the property which is subject to an existing charge, the date of acquisition mentioned in the return should be the same as the date of requisition of the property mentioned in the document. (viii) The gist of the terms like schedule of repayment, rate of interest, margin and the property charged, mentioned in the return tallies with what is stated in the documents creating the charge. (ix) The name, address and designation of the person in whose favour the charge is to be registered as mentioned in the return tallies with the name mentioned in the document. 4.3 Modification in Charges (i) Either the document modifying the charge refers to the original charge under modification and indicates the extent of modification, or a letter has been obtained from the bank financial institution stating that the fresh document(s) executed is/are in modification of the original charge. (ii) The details of the modification mentioned in the Form tally with the details mentioned in the document modifying the charge. (iii) The particulars of all past modifications and latest modifications are compiled indicating the date and description of the instrument(s), effect of modification, the date of registration by the Registrar or in case the modification has not been taken on record by the Registrar, the date of filling of Form No. 8, (from receipt of filing fees, issued by office of the Registrar) and are mentioned correctly in the return. These facts should be verified from the original/copy of the certificates of registration of charge obtained by the company. 4.4 Satisfaction of Charges In case of return in Form No. 17 regarding satisfaction of the charge, the particulars of original charge are correctly mentioned so as to ensure identification of the charge so satisfied. 4.5 Register of Charges A register containing particulars of creation, modification and satisfaction of the charges is maintained by the company as required under section 143 of 241 Handbook of Auditing Pronouncements-II the Act and the entries made therein tally with the returns filed with the Registrar. 5. Format of Certificate A recommended format of certificate to be issued by a Chartered Accountant with regard to the verification of the Forms is given at Annexure 'B' to this Guidance Note. 242 Certification of Documents for Registration of Charges Annexure A (Refer para 2.3 of the text) FORM NO. 8 Registration No............ Nominal Capital Rs. ............ THE COMPANIES ACT, 1956 Particulars of Charges created by a company registered in India/subject to which property has been acquired by a company registered in India/Modification of Charges [Pursuant to Section 125/127/135] Name of the company................... Presented by..................... 1. Date and description of the instrument creating the charge. 2. Amount secured by the charge/amount owing on security of the charge. 3. Short particulars of the property charged. If the property acquired is subject to charge, date of acquisition of property should be given. 4. Gist of the terms and conditions and extent and operation of the charge. 5. Names, addresses and description of the persons entitled to charge. 6. Date and brief descriptions of instrument modifying the charge. 7. Particulars of modification specifying the terms and conditions or the extent or operation of the charge in which modification is made, and the details of the modification. Signature........................... Name................................. (IN BLOCK CAPITALS) Designation...................... Dated the.....................................…… day of…………………….19…………. N.B: 1. 'Charge' includes mortgage - See section 124. A description of the 243 Handbook of Auditing Pronouncements-II instrument, that is to say whether trust deed, mortgage or debenture should also be given. 2. ‘Persons entitled to the charge' will include mortgagees. 3. Amount or rate percent of the commission allowance or discount (if any) paid or made either directly or indirectly by the company to any person in consideration of his subscribing or agreeing to subscribe, whether absolutely or conditionally, or procuring or agreeing to procure subscriptions, whether absolute or conditional, for any of the debentures included in this return, should be given in item no. 4. FORM No. 10 Registration No............ Nominal Capital Rs .......... The Companies Act, 1956 Particular of series of debentures, containing or giving reference to any other instrument (a), any charge (b), to the benefit of which the debenture holders of the said series are entitled pari passu, created by·company registered in India and also of any issue of debentures in a series [Pursuant to Sections 128 and 129] This form is to be used for registration of particulars of the entire series and also for any issue in a series. Name of the company.............................................. Limited/Private Limited Presented by ........................... Total Amount Dates of Date of the covering General Gist of the amount of the resolution deed (if any) by which description terms and secured present authorising the security is created of the conditions, by the issue of the issue or defined, or if there is property and extent whole series of the no such deed, the first charged and operation series series execution of any of the debenture of the series charge (b) (1) (2) (3) (4) (5) (6) 244 Certification of Documents for Registration of Charges Name and Date of Date of Amount Gist of the Particulars as to the amount addresses registra- present of terms and or rate percent of the of the tion of issue present conditions commission, allowances or trustees (if the series issue and extent discount (if any) paid, or any) for (c) and made either, directly or the operation indirectly by the company to debenture of the any person in consideration holders charge (b) of subscribing or agreeing to subscribe, whether absolutely or conditionally or procuring or agreeing to procure subscription, whether absolute or conditional, for any of the debentures included in this return (d) (7) (8) (9) (10) (11) (12) Signature ....................................... Designation (e) .............................. Dated the.................................. day of. ................... ............... 19.................. (a) A description of the instrument, e.g. "Trust deed," "Mortgage", "Debenture" etc., as the case may be, should be given. (b) "Charge" includes "Mortgage" - see section 124. (c) The date of registration may be confirmed from the certificate of registration. (d) The rate of interest under the terms of the debentures should not be entered. (e) State position in relation to the Company. 245 Handbook of Auditing Pronouncements-II FORM NO. 13 Registration No............... Nominal Capital..................... Register of Charges [Pursuant to Sections 130, 135, 137 & 138] Created by a company registered in India Particulars of charge(s) --------------------------------------------------------------------- subject to which property has been acquired by company registered in India. Name of the Company......................................................Limited/Private Ltd. Presented by ...............................................................................……... created Particular of Charge(s) ---------------------------------------------------------------------- subject to which property has been acquired .........................................................................................Limited/Private Ltd. a company registered in India Particulars of Charge under Section 125 1. Date and description of the instrument creating the charge. 2. Amount secured by the charge/amount owing on security of the charge. 3. Short particulars of the property charged. If the property acquired is subject to charge, date of the acquisition of property should be given. 4. Gist of the terms and conditions and extent and operation of the charge. 5. Name and addresses and description of the persons entitled to the charge. Particulars Regarding Creation of Charge in Case of Series of Debentures under Sections 128/129 6. Date and amount of each series of debentures- Date. ……....................... Amount …..........…... Total...................... 246 Certification of Documents for Registration of Charges 7. Date and amount of the present issue of series. 8. Date of resolution authorising the issue of the series. 9. Date of the covering deed (if any) by which the security is created or defined, or if there is no such deed, the first execution of any debenture of the series. 10. Names and addresses of the trustee (if any) for the debenture holders. 11. Date of registration of the series. 12. Particulars as to the amount or rate per cent, of the commission, allowances or discount (if any) paid, or made either directly or indirectly by the company to any person in consideration of subscribing or agreeing to subscribe, whether absolutely or conditionally or procuring or agreeing to procure subscription, whether absolute or conditional, for any of the debentures included in this return. Particulars of Modification of Charge Under Section 135 13. Date and brief description of instrument modifying the charge. 14. Particulars of modifications already registered/filed in the office of the Registrar of Companies. 15. Particulars of modification specifying the terms, conditions or the extent of operation of the charge in which modification is made, and the details of the modification. 16. Appointment of Receiver Under Section 137 (a) Name, address and date of appointment of receiver. (b) Date on which the receiver ceased to act. 17. Memorandum of Complete Satisfication of Charge Under Section 138 (a) Date of creation of original charge and amount secured. (b) Date of registration/date of filing of the particulars with the Registrar of Companies. 247 Handbook of Auditing Pronouncements-II (c) Date of filing of the memorandum of satisfaction/date of entry of satisfaction. Signature ........................……….... Dated the ............... day of........... 19.............. Name.…….……...…………… (In Block Capitals) Designation.................. (FOR OFFICE OF REGISTRAR OF COMPANIES ONLY) 18. Date of registration. 19. Serial No. of the document in file [Signature of Registrar of Companies] FORM NO. 17 No. of Company ....………....... THE COMPANIES ACT, 1956 Memorandum of Complete Satisfaction of charge (a) [Pursuant to Section 138] Name of the Company ........................................ Limited/Private Limited Presented by ………………….....................................………………………….. ........................…………………………………….……..Limited /Private Limited/ hereby gives notice that the registered charge, being (b)..................….... …………... of which particulars were registered with the Registrar of Companies on the ........... day of .......................... 19 ............. was satisfied in full on the ..........day of ........19........ the debts for which the charge was given having been paid or satisfied. Signature........................... Designation of position in relation to the company Dated the ............................. day of..................... 19.................. (a) "Charge" includes mortgage (see section 124). 248 Certification of Documents for Registration of Charges (b) A description of the instrument(s) creating or evidencing the charge, e.g., "Mortgage", "Charge", "Debenture", etc, with the date thereof should be given. If the registered charge was a "Series of Debentures" or "Debenture Stocks", the words "authorised by resolution" together with the date of the resolution should be added. FORM NO. 21 Registration No………….... Nominal Capital Rs....................... THE COMPANIES ACT, 1956 Notice of the Court's/Company Law Board's Order [Pursuant to Section……..*** ] 1. Name of the company.................... 2. Name of the Court/Company Law Board with location.... 3. Date of passing the order. ................. 4. Section of the Companies Act under which order passed an authenticated copy of the Order is attached. Signature. ....................................... Name............................................... (IN BLOCK CAPITALS) Designation ..................................... Dated the................................, day of....................19......................... *** Indicate the section pursuant to which the Order passed. 249 Handbook of Auditing Pronouncements-II Annexure B (Refer para 5.1 of the text) CERTIFICATE TO BE ISSUED BY A CHARTERED ACCOUNTANT REGARDING VERIFICATION OF VARIOUS FORMS RELEVANT FOR REGISTRATION OF CHARGES (a) Where the relevant form(s) is/are presented by the company. Registrar of Companies, ____________________ ____________________ ____________________ Dear Sir/Madam, CERTIFICATE We have verified the information in Form No.(s)___________ dated_________ of ________ (Company's name) with reference to the statutory books and records maintained by the Company, and based on information and explanations, obtaining of which we considered necessary. The same is correct. Signature of the Chartered Accountant Official Stamp..................………........ Full Address……............................... Membership No....................……...... (b) Where the form(s) is/are presented by any other person Interested in the charge. Registrar of Companies, ____________________ ____________________ ____________________ Dear Sir/Madam, CERTIFICATE We have verified, the information in Form No.(s)----------------dated-------------- of --------------------------(Company's name) with reference to the undermentioned documents: 250 Certification of Documents for Registration of Charges (1) (2) (3) presented by ________________________(Name and address of the person presenting the Form), and based on information and explanations, obtaining of which we considered necessary. The same is correct. Signature of the Chartered Accountant Official Stamp..................………........ Full Address……............................... Membership No....................……...... 251 15 GUIDANCE NOTE ON AUDIT OF INVENTORIES* Contents Paragraph(s) Introduction ........................................................................................ 3-5 Internal Control Evaluation ............................................................... 6-7 Verification ....................................................................................... 8-30 Examination of Records ............................................................... 10-11 Attendance at Stock-taking .......................................................... 12-22 Confirmations from Third Parties ...................................................... 23 Examination of Valuation and Disclosure ..................................... 24-29 Analytical Review Procedures........................................................... 30 Special Considerations in Case of Work-In-Process .................. 31-32 Management Representations ........................................................... 33 Documentation .................................................................................... 34 Appendices Clarification: Auditor's Duties where Inventories are Stated to be "As Valued and Certified by the Management" in Financial Statements * Issued in November, 1994. Audit of Inventories The following is the text of the Guidance Note on Audit of Inventories, issued by the Auditing Practices Committee (APC)** of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices (SAPs)1 issued by the Institute. 1. Para 2.1 of the “Preface to the Statements on Standard Auditing Practices2” issued by the Institute of Chartered Accountants of India states that the “main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs) so that these may be issued by the Council of the Institute.” Para 2.4 of the Preface states that the “APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary.” 2. The Auditing Practices Committee has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee. It is intended to issue, in due course of time, Engagement Standards or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn. Accordingly, with the issuance of this Guidance Note on Audit of Inventories, Chapter 5 of the Statement on Auditing Practices, titled “Inventories”, shall stand withdrawn. In due course of time, the entire Statement on Auditing Practices shall be withdrawn.3 Introduction 3. Inventories are tangible property held for sale in the ordinary course of business, or in the process of production for such sale, or for consumption in the production of goods or services for sale, including maintenance supplies and consumable stores and spare parts meant for replacement in the normal course.4 Inventories normally comprise raw materials including components, work-in-process, finished goods including by-products, maintenance ** Now known as the Auditing and Assurance Standards Board (AASB). 1 Now known as Engagement Standards. 2 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol. I.A of this Handbook. 3 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 4 Servicing equipment, stand-by equipment and specialised spares of machinery (which are in the nature of ‘insurance spares’) are normally capitalised. 253 Handbook of Auditing Pronouncements-II supplies, stores and spare parts, and loose tools.5 4. Inventories normally constitute a significant portion of the total assets, particularly in the case of manufacturing and trading entities as well as some service rendering entities. Audit of inventories, therefore, assumes special importance. 5. The following features of inventories have an impact on the related audit procedures: (i) By their very nature, inventories normally turn over rapidly. (ii) Inventories are susceptible to obsolescence and spoilage. Further, some of the items of inventory may be slow-moving while others may follow a seasonal pattern of movement. (iii) Inventories are normally movable in nature, although there may be some instances of immovable inventories also, e.g., in the case of an entity dealing in real-estate. (iv) All the items of inventory may not be located at one place but may be held at different locations such as factories and warehouses, or with third parties such as selling agents. (v) The individual items of inventory may not be significant in value, but taken together, they normally constitute a significant proportion of total assets and current assets of manufacturing, trading and certain service entities. (vi) Physical condition (e.g., stage of completion of work-in-process in certain industries) and existence of certain items of inventories may be difficult to determine. (vii) Valuation of inventories may involve varying degrees of estimation, including expert opinions, e.g., in the case of jewelry. Internal Control Evaluation 6. The auditor should study and evaluate the system of internal control relating to inventories, to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of 5 The audit procedures, relating to shares debentures and other securities held as stock-in- trade (i.e., for sale in the ordinary course of business) are similar to those followed for audit of investments. Accordingly, this Guidance Note does not apply in respect of audit of shares, debentures and other securities held as stock-in-trade. 254 Audit of Inventories internal control relating to inventories 6: (a) The control procedures should provide for segregation of such functions whose combination may permit the commitment or concealment of fraud or error; for example, persons undertaking the physical verification of stocks should be different from those responsible for store-keeping in respect of those stocks. (b) The stores procedures should provide for the use of pre-numbered standardized forms. (c) There should be a system of cross-checking the data generated by different operating departments. 7. The auditor should also review specific controls over receipts, issues, physical inventories, and inventory records. Verification 8. As in the case of other assets, the responsibility for properly determining the quantity and value of inventories rests with the management of the entity. It is, therefore, the responsibility of the management of the entity to ensure that the inventories included in the financial information are physically in existence and represent all inventories owned by the entity. The management satisfies this responsibility by carrying out appropriate procedures which will normally include verification of all items of inventory at least once in every financial year. This responsibility is not reduced even where the auditor attends any physical count of inventories in order to obtain audit evidence. 9. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions (Standard on Auditing (SA) 500, Audit Evidence). In carrying out an audit of inventories, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to corroborate the management's assertions regarding the following: Existence - that all recorded inventories exist as at the year-end. 6 The extent of review of controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the “Internal Control Questionnaire”, issued by the Institute of Chartered Accountants of India in 1976 which contains, inter alia, an illustrative discussion on internal controls in relation to inventories. 255 Handbook of Auditing Pronouncements-II Ownership - that all inventories owned by the entity are recorded and that all recorded inventories are owned by the entity. Valuation - that the stated basis of valuation of inventories is appropriate and properly applied, and that the condition of inventories is recognised in their valuation. Verification of inventories may be carried out by employing the following procedures: (a) examination of records; (b) attendance at stock-taking; (c) obtaining confirmations from third parties; (d) examination of valuation and disclosure; and (e) analytical review procedures. The nature, timing and extent of audit procedures to be performed is, however, a matter of professional judgement of the auditor. Examination of Records 10. The entities usually maintain detailed stock records in the form of stores/stock ledgers showing in respect of each major item, the receipts, issues and balances. The extent of examination of these records by an auditor with reference to the relevant basic documents (e.g., goods received notes, inspection reports, material issue notes, bin cards, etc.) depends upon the facts and circumstances of each case. 11. The auditor may come across cases where the entity does not maintain detailed stock records other than the basic records relating to purchases and sales. In such situations, the auditor would have to suitably extend the extent of application of the audit procedures discussed in paragraphs 12-22 and 30. Attendance at Stock-taking 12. Physical verification of inventories is the responsibility of the management of the entity. However, where the inventories are material and the auditor is placing reliance upon the physical count by the management, it may be appropriate for the auditor to attend the stock-taking. The extent of auditor's attendance at stock-taking would depend upon his assessment of 256 Audit of Inventories the efficacy of relevant internal control procedures, and the results of his examination of the stock records maintained by the entity and of the analytical review procedures. 13. The procedures concerning the auditor's attendance at stock-taking depend upon the method of stock-taking followed by the entity. 14. There are two principal methods of stock-taking : periodic stocktaking and continuous stock-taking. Under the first method, physical verification of inventories is carried out at a single point of time, usually at the year-end or at a selected date before or shortly after the year-end. Under the second method, physical verification is carried out throughout the year, with different items of inventory being physically verified at different points of time. However, the verification programme is normally so designed that each material item is physically verified at least once in a year and more often in appropriate cases. The continuous stock-taking method is effective when a perpetual inventory system of record-keeping is also in existence. Some entities use continuous stock-taking methods for certain stocks and carry out a full count of other stocks at a selected date. 15. The auditor is expected to examine the adequacy of the methods and procedures of physical verification followed by the entity. Before commencement of verification, the management should issue appropriate instructions to stock-taking personnel. Such instructions should cover all phases of physical verification and preferably be in writing. It would be useful if the instructions are formulated by the entity in consultation with the auditor. The auditor should examine these instructions to assess their efficacy. An illustrative set of instructions which may be useful in most cases is given in Appendix I to this Guidance Note. 16. Where the auditor is present at the time of stock-taking, he should observe the procedure of physical verification adopted by the stock-taking personnel to ensure that the instructions issued in this behalf are being actually followed. The auditor should also perform test-counts to satisfy himself about the effectiveness of the count procedures. In carrying out the test counts, the auditor should give particular consideration to those stocks which have a high value either individually or as a category of stocks. Proper attention should also be paid to the physical condition of inventories. 17. Ideally, there should be no movement of stocks when the physical verification is being carried out. On occasions, however, it may be necessary 257 Handbook of Auditing Pronouncements-II for the entity to continue the production, receiving, or dispatch operations during physical verification. In such circumstances, it is essential that the entity has the procedures to identify and record such movements. The auditor should review the procedures adopted by the entity to account for the movement of inventories from one location to another within the entity during stock-taking (e.g., issues from stores to production departments). 18. The auditor should also examine whether the entity has instituted appropriate cut-off procedures to ensure that – (a) goods purchased but not received have been included in the inventories and the liability has been provided for; (b) goods sold but not despatched have been excluded from the inventories and credit has been taken for the sales. The auditor may examine a sample of documents evidencing the movement of stocks into and out of stores, including documents pertaining to periods shortly before and shortly after the cut-off date, and check whether the stocks represented by those documents were included or excluded, as appropriate, during the stock-taking. 19. The auditor should review the original physical verification sheets and trace selected items including the more valuable ones into the final inventories. He should also compare the final inventories with stock records and other corroborative evidence, e.g., stock statements submitted to banks. 20. The auditor should examine whether the discrepancies noticed on physical verification have been investigated and properly accounted for. 21. Where continuous stock-taking methods are being used by the entity, the auditor should, in addition to performing the audit procedures discussed in paragraphs 16-20 above, pay greater attention to ascertaining whether the management: (a) maintains adequate stock records that are kept up-to-date; (b) has satisfactory procedures for physical verification of inventories, so that in the normal circumstances the programme of physical verification will cover all material items of inventories at least once during the year; and (c) investigates and corrects all material differences between the book records and the physical counts. 258 Audit of Inventories 22. The auditor should determine whether the procedures for identifying defective, damaged, obsolete, excess and slow-moving items of inventory are well-designed and operate properly. Confirmations from Third Parties 23. Where significant stocks of the entity are held by third parties, the auditor should examine that the third parties are not such with whom it is not proper that the stocks of the entity are held. The auditor should also directly obtain from the third parties written confirmation of the stocks held. Arrangements should be made with the entity for sending requests for confirmation to such third parties. A proforma letter of request for confirmation to be used in such cases is given in Appendix II to this Guidance Note. Similarly, the auditor should also obtain confirmation from such third parties for whom the entity is holding significant amount of stocks. Appendix-III to this Guidance Note gives a proforma letter of request for confirmation to be used for this purpose. Examination of Valuation and Disclosure 24. The auditor's objective concerning valuation is to obtain evidence that the amount at which inventories have been valued is computed on an appropriate basis. 25. The auditor should satisfy himself that the valuation of inventories is in accordance with the normally accepted accounting principles and is on the same basis as in the preceding year. The generally accepted accounting principles7 involved in the valuation of most types of inventories are dealt with in Accounting Standard (AS) 2, “Valuation of Inventories”, issued by the Council of the Institute of Chartered Accountants of India. 26. The auditor should examine the methods of applying the basis of inventory valuation. Thus, with regard to determination of cost, the auditor should examine, inter alia, the stock sheets, records of physical verification, invoices, costing records and other relevant documents and also examine and test the treatment of overhead expenses as a part of cost of inventories. 27. Wherever feasible, and particularly where only a single or a few major 7 It may be mentioned that the Manufacturing and Other Companies (Auditor's Report) Order, 1988 uses the words “normally accepted accounting principles”. 259 Handbook of Auditing Pronouncements-II products are produced, the auditor may call for a reconciliation of the total cost of production for the year as determined by the cost records with the total expenses as per the financial books and review this reconciliation. Where standard costs are used or where overheads are charged at standard rates or percentages, he may examine the variances from actuals and, where these are significant, ensure that appropriate adjustment is made to the inventories. 28. The auditor should examine the evidence supporting the assessment of net realizable value. In this regard, the auditor should particularly examine whether appropriate allowance has been made for defective, damaged and obsolete and slow-moving inventories in determining the net realizable value. 29. The auditor should satisfy himself that the inventories have been disclosed properly in the financial statements. Where the relevant statute lays dawn any disclosure requirements in this behalf, the auditor should examine whether the same have been complied with. Analytical Review Procedures 30. In addition to the audit procedures discussed above, the following analytical review procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions relating to inventories: (i) reconciliation of quantities of opening stocks, purchases, production, sales and closing stocks; (ii) comparison of closing stock quantities and amounts with those of the previous year; (iii) comparison of the relationship of current year stock quantities and amounts with the current year sales and purchases, with the corresponding figures for the previous year; (iv) comparison of the composition of the closing stock (e.g., raw materials as a percentage of total stocks, work-in-process as a percentage of total stocks) with the corresponding figures for the previous year; (v) comparison of current year gross profit ratio with the gross profit ratio for the previous year; (vi) comparison of actual stock, purchase and sales figures with the corresponding budgeted figures, if available; 260 Audit of Inventories (vii) comparison of yield with the corresponding figure for the previous year; (viii) comparison of significant ratios relating to inventories with the similar ratios for other firms in the same industry, if available; (ix) comparison of significant ratios relating to inventories with the industry norms, if available. It may be clarified that the foregoing is only an illustrative list of analytical review procedures which an auditor may employ in carrying out audit of inventories. The exact nature of analytical review procedures to be applied in a specific situation is a matter of professional judgement of the auditor. Special Considerations in Case of Work-In-Process 31. In general, the audit procedures regarding work-in-process are similar to those used for raw materials and finished goods. However, the auditor has to carefully assess the stage of completion of the work-in-process for assessing the appropriateness of its valuation. For this purpose, the auditor may examine the production/costing records (e.g., cost sheets), hold discussions with the personnel concerned, and obtain expert opinion, where necessary. 32. In certain cases, due to the nature of the product and the manufacturing process involved, physical verification of work-in-process may be impracticable. In such cases, the auditor should lay greater emphasis on ascertaining whether the system, from which the work-in-process is ascertained, is reliable. It may also be useful for the auditor to examine the subsequent records of production/sales. Management Representations 33. The auditor should obtain from the management of the entity, a written statement describing in detail, the location of inventories, methods and procedures of physical verification and valuation of inventories. While such a representation letter serves as a formal acknowledgment of the management's responsibilities with regard to inventories, it does not relieve the auditor of his responsibility for performing audit procedures to obtain sufficient appropriate audit evidence to form the basis for the expression of his opinion on the financial information. A sample management representation letter regarding inventories is given in Appendix IV to this Guidance Note. It may be mentioned that the representations made in the 261 Handbook of Auditing Pronouncements-II letter can alternatively be included in a composite representation letter usually issued by the management to the auditor. Documentation 34. The auditor should maintain adequate working papers regarding audit of inventories. He should maintain on his audit file a summary of each inventory as also the details regarding the extent of his verification. The management representation letter concerning inventories should also be maintained on the audit file. 262 Audit of Inventories Appendix I Illustrative Set of Instructions to be Issued by the Client to its Staff Responsible for Stock-Taking (Ref. Paragraph 15) This Appendix contains an illustrative set of instructions which may be issued by the client to the staff responsible for stock-taking. The Appendix also lists special instructions in respect of stocks held by others and work-in process. The annual physical examination of inventories of the entity is to be carried out on 31st March. The work will commence at 8.00 A.M. on 31st March, and there will be no movement of inventories during their physical examination. 1. Mr. AB will be in overall charge of the physical counting. 2. Messrs............., Auditors, will depute their staff to observe the work performed by us. It should be remembered that they are not responsible for any part of the stock-taking. 3. You are responsible for the physical counting of all stocks in (state here the exact area for which the person is responsible e.g., Block B of Godown No. 2, or in the open yard on south of factory, etc.). You are not concerned with similar items of stock which may be stored at other locations. How to proceed with the work 4. At 8 A.M. you should present yourself in the office of Mr. AB where you will be handed over a bunch of inventory tags. You should ensure that you have in your possession a sufficient number for your needs. You should also have in your possession a pen, blank papers, a measuring tape, ............ (state here any other instrument which is required for measurement, counting, weighing etc.). Please ensure that for all items in your area for which weighing or measuring is required, the necessary apparatus is available. Procedure for tagging 5.1 You should place a tag on each pile, box, bin, etc., which is counted by you after recording the quantity, description, part number, condition of the stocks to the extent known (e.g., damaged stocks), etc., on the tag. You 263 Handbook of Auditing Pronouncements-II should proceed in proper order so as to ensure that no items are omitted. When the work of counting is completed you should hand over the remaining tags including soiled and damaged tags to Mr. PQ. 5.2 All items are required to be measured, weighed or counted in order to ascertain the exact quantity on hand. However, in respect of small items of in significant value, such as bolts, nuts (state here any other items which are known to be of small value), the quantities on hand may be estimated without actual counting etc. In the latter case, please state "estimated" on the tag. 5.3 Please ensure that proper identification is made by part number, description, etc., and that in the case of work-in-process, the last operation performed is clearly specified in accordance with the schedule attached to this Memorandum. No movement of any stock from one location to another should take place during the period of stock checking. 5.4 Where bin cards are kept on the bins or job tickets are attached to items in process, you should not merely copy the quantities shown on those documents to the tag without verification. All alterations made on the tags should be initialled and quantities should be recorded in ink. 5.5 Mr. PQ is responsible for the control over tags in use. For this purpose, he should prepare a schedule in the attached Form. 5.6 After obtaining the permission of the auditors8, instructions will be issued for the removal of the tags and a suitable person should be sent around in each department to detach the detachable portion of the tags, leaving the counterpart in the proper position. When they are collected, all such tags should be brought back to a central location, placed in serial order and tallied with the schedule prepared by Mr. PQ. After this has been done, the tags will be released to the Accounts Department which is concerned with the preparation of the inventory. Later on, when the inventory has been prepared, a check should be possible to see whether all the tags have been listed. 5.7 After the work of counting has been completed, Mr. AB, who is in overall charge of stock-taking, will make a visit to each area in order to ascertain that all bins, boxes, etc., bear a tag and make a check of the quantities shown therein. At this point, the auditors will carry out further observation and make such test checks as they consider necessary. 8 It is presumed that the auditors or their representatives are present at the time of stock- taking. 264 Audit of Inventories 5.8 The counterparts of the tags should be left on the relevant bins or piles for a period of at least one month and the quantity shown on the counterparts of the tag should be used as the opening balance of the bin card for the subsequent period. Procedure for preparing stock sheets 6.1 Separate listings under the following broad heads should be prepared: (i) Raw materials, including components (ii) Work-in-process (iii) Finished goods, including by-products (iv) Maintenance supplies and stores and spare parts (v) Loose tools Defective, damaged, obsolete, excess or slow-moving stocks should be listed separately under each of the above categories. 6.2 It should be examined that the stock cards, bin cards, tags or other stock records are posted up-to-date so that items can be traced and verified in these records, simultaneously with the physical checking of stocks. 6.3 A list of excesses and shortages should be drawn up at the time of physical stock-taking. 6.4 Stocks belonging to third parties and remaining in custody of the entity should be separately identified from the entity's own stock. A separate listing should be prepared for all such items of stocks. 6.5 Defective, damaged, obsolete, excess or slow-moving stocks should be kept separate from other items. 6.6 Counters and checkers should sign or initial the stock sheets for the work done by them. Stocks held by others 7.1 The following steps be taken for stocks belonging to the entity but held by others: (i) A separate listing for such stocks be prepared. 265 Handbook of Auditing Pronouncements-II (ii) A letter should be sent to such persons to confirm the stocks held by them directly to the auditor. (iii) An authority to inspect stocks held by third parties should be given to the auditor where the same is considered necessary by the auditor. (iv) An independent record for such goods be kept by the entity. 7.2 The above steps should also be taken for stocks given on loan or received on loan. Work-in-Process 8.1 With regard to work-in-process, the following instructions be given to the staff members concerned: (i) A separate listing for work-in-process be prepared. (ii) The internal records kept by the entity be written up-to-date. (iii) If the amount of work-in-process is determinable from production records, the same be kept up-to-date. (iv) A list of opening work-in-process be kept ready at the time of stock- taking. 266 Audit of Inventories Appendix II Illustrative Letter of Confirmation of Inventories Held by Others [Ref. Paragraph 23] (Letterhead of Entity) [Date] [Name and address of holder of inventories] Dear Sir, For audit purposes, kindly furnish directly to our auditors (name and address of the auditors) details concerning our inventories held by you for [state here the purpose of holding of inventories by the third party] as of the close of business on .................. According to our records, you held the following inventories as of that date: Description Quantity ……….… …………. ……….… …………. In case you identify certain items of inventories as defective or damaged, the details thereof may be furnished separately, indicating the quantities and giving a general description of the condition of such items. Also, please confirm that our inventories held by you are free of any charge or encumbrance. A stamped envelope addressed to our auditors is enclosed for your convenience. Yours faithfully, (Signature of responsible official of the entity) 267 Handbook of Auditing Pronouncements-II Appendix III Illustrative Letter of Confirmation – Inventories Held by the Entity on Behalf of Others [Ref. Paragraph 23] [Letterhead of Entity] [Date] [Name and address of owner of inventories] Dear Sir, For audit purposes, kindly furnish directly to our auditors (name and address of the auditors) details concerning your inventories held by us for [state here the purpose of holding of inventories by the entity as of the close of business on ____________. According to our records, we held the following inventories as of that date: Description Quantity ……….… …………. ……….… …………. A stamped envelope addressed to our auditors is enclosed for your convenience. Yours faithfully, (Signature of responsible official of the entity) 268 Audit of Inventories Appendix IV Representation Letter for Inventories [Ref. Paragraph 33] The following is a sample representation letter for inventories. It might be used to supplement the general letter of representation or included therein. The letter should be modified where appropriate. [Letterhead of Entity] [Date] [Name and Address of the Auditor] Dear Sir, In connection with your audit of the financial statements of X limited as of....., 19…, and for the year then ended, we make, to the best of our knowledge and belief, the following representations concerning inventories. 1. Inventories at the year-end consisted of the following: Raw Materials (including components) Rs.________ Work-in-Process Rs.________ Finished Goods (including by-products) Rs.________ Maintenance supplies and Stores and Spare Parts Rs.________ Loose Tools Rs.________ Others (specify each major head separately) Rs.________ Total Rs.________ 2. All quantities were determined by actual physical count or weight or measurement that was taken under our supervision and in accordance with written instructions, on ............ (date/dates of physical verification), except as follows:9 ............................. ............................. 9 Where physical verification of inventories is carried out at a date other than the closing date, this paragraph may be modified as below: Inventories recorded in the books as at...........(date of balance sheet) aggregating to Rs. ......... are based upon the physical inventories taken as at .......... (date of physical verification) by actual count weight or measurement. The material discrepancies noticed on physical verification of stocks as compared to book records have been properly dealt with in the books of account and subsequent transactions recorded in the accounts fairly reflect the changes in the inventories up to ·......... (balance sheet date). 269 Handbook of Auditing Pronouncements-II 3. Except as set out below, all goods included in the inventory are the property of the entity and are not subject to any charge, and none of the goods are held as consignee for others or as bailee: ............................. ............................. 4. All inventories owned by the entity, wherever located, have been recorded, including goods sent on consignment. 5. Inventories do not include goods sold to customers for which delivery is yet to be made. 6. Inventories have been valued on the following basis/bases: Raw Materials (including components) Work-in-Process Finished Goods (including by-products) Maintenance supplies and Stores and Spare Parts Loose Tools Others (specify each major head separately) (In describing the basis/bases of valuation, the method of ascertaining the cost (e.g. FIFO, Average Cost or LIFO) should also be stated. Similarly, the extent to which overheads have been included in the cost should also be stated.) 7. The following provisions have been made in respect of excess, slow moving, damaged, or obsolete inventories and these, in our view, are adequate. ............................. ............................. 8. No item of inventories has a net realizable value in the ordinary course of business which is less than the amount at which it is included in inventories. 9. The basis/bases of valuation is/are the same as that/those used in the previous year, except as set out below: Class of Basis of valuation Effect of change in Inventory This year Last year Basis of Valuation ……….… …………. ……….… ……….… …………. ……….… Yours faithfully, (Signature of responsible official of the entity) 270 Audit of Inventories Clarification*** Auditor’s Duties where Inventories are Stated to be “As Valued and Certified by the Management” in Financial Statements (Refer Paragraph 33) It has been observed that in some cases, inventories are described in the financial statements as “Stocks (as valued and certified by the management)”. The use of such an expression may lead the users of the financial statements to believe that the auditor merely relies on the management’s certificate without carrying out any other appropriate audit procedures to satisfy himself about the existence and valuation of inventories. The Institute of Chartered Accountants of India has issued a Guidance Note on Audit of Inventories, which recommends the procedures to be followed by the auditors in conducting the audit of inventories. Para 33 of the Guidance Note, inter alia, recommends as below: “The auditor should obtain from the management of the entity, a written statement describing in detail the location of inventories, methods and procedures of physical verification and valuation of inventories. While such a representation letter serves as a formal acknowledgment of the management’s responsibilities with regard to inventories, it does not relieve the auditor of his responsibility for performing audit procedures to obtain sufficient appropriate audit evidence to form the basis for the expression of his opinion on the financial information.” In view of the above, the Council of the Institute hereby clarifies that despite the expression “as valued and certified by the management”, the duties and responsibilities of the auditors with regard to audit of inventories are not diminished. Thus, in order that the auditor’s role with regard to inventories is properly appreciated by the users of the financial statements, the auditor may advise his clients to omit the words “as valued and certified by the management”, when describing inventories in the financial statements. *** Published in September, 1999 issue of “The Chartered Accountant”, p.66. 271 16 GUIDANCE NOTE ON AUDIT OF INVESTMENTS* Contents Paragraph(s) Introduction ........................................................................................ 3-4 Internal Control Evaluation .................................................................. 5 Verification ....................................................................................... 6-28 Verification of Transactions ........................................................ 8-12 Physical Inspection .................................................................. 13-24 Examination of Valuation and Disclosure .................................. 25-27 Analytical Review Procedures ....................................................... 28 Management Representations ........................................................... 29 Documentation .................................................................................... 30 Appendices * Issued in November, 1994. Audit of Investments The following is the text of the Guidance Note on Audit of Investments issued by the Auditing Practices Committee (APC)1 of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices (SAPs)2 issued by the Institute. 1. Para 2.1 of the "Preface to the Statements on Standard Auditing Practices"3 issued by the Institute of Chartered Accountants of India states that the "main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs) so that these may be issued by the Council of the Institute." Para 2.4 of the Preface states that the "APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary. 2. The Auditing Practices Committee has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee, It is intended to issue, in due course of time, Engagement Standards or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn.4 With the issuance of this Guidance Note on Audit of Investments, Chapter 4 of the Statement on Auditing Practices, titled “Investments”, shall stand withdrawn. In due course of time, the entire Statement on Auditing Practices shall be withdrawn.5 1 Now known as the Auditing and Assurance Standards Board (AASB). 2 Now known as Engagement Standards. 3 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in Vol.I.A of this Handbook. 4 This Guidance Note does not deal with special aspects of audit of investments of retirement benefit plans, life insurance enterprises, mutual funds and/or the related asset management companies, banks and public financial institutions formed under a Central or State Government Act or so declared under the Companies Act, 1956. The special aspects of audit of investments of some of these institutions have been dealt with in other publications of the Institute, e.g., Guidance Note on Audit of Banks, Guidance Note on Audit of Companies Carrying on General Insurance Business, Guidance Note on Companies Carrying on Life Insurance Business. It may also be noted that in the case of certain types of entities, e.g., companies, banks, insurance companies, co-operative societies, etc., the question of compliance with the legal requirements assumes special importance. Appendix I to this Guidance Note contains a brief description of the main provisions of the statutes governing these types of entities in so far as they relate to investments. It may be emphasised that the Appendix is only illustrative and not exhaustive. Moreover, the legal requirements may change from time to time and, therefore, this Appendix should not be construed as representing the correct legal position at all points of time. 5 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 273 Handbook of Auditing Pronouncements-II Introduction 3. Investments are assets held by an entity for earning income by way of dividends, interest and rentals, for capital appreciation, or for other benefits to the investing entity6 Investments are classified as 'current investments' and 'long term investments'. A current investment is an investment that is by its nature readily realisable and is intended to be held for not more than one year from the date on which such investment is made. A long term investment is an investment other than a current investment.7 4. The following features of investments have an impact on the related auditing procedures: (a) Investments constitute a significant portion of the total assets of certain entities like banks, insurance companies, investment companies, trusts, etc. In other cases, the nature, quantum and type of investments may vary from case to case. (b) Documentary evidence is generally available for audit verification. A detailed record of acquisition, disposal, etc., of the investments is usually maintained. (c) The market values of investments may keep on fluctuating. While in the case of some investments, such fluctuations may not be wide, in the case of others, they may be significant. (d) Physical location of documents of title to investments may be different from the one where the acquisition, disposal and recording thereof take place. (e) Many investments are readily marketable or can be converted into cash. Internal Control Evaluation 5. The auditor should study and evaluate the system of internal control 6 It may be clarified that the term ‘investments’ covers only such securities as are beneficially owned by the entity and not those held by it on behalf of others. 7 It may be clarified that inventories, as defined in Accounting Standard (AS) 2, “Valuation of Inventories”, issued by the Institute of Chartered Accountants of India are not investments. However, the recommendations of this Guidance Note also apply, to the extent relevant to shares, debentures and other securities held as stock-in-trade. Fixed assets (other than investment properties), as defined in Accounting Standard (AS) 10, “Accounting for Fixed Assets”, issued by the Institute, are also not investments. 274 Audit of Investments relating to investments to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of internal control relating to investments. 8 (a) Control over acquisition, accretion and disposal of investments: There should be proper authority for sanction, acquisition and disposal of investments (including renunciation of rights). It should also be ensured that investments are made in accordance with the legal requirements governing the entity as also with its internal regulations, e.g., the provisions of the articles of association, rules and regulations, trust deed, etc. (b) Safeguarding of investments: The investments should be in the name of the entity as far as possible. The legal requirements in this behalf, if any, should be complied with. There should exist a proper system for the safe custody of all scrips or other documents of title to the investments belonging to the entity. (c) Controls relating to title to investments: It should be ensured that in cases where the title does not pass on to the entity immediately on acquisition, the same is transferred to the entity in due course of time, along with the benefits that might have accrued since the acquisition of the investments. It should be ensured that there is no undue time-lag in the execution of various stages of the transactions. (d) Information controls: These controls should ensure that reliable information is available for recording acquisitions (including by way of conversion of securities, right issues or other entitlements, under schemes of amalgamation, acquisition, etc.), accretions and disposals, and for ascertaining the market values etc. Detailed records regarding acquisition, disposal etc. of the investments should be maintained along with proper documentation. Verification 6. The auditor's primary objective in audit of investments is to satisfy himself as to their existence and valuation. Verification of investments may be 8 The extent of review of controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the Internal Control Questionnaire, issued by the Institute of Chartered Accountants of India in 1976 which contains, inter alia, an illustrative list of internal controls in relation to investments. 275 Handbook of Auditing Pronouncements-II carried out by employing the following procedures: (a) verification of transactions; (b) physical inspection; (c) examination of valuation and disclosure; and (d) analytical review procedures. The nature, timing and extent of audit procedures to be performed is, however, a matter of professional judgment of the auditor. 7. The investments of an entity may take various forms, e.g., they may be in the form of Government securities, shares and debentures, immovable properties, etc. The following paragraphs discuss the audit steps for verifying investments, with special reference to investments in the form of shares, debentures and other securities. Verification of Transactions 8. The auditor should ascertain whether the investments made by the entity are within its authority. In this regard, the auditor should examine whether the legal requirements governing the entity, insofar as they relate to investments, have been complied with and the investments made by the entity are not ultra vires the entity. Apart from the above, the auditor should also ensure that any other covenants or conditions which restrict, qualify or abridge the right of ownership and/or disposal of investments, have been complied with by the entity. 9. The auditor should satisfy himself that the transactions for the purchase/sale of investments are supported by due authority and documentation. The acquisition/disposal of investments should be verified with reference to the broker's contract note, bill of costs, receipts and other similar evidence. The auditor should pay special attention to ascertaining whether the investments have been purchased or sold cum-dividend/ex- dividend, cum-interest/ex-interest, cum-right/ex-right or cum-bonus/ex-bonus. He should check whether proper adjustments in this regard have been made in the cost/sales value of securities purchased or sold. 10. In the case of a rights issue, the offer to the entity contained in the letter of rights should be examined. Where the rights have been renounced or otherwise disposed of or not exercised, the auditor should examine the 276 Audit of Investments relevant decision of the appropriate authority in this behalf, as also that the sale proceeds, if any, have been duly accounted for. 11. As regards bonus shares, the intimation to the entity regarding such issue should be examined with a view to ascertaining the receipt and recording of the requisite number of shares by the entity. 12. Where the amounts of purchases or sales of investments are substantial, the auditor may check the prices paid/received with reference to the stock exchange quotations, where available, on or about the date of purchase or sale. Physical Inspection 13. The auditor should carry out a physical inspection of investments in the form of shares, debentures and other securities. (Special considerations apply in the case of investments in the form of immovable properties, as discussed in paragraph 24.) In the case of certain entities (e.g., insurance companies), physical inspection of investments is a statutory requirement. 14. The depository services and scripless trading are becoming increasingly popular in India. Depository services involve custody of documents of title to investments such as certificates, scrips and deeds and thus avoid their physical handling by the investor. The Public Debt Office of the Reserve Bank of India offers such services to facilitate trading in Government Securities. Authorised institutions such as banks, financial institutions etc., which have individual ledger accounts with the Public Debt Office can trade in government securities between themselves by issuing and accepting Bankers' Receipts. In case of such transactions, the auditor should verify the periodic reconciliation of balances as per the records of the entity and those as per the Public Debt Office. 15. Apart from the Public Debt Office, there are now a number of other custodial organisations whose services are being utilised by banks, large investors, institutional investors, mutual funds etc. The concept of the National Depository System (NDS) is also under development. This system is aimed at eliminating physical movement of securities for purchases and sales. Wherever the services of any of these custodial or depository organisations are being used by the entity under audit, the auditor should redesign his audit procedures to ensure that there is an effective system of periodic reconciliation of balances as per the records of the entity and those 277 Handbook of Auditing Pronouncements-II as per the records of the custodial or depository organisation. The auditor should also examine the certificates issued by such organisations confirming the holdings of the entity. The concept of scripless trading being introduced by the National Stock Exchange and the OTC Exchange of India also envisage elimination of movement of title deeds of securities. In such cases, the auditor should verify the interim and other acknowledgments issued by dealers as well as the year-end confirmation certificates of the depository organisations. 16. The investments held by the entity in its own custody should normally be examined at the close of business on the last day of the year. In case this is not possible, the auditor should carry out the inspection on a date as near to the balance sheet date as possible. In such a case, he should take into consideration any adjustments for subsequent transactions of purchase, sale, etc. Where a substantial number of investments are kept by the entity in its custody, the auditor should carry out a surprise inspection of the investments on hand at least once in the year in addition to his year-end examination. He should take particular care to see that only the investments belonging to the entity are produced to him. This aspect assumes special importance in the case of entities like banks which hold investments on their own account, in the form of securities lodged by the customers against loans and advances, and on behalf of the PMS clients. 17. Where investments are held by any other person on behalf of the entity, e.g., by banks, the auditor should examine the certificates received from them. Such certificates should preferably be received directly by the auditor. A suggested form of bank confirmation certificate is given in Appendix II to this Guidance Note. 18. In case investments are held by persons other than banks, the auditor should ensure that there is justification for it, e.g., securities in the custody of brokers or with the company concerned for transfer, consolidation, splitting up conversion, etc. Evidence of securities held with others should be examined and, in appropriate cases, physical inspection of the relevant documents may be made, to the extent possible, in the course of audit. Where the investments are recorded at an office other than the one where the documents of title thereto are physically located, the local auditor may be requested to verify the same. 278 Audit of Investments 19. If the investments are held otherwise than in the name of the entity (e.g., in the name of nominees/trustees), the auditor should ascertain the reasons for the same and examine the relevant documentary evidence (e.g., written confirmations from the nominees, trustees, etc.) supporting the real/beneficial interest of the entity in the investments. 20. The auditor should also examine any other aspects required to be examined or reported upon by the relevant statute. For example, in the case of a company, the auditor should also carry out the procedures outlined in paragraphs 21-23 below. 21. Where shares are held not in the name of the company but in the name of a director, officer, etc., the auditor should examine whether the declaration referred to in section 187-C of the Companies Act, 1956 has been properly made. 22. The auditor should keep in mind the provisions of section 227(1A)(c) which requires that the auditor of a company, not being an investment company within the meaning of section 372 of the Companies Act, 1956 or a banking company, should enquire whether so much of the assets of the company as consist of shares, debentures and other securities have been sold at a price less than that at which they are purchased by the company.9 23. In case the entity is a finance, investment, chit fund, nidhi or mutual benefit company and is dealing or trading in shares, securities, debentures or other investments, the auditor has to state in his report (by virtue of the requirements of the Manufacturing and Other Companies (Auditor's Report) Order, 1988**, issued under section 227(4A) of the Companies Act, 1956) whether proper records have been maintained of the transactions and contracts and whether timely entries have been made therein as also whether the shares, securities, debentures and other investments have been held by the company in its own name except to the extent of exemptions 9 For a detailed discussion on this aspect reference may be made to the “Statement on Qualification in Auditor’s Report”, issued by the Institute of Chartered Accountants of India (ICAI). (The readers may note that the Council, at its 269th meeting, held from July 18 to 20, 2007, decided to withdraw the “Statement on Qualification in Auditor’s Report” except paragraphs 2.1 to 2.30 dealing with reporting under section 227 (1A) of the Companies Act, 1956 and to rename the Statement as “Statement on Reporting under section 227(1A) of the Companies Act, 1956”.) ** Currently, the Companies (Auditor’s Report) Order, 2003 (Revised 2005) is in force in terms of section 227(4A) of the Companies Act, 1956. 279 Handbook of Auditing Pronouncements-II granted under section 49 of the Companies Act, 1956.10 Immovable Properties 24. Where immovable properties are held as investments, the auditor should verify them in the same manner as in the case of immovable properties held as fixed assets.11 Examination of Valuation and Disclosure 25. The auditor should satisfy himself that the investments have been valued and disclosed in the financial statements in accordance with recognised accounting policies and practices and relevant statutory requirements, if any.12 Appendix III to this Guidance Note discusses, by way of illustration, the disclosure requirements of some of the Acts. The auditor should also examine whether the method of valuation followed by the entity is consistently applied. 26. The auditor should examine whether, in computing the cost of investments, the expenditure incurred on account of transfer fees, stamp duty, brokerage, etc., is included in the cost of investments. 27. The auditor may ascertain the market value of the quoted securities from official quotations of the stock exchange. In case of unquoted securities, the auditor should ascertain the method adopted by the entity for determining the market value of such securities. He should examine whether the method adopted by the entity is one of the recognised methods of valuation of securities such as break-up value method, capitalisation of yield method, yield to maturity method, etc. In the case of investments other than in the form of securities (e.g., rare paintings), the auditor should examine that the market value has been ascertained on the basis of authentic market reports. 10 For a detailed disuccion on this aspect, reference may be made to the Statement on the Companies (Auditor’s Report) Order, 2003, issued by the Institute of Chartered Accountants of India. 11 Reference may be made in this regard to the Guidance Note on Audit of Fixed Assets, issued by the Institute of Chartered Accountants of India. 12 Reference may be made in this regard to Accounting Standard 13, Accounting for Investments, issued by the Institute of Chartered Accountants of India. 280 Audit of Investments Analytical Review Procedures 28. As a measure of judging the overall reasonableness of the amounts attributed to investments, the auditor may relate the amount of income received from investments with the corresponding figures of investments and compare this ratio with the similar ratio for the previous years. For this purpose, investments may be classified into appropriate categories. Thus, in the case of fixed interest-bearing securities, the auditor may relate the amount of interest earned with the face value of the related securities. In the case of other securities, the auditor may review the schedule of dividend and other returns and the schedule of investments prepared by the entity and judge their reasonableness. Management Representations 29. The auditor should obtain from the management of the entity a written statement regarding classification and valuation of investments for Balance Sheet purposes. While such a representation letter serves as a formal acknowledgment of the management's responsibilities with regard to investments, it does not relieve the auditor of his responsibility for performing audit procedures to obtain sufficient appropriate audit evidence to form the basis for the expression of his opinion on the financial information. A sample management representation letter regarding investments is given in Appendix IV to this Guidance Note. It may be mentioned that the representations made in the letter can alternatively be included in the composite representation letter usually issued by the management to the auditor. Documentation 30. The auditor should maintain adequate working papers regarding audit of investments. Among others, he should maintain on his audit file, the management representation letter concerning investments. 281 Handbook of Auditing Pronouncements-II Appendix I Legal Requirements Relating to Investments (Ref. Paragraph 2) This Appendix contains an illustrative description of the legal provisions regarding investments as contained in the Companies Act, 1956, Banking Regulation Act, 1949, Insurance Act, 1938, and the Cooperative Societies Act, 1912. It may be emphasised that this Appendix is only illustrative in nature and is not intended to give an exhaustive description of all the relevant legal requirements applicable to different types of entities. Moreover, the legal requirements may change from time to time and therefore, this Appendix should not be construed as representing the correct legal position at all points of time. Provisions of the Companies Act, 1956 The main relevant sections are section 49, section 108, section 292, section 293(1)(c) and section 372, besides requirements of inquiry/reporting under sections 227(1A) and 227(4A). Section 49 provides that, subject to certain exceptions, investments made by a company on its own behalf shall be made and held by it in its own name. Section 108 lays down the mode of transfer of shares and debentures and prescribes the period of validity of blank transfers. Sections 108A-108I lay down certain restrictions on acquisition and transfer of shares. Section 292 provides that the power to invest the funds of a company shall be exercised by its Board of Directors on behalf of the company only by means of resolutions passed at meetings of the Board. However, the Board may, by a resolution passed at a meeting, delegate this power to any of its committees, the managing director, the manager or any other principal officer of the company. In such case, every resolution delegating the power to invest the funds of the company shall specify the total amount upto which the funds may be invested and the nature of the investments which may be made, by the committee or the person to whom the power to invest is so delegated. Section 293(1)(c) provides that the Board of Directors of a public company, or of a private company which is a subsidiary of a public company, shall not invest otherwise than in trust securities, the amount of compensation received by it in respect of the compulsory acquisition of any undertaking or of any premises or properties used for any such undertaking except with the consent of the company in a general meeting. 282 Audit of Investments Section 372 provides that a company, whether by itself or together with its subsidiaries, shall not be entitled to acquire, by way of subscription, purchase or otherwise, the shares of any other body corporate except to the extent and except in accordance with the restrictions and conditions, specified in the section. Provisions of the Banking Regulation Act, 1949 Section 19 of the Act provides that no banking company shall hold shares in any company, whether as pledgee, mortgagee or absolute owner, of an amount exceeding 30% of the paid-up share capital of that company or 30% of its own paid-up share capital and reserves, whichever is less. The above restriction, however, does not apply to the holding by a banking company of shares in its subsidiary. A banking company is also prohibited from holding shares, whether as pledgee, mortgagee or absolute owner, in any company in the management of which, any managing director or manager of the banking company is in any manner concerned or interested. Section 24 of the Banking Regulation Act provides that every banking company shall maintain in India in cash, gold or unencumbered approved securities, an amount which shall not, at the close of business on any day, be less than twenty-five per cent or such other percentage not exceeding forty, as the Reserve Bank of India may from time to time specify, of the total of its demand and time liabilities in India as on the last Friday of the second preceding fortnight. The above provisions also apply to the State Bank of India and its subsidiaries and the nationalised banks. Provisions of the Insurance Act, 1938 Section 27(B) of the Insurance Act, 1938 provides that no insurer carrying on general insurance business can invest or keep invested any part of his assets otherwise than in any of the approved investments or in other investments which satisfy certain conditions or in certain prescribed assets which are deemed to be approved investments for the purposes of this section. A general insurance company can invest any part of its assets in investments other than the investments mentioned above, provided that (i) the total amount of all such investments does not exceed 25 per cent of its assets and (ii) the making or the continuance of the investment is with the consent of all the directors, present and eligible to vote, at a meeting, special notice of which, has been given to all directors, then in India. All such investments including investments in which any director is interested must be reported without delay to the Controller of Insurance with full details of the investments and the extent of any director's interest in any such investment. 283 Handbook of Auditing Pronouncements-II An insurer cannot invest or keep invested any part of his assets in the shares of any one banking company or investment company more than (a) ten per cent of his assets, or (b) two per cent of the subscribed share capital and debentures of the banking company or investment company concerned, whichever is less. Further, an insurer cannot invest or keep invested any part of his assets in the shares or debentures of any one company other than a banking company or investment company more than (a) ten per cent of his assets, or (b) ten per cent of the subscribed share capital and debentures of the company, whichever is less. Where an investment is in partly paid-up shares, the uncalled liability on such shares shall be added to the amount invested, for the purpose of determining whether such investment exceeds the limits referred to above. However, an insurer can subscribe to the right shares notwithstanding the limits specified above. These limits do not apply to an investment made by an insurer in the shares of any other insurance company carrying on insurance or re-insurance business in India. The Controller of Insurance can waive for a specified period and with certain conditions, the limits specified above if, on an application from the insurer, he is satisfied that special grounds exist warranting such waiver. An insurer cannot invest or keep invested any part of his assets in the shares or debentures of any private company. Provisions of the Cooperative Societies Act, 1912 Section 32 of the Cooperative Societies Act, 1912 provides that a registered society can invest or deposit its funds only: (a) in Government Savings Banks; (b) in any of the securities specified in section 20 of the Indian Trusts Act, 1882; (c) in the shares or on the security of any other registered society; (d) with any bank or person carrying on the business of banking, approved for this purpose by the Registrar; or (e) in any other mode permitted by the rules. 284 Audit of Investments Appendix II Illustrative Letter of Confirimation – Investments Held by Banks (Ref. Paragraph 17) [Letterhead of entity] [Date] ............................ (Bank) ............................ ............................ Dear Sirs, For audit purpose, kindly send directly to our auditors (name and address of the auditors) a certificate regarding all the shares, debentures and other securities belonging to us but lying with you as (i) security against loans and advances to us, or (ii) in safe custody account at the close of business on ………. For your convenience, we enclose in duplicate a form in which the certificate may be sent. Please send one copy to our auditors, retaining the other for your records. Should you find the space on the form insufficient to contain all the relevant information, please attach a separate statement. We would request you to state NIL wherever applicable. Yours faithfully, (to be signed by person authorised to operate accounts) 285 Handbook of Auditing Pronouncements-II Appendix III Disclosure Requirements Relating to Investments (Ref. Paragraph 25) To illustrate the manner of disclosure of investments in the financial statements, this Appendix discusses the requirements of the Companies Act, 1956, the Banking Regulation Act, 1949, and the Insurance Act, 1938, insofar as they relate to disclosure of information regarding investments in the financial statements prepared and presented in accordance with the provisions of these statutes. As regards the co-operative societies, the form and content of their financial statements are governed by the rules framed by the State Government concerned. It may be emphasised that, in every case, there should be an adequate disclosure of all relevant information to facilitate proper understanding of the financial statements by the users. Requirements of the Companies Act, 1956 Schedule VI to the Companies Act, 1956 requires the disclosure of investments in the balance sheet as below: (1) Investments in Government or Trust Securities. (2) Investments in shares, debentures or bonds (showing separately shares fully paid up and partly paid up and also distinguishing the different classes of shares and showing also in similar details investments in shares, debentures or bonds of subsidiary companies). (3) Immovable properties. (4) Investments in the capital of partnership firms. The above particulars have to be given showing the nature of investments and mode of valuation, for example, cost or market value. Further, the aggregate amount of the company's quoted investments and the market value thereof have to be shown. The aggregate amount of the company's unquoted investments is also required to be shown. A statement of investments (whether shown under "Investments" or under "Current Assets" as stock-in-trade, separately classifying trade investments and other investments) is required to be annexed to the balance sheet, showing the names of the bodies corporate (indicating separately the names of the bodies corporate under the same management) in whose shares or debentures investments have been made (including all investments whether existing on the balance sheet date or not, made subsequent to the date as at 286 Audit of Investments which the previous balance sheet was made out) and the nature and extent of the investments so made in each such body corporate. In the case of an investment company, i.e., a company whose principal business is the acquisition of shares, stocks, debentures or other securities, it shall be sufficient if the statement shows only the investments existing on the date as at which the balance sheet has been made out. In regard to the investments in the capital of partnership firms, the names of the firms (with the names of all their partners, total capital and the share of each partner) are required to be given in the statement. Requirements of the Banking Regulation Act, 1949 The Third Schedule to the Banking Regulation Act, 1949, requires the investments to be classified under the following heads for the purpose of balance sheet presentation: I. Investments in India in (i) Government securities (ii) Other approved Securities (iii) Shares (iv) Debentures and Bonds (v) Subsidiaries and/or joint ventures (vi) Others (to be specified) Total: II. Investments outside India in (i) Government securities (including local authorities) (ii) Subsidiaries and/or joint ventures abroad (iii) Other investments (to be specified) Total: Grand Total: (I &II) Requirements of the Insurance Act, 1938 The First Schedule to the Insurance Act, 1938 requires the disclosure of investments of an insurer as below: · ♦ Deposit with the Reserve Bank of India (Securities to be specified) ♦ Indian Government Securities 287 Handbook of Auditing Pronouncements-II ♦ State Government Securities ♦ British, British Colonial and British Dominion Government Securities ♦ Foreign Government Securities ♦ Indian Municipal Securities ♦ British and Colonial Securities ♦ Foreign Securities ♦ Bonds, Debentures, Stocks and other securities whereon interest is guaranteed by the Indian Government or a State Government ♦ Bonds, Debentures, Stocks and other securities whereon interest is guaranteed by the British or any Colonial Government ♦ Bonds, Debentures, stocks and other securities whereon interest is guaranteed by any Foreign Government ♦ Debentures of any railway in India ♦ Debentures of any railway out of India ♦ Preference or guaranteed shares of any railway in India ♦ Preference or guaranteed shares of any railway out of India ♦ Railway Ordinary Stocks (i) in India (ii) out of India ♦ Other Debentures and Debenture stock of companies incorporated (i) in India (ii) out of India ♦ Other guaranteed and preference stocks and shares of companies incorporated (i) in India (ii) out of India ♦ Other ordinary stocks and shares of companies incorporated (i) in India (ii) out of India ♦ Holdings in Subsidiary companies The book value and the market value have to be shown in respect of the investments. Where the market value is ascertained on a basis other than the published quotations, the manner in which such value has been arrived at, is also required to be disclosed. 288 Audit of Investments Appendix IV Representation Letter for Investments (Ref. Paragraph 29) The following is a sample representation letter for investments. It might be used to supplement the general letter of representation or included therein. The letter should be modified where appropriate. (Letterhead of Entity) [Date] [Name and Address of the Auditor] Dear Sir, In connection with your audit of the financial statements of X Limited as of ....… 19…., and for the year then ended, we confirm to the best of our knowledge and belief, the following representations concerning investments. 1. The current investments as appearing in the balance sheet consist of only such investments as are by their nature readily realisable and intended to be held for not more than one year from the respective dates on which they were made. All other investments have been shown in the balance sheet as ‘long-term investments’. 2. Current investments have been valued at the lower of cost and fair value. Long-term investments have been valued at cost, except that any permanent diminution in their value has been provided for in ascertaining their carrying amount. 3. In respect of offers of right issues received during the year, the rights have been either been subscribed to, or renunciated or allowed to lapse. In no case have they been renunciated in favour of third parties without consideration which has been properly accounted for in the books of account. 4. All the investments produced to you for physical verification belong to the entity and they do not include any investments held on behalf of any other person. 5. The entity has clear title to all its investments including such investments which are in the process of being registered in the name of the entity or which are not held in the name of the entity. There are no charges against the investments of the entity except those appearing in the records of the entity. Yours faithfully, (Signature of responsible official of the entity) 289 17 GUIDANCE NOTE ON AUDIT OF DEBTORS, LOANS AND ADVANCES* Contents Paragraph(s) Introduction ........................................................................................ 3-4 Internal Control Evaluation .................................................................. 5 Verification ....................................................................................... 6-33 Examination of Records ................................................................ 7-19 Direct Confirmation Procedure .................................................... 20-32 Analytical Review Procedures .......................................................... 33 Disclosure ........................................................................................... 34 Management Representations ........................................................... 35 Documentation .................................................................................... 36 Appendices * Published in June, 1994 issue of ‘The Chartered Accountant’. Audit of Debtors, Loans and Advances The following is the text of the Guidance Note on Audit of Debtors, Loans and Advances issued by the Auditing Practices Committee (APC)+ of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices (SAPs)1 issued by the Institute. 1. Paragraph 2.1 of the “Preface to the Statements on Standard Auditing Practices”2 issued by the Institute of Chartered Accountants of India states that the “main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs) so that these may be issued by the Council of the Institute.” Paragraph 2.4 of the Preface states that the “APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary.” 2. The Auditing Practices Committee has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee. It is intended to issue, in due course of time, Engagement Standards or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn. Accordingly, with the issuance of this Guidance Note on Audit of Debtors, Loans and Advances, Chapter-7 of the Statement on Auditing Practices, titled ‘Debtors, Loans and Advances’, shall stand withdrawn. In due course of time, the entire Statement of Auditing Practices shall be withdrawn.3 Introduction 3. Debtors, loans and advances may constitute a significant proportion of the total assets of an entity. Debtors represent the amounts due to an entity for goods sold or services rendered or in respect of other similar contractual obligations, but do not include the amounts which are in the nature of loans or advances. Loans represent the claims of an entity in respect of such contractual obligations as moneys lent. Advances represent payments made on account of, but before completion of, a contract or before acquisition of goods or receipt of services. For purposes of this Guidance Note, debtors, loans and advances + Now known as the Auditing and Assurance Standards Board (AASB). 1 Now known as Engagement Standards. 2 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol.I.A of this Handbook. 3 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 291 Handbook of Auditing Pronouncements-II include instruments such as bills of exchange, promissory notes and similar other instruments, evidencing debtors, loans and advances. 4. An important feature of debtors, loans and advances which has a significant effect on the related audit procedures is that these assets are represented only by documentary evidence; they have no physical existence. Moreover, the documentary evidence is generally in the form of invoices, loan documents, etc., prepared by the entity itself. The auditor should take these factors into account in designing his audit procedures. Internal Control Evaluation 5. The auditor should study and evaluate the system of internal control relating to debtors, loans and advances, to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of internal control relating to debtors, loans and advances.4 (a) In respect of debtors (i) The basis on which credit limits for customers are to be determined should be clearly laid down. The credit limits fixed in respect of individual customers should be approved by an official independent of the sales department. These limits should be checked before orders are accepted from the customers. There should also be a system of periodic review of the credit limits. (ii) The procedure should ensure prompt recording of debts and realisations and of linking receipts with outstandings. (iii) There should be a procedure for preparation of aging schedule of debtors at regular intervals. The schedules should be reviewed by a responsible official and necessary action initiated in respect of overdue accounts. (iv) Statements of account should be sent to all debtors at periodic intervals. They should be prepared and dispatched by a person independent of the ledger-keeper. The debtors should be requested to confirm the balances as per the statements with 4 The extent of review of internal controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the "Internal Control Questionnaire", issued by the Institute of Chattered Accountants of India in 1976, which contains an illustrative discussion on internal controls in relation to debtors and loans and advances. 292 Audit of Debtors, Loans and Advances reference to their own records. The confirmations received should be reviewed by a person independent of the ledger-keeper and the person responsible for preparing the statements of account, and necessary action taken in case of discrepancies. (v) All material adjustments in debtors' accounts, particularly those relating to rebates, allowances, commissions etc., should require approval of the competent authority. Similarly, any write-off of bad debts should require approval of the competent authority. (vi) There should be a system of periodic reconciliation of various debtor balances with related control accounts. (b) In respect of loans and advances (i) As far as possible, the system should specify the following: ♦ total amount up to which loans may be made; ♦ the purposes for which loans may be made; ♦ maximum amount of loans which may be made for each such purpose in individual cases; ♦ the terms on which such loans may be made; ♦ the persons who are authorized to make loans; ♦ procedure for ensuring compliance with relevant legal requirements. (ii) All variations in the terms of loans and advances should be duly approved in writing by the competent authority. (iii) Where security is taken against the loans, the form and adequacy of security should be reviewed by a responsible official. (iv) The loan and security documents should be kept in safe custody of a responsible official. A record of all such documents should be maintained and the documents should be periodically verified with reference to such records. (v) The system should provide for identification of cases where principal and/or interest have become overdue or where any other terms are not being complied with. 293 Handbook of Auditing Pronouncements-II (vi) Confirmation of balances should be obtained at periodic intervals in the same manner as in the case of debtors. Verification 6. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions (see Standard on Auditing (SA) 500, Audit Evidence). In carrying out an audit of debtors, loans and advances, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to corroborate the management's assertions regarding the following: Existence - that all amounts recorded in respect of debtors, loans and advances are outstanding as at the date of the balance sheet. Completeness - that there are no unrecorded debtors, loans and advances. Valuation - that the stated basis of valuation of debtors, loans and advances is appropriate and properly applied, and that the recoverability of debtors, loans and advances is recognised in their valuation. Disclosure - that the debtors, loans and advances are disclosed, classified, and described in accordance with recognised accounting policies and practices and relevant statutory requirements, if any. Verification of debtors may be carried out by employing the following procedures: (a) examination of records; (b) direct confirmation procedure (also known as ‘circularisation procedure’); (c) analytical review procedures. The nature, timing and extent of audit procedures to be performed is, however, a matter of professional judgement of the auditor. 294 Audit of Debtors, Loans and Advances Examination of Records 7. The auditor should carry out an examination of the relevant records to satisfy himself about the validity, accuracy and recoverability of the debtor balances. The extent of such examination would depend on the auditor's evaluation of the efficacy of internal controls. 8. The auditor should check the agreement of balances as shown in the schedules of debtors with those in the ledger accounts. He should also check the agreement of the total of debtor balances with the related control accounts. Any differences in this regard should be examined. 9. Verification of subsequent realizations is a widely used procedure, even in cases where direct confirmation procedure is followed. In the case of significant debtors, the auditor should also examine the correspondence or other documentary evidence to satisfy himself about their validity and accuracy. 10. While examining the schedules of debtors with reference to the debtors’ ledger accounts, the auditor should pay special attention to the following aspects: (a) Where the schedules show the age of the debts, the auditor should examine whether the age of the debts has been properly determined. (b) Whether the amounts outstanding are made up of items which are not overdue, having regard to the credit terms of the entity. (c) Whether transfers from one account to another are properly evidenced. (d) Whether provisions for allowances, discounts and doubtful debts are required. In this regard, the auditor should recognise that even though a debtor may have confirmed the balance due by him, he may still not pay the same. 11. The following are some of the indications of doubtful and uncollectible debts, loans and advances: (a) The terms of credit have been repeatedly ignored. (b) There is stagnation, or lack of healthy turnover, in the account. (c) Payments are being received but the balance is continuously increasing. (d) Payments, though being received regularly, are quite small in relation to the total outstanding balance. 295 Handbook of Auditing Pronouncements-II (e) An old bill has been partly paid (or not paid), while later bills have been fully settled. (f) The cheques received from the debtor have been repeatedly dishonoured. (g) The debt is under litigation, arbitration, or dispute. (h) The auditor becomes aware of unwillingness or inability of the debtor to pay the dues e.g., a debtor has either become insolvent, or has closed down his business, or is not traceable. (i) Amounts due from employees, which have not been repaid on termination of employment. (j) Collection is barred by statute of limitation. 12. Bad debts written off or excessive discounts or unusual allowances should be verified with the relevant correspondence. Proper authorisation should be inspected. 13. In the case of claims made against insurance companies, shipping companies, railways, etc., the auditor should examine the correspondence or other available evidence to ascertain whether the claims have been acknowledged as debts and there is a reasonable possibility of their being realized. If it appears that they are not collectible, they should be shown as doubtful. Similar considerations apply in respect of claims for export incentives, claims for price escalation in case of construction contracts, claims for interest on delayed payments, etc. 14. The auditor should examine whether the contingent liability, if any, in respect of bills accepted by customers and discounted with the banks is properly disclosed. He should also examine whether adequate provision on this account has been made, where required.5 Special Considerations in Case of Loans and Advances 15. In general, the procedure outlined above in regard to debtors is also applicable in the case of loans and advances. However, in the case of loans and advances, the auditor may find greater documentary evidence (in the 5Reference may be made in this regard to Accounting Standard (AS) 4, Contingencies and Events Occurring after the Balance Sheet Date, issued by the Institute of Chartered Accountants of India. 296 Audit of Debtors, Loans and Advances form of loan and security documents and related correspondence) on which he can place reliance. 16. In the case of loans and advances, an important aspect to be examined by the auditor is whether the entity is empowered to make loans. In many cases, the statute governing the entity may contain restrictions or conditions about the amount of loans, purposes for which loans may be granted, parties to which loans may be granted etc. Similarly, the internal regulations of the entity may also prescribe the procedure to be followed for making the loans. For instance, in the case of companies, sections 292, 295 and 370 place restrictions on the making of loans by companies. 6 The competence of the borrower to receive the loan may also affect the legality and, hence, the recoverability of the loan. The auditor should examine the loan documents and other evidence with reference to the above while determining the legality and recoverability of the loans made by the entity. 17. The auditor should ascertain whether the parties to whom loans and advances have been made have complied with the terms and conditions relating to payment of interest, repayment of loans or adjustment of advances, etc. In the case of defaults, e.g., where the repayment of loans or advances or the payment of interest are overdue, the auditor should consider whether such defaults are indicative of unwillingness or inability of the parties concerned to make the payment. 18. The auditor should pay particular attention to loans and advances given to parties in whom directors or persons who are substantial owners of the entity are interested. He should ascertain the purpose of such loans and advances, the terms and conditions on which they have been made as also their recoverability. 19. The auditor should also examine any other aspects required to be examined or reported upon by the relevant statute. For example, the auditor of a company covered by the Manufacturing and Other Companies (Auditor's Report) Order, 19887, is required to state in his report whether the terms and 6 For a detailed study of this aspect, reference may be made to the Institute's publication titled A Guide to Company Audit. Similarly, in the case of entities like banks, insurance companies, etc., reference may be made to the relevant publication(s) of the Institute, e.g., Guidance Note on Audit of Banks, Guidance Note on Audit of Companies Carrying on General Insurance Business, Guidance Note on Companies Carrying on Life Insurance Business, Guide to Audit of Cooperative Societies, etc. 7 The Department of Company Affairs has notified the Companies (Auditor’s Report) Order, 2003 in June 2003 in terms of the powers given to it under section 227(4A) of the Companies Act, 1956. 297 Handbook of Auditing Pronouncements-II conditions on which loans and advances have been made are prima facie prejudicial to the interests of the company. Similarly, clause (a) of sub- section (1A) of section 227 of the Companies Act, 1956, requires the auditor to inquire "whether loans and advances made by the company on the basis of security have been properly secured and whether the terms on which they have been made are not prejudicial to the interests of the company or its members". Direct Confirmation Procedure 20. The verification of balances by direct communication with debtors is theoretically the best method of ascertaining whether the balances are genuine, accurately stated and undisputed, particularly where the internal control system is weak. It must be recognised, however, that mere confirmation of balance by a debtor does not by itself ensure ultimate recovery. Moreover, the utility of this procedure depends to a large extent on receiving adequate response to confirmation requests. Therefore, in situations where the auditor has reasons to believe, based on his past experience or other factors, that it is unlikely that adequate response would be received from the debtors, he may limit his reliance on direct confirmation procedure and place greater reliance on the other auditing procedures. 21. The auditor employs direct confirmation procedure with the consent of the entity under audit. There may be situations where the management of the entity requests the auditor not to seek confirmation from certain debtors. In such cases, the auditor should consider whether there are valid grounds for such a request. For example, the management may explain the reason as being the fact that there is a dispute with the particular debtor and the request for confirmation may aggravate sensitive negotiations between the entity and the debtor. Before accepting a refusal as justified, the auditor should examine any available evidence to support the management's explanations, e.g., correspondence between the entity and the debtor. In such a case, alternative procedures should be applied to debtors not subjected to confirmation. In appropriate cases, the auditor may also need to re-consider the nature, timing and extent of his audit procedures including the degree of planned reliance on management's representations. 22. The confirmation date, the method of requesting confirmations, and the particular debtors from whom confirmation of balances is to be obtained are to be determined by the auditor. While determining the information to be 298 Audit of Debtors, Loans and Advances obtained, the form of confirmation, as well as the extent and timing of application of the confirmation procedure, the auditor should consider all relevant factors such as the effectiveness of internal control, the apparent possibility of disputes, inaccuracies or irregularities in the accounts, the probability that requests will receive consideration, and the materiality of the amounts involved. 23. The debtors may be requested to confirm the balances either (a) as at the date of the balance sheet, or (b) as at any other selected date which is reasonably close to the date of the balance sheet. The date should be settled by the auditor in consultation with the entity. Where the auditor decides to confirm the debtors at a date other than the balance sheet date, he should examine the movements in debtor balances which occur between the confirmation date and the balance sheet date and obtain sufficient evidence to satisfy himself that debtor balances stated in the balance sheet are not materially misstated. 24. The form of requesting confirmation from the debtors may be either (a) the 'positive' form of request, wherein the debtor is requested to respond whether or not he is in agreement with the balance shown, or·(b) the 'negative' form of request, wherein the debtor is requested to respond only if he disagrees with the balance shown. 25. The use of the positive form is preferable when individual account balances are relatively large, or where the internal controls are weak, or where the auditor has reason to believe that there may be a substantial number of accounts in dispute or with inaccuracies or irregularities. An illustrative positive form of request letter is given in Appendix I to this Guidance Note. 26. The negative form is useful when internal controls are considered to be effective, or when a large number of small balances are involved, or when the auditor has no reason to believe that the debtors are unlikely to respond. If the negative rather than the positive form of confirmation is used, the number of requests sent and the extent of the other auditing procedures to be performed should normally be greater so as to enable the auditor to obtain the same degree of assurance with respect to the debtor balances. An illustrative negative form of request letter is given in Appendix II to this Guidance Note. 27. In many situations, it may be appropriate to use the positive form for debtors with large balances and the negative form for debtors with small balances. 299 Handbook of Auditing Pronouncements-II 28. Where the number of debtors is small, all of them may be circularized, but if the debtors are numerous, this may be done on a sample basis. The sample list of debtors to be circularized, in order to be meaningful, should be based on a complete list of all debtor accounts. While selecting the debtors to be circularized, special attention should be paid to accounts with large balances, accounts with old outstanding balances, and customer accounts with credit balances. In addition, the auditor should select accounts in respect of which provisions have been made or balances have been written off during the period under audit or earlier years and request confirmation of the balance without considering the provision or write-off. The auditor may also consider including in his sample some of the accounts with nil balances. The nature of the entity's business (e.g., the type of sales made or services rendered) and the type of third parties with whom the entity deals, should also be considered in selecting the sample, so that the auditor can reach appropriate conclusions about the debtors as a whole. 29. In appropriate cases, the debtor may be sent a copy of his complete ledger account for a specific period as shown in the entity's books. This procedure is more likely to reveal errors and fraud and may be particularly useful in the case of large accounts involving many entries, or where there is evidence that accounts are in dispute or are not being settled in accordance with the entity's usual trade terms. 30. The method of selection of the debtors to be circularised should not be revealed to the entity until the trial balance of the debtors' ledger is handed over to the auditor. A list of debtors selected for confirmation should be given to the entity for preparing requests for confirmation which should be properly addressed and duly stamped. The auditor should maintain strict control to ensure the correctness and proper dispatch of request letters. In the alternative, the auditor may request the client to furnish duly authorised confirmation letters and the auditor may fill in the names, addresses and the amounts relating to debtors selected by him and mail the letters directly. It should be ensured that confirmations as well as any undelivered letters are returned to the auditor and not to the client. 31. Where positive form of request is used, the auditor may, in appropriate cases, request the entity to follow up with a reminder to those debtors from whom he receives no replies. In exceptional circumstances, the auditor may also correspond directly with those significant debtors from whom he receives no replies despite reminders. In the event of inadequacy of 300 Audit of Debtors, Loans and Advances responses received, the auditor will have to increase the extent of examination of records and analytical review procedures beyond that planned originally. 32. Any discrepancies revealed by the confirmations received or by the additional tests carried out by the auditor may have a bearing on other accounts not included in the original sample. The entity should be asked to investigate and reconcile the discrepancies. In addition, the auditor should also consider what further tests he can carry out in order to satisfy himself as to the correctness of the amount of debtors taken as a whole. Analytical Review Procedures 33. In addition to the audit procedures discussed above, the following analytical review procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions relating to debtors, loans and advances: (a) comparison of closing balances of debtors, loans and advances with the corresponding figures for the previous year; (b) comparison of the relationship between current year debtor balances and the current year sales with the corresponding figures for the previous year; (c) comparison of actual closing balances of debtors, loans and advances with the corresponding budgeted figures, if available; (d) comparison of current year's aging schedule with the corresponding figures for the previous year; (e) comparison of significant ratios relating to debtors, loans and advances with the similar ratios for other firms in the same industry, if available; (f) comparison of significant ratios relating to debtors, loans and advances with the industry norms, if available. It may be clarified that the foregoing is only an illustrative list of analytical review procedures which an auditor may employ in carrying out an audit of debtors, loans and advances. The exact nature of analytical review procedures to be applied in a specific situation is a matter of professional judgement of the auditor. 301 Handbook of Auditing Pronouncements-II Disclosure 34. The auditor should satisfy himself that the debtors, loans and advances have been disclosed properly in the financial statements. Where the relevant statute lays down any disclosure requirements in this behalf, the auditor should examine whether the same have been complied with. Management Representations 35. The auditor should obtain from the management of the entity, a written statement regarding recoverability of debtors and loans and advances and their classification for balance sheet purposes. While such a representation letter serves as a formal acknowledgment of the management's responsibilities with regard to debtors, loans and advances, it does not relieve the auditor of his responsibility for performing audit procedures to obtain sufficient appropriate audit evidence to form the basis for the expression of his opinion on the financial information. A sample management representation letter regarding debtors, loans and advances is given in Appendix III to this Guidance Note. It may be mentioned that the representations made in the letter can alternatively be included in the composite representation letter usually issued by the management to the auditor. Documentation 36. The auditor should maintain adequate working papers regarding audit of debtors, loans and advances. Among others, he should maintain on his audit file, the confirmations received as well as any undelivered letters of request for confirmation. The management representation letter concerning debtors, loans and advances should also be maintained on the audit file. 302 Audit of Debtors, Loans and Advances Appendix I Illustrative Letter of Confirmation to be Sent to Debtors-Positive Form [Ref. Paragraph 25] [Letterhead of Entity] [Date] [Name and address of debtor] Dear Sir, For audit purposes, kindly confirm directly to our auditors (name and address of the auditors) that the balance of Rs.................. due by you as on ............, as shown by our books, is correct. The details of the balance are as under: 8 Invoice No. Date Order Reference or Acceptance or Amount Tender No. etc. (To be used Particularly for Government Customers) Total Less : Advance received Net Amount due by you (Rs.) _________ _________ _________ A stamped envelope addressed to our auditors is enclosed for your convenience. If the amount shown is in agreement with your books, kindly strike-out the paragraph marked (B) below. If the amount shown is not in agreement with your books, kindly furnish the details in the proforma given in the paragraph marked (B) below and strike-out paragraph (A). In either case, kindly sign at the place provided below and return this entire letter directly to our auditors in the enclosed envelope. Your prompt compliance with this request will be appreciated. Kindly return this form in its entirety. Yours Faithfully, (Signature of responsible official of the entity) .............................. 8 In case the list of invoices forming the balance is too large, these details may not be given. 303 Handbook of Auditing Pronouncements-II (Do not perforate the form at this point) (Name and Address of entity) (A) We confirm that the above stated amount is correct as at ______ OR (B) We state that the above-stated amount is not correct as per our records. The details of the balance as at _________ as per our records are as below: Invoice No. Date Order Reference Amount Total _________ Less: Advanced paid _________ Net Amount due from us (Rs.) _________ Net Amount due from us (Rs.) _________ Date (Signature of debtor/responsible official) 304 Audit of Debtors, Loans and Advances Appendix II Illustrative Letter of Confirmation to be Sent to Debtors-Negative Form [Ref. Paragraph 26] [Letterhead of Entity] [Date] [Name and address of debtor] Dear Sir, For audit purposes, kindly write directly to our auditors (name and address of the auditors) if the balance of Rs……….due by you as on _______ as shown by our books, is not correct, giving details of the differences. The details of the balance are as under:9 Invoice No. Date Order Reference or Acceptance or Amount Tender No. etc. (To be used particularly for Government Customers) Total _________ Less: Advanced paid _________ Net Amount due by you (Rs.) _________ If you do not notify our auditors of any difference within ten days of the date of this letter, it will be presumed that the balance stated above is correct. A stamped envelope addressed to our auditors is enclosed for your convenience. Yours faithfully, (Signature of responsible official of the entity) 9 In case the list of invoices forming the balance is too large, these details may not be given. 305 Handbook of Auditing Pronouncements-II Appendix III Representation Letter for Debtors, Loans and Advances [Ref. Paragraph 35] The following is a sample representation letter for debtors, loans and advances. It might be used to supplement the general letter of representation or included therein. The letter should be modified where appropriate. [Letterhead of Entity] [Date] [Name and Address of the Auditor] Dear Sir, In connection with your audit of the financial statements of X Ltd. as of ....., 19.., and for the year then ended, we certify that the following items appearing in the books as at .......(date of the Balance Sheet) are considered good and fully recoverable with the exception of those specifically shown as “doubtful” in the Balance Sheet. Sundry Debtors Rs. Loans and Advances10 Rs. Yours faithfully, (Signature of responsible official of the entity) 10 It may be pointed out that a similar certificate regarding deposits made by the entity may also be obtained by the auditor in appropriate cases. 306 18 GUIDANCE NOTE ON AUDIT OF CASH AND BANK BALANCES* Contents Paragraph(s) Introduction ........................................................................................ 3-4 Internal Control Evaluation .................................................................. 5 Verification ....................................................................................... 6-27 Verification of Cash Balances ..................................................... 7-12 Verification of Bank Balances ................................................... 13-25 Examination of Valuation and Disclosure .................................. 26-27 Appendix * Published in November, 1995 issue of ‘The Chartered Accountant. Handbook of Auditing Pronouncements-II The following is the text of the Guidance Note on Audit of Cash and Bank Balances issued by the Auditing Practices Committee (APC)1 of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices (SAPs)2 issued by the Institute. 1. Para 2.1 of the Preface to the Statements on Standard Auditing Practices3, issued by the Institute of Chartered Accountants of India, states that the "main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs) so that these may be issued by the Council of the Institute.” Para 2.4 of the Preface states that the “APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary.” 2. The Auditing Practices Committee has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee. It is intended to issue, in due course of time, SAPs or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn. With the issuance of this Guidance Note on Audit of Cash and Bank Balances, Chapter 6 of the Statement on Auditing Practices, titled 'Cash and Bank Balances', shall stand withdrawn.4 In due course of time, the entire Statement on Auditing Practices shall be withdrawn.5 Introduction 3. Cash and bank balances may constitute a significant proportion of the total assets of an entity. An important feature of cash and bank balances which has a significant impact on the related audit procedures is that these assets are highly prone to misappropriation, misapplication and other forms of fraud. 4. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions (see Standard on 1 Now known as the Auditing and Assurance Standards Board (AASB). 2 Now known as Engagement Standards. 3 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol-I.A of this Handbook. 4 The special aspects of audit of cash and bank balances in the case of banks are dealt with in the Guidance Note on Audit of Banks. 5 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 308 Audit of Cash and Bank Balances Auditing (SA) 500, Audit Evidence). In carrying out an audit of cash and bank balances, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to corroborate the management’s assertions regarding the following: Existence - that recorded cash and bank balances exist as at the year-end. Rights and obligations - that recorded cash and bank balances represent the assets of the entity. Completeness - that there are no unrecorded cash and bank balances. Besides the above, in certain situations, the auditor may also be particularly concerned with the valuation of cash and bank balances, e.g., in the case of foreign currency held by the entity or in the case of bank accounts designated in foreign currencies. Internal Control Evaluation 5. The auditor should study and evaluate the system of internal control relating to cash and bank balances to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of internal control relating to cash and bank balances.6 (a) segregation of duties relating to authorisation of transactions, handling of cash/issuance of cheques and writing of books of account, and rotation of the duties periodically; (b) proper authorisation of cash and banking transactions; (c) daily recording of cash transactions; (d) safeguards such as restrictive crossing of cheques, use of pre-printed, pre-numbered forms; (e) periodic reconciliation of bank balances; (f) reconciliation of cash-on-hand with book balance on a daily basis or at other appropriate intervals, including surprise checks by higher authorities; 6 The extent of review of controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the Internal Control Questionnaire, issued by the Institute of Chartered Accountants of India in 1976 which contains, inter alia, an illustrative list of internal controls in relation to cash and bank balances. 309 Handbook of Auditing Pronouncements-II (g) safe custody of cash, cheque books, receipt books etc.; and (h) cash/fidelity insurance. Verification 6. Verification of cash and bank balances may be carried out by employing the procedures described in paragraphs 7-27. It may, however, be emphasised that the nature, timing and extent of substantive procedures to be performed is a matter of professional judgement of the auditor which is based, inter alia, on the auditor's evaluation of the effectiveness of the related internal controls. Verification of Cash Balances 7. The auditor should carry out physical verification of cash at the date of the balance sheet. However, if this is not feasible, physical verification may be carried out, on a surprise basis, at any time shortly before or after the date of the balance sheet. In the latter case, the auditor should examine whether the cash balance shown in the financial statements reconciles with the results of the physical verification after taking into account the cash receipts and cash payments between the date of the physical verification and the date of the balance sheet. Besides physical verification at or around the date of the balance sheet, the auditor should also carry out surprise verification of cash during the year. 8. All cash balances in the same location should be verified simultaneously. Where petty cash is maintained by one or more officials, the auditor should advise the entity to require the officials concerned to deposit the entire petty cash on hand on the last day with the cashier. The auditor should enquire whether the cashier also handles cash of sister concerns, staff societies, etc. In such a case, cash pertaining to them should also be verified at the same time so as to avoid chances of cash balances of one entity being presented as those of another. 9. If IOUs (‘I owe you’) or other similar documents are found during physical verification, the auditor should obtain explanations from a senior official of the entity as to the reasons for such IOUs/other similar documents remaining pending. It should also be ensured that such IOUs/other similar documents are not shown as cash-on-hand. 310 Audit of Cash and Bank Balances 10. The quantum of torn or mutilated currency notes should be examined in the context of the size and nature of business of the entity. The auditor should also examine whether such currency notes are exchanged within a reasonable time. 11. If, during the course of the audit, it comes to the attention of the auditor that the entity is consistently maintaining an unduly large balance of cash- on-hand, he should carry out surprise verification of cash more frequently to ascertain whether the actual cash-on-hand agrees with the balances as shown by the books. If the cash-on-hand is not in agreement with the balance as shown in the books, he should seek explanations from a senior official of the entity. In case any material difference is not satisfactorily explained, the auditor should state this fact appropriately in his audit report. In any case, he should satisfy himself regarding the necessity for such large balances having regard to the normal working requirements of the entity. The entity may also be advised to deposit the whole or the major part of the cash balance in the bank at reasonable intervals. 12. Where postdated cheques are on hand on the balance sheet date, the auditor should verify that they have not been accounted for as collections during the period under audit. Verification of Bank Balances 13. The auditor should advise the entity to send a letter to all its bankers to, directly confirm the balances to the auditor. The Appendix to this Guidance Note gives an illustrative proforma letter of request for confirmation to be used for this purpose. The request for confirmation should also cover dormant accounts as well as accounts closed during the year. 14. The auditor should examine the bank reconciliation statement prepared as on the last day of the year. He may also examine the reconciliation statements as at other dates during the year. It should be examined whether (i) cheques issued by the entity but not presented for payment, and (ii) cheques deposited for collection by the entity but not credited in the bank account, have been duly debited/credited in the subsequent period. For this purpose, the bank statements of the relevant period should be examined. If the cheques issued before the end of the year have not been presented within a reasonable time, it is possible that the entity might have prepared the cheques before the end of the year but not delivered them to the parties 311 Handbook of Auditing Pronouncements-II concerned. In such a case, the auditor should examine that the entity has reversed the relevant entries. 15. Where the auditor finds that post-dated cheques are issued by the entity, he should verify that any cheques pertaining to the subsequent period have not been accounted for as payments during the period under audit. 16. The auditor should pay special attention to those items in the reconciliation statements which are outstanding for an unduly long period. The auditor should ascertain the reasons for such outstanding items from the management. He should also examine whether any such items require an adjustment/write-off. 17. The auditor should be alert to the possibility that even though the balance in an apparently inoperative account may have remained stagnant, transactions may have taken place in that account during the year. 18. Where a large number of cheques have been issued/deposited in the last few days of the year, and a sizeable proportion of such cheques has subsequently remained unpaid/uncleared, this may indicate an intention of understating creditors/debtors or understating/overstating bank balances. In such a case, it may be appropriate for the auditor to obtain confirmations from the parties concerned, especially in respect of cheques involving large amounts. The auditor should also examine whether a reversal of the relevant entries would be appropriate under the circumstances. 19. The procedures discussed in paragraph 18 should also be considered by the auditor in cases where a large number of cheques is on hand at the date of the balance sheet and a sizable proportion of such cheques has subsequently remained undeposited/uncleared. 20. In relation to balances/deposits with specific charge on them, or those held under the requirements of any law, the auditor should examine that suitable disclosures are made in the financial statements. 21. In respect of fixed deposits or any other type of deposits with banks, the relevant receipts/certificates, duly supported by bank advices, should be examined. 22. Remittances shown as being in transit should be examined with reference to their credit in the bank in the subsequent period. Where the auditor finds that such remittances have not been credited in the subsequent period, he should ascertain the reasons for the same. He should also 312 Audit of Cash and Bank Balances examine whether the entity has reversed the relevant entries in appropriate cases. 23. The auditor should examine that suitable adjustments are made in respect of cheques which have become stale as at the close of the year. 24. Where material amounts are held in bank accounts which are blocked, e.g., in foreign banks with exchange control restrictions or any banks which are under moratorium or liquidation, the auditor should examine whether the relevant facts have been suitably disclosed in the financial statements. He should also examine whether suitable adjustments on this account have been made in the financial statements in appropriate cases. 25. Where the auditor finds that the number of bank accounts maintained by the entity is disproportionately large in relation to its size, the auditor should exercise greater care in satisfying himself about the genuineness of banking transactions and balances. Examination of Valuation and Disclosure 26. The auditor should satisfy himself that cash and bank balances have been valued and disclosed in the financial statements in accordance with recognised accounting policies and practices and relevant statutory requirements, if any.7 In this regard, the auditor should examine that following items are not included in cash and bank balances: (a) Temporary advances. (b) Stale or dishonoured cheques. Postage and revenue stamps, if material in amount, may be shown separately instead of being included under cash and bank balances. 27. The auditor should also examine that suitable disclosures as mentioned in paragraphs 20 and 24 above are made in relevant cases. 7 For valuation of foreign currency held as cash-in-hand and bank balances designated in foreign currencies, reference may be made to Accounting Standard 11, “The Effects of Changes in Foreign Exchange Rates”, issued by the Institute of Chartered Accountants of India. 313 Handbook of Auditing Pronouncements-II Appendix Illustrative Letter of Confirmation – Bank Balances (Ref. Paragraph 13) [Letterhead of Entity] [Name and Address of Bank] [Date] Dear Sirs, Please send directly to our auditors ......................... (name and address of the auditors) details of balances as at the close of business on [date] .................... of all our accounts with you as well as details of charges held against such balances, with a copy to us. For your convenience, we enclose in duplicate a form in which details of our balances with you can be filled in. If you find the spaces on the form insufficient to contain all the relevant information, please attach a separate statement. Please note that this request covers all our accounts with you as at the above-mentioned date, including any dormant accounts. We would also request you to give particulars of any of our accounts closed during the year. We would request you to state “Nil”, wherever applicable. Yours faithfully, (Signature of person authorised to operate accounts) __________ Reply from (Bank) [Name and Address of Auditors] Dear Sirs, Date: ________ Re : (Name of Client) At the request of our clients, we submit below particulars of their accounts, Investments, bills, etc., as at the close of business on ........ as shown by our records. 1. Current Accounts in Credit Designation of Account Amount 314 Audit of Cash and Bank Balances 2. Overdrawn Current Accounts, Overdraft Accounts or Cash Credit Accounts. Designation of Account Amount Security held (give brief description. In the case of securities please list fully) 3. Loan Accounts Designation of Account Amount Security held (give brief description. In the case of securities please list fully) 4. Fixed, Call and Short Deposit Accounts Amount Interest Accrued Due Date Particulars of any to the closing date charges of liens 5. Investments and Other Documents of Title Held in Safe Custody Designation. Face value or number of shares held. 6. Margin against letters of credit Guarantees issued, etc. Designation of Account Amount 7. Bills for Collection Designation of Account Amount Due date 8. Bills Discounted or Purchased. Name of Drawee Amount Due date 9. Letters of Credit Open and Outstanding In favour of Amount not utilised Valid upto 10. Guarantees given on behalf of clients In favour of Amount. Date of expiry We certify that the above particulars are full and correct and do not exclude any other obligations of the entity to us. Yours faithfully, Name of Bank Designation of Signatory 315 19 GUIDANCE NOTE ON AUDIT OF LIABILITIES* Contents Paragraph(s) Introduction ........................................................................................ 3-8 Internal Control Evaluation ............................................................. 9-10 Verification ..................................................................................... 11-59 Examination of records ................................................................ 12-40 Direct Confirmation Procedure ..................................................... 41-53 Examination of Disclosure ........................................................... 54-57 Analytical Review Procedures...................................................... 58-59 Management Representations ........................................................... 60 Documentation .................................................................................... 61 Appendices * Published in December, 1995 issue of ‘The Chartered Accountant’. Audit of Liabilities The following is the text of the Guidance Note on Audit of Liabilities issued by the Auditing Practices Committee (APC) 1 of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices (SAPs) 2 issued by the Institute. 1. Para 2.1 of the Preface to the Standards on Auditing3 issued by the Institute of Chartered Accountants of India states that the “main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs) so that these may be issued by the Council of the Institute.” Para 2.4 of the Preface states that the “APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary.” 2. The Auditing Practices Committee has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee. It is intended to issue, in due course of time, SAPs or Guidance Notes as appropriate, on the matters covered by such Statements which would then stand withdrawn. With the issuance of this Guidance Note on Audit of Liabilities, Chapter 9 of the Statement on Auditing Practices, titled ‘Liabilities’, shall stand withdrawn. In due course of time, the entire Statement on Auditing Practices shall be withdrawn 4. Introduction 3. Liabilities are the financial obligations of an enterprise other than owners’ funds. 4. Liabilities include loans and borrowings, trade creditors and other current liabilities, deferred payment credits, instalments payable under hire purchase agreements, and provisions. Besides liabilities, this Guidance Note also deals with contingent liabilities, i.e., obligations relating to past transactions or other events or conditions that may arise in consequence of one or more future events which are presently deemed possible but not probable. 1 Now known as the Auditing and Assurance Standards Board (AASB). 2 Now known as Engagement Standards. 3 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol-I.A of this Handbook. 4 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 317 Handbook of Auditing Pronouncements-II 5. Special considerations may apply in the case of audit of liabilities of specialised entities like banks, financial institutions and venture capital funds. 6. Liabilities generally constitute a significant proportion of the total sources of funds of an entity. The audit of liabilities is primarily directed at ensuring that all known liabilities have been properly accounted for, since material omission or misstatement of liabilities vitiates the true and fair view of the financial statements. 7. An important feature of liabilities which has a significant effect on the related audit procedures is that these are represented only by documentary evidence which originates mostly from third parties in their dealings with the entity. 8. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions [Standard on Auditing (SA) 500, Audit Evidence]. In carrying out an audit of liabilities, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to satisfy himself that all known liabilities are recorded and stated at fair and reasonable amounts. Internal Control Evaluation 9. The auditor should study and evaluate the system of internal control relating to liabilities to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of internal control relating to liabilities.5 (a) In respect of loans and borrowings (including advances and deposits) (i) As far as possible, the following should be clearly specified: ♦ the borrowing powers and limits; ♦ persons authorised and competent to borrow; ♦ terms of borrowings; ♦ procedure for ensuring compliance with relevant legal requirements/internal regulations. 5 The extent of review of controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the Internal Control Questionnaire, issued by the Institute of Chartered Accountants of India, which contains, inter alia, an illustrative list of internal controls in relation to creditors and borrowings. 318 Audit of Liabilities (ii) Any variations in the terms of loans and borrowings should be truly approved/ratified in writing by competent authority. (iii) Security offered against loans and borrowings should be properly recorded and periodically reviewed. (iv) The records and documents should be kept in proper custody and reviewed periodically. (v) The system should bring out all cases of non-compliance with terms and conditions including amounts of principal and/or interest which have become overdue. (vi) Confirmation of balances should be obtained at periodic intervals and the discrepancies, if any, should be duly investigated and reconciled. (vii) There should be a proper procedure for year-end valuation of loans and borrowings, especially for those designated in foreign currencies. 6 (b) In respect of Trade Creditors (i) The procedure should ensure proper recording of transactions and facilitate the linking of payments with outstandings. (ii) The payments made to creditors should be in line with the approved policies of the entity. (iii) There should be specific procedures for payments against duplicate invoices or other duplicate records as well as for payments against accounts which have remained unclaimed for quite some time. (iv) There should be a procedures for preparation of schedules of trade creditors at periodic intervals; this should be reviewed by a responsible person and necessary action initiated on overdue accounts. (v) Statements of account should be called for creditors at periodic intervals and the discrepancies, if any, should be duly investigated and reconciled. 6Reference may be made in this regard to Accounting Standard 11 (revised 2003), The Effects of Changes in Foreign Exchange Rates, issued by the Institute of Chartered Accountants of India. 319 Handbook of Auditing Pronouncements-II (vi) All adjustments in the creditors’ accounts such as those relating to claims for returns, defectives, short receipts of goods, rebates, allowances and commissions etc., should require approval of competent authority. Similarly, any write-back of creditors’ balances and escalation claims should be approved by competent authority. (vii) There should be appropriate cut-off procedures in relation to transactions affecting the creditor accounts. (c) In respect of other current liabilities, trade deposits and provisions The internal control procedures as spelt out above for loans and borrowings and creditors broadly apply in relation to these items. 10. In respect of contingent liabilities, the auditor should examine whether the internal control system of the entity provides for a procedure for identifying and estimating such liabilities and for periodic review of the same. Verification 11. Verification of liabilities may be carried out by employing the following procedures: (a) examination of records; (b) direct confirmation procedure; (c) examination of disclosure; (d) analytical review procedures, (e) obtaining management representations. The nature, timing and extent of substantive procedures to be performed is, however, a matter of professional judgement of the auditor which is based, inter alia, on the auditor’s evaluation of the effectiveness of the related internal controls. Examination of records Loans and Borrowings 12. The auditor should satisfy himself that the loans obtained are within the borrowing powers of the entity. 320 Audit of Liabilities 13. The auditor should carry out an examination of the relevant records to judge the validity and accuracy of the loans. 14. In respect of loans and advances from banks, financial institutions and others, the auditor should examine that the book balances agree with the statements of the lenders. He should also examine the reconciliation statements, if any, prepared by the entity in this regard. 15. The auditor should examine the important terms in the loan agreements and the documents, if any, evidencing charge in respect of such loans and advances. He should particularly examine whether the requirements of the applicable statute regarding creation and registration of charges have been complied with. 16. Where the entity has accepted deposits, the auditor should examine whether the directives issued by the Reserve Bank of India or other appropriate authority are complied with. 17. In case the value of the security falls below the amount of the loan outstanding, the auditor should examine whether the loan is classified as secured only to the extent of the market value of the security. 18. Where short-term secured loans have been disclosed separately from other secured loans, the auditor should verify the correctness of the amount of such short-term loans. 19. Where instalments of long-term loans falling due within the next twelve months have been disclosed in the financial statements (e.g., in parentheses or by way of a footnote), the auditor should verify the correctness of the amount of such instalments. 20. The auditor should examine the hire purchase agreements for the purchase of assets by the entity and ensure the correctness of the amounts shown as outstanding in the accounts and also examine the security aspect. Future instalments under hire purchase agreements for the purchase of assets may be shown as secured loans. 21. The deferred payment credits should be verified with reference to the important terms in the agreement, including due dates of payments and guarantees furnished by banks. The auditor should also verify the copies of hundies/bills accepted separately. 321 Handbook of Auditing Pronouncements-II Trade Creditors and Other Current Liabilities 22. The auditor should check the adequacy of cut-off procedures adopted by the entity in relation to transactions affecting the creditor accounts. For example, the auditor may examine the documents relating to receipt of goods from suppliers during a few days immediately before the year-end and verify that the related invoices have been recorded as purchases of the current year. 23. The auditor should check that the total of the creditors' balances agrees with the related control account, if any; the difference, if any, should be examined. 24. The auditor should examine the correspondence and other relevant documentary evidence to satisfy himself about the validity, accuracy and completeness of creditors/acceptances. 25 The auditor should verify that in cases where income is collected in advance for services to be rendered in future, the unearned portion, not applicable to the period under audit, is not recognised as income of the period under audit but is shown in the balance sheet as a part of current liabilities. 26. While examining schedule of creditors and other schedules such as those relating to advance payments, unclaimed dividends and other liabilities, the auditor should pay special attention to the following aspects: (a) long outstanding items; (b) unadjusted claims for short supplies, poor quality, discount, commission, etc.; (c) liabilities not correlated/adjusted against related advances; (d) authorisation and correctness of transfers from one account to another. Based on his examination as aforesaid, the auditor should determine whether any adjustments in accounts are required. 27. In case there are any unusual payments around the year-end, the auditor should examine them thoroughly. In particular, the auditor should examine if the entries relating to any such payments have been reversed in the subsequent period. 322 Audit of Liabilities 28. The auditor should review subsequent transactions to identify/confirm material liabilities outstanding at the balance sheet date. Provisions 29. The term ‘provision’ means amounts retained by way of providing for depreciation or diminution in value of assets or retained by way of providing for any known liability the amount of which cannot be determined with substantial accuracy. Provisions include those in respect of depreciation or diminution in the value of assets, product warranties, service contracts and guarantees, taxes and levies, gratuity, proposed dividend etc. This Guidance Note, however, does not deal with provisions for depreciation or diminution in the value of assets. 30. The audit of provisions primarily involves examining the reasonableness and adequacy of the amounts provided for. The auditor should also examine that the provisions made are not in excess of what is reasonably required. 31. Provisions for Taxes and Duties: The adequacy of the provision for taxation for the year should be examined. The position regarding the overall outstanding liability of the entity as at the date of balance sheet should be reviewed. In respect of assessments completed, revised or rectified during the year, the auditor should examine whether suitable adjustments have been made in respect of additional demands or refunds, as the case may be. Similarly, he should examine whether excess provisions or refunds have been properly adjusted. The relevant orders received up to the time of audit should be considered and, on this basis, it should be examined whether any short provisions have been made good. If there is a material tax liability for which no provision is made in the accounts, the auditor should qualify his report in this respect even if the reserves are adequate to cover the liability. 32. If the entity disputes its liability in regard to demands raised, the auditor should examine whether there is a positive evidence or action on the part of the entity to show that it has not accepted the demand for payment of tax or duty, e.g., where it has gone into appeal under section 246 of the Income-tax Act, 1961. Where an application for rectification of mistake (e.g., under section 154 of the Income tax Act, 1961) has been made by the entity, the amount should be regarded as disputed. Where the demand 323 Handbook of Auditing Pronouncements-II notice/intimation for the payment of tax is for a certain amount and the dispute relates to only a part and not the whole of the amount, only such amount should be treated as disputed. A disputed tax liability may require a provision or suitable disclosure (see Accounting Standard (AS) 4, Contingencies and Events Occurring After the Balance Sheet Date issued by the Institute of Chartered Accountants of India). In determining whether a provision is required, the auditor should, among other procedures, make appropriate inquiries of management, review minutes of the meetings of the board of directors and correspondence with the entity's lawyers, and obtain appropriate management representations. 33. In case the entity has made the provision for taxation on the basis of the tax-effect accounting method, the auditor should examine whether the method has been applied properly.7 34. Provision for Gratuity: The auditor should examine whether the entity is required to pay gratuity to its employees by virtue of the provisions of the Payment of Gratuity Act, 1972 and/or· in terms of agreement with employees and, if so, whether provision for accruing gratuity liability has been made by the entity. 8 The auditor should examine the adequacy of the gratuity provision with reference to the actuarial certificate obtained by the entity. In case the entity has not obtained such an actuarial certificate, the auditor should examine whether the method followed by it for calculating the accruing liability for gratuity is rational. 35. Provision for Bonus: In the case of provision for bonus, the auditor should examine whether the liability is provided for in accordance with the Payment of Bonus Act, 1965 and/or agreement with the employees or award of competent authority. Where the bonus actually paid is in excess of the amount required to be paid as per the provisions of the applicable law/agreement/award, the auditor should specifically examine the authority for the same (e.g., resolution of the board of directors in the case of a company). 36. Provision for Dividends: The auditor should examine that dividends are provided for as per applicable provisions of the relevant laws and rules framed thereunder, relevant agreements and resolutions. 7 Reference may be made in this regard to the Accounting Standard (AS) 22, “Accounting for Taxes on Income” issued by the Institute of Chartered Accountants of India. 8 Reference may be made in this regard to Accounting Standard (AS) 15 (Revised in 2005), “Employee Benefits”, issued by the Institute of Chartered Accountants of India. 324 Audit of Liabilities 37. Other Provisions: Where provisions are made for liabilities that may arise on account of product warranties, service contracts, performance warranties etc., the auditor should examine whether the provisions made are in accordance with Accounting Standard (AS) 4, “Contingencies and Events Occurring After the Balance Sheet Date”, issued by the Institute of Chartered Accountants of India. The auditor should also examine the reasonableness of the basis adopted for quantifying the provision with reference to the relevant agreements. Contingent Liabilities 38. The term ‘contingent liabilities’ refers to obligations relating to past transactions or other events or conditions that may arise in consequence of one or more future events which are presently deemed possible but not probable. Contingent liabilities may or may not crystallize into actual liabilities. If they do become actual liabilities, they give rise to a loss or an expense. The uncertainty as to whether there will be any legal obligation differentiates a contingent liability from a liability that has crystallized. Contingent liabilities should also be distinguished from those contingencies which are likely to result in a loss (i.e., a loss is not merely possible but probable) and which, therefore, require an adjustment of relevant assets or liabilities.9 Some of the instances giving rise to contingent liabilities are: (a) law suits, disputes and claims against the entity not acknowledged as debts: (b) membership of a company limited by guarantee. 39. The following general procedures may be useful in verifying contingent liabilities. (a) Review of minutes of the meetings of board of directors, committees of board of directors/other similar body. (b) Review of contracts, agreements and arrangements. (c) Review of list of pending legal cases, correspondence relating to taxes, duties, etc. 9 Reference may be made in this regard to the Accounting Standard (AS) 4, “Contingencies and Events Occurring After the Balance Sheet Date”, issued by the Institute of Chartered Accountants of India. 325 Handbook of Auditing Pronouncements-II (d) Review of terms and conditions of grants and subsidies availed under various schemes. (e) Review of records relating to contingent liabilities maintained by the entity. (f) Enquiry of, and discussions with, the management and senior officials of the entity. (g) Representations from the management. 40. The auditor should verify that contingent liabilities do not include any items which require an adjustment of relevant assets or liabilities. Direct Confirmation Procedure 41. The verification of balances by direct communication with creditors is theoretically the best method of ascertaining whether the balances are genuine, accurately stated and undisputed, particularly where the internal control system is weak. However, the utility of this procedure depends to a large extent on receiving adequate response to confirmation requests. Therefore, in situations where the auditor has reasons to believe, based on his past experience or other factors, that it is unlikely that adequate response would be received from the creditors, he may limit his reliance on direct confirmation procedure and place greater reliance on the other auditing procedures. 42. The auditor employs direct confirmation procedure with the consent of the entity under audit. There may be situations where the management of the entity requests the auditor not to seek confirmation from certain creditors. In such cases, the auditor should consider whether there are valid grounds for such a request. For example, the management may explain the reason as being the fact that there is a dispute with the particular creditor and the request for confirmation may aggravate sensitive negotiations between the entity and the creditor. Before accepting a refusal as justified, the auditor should examine any available evidence to support the management's explanations, e.g., correspondence between the entity and the creditor. In such a case, alternative procedures should be applied to creditors not subjected to confirmation. In appropriate cases, the auditor may also need to re-consider the nature, timing and extent of his audit procedures including the degree of planned reliance on management's representations, 326 Audit of Liabilities 43. The confirmation date, the method of requesting confirmations, and the particular creditors from whom confirmation of balances is to be obtained are to be determined by the auditor. While determining the information to be obtained, the form of confirmation, as well as the extent and timing of application of the confirmation procedure, the auditor should consider all relevant factors such as the effectiveness of internal control, the apparent possibility of disputes, inaccuracies or irregularities in the accounts, the probability that requests will receive consideration, and the materiality of the amounts involved. 44. The creditors may be requested to confirm the balances either (a) as at the date of the balance sheet, or (b) as at any other selected date which is reasonably close to the date of the balance sheet. The date should be settled by the auditor in consultation with the entity. Where the auditor decides to seek confirmation from the creditors at a date other than the balance sheet date, he should examine the movements in creditor balances which occur between the confirmation date and the balance sheet date and obtain sufficient evidence to satisfy himself that creditor balances stated in the balance sheet are not materially misstated. 45. The form of requesting confirmation from the creditors may be either (a) the 'positive' form of request, wherein the creditor is requested to respond whether or not he is in agreement with the balance shown, or(b) the ‘negative’ form of request, wherein the creditor is requested to respond only if he disagrees with the balance shown. 46. The use of the positive form is preferable when individual account balances are relatively large, or where the internal controls are weak, or where the auditor has reason to believe that there may be a substantial number of accounts in dispute or with inaccuracies or irregularities. An illustrative positive form of request letter is given in Appendix I to this Guidance Note. 47. The negative form is useful when internal controls are considered to be effective, or when a large number of small balances are involved, or when the auditor has no reason to believe that the creditors are unlikely to respond. If the negative rather than the positive form of confirmation is used, the number of requests sent and the extent of the other auditing procedures to be performed should normally be greater so as to enable the auditor to obtain the same: degree of assurance with respect to the creditor 327 Handbook of Auditing Pronouncements-II balances. An illustrative negative form of request letter is given in Appendix II to this Guidance Note. 48. In many situations, it may be appropriate to use the positive form for creditors with large balances and the negative form for creditors with small balances. 49. Where the number of creditors is small, all of them may be circularised, but if the creditors are numerous, this may be done on a sample basis. The sample list of creditors to be circularised, in order to be meaningful, should be based on a complete list of all creditor accounts. While selecting the creditors to be circularised, special attention should be paid to accounts with large balances, accounts with old outstanding balances, and supplier accounts with debit balances. In addition, the auditor should select accounts in respect of which balances have been written back to the profit and loss account. In such cases, the auditor may decide that the balance as per the books of the entity may not be stated in the request letter sent to the creditors concerned; instead, the creditors may be asked to intimate the balance as per their records. The auditor may also consider including in his sample some of the accounts which have been fully squared up. The nature of the entity's business and the type of third parties with whom the entity deals, should also be considered in selecting the sample, so that the auditor can reach appropriate conclusions about the creditors as a whole. 50. In appropriate cases, the creditor may be sent a copy of his complete ledger account for a specific period as shown in the entity’s books. This procedure is more likely to reveal errors and fraud and may be particularly useful in the case of large accounts involving many entries, or where there is evidence that accounts are in dispute or are not being settled in accordance with the usual trade terms. 51. The method of selection of the creditors to he circularised should not be revealed to the entity until the trial balance of the creditors’ ledger is handed over to the auditor. A list of creditors selected for confirmation should be given to the entity for preparing requests for confirmation which should be properly addressed and duly stamped. The auditor should maintain strict control to ensure the correctness and proper dispatch of request letters. In the alternative, the auditor may request the client to furnish duly authorised confirmation letters and the auditor may fill in the names, addresses and the amounts relating to creditors selected by him 328 Audit of Liabilities and mail the letters directly. It should be ensured that confirmations as well as any undelivered letters are returned to the auditor and not to the client. 52. Where positive form of request is used, the auditor may, in appropriate cases, request the entity to follow up with a reminder to those creditors from whom he receives no replies. In exceptional circumstances, the auditor may also correspond directly with those significant creditors from whom he receives no replies despite reminders, with intimation to the entity. In the event of inadequacy of responses received, the auditor will have to increase the extent of examination of records and analytical review procedures beyond that planned originally. 53. Any discrepancies revealed by the confirmations received or by the additional tests carried out by the auditor may have a bearing on other accounts not included in the original sample. The entity should be asked to investigate reconcile the discrepancies. In addition, the auditor should also consider what further tests he can carry out in order to satisfy himself as to the correctness of the amount of creditors taken as a whole. Examination of Disclosure 54. The auditor should satisfy himself that the liabilities have been disclosed properly in the financial statements. Where the relevant statute lays down any disclosure requirements in this behalf, the auditor should examine whether the same have been complied with. 55. In some cases loans are guaranteed by third parties in whose favour the assets of the entity are charged. The auditor should examine whether the disclosures concerning such loans are appropriate, e.g., they may be classified as secured with disclosure of the fact that the assets of the entity have been charged in favour of third parties which, in turn, have given guarantees to parties from whom loans have been obtained. 56. The auditor should recommend to the entity to disclose, in parentheses or in footnotes, the installments of term loans, if any, falling due for repayment within the next twelve months. 57. The auditor should examine that the following have been disclosed in respect of contingent liabilities: (a) nature of each contingent liability; (b) the uncertainties which may affect the future outcome; 329 Handbook of Auditing Pronouncements-II (c) an estimate of the financial effect or a statement that such estimate cannot be made. Analytical Review Procedures 58. In addition to the audit procedures discussed above, the following analytical review procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions: (a) comparison of closing balances of loans and borrowings, creditors, etc., with the corresponding figures for the previous year; (b) comparison of the relationship between current year creditor balances and the current year purchases with the corresponding figures for the previous year; (c) comparison of actual closing balances of loans and borrowings, creditors, etc., with the corresponding budgeted figures, if available; (d) comparison of current year’s aging schedule of creditors with the corresponding figures for the previous year; (e) comparison of significant ratios relating to loans and borrowings, creditors, etc., with the similar ratios for other firms in the same industry, if available; (f) comparison of significant ratios relating to loans and borrowings, creditors, etc. with the industry norms, if available. It may be clarified that the foregoing is only an illustrative list of analytical review procedures which an auditor may employ in carrying out an audit of liabilities. The exact nature of analytical review procedures to be applied in a specific situation is a matter of professional judgement of the auditor. Special Considerations in the Case of a Company 59. In addition to the procedures described above, the auditor· should also employ the following procedures in the case of audit of a company. (a) In determining whether the loans obtained by the company are within its powers, the auditor should scrutinise its memorandum and articles of association and also examine whether the provisions of sections 292 and 293(1(d) of the Companies Act, 1956 are complied with. (b) The auditor should examine the register of charges to ensure that charges created have been duly registered. He should also ensure that 330 Audit of Liabilities the description of such charges disclosed in the balance sheet agrees in substance with that stated in the documents creating the charges. (c) The auditor should examine all loans taken from bodies corporate under the same management or from a company, firm or other party in which any director is interested and determine whether, in his opinion, the rate of interest and other terms and conditions of the loans are prime facie prejudicial to the interest of the company. 10 (d) Where the company has accepted deposits, the auditor should examine compliance with the relevant legal provisions, e.g., section 58A of the Companies Act, 1956 and the rules framed thereunder/directions issued by the Reserve Bank of India. (e) In respect of unclaimed dividends, the auditor should examine whether the company has complied with the provisions of section 205A of the Companies Act, 1956 and the rules framed thereunder regarding transfer of certain unpaid or unclaimed dividends to a special bank account/general revenue account of the Central Government. (f) The auditor should examine whether any undisputed amounts payable in respect of income-tax, wealth tax. sales tax, customs duty and excise duty are outstanding as at the balance sheet date for a period of more than six months from the date they became payable. If so, the auditor should report the amounts of such outstanding dues. 11 (g) The verification procedure to be adopted by the auditor for audit of debentures would vary from year to year, depending upon whether fresh debentures are issued and/or they are redeemed or converted into shares during the year. In case of fresh issue of debentures, the auditor should examine the memorandum and articles of association of the company and resolutions authorising the issue. He should also examine compliance with the requirements of the terms of issue and any variations thereof and necessary approvals/clearances for the issue from authorities concerned such as SEBI, RBI etc. The auditor should also examine that proper accounts are maintained with regard 10 Reference may also be made in this regard to the Statement on the Companies (Auditor’s Report) Order, 2003 issued by the Institute of Chartered Accountants of India. 11 Reference may also be made in this regard to the Statement on the Companies (Auditor’s Report) Order, 2003 (Revised 2005) issued by the Institute of Chartered Accountants of India. 331 Handbook of Auditing Pronouncements-II to amounts received towards application, allotment and calls and that the Payments by way of refunds/interest and all other relevant accounts are duly reconciled. Where debentures are issued at a premium/discount, the auditor should ensure that such sums are accounted for distinctly. In case of buy-back, conversion, re-issue or redemption of debentures, the auditor should examine that these are in accordance with the terms of the issue. The auditor should examine that the requirements relating to creation of debenture redemption reserve and, where applicable, sinking fund and its Investment; and other related requirements are complied with. Management Representations 60. The auditor should obtain from the management of the entity a written statement that all known liabilities have been recorded in the books and that all contingent liabilities have been properly disclosed. While such a representation letter serves as a formal acknowledgment of the management's responsibilities for proper accounting and disclosure of the relevant items, it does not relieve the auditor of his responsibility for performing audit procedures to obtain sufficient appropriate audit evidence to form the basis for the expression of his opinion on the financial statement. A sample management representation letter regarding liabilities and contingent liabilities is given in Appendix III to this Guidance Note. It may be mentioned that the representations made in the letter can alternatively be included in the composite representation letter usually issued by the management to the auditor. Documentation 61. The auditor should maintain adequate working papers regarding audit of liabilities and contingent liabilities. Among others, he should maintain on his audit file, confirmations received as well as any undelivered letters of request for confirmation. The management representation letter contingent liabilities and contingent liabilities should also be maintained on the audit file. 332 Audit of Liabilities Appendix I Illustrative Letter of Confirmation to be Sent to Creditors - Positive Form [Ref. paragraph 46] [Letterhead of Entity] [Name and Address of Creditor] [Date] Dear Sir, For audit purposes, kindly confirm directly to our auditors (name and address of the auditors) that the balance of Rs. ⎯⎯⎯ due by us to you as on _______ as shown by our books, is correct. The details of the balance are as under:12 Invoice No. Date Order Reference Amount Total _________ Less: Payments made/other debits _________ Net amount due to us (Rs.) _________ A stamped envelope addressed to our auditors is enclosed for your convenience. If the amount shown is in agreement with your books, kindly strike-out the paragraph marked (B) below. If the amount shown is not in agreement with your books, kindly furnish the details in the proforma given in the paragraph marked (B) below and strike-out paragraph (A). In either case, kindly sign at the place provided below and return this entire letter directly to our auditors in the enclosed envelope. Your prompt compliance with this request will be appreciated. 12 In case the list of invoices forming the balance is too large, these details may not be given. 333 Handbook of Auditing Pronouncements-II Kindly return this form in its entirety. Yours faithfully, (Signature of responsible official of the entity) −−−−−−−−−−− (Do not perforate the form at this point) [Name and Address of Entity] (A) We confirm that the above stated amount is correct as at ______ OR (B) We state that the above-stated amount is not correct as per our records. The details of the balance as at _____ as per our records are as below: Invoice No. Date Order Reference Amount Total _________ Less: Payments made/other debits _________ Net amount due to us (Rs.) _________ Date (Signature of creditor/responsible official) 334 Audit of Liabilities Appendix II Illustrative Letter of Confirmation to be Sent to Creditors - Negative Form [Ref. paragraph 47] [Letterhead of Entity] [Date] [Name and Address of Creditor] Dear Sir, For audit purposes, kindly write directly to our auditors (name and address of the auditors) if the balance of Rs. ________ due by us to you as on ________ as shown by our books, is not correct, giving details of the differences. The details of the balance are as under:13 Invoice No. Date Order Reference Amount Total _________ Less: Payments made/other debits _________ Net amount due by us (Rs.) _________ If you do not notify our auditors of any difference within ten days of the date of this letter, it will be presumed that the balance stated above is correct. A stamped envelope addressed to our auditors is enclosed for your convenience. Yours faithfully, (Signature of responsible official of the entity) 13 In case the list of invoices forming the balance is too large, these details may not be given 335 Handbook of Auditing Pronouncements-II Appendix III Illustrative Representation Letter for Liabilities and Contingent Liabilities [Ref. paragraph 60] The following is a sample representation letter for liabilities and contingent liabilities. It might be used to supplement the general letter of representation or included therein. The letter should be modified where appropriate. [Letterhead of Entity] [Date] [Name and Address of the Auditor] Dear Sir, In connection with your audit of the financial statements of X Ltd. as of …...., 19….., and for the year then ended, we confirm, to the best of our knowledge and belief, the following representations: 1. We have recorded all known liabilities in the financial statements. 2. We have disclosed in notes to the financial statements all guarantees that we have given to third parties and all other contingent liabilities. 3. Contingent liabilities disclosed in the notes to the financial statements do not include any contingencies which are likely to result in a loss and which, therefore, require adjustment of assets or liabilities. 4. Provisions have been made in the accounts for all known losses and claims of material amounts. Yours faithfully, (Signature of responsible official of the entity) 336 20 GUIDANCE NOTE ON AUDIT OF REVENUE* Contents Paragraph(s) Introduction ........................................................................................ 3-5 Internal Control Evaluation .................................................................. 6 Verification ....................................................................................... 7-20 Examination of Records ................................................................ 8-18 Examination of Presentation and Disclosure .................................... 19 Analytical Procedures ...................................................................... 20 Special Considerations in the Case of a Company .......................... 21 Documentation .................................................................................... 22 * Published in May, 1997 issue of ‘The Chartered Accountant’. Handbook of Auditing Pronouncements-II The following is the text of the Guidance Note on Audit of Revenue issued by the Auditing Practices Committee (APC)** of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices (SAPs)+ issued by the Institute. 1. Para 2.1 of the ‘Preface to the Statements on Standard Auditing Practices’1, issued by the Institute of Chartered Accountants of India, states that the "main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs) so that these may be issued by the Council of the Institute." Para 2.4 of the Preface states that the “APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary.” 2. The Auditing Practices Committee has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee. It is intended to issue, in due course of time, Engagement Standards or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn. Accordingly, with the issuance of this Guidance Note on Audit of Revenue, paragraph 11.1 of Chapter 11 of the Statement on Auditing Practices, titled 'Profit and Loss Account', shall stand withdrawn. In due course of time, the entire Statement of Auditing Practices shall be withdrawn.2 Introduction 3. Revenue is the gross inflow of cash, receivables or other consideration arising in the course of the ordinary activities of an entity from the sale of goods, from the rendering of services, and from the use by others of entity resources yielding interest, royalties and dividends. Revenue is measured by the charges made to customers for goods supplied and services rendered to them and by the charges and rewards arising from the use of resources by them. The term 'revenue' covers only the gross inflow of cash, receivables or other consideration, as aforesaid, received or receivable by the entity on its own account. Amounts **Now known as the Auditing and Assurance Standards Board (AASB). + Now known as the Engagement Standards. 1 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol-I.A of this Handbook. 2 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 338 Audit of Revenue collected on behalf of third parties are excluded from revenue. For example, in an agency relationship, revenue from the view point of the agent is the amount of commission receivable by him and not the gross amount of cash, receivables or other consideration collected by him on behalf of the principal. 4. This Guidance Note deals with the audit of the following types of revenue (dealt with in Accounting Standard (AS) 9, Revenue Recognition, issued by the Institute of Chartered Accountants of India) arising in the course of the ordinary activities of an entity: ♦ Sale of goods. ♦ Rendering of services. ♦ Use by others of entity resources yielding interest, royalties and dividends. 5. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions (see Statement on Standard on Auditing (SA) 500, Audit Evidence). In carrying out an audit of revenue, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to corroborate the management's assertions regarding the following: Occurrence – that recorded revenue arose from transactions which took place during the relevant period and pertain to the entity. Completeness – that there is no unrecorded revenue. Measurement – that revenue is recorded in the proper amounts and is allocated to the proper period. Presentation and Disclosure – that revenue is disclosed, classified, and described in accordance with recognised accounting policies and practices and relevant statutory requirements, if any. 339 Handbook of Auditing Pronouncements-II Internal Control Evaluation 6. The auditor should study and evaluate the system of internal control relating to revenue, to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of internal control relating to revenue: 3 (a) The systems and procedures relating to generation of revenue including authority to fix prices, offer discounts and other terms of sale. (b) Accounting procedures relating to recognition of revenue. (c) Existence of periodic reports on actual performance vis-à-vis budgets. Verification 7. Verification of revenue may be carried out by employing the following procedures: (a) examination of records; (a) analytical review procedures. The nature, timing and extent of substantive procedures to be performed is, however, a matter of professional judgment of the auditor which is based, inter alia, on the auditor's evaluation of the effectiveness of the related internal controls. Examination of Records 8. The auditor should examine whether the basis of recognition of revenue by the entity is in accordance with the recognised accounting principles as laid down in Accounting Standard (AS) 9, Revenue Recognition, issued by the Institute of Chartered Accountants of India. 9. The auditor should examine whether the entity has instituted adequate cut- off procedures in relation to sales and sale returns. The objective of cut-off procedures is to ensure that the transactions pertaining to a period are recorded in that period and not in a preceding or subsequent period. The 3 The extent of review of internal controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the "Internal Control Questionnaire" issued by the Institute of Chartered Accountants of India in 1976, which contains an illustrative list of internal controls in relation to sales. 340 Audit of Revenue auditor should examine the efficacy of such procedures. The auditor can examine the despatch documents (such as railway receipts) pertaining to a few days immediately before the year-end and verify that the related sale invoices have been recorded as sales of the current year. 10. The auditor should examine selected entries in the sales journal with reference to the related sale invoices, dispatch documents and other supporting documents such as the customers' orders, credit approval notes, etc. He should compare the actual price charged with the authorised price lists or with the authorisation by the appropriate official of the entity, as the case may be. The auditor should also trace the selected entries to the customers’ account. 11. The auditor· should also examine selected despatch documents with reference to related sale invoices and the sales journal. 12. The auditor should examine selected entries in the sales return journal with reference to the receiving reports in respect of goods returned, credit notes and entries in the customers' accounts. Similarly, the auditor should examine selected credit notes with reference to entries in the sales return journal, receiving reports in respect of goods returned, and entries in the customers' accounts. 13. In respect of goods sent on approval, the auditor should particularly examine that revenue in respect of such goods is not recognised until (a) the goods have been formally accepted by the buyer, or (b) the buyer has done an act adopting the transaction, or (c) the time period for rejection has elapsed or where no time has been fixed, a reasonable time has elapsed. 14. In respect of sales to intermediate parties (i.e., where goods are sold to distributors, dealers or others for resale), the auditor should examine that revenue from such sales is not recognised until the significant risks and rewards of ownership have passed. However, in situations where an intermediate party is in substance an agent (e.g., a consignee), revenue should not be recognised until the related goods are sold to a third party.4 15. Where the consideration is receivable in installments and includes an element of interest, the auditor should examine that the revenue attributable to the sale excludes the interest element. 4 Reference may be made to AS 1, “Disclosure of Accounting Policies”, for discussion on the concept of “substance over form’'. 341 Handbook of Auditing Pronouncements-II 16. In respect of export sales, the auditor should carry out the following procedures in addition to the usual audit procedures applicable in respect of domestic sales. (a) The auditor should examine that revenue from export sales in which consideration is receivable in a foreign currency is recorded at an appropriate amount in accordance with Accounting Standard (AS) 11, Accounting for the Effects of Changes in Foreign Exchange Rates5. (b) The auditor should obtain a written representation from the management to the effect that the entity has complied with the legal and regulatory requirements relating to exports.6 17. In respect of revenue arising from services rendered (i.e., in the form of fees, commission, brokerage, etc.), the auditor should examine the related agreements and other documents. Similarly, in respect of revenue in the form of interest, dividends and royalties, the auditor should examine the related documents such as loan documents, lease agreements, etc. The auditor may also seek confirmatory certificates from the parties concerned. 18. The auditor should also verify realisations subsequent to the date of the balance sheet to identify items of unrecorded revenue. Examination of Presentation and Disclosure 19. The auditor should satisfy himself that the revenue has been disclosed properly in the financial statements. Where the relevant statute lays down any disclosure requirements in this behalf, the auditor should examine whether the same have been complied with. Analytical Procedures 20. In addition to the audit procedures discussed above, the following analytical procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions relating to revenue: (a) Comparison, product-wise and location-wise, of revenue for the current year with the corresponding figures for previous years. 5 This Accounting Standard has been revised in 2003. The title of the revised Accounting Standard is “The Effects of Changes in Foreign Exchange Rates”. 6 Reference may be made in this regard to SA 580, “Written Representations”. 342 Audit of Revenue (b) Comparison of ratio of gross margin to sales for the current year with the corresponding figures for previous years. (c) Comparison of ratio of sales returns to sales for the current year with the corresponding figures for previous years. (d) Comparison of ratio of trade discount to sales for the current year with the corresponding figures for previous years. (e) Comparison of ratio of excise duty/sales tax/export incentives to sales for the current year with the corresponding figures for previous years. (f) Comparison, product-wise and location-wise, of quantity sold during the year with the corresponding figures for previous years. (g) Product-wise reconciliation of quantity sold during the year with opening stock, purchases/production and closing stock. (h) Comparison of dividend/interest/royalty for the current year with the corresponding figures for previous years. (i) Comparison of ratio of income on investments to average investments for the current year (separately for each major type of investment) with the corresponding figures for previous years. Apart from the above, the auditor may also work out quantitative ratios and reconciliations, e.g., he may relate the quantum of output to the quantum of input to judge its reasonableness. Similarly, he may relate the wage payments to the quantum of output, and so on. It may be clarified that the foregoing is only an illustrative list of analytical procedures, which an auditor may employ in carrying out an audit of revenue. The exact nature of analytical procedures to be applied in a specific situation is a matter of professional judgment of the auditor. Special Considerations in the Case of a Company 21. In the case of audit of a company, in addition to the procedures described above, the auditor should also carry out appropriate audit procedures in respect of matters which are specifically required to be examined under the provisions of the Companies Act, 1956. For example, as required by the [Manufacturing and Other Companies (Auditor's Report) Order, 1988, issued under section 227(4A) of the Act, the auditor should examine whether the transactions of sale of goods, materials and services 343 Handbook of Auditing Pronouncements-II and purchase of goods and materials, made in pursuance of contracts or arrangements entered in the register(s) maintained under section 301 of the Act, and exceeding the limits specified in the Order, have been made at prices which are reasonable having regard to prevailing market prices for such goods, materials or services or the price at which transactions for similar goods or services have been made with other parties.7] Documentation 22. The auditor should maintain adequate working papers regarding audit of revenue. 7 Reference may be made in this regard to the Statement on the Companies (Auditor’s Report) Order, 2003 (Revised 2005). 344 21 GUIDANCE NOTE ON CERTIFICATION OF CORPORATE GOVERNANCE (REVISED 2009)* Contents Paragraph(s) Glossary of Terms 1. Introduction .... ...............................................................................1.1-1.8 2. Objective of this Guidance Note .................................................... 2.1-2.3 3. General Approach .........................................................................3.1-3.8 4. Managements’ Responsibility .................................................................4 5. Auditors’ Responsibility .................................................................5.1-5.2 6. General Principles ..... ...................................................................6.1-6.3 7. Documentation ... ....................................................................................7 8. Verification of Compliance of Conditions of Corporate Governance ................................................................8.1-9.61 I. Board of Directors ................................................................... 8.2-8.18 (A) Composition of Board ................ ........................................... 8.2-8.6 (B) Non-Executive Directors compensation and Disclosures .................. .................................................8.7-8.10 (C) Other Provisions as to Board and Committees ..................8.11-8.16 (D) Code of Conduct . ................................................................8.17-8.18 9. Audit Committee ......................................................................... 9.1-9.19 (A) Qualified and Independent Audit Committee ............... ................9.1 * Issued in April, 2009. Handbook of Auditing Pronouncements-II (B) Meeting of Audit Committee ................. ................................9.2-9.10 (C) Powers of Audit Committee ........ ........................................9.11-9.12 (D) Role of Audit Committee ....................................................9.13-9.15 (E) Review of Information by Audit Committee ............... ..........9.16-9.19 III. Subsidiary Companies. ........ ............................................9.20-9.25 IV. Disclosures.........................................................................9.26-9.53 (A) Basis of Related Party Transactions ............................. .....9.26-9.30 (B) Disclosure of Accounting Treatment ............... ....................9.31-9.32 (C) Board Disclosures – Risk Management ............... ...............9.33-9.36 (D) Proceeds from Public issues, Right Issues, Preferential Issues etc. ............... .......................................9.37-9.39 (E) Remuneration of Directors ..................................................9.40-9.43 (F) Management ............... .......................................................9.44-9.46 (G) Shareholders ............... ......................................................9.47-9.53 V. CEO/CFO certification .................................................... 9.54-9.58 VI. Report on Corporate Governance ................................ .. 9.59-9.61 10. Management Representation ...............................................................10 11. Auditors’ Certificate ....................................................................11.1-11.2 12. Role of Auditor in Audit Committee & Certification of Compliance of Conditions of Corporate Governance .............12.1-12.4 Appendices Annexures 346 Certification of Corporate Governance Glossary of Terms AS ACCOUNTING STANDARDS SA STANDARDS ON AUDITING CARO COMPANIES (AUDITOR’S REPORT) ORDER CEO CHIEF EXECUTIVE OFFICER CFO CHIEF FINANCIAL OFFICER CII CONFEDERATION OF INDIAN INDUSTRY ICAI INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA OECD ORGANIZATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT RBI RESERVE BANK OF INDIA SEBI SECURITIES AND EXCHANGE BOARD OF INDIA SCRA SECURITIES CONTRACTS (REGULATION) ACT xviii xix 347 Handbook of Auditing Pronouncements-II 1. Introduction 1.1 Corporate Governance is a system by which companies are directed and governed by the management in the best interests of the stakeholders and others by ensuring better management, greater transparency and timely financial reporting. The three key aspects of corporate governance includes: inter-alia, accountability, transparency and equality of treatment for all stakeholders. Since the pivotal role in any system of corporate governance is performed by the Board of Directors, they are primarily accountable and responsible for governance of their companies. 1.2 A number of reports and codes of Corporate Governance have been published internationally. Notable among them are the Report of Cadbury Committee, the Report of Greenbury Committee, the Combined Code of the London Stock Exchange, the OECD Code on Corporate Governance, the Blue Ribbon Committee on Corporate Governance, the Hampel Committee on Corporate Governance and the Review of the Role and Effectiveness of Non- executive Directors published by the Department of Trade and Industry, U.K. 1.3 In the Indian scenario, the Confederation of Indian Industry (CII) published Desirable Corporate Governance – A Code, in April 1988 which was followed by the setting up of a committee by The Securities and Exchange Board of India (hereinafter referred to as ”SEBI”) in May 1999 under the Chairmanship of Kumar Mangalam Birla to formulate the code of Corporate Governance. Based on the report of this committee and developments thereafter, SEBI has issued thirteen Circulars1 which give a detailed provisions of Corporate Governance. 1.4 The Reserve Bank of India constituted an Advisory Group on Corporate Governance, which submitted its report in April 2001. Thereafter, the then Ministry of Finance and Company Affairs constituted a Committee on Corporate Audit and Governance under the Chairmanship of Naresh Chandra, which submitted its report in November 2002. Currently the Ministry of Corporate Affairs is considering further reforms in Corporate Governance through. the Companies Bill, 2008 which was introduced in the Parliament on 13 October, 2008. In its constant endeavor to improve the framework of Corporate Governance in India in line with the needs of a dynamic market, SEBI constituted a Committee on Corporate Governance under the Chairmanship of N. R. Narayana Murthy, which submitted its report in February 2003. Based on its recommendations and public comments received on the report, SEBI in exercise of the powers conferred by section 11 (1) of the Securities and Exchange Board of India Act, 1992 read with section 10 of the Securities Contracts (Regulation) Act 1956, 1 List of thirteen circulars given in Appendix A. 348 Certification of Corporate Governance revised the Clause 49 of the Listing Agreement as per Circular SEBI/CFD/DIL/CG/1/2004/12/10 dated 29 October, 20042. 1.5 The SEBI Circular dated 29 October, 2004 is the Master Circular and has replaced all the earlier Circulars issued on Clause 49 of the Listing Agreement. Further through another Circular SEBI/CFD/DIL/CG/1/2005/29/3 dated 29 March, 20053 SEBI extended the date of ensuring compliance with the revised Clause 49 (i.e. Circular dated 29 October, 2004) to December 31 2005. Subsequently, SEBI vide Circular No. SEBI/CFD/DIL/CG/1/2006/13 dated 13 January, 20064 made further clarificatory amendments to remove certain operational difficulties. In addition to the above, SEBI made further amendments in Clause 49 by the following circulars: a) SEBI/CFD/DIL/LA/4/2007/27/12 dated 27 December, 2007 for amendments to Equity Listing Agreement5 and (b) SEBI/CFD/DIL/CG/1/2008/08/04 dated 8 April, 2008 for amendments in Clause 49 to the Listing Agreement6 1.6 As per the SEBI Circular dated October 29, 2004 the provisions of revised Clause 49 shall be implemented as per the schedule of implementation given below: (a) For entities seeking listing for the first time, at the time of seeking in principle approval for such listing. (b) For existing listed entities which were required to comply with revised Clause 49 i.e. those having a paid up share capital of Rs. 3 crores and above or net worth of Rs. 25 crores or more at any time in the history of the company, by April 1, 2005. Companies complying with the provisions of the existing Clause 49 at present (issued vide circulars dated 21st February, 2000, 9th March 2000, 12th September 2000, 22nd January, 2001 16th March 2001 and 31st December 2001) shall continue to do so till the revised Clause 49 of the Listing Agreement is complied with or till March 31, 2005 whichever is earlier. Subsequently, the date for ensuring compliance with the revised Clause 49 of the listing agreement was extended upto December, 31, 2005 and the revised Clause 49 of the listing agreement came into effect on January 1, 2006. 2 Reproduced in Appendix D. 3 Reproduced in Appendix E. 4 Reproduced in Appendix F. 5 Reproduced in Appendix I. 6 Reproduced in Appendix J. 349 Handbook of Auditing Pronouncements-II 1.7 The requirements of revised Clause 49 (hereinafter referred as Clause 49) for Corporate Governance are divided into mandatory7 and non-mandatory requirements.8 The non- compliance of any mandatory requirement of Clause 49 with reasons thereof should be specifically highlighted. The extent to which the non-mandatory requirements have been adopted / complied with should be mentioned in the Corporate Governance Report. 1.8 As per Clause 49 VII (1) of the Listing Agreement, a company is required to obtain a certificate either from the auditors of the company or practising company secretaries regarding compliance of requirements of Corporate Governance. This certificate is required to be annexed with the Directors’ Report, which is sent annually to all the shareholders of the company. Further, the same certificate is also required to be sent to the stock exchange (s) along with the Annual Report filed by the company. The expression “auditors of the company” would mean the auditors appointed to audit the financial statements of the company under the Companies Act, 1956. 2. Objective of the Guidance Note 2.1 This Guidance Note is intended to provide guidance to auditors for certification of the compliance of requirements of Corporate Governance as stipulated in Clause 49 of the Listing Agreement between the Stock Exchange and the auditee company (hereinafter referred to as “Listing Agreement”): 2.2(a) It is the management’s responsibility to ensure the implementation of the requirements of corporate governance as stipulated in Clause 49 of the Listing Agreement. (b) The Auditor’s responsibility is to certify compliance of requirements of corporate governance as stipulated in Clause 49 of the Listing Agreement. (c) The Auditor obtains sufficient understanding of the implementation of the requirements of corporate governance as stipulated in Clause 49 of the Listing Agreement. 2.3 This Guidance Note is intended to: • assist in clarifying the respective responsibilities of the management and the auditor • suggest to the auditor what he is to inquire from the management • provide guidance on the verification procedure for the compliance of requirements of corporate governance 7 See Annexure I. 8 See Annexure ID. 350 Certification of Corporate Governance • assist in the issuance of the required certificate • outline the circumstances in which the auditor may issue a disclaimer or an adverse or qualified certificate. 3. General Approach For issuance of Certificate on Compliance of requirements of Corporate Governance as stipulated in Clause 49 of the Listing Agreement, the following general approach may be kept in mind: 3.1 As per the SEBI circular dated 13th January 2006 the revised Clause 49 of the listing agreement came into effect from January, 1st, 2006. Therefore, for the reporting period as on 31st March, 2006, the auditor has to ensure that for the transition period, reporting requirements have to be split into two parts i.e., one for the period ending 31st December, 2005, for which the compliance of requirements would be as per the requirements prior to the revised clause and for the period beginning from 1st January, 2006 to 31st March, 2006, the certificate would be for compliance of requirements as stipulated in the SEBI circular dated 29th October, 2004. The SEBI Circular No SEBI/CFD/DIL/ CG/1/2006/13/1 dated 13th January, 2006 has reiterated this position. 3.2 While determining the optimum combination of Executive and Non- executive Directors, the auditor has to keep in mind that since the terms ‘executive’ and ‘non-executive’ are not defined in Clause 49, he has to refer to the minutes of the Board. 3.3 While determining the number of independent and non- independent directors in the Board of Directors, the auditor has to keep in mind the different limits prescribed in Clause 49 (1A) (i) and (ii). Clause 49 I (A) (i) provides that the Board of Directors of the company shall have an optimum combination of executive and non-executive directors with not less than fifty percent of the Board of Directors comprising of non-executive directors. Clause (ii) provides that where the Chairman of the Board is a Non-executive director, at least one– third of the Board should comprise of independent directors and in case he is an executive director, at least half of the Board should comprise of independent directors. Further, where the non-executive Chairman is a promoter of the company or is related to any promoter or person occupying management positions at the Board level or at one level below the Board, at least one-half of the Board of the company shall consist of independent directors. This requirement prescribed by SEBI Vide Circular No. SEBI/CFD/DIL/CG/1/2008/08 /04 dated April 8, 2008 by way of amendment to Clause 49. 3.4 The above clause provides for three sets of limit for the composition of 351 Handbook of Auditing Pronouncements-II independent directors in the Board where the Chairman is either a non- executive director or an executive Director. 3.5 For arriving at the number of independent directors in either of the case, any fraction thereof should be rounded off to the next integer as the words used in the clause is “not less than” and “at least”. 3.6 While planning and performing audit procedures and for evaluating and reporting its results, the auditor should recognize that non-compliance by the company with laws and regulations may materially affect the financial statements. Also it should be noted that as per SA 250, (Consideration of Laws and Regulations in an Audit of Financial Statements), compliance with the Laws and Regulations is the responsibility of the management. 3.7 For the purpose of verification of compliance of requirements of Corporate Governance, the auditor would be required to review the policies prescribed, the process and procedures followed, and the documentation in this regard. 3.8 While issuing the certificate on compliance of requirements of Corporate Governance as stipulated in Clause 49, the auditor has to observe the timing and procedure which are generally followed in regard to obtaining the financial statements as approved by the Board, draft Directors’ Report, draft report on corporate governance9 and issuance of auditor’s report. 4. Management’s Responsibility Managements’ responsibility for conducting its business implicitly requires it to take reasonable steps to ensure the implementation of the requirements of corporate governance as stipulated in Clause 49 of the Listing Agreement. Under its terms, a company is statutorily bound to implement the requirements of Clause 49 of the Listing Agreement. This flows from provision of Section 21 of the Securities Contracts (Regulation) Act, 1956(SCRA). Section 23 of SCRA, 1956 provides for stringent penalties10 for non- compliance of Section 21 of the Act. 5. Auditor’s Responsibility 5.1 The Auditor’s responsibility in certifying compliance of requirements of corporate governance relate to verification and certification of factual implementation of requirements of corporate governance as stipulated in Clause 49 of the Listing Agreement. Such verification and certification is neither an audit nor an expression of opinion on the financial statements of the company. 9See Annexure – IB. 10Presently, the non-compliance with the conditions of the listing agreement attract a penalty, punishable with imprisonment for a term which may extend to ten years or with fine, which may extend to twenty-five crore rupees, or with both. 352 Certification of Corporate Governance 5.2 The certificate from the Auditor as regards compliance of requirements of corporate governance is neither an assurance about the future viability of the company nor the efficiency or effectiveness with which the management has conducted the affairs of the company. 6. General Principles 6.1 The Standards set out in Standards on Auditing would be applicable in the performance of certification of requirements of corporate governance by the Auditor, to the extent relevant. 6.2 As in the case of other professional assignments, in certification of compliance of requirements of corporate governance, the Auditor should comply with the “Code of Ethics” issued by the Institute of Chartered Accountants of India. 6.3 The Auditor should conduct verification of compliance of requirements of corporate governance as stipulated in Clause 49 of the Listing Agreement in accordance with this Guidance Note. 7. Documentation The auditor should document matters, that are important in providing evidence to support the certificate of factual findings in accordance with SA 230, “Audit Documentation”. 8. Verification of Compliance of Conditions of Corporate Governance 8.1 The verification of compliance of the requirements of Corporate Governance is discussed hereunder with reference to various paragraphs of Clause 49 of the Listing Agreement. 8.2 Board of Directors 1. (A) Composition of Board (i) The Board of directors of the company shall have an optimum combination of executive and non-executive directors with not less than fifty percent of the board of directors comprising of non-executive directors. (ii) Where the Chairman of the Board is a non-executive director, at least one- third of the Board should comprise of independent directors and in case he is an executive director, at least half of the Board should comprise of independent directors. Provided that where the non-executive Chairman is a promoter of the 353 Handbook of Auditing Pronouncements-II company or is related to any promoter or person occupying management positions at the Board level or at one level below the Board, at least one- half of the Board of the company shall consist of independent directors.11 Explanation-For the purpose of the expression “related to any promoter” referred to in sub-clause (ii): a. If the promoter is a listed entity, its directors other than the independent directors, its employees or its nominees shall be deemed to be related to it; b. If the promoter is an unlisted entity, its directors, its employees or its nominees shall be deemed to be related to it.12 (iii) For the purpose of the sub-clause (ii), the expression ‘independent director’ shall mean a non-executive director of the company who: (a) apart from receiving director’s remuneration, does not have any material pecuniary relationships or transactions with the company, its promoters, its directors, its senior management or its holding company, its subsidiaries and associates which may affect independence of the director; (b) is not related to promoters or persons occupying management positions at the board level or at one level below the board; (c) has not been an executive of the company in the immediately preceding three financial years; (d) is not a partner or an executive or was not partner or an executive during the preceding three years, of any of the following: (i) the statutory audit firm or the internal audit firm that is associated with the company, and (ii) the legal firm(s) and consulting firm(s) that have a material association with the company. (e) is not a material supplier, service provider or customer or a lessor or lessee of the company, which may affect independence of the director, and (f) is not a substantial shareholder of the company, i.e. owning two percent or more of the block of voting shares. 11 SEBI Circular No. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 by modification to Clause 49. 12 SEBI/CFD/DIL/CG/2/2008/23/10 October 23, 2008 354 Certification of Corporate Governance (g) is not less than 21 years of age13. Explanation: For the purposes of the sub-clause (iii): (a) Associate shall mean a company which is an “associate” as defined in Accounting Standard (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements”, issued by the Institute of Chartered Accountants of India. (b) “Senior management” shall mean personnel of the company who are members of its core management team excluding Board of Directors. Normally, this would comprise all members of management one level below the executive directors, including all functional heads. (c) “Relative” shall mean “relative” as defined in section 2(41) and section 6 read with Schedule IA of the Companies Act, 1956. (iv) Nominee directors appointed by an institution, which has invested in or lent to the company shall be deemed to be independent directors. Explanation: “Institution’ for this purpose means a public financial institution as defined in Section 4A of the Companies Act, 1956 or a “corresponding new bank” as defined in section 2(d) of the Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970 or the Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980 [both Acts].” [Clause 49 I (A)] 8.3 The auditor should ascertain throughout the reporting period whether the Board of Directors comprises not less than 50% of the directors who are non- executive directors. The expressions “executive directors” and “non-executive directors” have not been explained in Clause 49. The non-executive directors are directors who are not involved in day-to-day management of the company. However, the expression “independent director” has been explained in the Clause 49 I (A) (iii) of the Listing Agreement. The minutes of the Board in this regard should be verified by the auditor for ascertaining as to who could be an independent director. It may further be noted that nominee directors appointed by an institution14, which has invested in or lent to the company shall be deemed to be independent directors. For the purpose of test of determining “independence” 13 SEBI Circular No. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 by modification to Clause 49. 14 See Explanation to Clause 49 I(A)(iv) given above. 355 Handbook of Auditing Pronouncements-II of a director, reference may be made to Clause 49 I (A) (iii). It may, however, be noted that in the ultimate analysis, apart from the above referred objective tests, judgment based on facts of the case may also be kept in mind. A non-executive director may or may not be independent. However, an executive director cannot be considered as independent director. Also an independent director should not be related to promoters or persons occupying management positions at the Board level or at one level below the Board. The minutes of the Board of Directors’ should be verified to ascertain whether a director is an executive director or a non-executive director. 8.4 The auditor should also verify that where the Chairman of the Board is a rd non-executive director, at least 1/3 of the Board should comprise of independent directors. In case the Chairman is an executive director, at least half of the Board should comprise of independent directors. Also where the non-executive Chairman is a promoter of the company or is related to any promoter of the company or person occupying management positions at the Board level or at one level below the Board, at least one-half of the Board of the company shall consist of independent directors.15 For determining the number of requisite independent directors and/ or non-executive directors, the fraction, if any, in number of one-half or one-third as the case may be should be rounded off. Since the terms in this clause refer to ‘not less than’ and ‘at least’, it would be appropriate to compute the number by rounding off any fraction to the next integer. For example, in a Board headed by non- executive Chairman and comprising of six other directors (i.e., seven directors) the independent directors should be three or more. 8.5 Annual Declaration by directors to the Board of Directors may be examined for this purpose. If the Board has followed any particular procedure(s) to ascertain independence of directors, the Auditor should examine the same. Effect of changes in the composition of the Board and / or its Chairman and its impact on compliance throughout the reporting period may also be looked into. 8.6 It is to be noted that an independent non-executive director apart from receiving remuneration should not have any material pecuniary relationship or transactions with the company, its promoters, its senior management or its holding company, its subsidiaries and associates which may affect the independence of the director. 8.6.1 Since the meaning of the term ‘associate’ is not clear from Clause 49, a reference may be made to AS 23 (Accounting for Investments in Associates in Consolidated Financial Statements), which defines an associate as an enterprise 15 SEBI Circular NO. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 356 Certification of Corporate Governance in which the investor has significant influence and which is neither a subsidiary nor a joint venture of the investor. However, for the purpose of sub- clause (iii) only an associate, which is a company should be considered. 8.6.2 The term ‘promoter’ has been defined in Explanation I in paragraph 6.8.3.2 of the SEBI (Disclosure and Investor Protection) Guidelines, 200016. The term has also been defined differently in Regulation 2(1)(h) of the SEBI (Substantial Acquisition of Shares and Takeovers) Regulation, 199717. Further the term ‘promoter’ has also been defined in Clause 4 (12) of the SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) Guidelines, 199918. 8.6.3 Also, such independent director should not be a material supplier, service provider or customer or a lessor or lessee of the company, which may affect the independence of the director and should not also be a substantial shareholder of the company which means, he should not own 2% or more of the block of voting shares. For this purpose, reference can be made to Section 299 of the Companies Act, 1956. 8.6.4 According to Section 2(41) of the Companies Act, 1956, ‘relative’ means, with reference to any person, any one who is related to such person in any of the ways specified in Section 6, and no others. Further, according to Section 6 of the Companies Act, 1956, a person shall be deemed to be a relative of another if, and only if: (a) they are members of a Hindu Undivided Family; or (b) they are husband and wife; or (c) the one is related to the other in the manner indicated in schedule 1A19. 8.7 (B) Non-executive Directors’ Compensation and Disclosures (i) All fees / compensation, if any paid to non-executive directors, including independent directors, shall be fixed by the Board of Directors and shall require previous approval of shareholders in general meeting. The shareholders’ resolution shall specify the limits for the maximum number of stock options that can be granted to non-executive directors, including independent directors, in any financial year and in aggregate. 20Provided that the requirement of obtaining prior approval of shareholders in general meeting shall not apply to payment of sitting fees to non- 16 See Appendix G. 17 See Appendix G. 18 See Appendix G. 19 See Appendix H. 20 Inserted by SEBI Circular dt 13 th January, 2006 – See Appendix F. 357 Handbook of Auditing Pronouncements-II executive directors, if made within the limits prescribed under the Companies Act, 1956 for payment of sitting fees without approval of the Central Government. [Clause 49 I (B)] 8.8 The auditor • Should ascertain from the minutes of the Board of Directors’ meeting, shareholders’ meetings, relevant agenda papers, notices, explanatory statements, etc., whether remuneration of non-executive directors has been decided by the Board of directors and previous approval of the shareholders in the general meeting has been obtained. • May note that no approval from the Central Government is required as along as the remuneration is within the limits prescribed in Schedule XIII to the Companies Act, 1956. • May note that in regard to sitting fees payable to non- executive directors, prior approval in the general meeting will not be required if made within the limits prescribed under the Companies Act, 1956. • Should also verify whether the remuneration is in compliance with Section 198, 309, 314, 349 and 350 of the Companies Act, 1956 and whether the stock options that are granted to the non-executive directors are in accordance with SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) Guidelines, 1999. • Should further refer to the Articles of Association of the Company wherever applicable. • Should examine the report of the Board of directors on Corporate Governance to be included in the annual report of the company and ascertain whether the same contains the disclosures required for remuneration to non-executive directors. The auditor should correlate this data with what is contained in the financial statements. 8.9 Since Clause 49 I (B) refers to stock options that can be granted to non- executive directors, reference may be made to ICAI Guidance Note on Accounting for Employee Share-based Payments which defines the following terms: • Employee Stock Option plan is a plan under which the enterprise grants Employee Stock Options. • Employee Stock Option is a contract that gives the employees of the enterprise the right, but not the obligation, for a specified period of time, 358 Certification of Corporate Governance to purchase or subscribe to the shares of the enterprise at a fixed or determinable price. • Employee Stock Purchase Plan is a plan under which the enterprise offers shares to its employees as part of a public issue or otherwise. 8.10 Where application of this clause requires the value of ESOP to be determined, the services of an expert may have to be utilized. In this regard, reference may be made to SA 620, “Using the Work of an Auditor’s Expert”. 8.11 I (c) Other provisions as to Board and Committees (i) The board shall meet at least four times a year, with a maximum time gap of four months21 between any two meetings. The minimum information to be made available to the board is given in Annexure– I A. (ii) A director shall not be a member in more than 10 committees or act as Chairman of more than five committees across all companies in which he is a director. Furthermore it should be a mandatory annual requirement for every director to inform the company about the committee positions he occupies in other companies and notify changes as and when they take place. Explanation: 1. For the purpose of considering the limit of the committees on which a director can serve, all public limited companies, whether listed or not, shall be included and all other companies including private limited companies, foreign companies and companies under Section 25 of the Companies Act shall be excluded. 2. For the purpose of reckoning the limit under this sub- clause, Chairmanship / membership of the Audit Committee and the Shareholders’ Grievance Committee alone shall be considered. (iii) The Board shall periodically review compliance reports of all laws applicable to the company, prepared by the company as well as steps taken by the company to rectify instances of non-compliances. (iv) An independent director who resigns or is removed from the Board of the Company shall be replaced by a new independent director within a period of not more than 180 days from the day of such resignation or removal as the case may be: 21Substituted in place of ‘three months’ by SEBI Circular dt. 13th January, 2006 – See Appendix F. 359 Handbook of Auditing Pronouncements-II Provided that where the company fulfills the requirements of independent directors in its Board even without filling the vacancy created by such resignation or removal , as the case may be, the requirement of replacement by a new independent director within the period of 180 days shall not apply.22 [Clause 49 I (C)] 8.12 Section 285 of the Companies Act, 1956 is reproduced hereunder: “S.285. Board to meet at least once in every three calendar months- In the case of every company, a meeting of its Board of Directors shall be held at least once in every three months and at least four such meetings shall be held in every year. Provided that the Central Government may, by notification in the Official Gazette, direct that the provisions of this section shall not apply in relation to any class of companies or shall apply in relation thereto subject to such exceptions, modifications or conditions as may be specified in the notification”. 8.13 Clause 49 and Section 285 stipulate that the Board meeting shall be held at least four times a year. The further requirement of Clause 49 is that the maximum time gap between any two meetings should not exceed four23 months. The requirement under the Companies Act, 1956 is that the Board meeting would be held at least once in every three months. 8.14 The auditor should ascertain from the minute’s book of the Board meetings whether meetings were held at least four times a year, with a maximum time gap of four24 months between any two meetings. The auditor should also ascertain whether minimum information was made available to the Board, as given in Annexure – 1C to Clause 49 of the Listing Agreement. 8.15 The auditor should also ascertain that a director of the Company is not a member of more than ten committees or is acting as chairman of more than five committees across all companies in which he is a director. A suitable declaration from the management and / or director should be obtained to this effect. This information should be verified from the mandatory annual requirement for every director to inform the company about the committee positions he occupies in other companies as well as from the changes notified by every director when they take place. The Explanation 1 to Clause 49 (1) (C) (ii) clarifies that the limit 22 SEBI Circular NO. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 23 Substituted in place of ‘three months’ by SEBI Circular dt. 13 th January, 2006 – See Appendix F. 24 ibid. 360 Certification of Corporate Governance of the committees on which a director can serve would comprise all public limited companies, whether listed or not and excluding private limited companies, foreign companies and companies which are granted license under section 25 of the Companies Act, 1956. Further Explanation 2 clarifies that only two committees namely Audit Committee and Shareholders’ Grievance Committee shall be considered for the purpose of limit. 8.16 For the purpose of reviewing compliance reports of all laws applicable to the company, the said reports prepared by the company as well as steps taken by the company to rectify instances of non-compliance, the auditor should take into consideration SA 250, dealing with consideration of Laws and Regulations in Audit of Financial Statements. It is the management’s responsibility to ensure that company operations are conducted in accordance with Laws and Regulations. The responsibility for the prevention and detection of non-compliance rests with the management. The auditor’s responsibility is limited to verifying that management has taken suitable steps and put in place policies and procedures to ensure compliance with laws and regulations and to detect deviation from such procedures. 8.17 I (D) Code of Conduct (i) The Board shall lay down a code of conduct for all Board members and senior management of the company. The code of conduct shall be posted on the website of the company. (ii) All Board members and senior management personnel shall affirm compliance with the code on an annual basis. The Annual Report of the company shall contain a declaration to this effect signed by the CEO. Explanation: For this purpose, the term “senior management” shall mean personnel of the company who are members of its core management team excluding Board of Directors. Normally, this would comprise all members of management one level below the executive directors, including all functional heads. [Clause 49 I (D)] 8.18 The auditor should ascertain whether the Board of Directors of the company has laid down a code of conduct for all its members and senior personnel of the company and obtain a copy of the same. He should also verify whether all members and senior management personnel have affirmed compliance with the code on an annual basis and whether the code has been posted on the company’s website. 361 Handbook of Auditing Pronouncements-II 9. Audit Committee 9.1 II (A) Qualified and Independent Audit Committee A qualified and independent audit committee shall be set up giving the terms of reference subject to the following: (i) The audit committee shall have minimum three directors as members. Two-thirds of the members of audit committee shall be independent directors. (ii) All members of audit committee shall be financially literate and at least one member shall have accounting or related financial management expertise. Explanation 1: The term "financially literate" means the ability to read and understand basic financial statements i.e. balance sheet, profit and loss account, and statement of cash flows. Explanation 2: A member will be considered to have accounting or related financial management expertise if he or she possesses experience in finance or accounting, or requisite professional certification in accounting, or any other comparable experience or background which results in the individual’s financial sophistication, including being or having been a chief executive officer, chief financial officer or other senior officer with financial oversight responsibilities. (iii) The Chairman of the Audit Committee shall be an independent director; (iv) The Chairman of the Audit Committee shall be present at Annual General Meeting to answer shareholder queries; (v) The audit committee may invite such of the executives, as it considers appropriate (and particularly the head of the finance function) to be present at the meetings of the committee, but on occasions it may also meet without the presence of any executives of the company. The finance director, head of internal audit and a representative of the statutory auditor may be present as invitees for the meetings of the audit committee; (vi) The Company Secretary shall act as the secretary to the committee. [Clause 49-II (A)] 9.2 II (B) Meeting of Audit Committee The audit committee should meet at least four times in a year and not more than four months shall elapse between two meetings. The quorum shall be either two 362 Certification of Corporate Governance members or one third of the members of the audit committee whichever is greater, but there should be a minimum of two independent members present. [Clause 49 II (B)] 9.3 Section 292A of the Companies Act, 1956 relating to Audit Committee is reproduced herein below: “Section 292A – Audit Committee (1) Every public company having paid-up capital of not less than five crores of rupees shall constitute a committee of the Board known as “Audit Committee” which shall consist of not less than three directors and such number of other directors as the Board may determine of which two-thirds of the total number of members shall be directors, other than managing or whole-time directors. (2) Every Audit Committee constituted under sub-section (1) shall act in accordance with terms of reference to be specified in writing by the Board. (3) The members of the Audit Committee shall elect a chairman from amongst themselves. (4) The annual report of the company shall disclose the composition of the Audit Committee. (5 The auditors, the internal auditor, if any, and the director- in-charge of finance shall attend and participate at meetings of the Audit Committee but shall not have the right to vote. (6) The Audit Committee should have discussions with the auditors periodically about internal control systems, the scope of audit including the observations of the auditors and review the half-yearly and annual financial statements before submission to the Board and also ensure compliance of internal control systems. (7) The Audit Committee shall have authority to investigate into any matter in relation to the items specified in this section or referred to it by the Board and for this purpose, shall have full access to information contained in the records of the company and external professional advice, if necessary. (8) The recommendations of the Audit Committee on any matter relating to financial management, including the audit report, shall be binding on the Board. (9) If the Board does not accept the recommendations of the Audit Committee, it shall record the reasons therefor and communicate such reasons to the shareholders. 363 Handbook of Auditing Pronouncements-II (10) The chairman of the Audit Committee shall attend the annual general meetings of the company to provide any clarification on matters relating to audit. (11) If a default is made in complying with the provisions of this section, the company, and every officer who is in default, shall be punishable with imprisonment for a term which may extend to one year, or with fine which may extend to fifty thousand rupees, or with both”. The comparative chart showing the requirements under Clause 49 and Section 292A relating to audit committee is tabulated herein below: Clause 49 of the Section 292A of the Listing Agreement Companies Act, 1956 a) All companies seeking listing for 1. Every public company having the first time, at the time of paid-up capital of not less than five seeking in principle approval for crores of rupees shall constitute such listing and an audit committee immediately on (b) All existing listed companies the enactment of Companies with a paid-up capital of Rs.3 (Amendment) Act, 2000, i.e. with effect from 13th December, 2000. Crores and above or net worth of Rs. 25 crores or more at any time in the history of the company are required to set up an audit committee. 2. The audit committee shall have 2. The audit committee shall have minimum three directors as minimum three directors of which members. Two-thirds of the two-third of the total number of members of audit committee shall such directors shall be directors be independent directors. other than managing or whole-time directors. 3. All members of audit committee 3. No such reference is contained in shall be financially literate and at the Companies Act, 1956. least one member shall have accounting or related financial management expertise. 4. The Chairman of the audit 4. The members of the audit committee shall be an committee shall elect a chairman “independent” director and shall be from amongst themselves. The present at Annual General Chairman of the Audit Committee 364 Certification of Corporate Governance Meeting to answer queries of the shall attend the annual general shareholders. meetings of the company to provide any clarification on matters relating to audit. 5. A representative of the external 5. The Auditors, the internal auditor, if auditor, when required shall be any, and the director-in-charge of present as an invitee for the finance shall attend and participate meetings of the audit committee. at meetings of the audit The audit committee may invite committee but shall not have the such of the executives to be right to vote. present at the meetings of the committee. The Finance Director, head of internal audit and a representative of the statutory auditor may be present as invitees for the meetings of the audit committee. 6. The Company Secretary shall act 6. No such reference is contained in as Secretary to the audit the Companies Act, 1956. committee. The following additional requirements are stipulated as per Clause 49 of the Listing Agreement on which Section 292A (relating to audit committee) is silent: (i) The audit committee may invite such of the executives, as it considers appropriate (and particularly head of the finance function) to be present at the meeting of the committee, but on occasions, it may also meet without the presence of any executives of the company. (ii) The company secretary shall act as secretary to the committee. (iii) The audit committee shall meet at least four times in a year. The gap between two meetings should not be more than four months. (iv) The quorum of the audit committee shall be two members or one-third of the members of the audit committee whichever is higher and minimum of two independent directors be present. (v) The powers and role of the audit committee are elaborately contained in Clause 49 II (C) & (D). (vi) All members of the audit committee shall be financially literate and at least one member shall have accounting or related financial management expertise. 365 Handbook of Auditing Pronouncements-II The following additional requirements are stipulated as per Section 292A the Companies Act, 1956 (relating to audit committee) on which Clause 49 of the Listing Agreement is silent: (i) The audit committee constituted shall act in accordance with terms of reference to be specified in writing by the Board. (ii) The recommendations of the audit committee on any matter relating to financial management, including the audit report, shall be binding on the Board. (iii) If the Board does not accept the recommendations of the audit committee, it shall record the reasons therefor and communicate such reasons to the shareholders. 9.4 The auditor should ascertain from the minutes book of the Board meetings whether a qualified and independent audit committee has been set up, which comprises a minimum of three members. The auditor should ascertain whether two-thirds of the members of the audit committee are independent directors and whether all members of audit committee are financially literate and at least one member has accounting or related financial management expertise. The term "financially literate"25 means the ability to read and understand basic financial statements i.e. balance sheet, profit and loss account, and statement of cash flows. 9.5 The auditor should ascertain from the minute book of the audit committee whether the audit committee has met at least four times in a year and not more than four months have elapsed between two meetings. 9.6 The auditor should ascertain from the minute book of the audit committee whether the quorum i.e. two members or one-third of the members of the audit committee, whichever is higher with a minimum of two independent directors were present in every meeting of the audit committee. 9.7 The auditor should ascertain whether the Chairman of the Audit Committee is an independent director. The expression “independent director” has been discussed in Clause 49 (I) (A) (iii) vide paragraph 8.2. 9.8 The auditor should ascertain from the annual general meeting (herein after referred to as AGM) attendance book and minutes book whether the chairman of the audit committee was present in the meeting to answer shareholders’ queries. In case the Chairman has not been present at the AGM, auditor should ensure that this be suitably disclosed. The AGM of the financial year 25 As given in Explanation 1 to Clause 49 II (A) dealing with Qualified and Independent Audit Committee. 366 Certification of Corporate Governance which is under audit would be held subsequent to the auditor submitting the certificate of compliance of conditions of corporate governance and hence, the requirement would be to verify this condition with reference to the last AGM held. 9.9 The auditor should ascertain if the practice of inviting the executives (particularly the head of the finance function) in the audit committee meetings is being followed; he should further ascertain from the minutes book of the audit committee whether the executives did attend the meetings. His presence at such audit committee meetings (pursuant to Section 292A of the Companies Act, 1956) is only by invitation, with due notice to attend. 9.10 The auditor should ascertain from the minutes book of the audit committee whether the finance director, the head of internal audit and representative of the statutory auditor were present as invitees in the meetings of the audit committee. 9.11 II(C) Powers of Audit Committee The audit committee shall have powers, which should include the following: (1) To investigate any activity within its terms of reference. (2) To seek information from any employee. (3) To obtain outside legal or other professional advice. (4) To secure attendance of outsiders with relevant expertise, if it considers necessary. [Clause 49 II (C)] 9.12 The auditor should check whether the terms of reference of the audit committee have been suitably framed mentioning the above powers. It is mandatory that the above-mentioned four powers to be vested in the Audit Committee. The Board may delegate / vest further powers to the committee. Further it may also be noted that the four powers as mentioned above are only illustrative and not exhaustive. 9.13II (D) Role of Audit Committee The role of the audit committee shall include the following: 1. Oversight of the company’s financial reporting process and the disclosure of its financial information to ensure that the financial statement is correct, sufficient and credible. 2. Recommending to the Board, the appointment, re- appointment and, if required, the replacement or removal of the statutory auditor and the fixation of audit fees. 367 Handbook of Auditing Pronouncements-II 3. Approval of payment to statutory auditors for any other services rendered by the statutory auditors. 4. Reviewing, with the management, the annual financial statements before submission to the board for approval, with particular reference to: (a) Matters required to be included in the Director’s Responsibility Statement to be included in the Board’s report in terms of clause 2AA of section 217 of the Companies Act, 1956 (b) Changes, if any, in accounting policies and practices and reasons for the same (c) Major accounting entries involving estimates based on the exercise of judgment by management (d) Significant adjustments made in the financial statements arising out of audit findings (e) Compliance with listing and other legal requirements relating to financial statements (f) Disclosure of any related party transactions (g) Qualifications in the draft audit report. 5. Reviewing, with the management, the quarterly financial statements before submission to the board for approval 5A26 Reviewing, with the management the statement of uses/application of funds raised through an issue (public issue, rights issue, preferential issue, etc), the statement of funds utilized for purposes other than those stated in the offer document/prospectus/notice and the report submitted by the monitoring agency monitoring the utilisation of proceeds of a public or rights issue, and making appropriate recommendations to the Board to take up steps in this matter. 6. Reviewing, with the management, performance of statutory and internal auditors, adequacy of the internal control systems. 7. Reviewing the adequacy of internal audit function, if any including the structure of the internal audit department, staffing and seniority of the official heading the department, reporting structure coverage and frequency of internal audit. 8. Discussion with internal auditors any significant findings and follow up there on. 26 Inserted by SEBI/CFD/DIL/LA/4/2007/7/12 dated 27-12-2007 368 Certification of Corporate Governance 9. Reviewing the findings of any internal investigations by the internal auditors into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the board. 10. Discussion with statutory auditors before the audit commences about nature and scope of audit as well as post-audit discussion to ascertain any area of concern. 11. To look into the reasons for substantial defaults in the payment to the depositors, debenture holders, shareholders (in case of non payment of declared dividends) and creditors. 12. To review the functioning of the Whistle Blower mechanism, in case the same is existing. 13. Carrying out any other function as is mentioned in the terms of reference of the Audit Committee. Explanation (i): The term "related party transactions" shall have the same meaning as contained in the Accounting Standard 18, Related Party Transactions, issued by the Institute of Chartered Accountants of India. Explanation (ii): If the company has set up an audit committee pursuant to provision of the Companies Act, the said audit committee shall have such additional functions / features as is contained in this clause. [Clause 49 II (D)] 9.14 The sub-sections 6 & 7 of Section 292A are reproduced below. These specify the functions of the Audit Committee: “S.292A – Audit Committee (6) The Audit Committee should have discussions with the auditors periodically about internal control systems, the scope of audit including the observations of the auditors and review the half-yearly and annual financial statements before submission to the Board and also ensure compliance of internal control systems. (7) The Audit Committee shall have authority to investigate into any matter in relation to the items specified in this section or referred to it by the Board and for this purpose, shall have full access to information contained in the records of the company and external professional advice, if necessary”. 9.15 The auditor should ascertain from the minutes of the Board meeting whether the terms of reference of the audit committee inter alia include the 369 Handbook of Auditing Pronouncements-II powers, that are mentioned in Clause 49 II (C) and also matters that are mentioned in Clause 49 II (D) in order to enable the audit committee to effectively carry out the role assigned to it. 9.16II (E) Review of information by Audit Committee The Audit Committee shall mandatorily review the following information: 1. Management discussion and analysis of financial condition and results of operations; 2. Statement of significant related party transactions (as defined by the audit committee), submitted by management; 3. Management letters / letters of internal control weaknesses issued by the statutory auditors; 4. Internal audit reports relating to internal control weaknesses; and 5. The appointment, removal and terms of remuneration of the Chief internal auditor shall be subject to review by the Audit Committee. [Clause 49 II (E)] 9.17 The auditor should ascertain from the minutes book of the audit committee and other sources like agenda papers, etc. whether the audit Committee has reviewed the above-mentioned information. The auditor should ascertain whether as a part of directors’ report or as an addition thereto, management discussion and analysis report form part of the annual report to the shareholders. Under the old Clause 49, this was specifically mandated, but not spelt out clearly now. The auditor should further ascertain whether the management discussion and analysis includes discussion on the matters stipulated in this sub-clause. 9.18 Where certain deficiencies or adverse findings are noted by the audit committee, the auditor will see that these have been suitably dealt with by the management in the Report on Corporate Governance. 9.19 The auditor should ascertain that the information reviewed by the Audit Committee is consistent with reporting in the financial statements, including those drawn up giving segment wise break- up for compliance of AS 17 (Segment Reporting) 9.20III. Subsidiary Companies (i) At least one independent director on the Board of Directors of the holding company shall be a director on the Board of Directors of a material non listed Indian subsidiary company. (ii) The Audit Committee of the listed holding company shall also review the 370 Certification of Corporate Governance financial statements, in particular, the investments made by the unlisted subsidiary company. (iii) The minutes of the Board meetings of the unlisted subsidiary company shall be placed at the Board meeting of the listed holding company. The management should periodically bring to the attention of the Board of Directors of the listed holding company, a statement of all significant transactions and arrangements entered into by the unlisted subsidiary company. Explanation 1: The term “material non-listed Indian subsidiary” shall mean an unlisted subsidiary, incorporated in India, whose turnover or net worth (i.e. paid up capital and free reserves) exceeds 20% of the consolidated turnover or net worth respectively, of the listed holding company and its subsidiaries in the immediately preceding accounting year. Explanation 2: The term “significant transaction or arrangement” shall mean any individual transaction or arrangement that exceeds or is likely to exceed 10% of the total revenues or total expenses or total assets or total liabilities, as the case may be, of the material unlisted subsidiary for the immediately preceding accounting year. Explanation 3: Where a listed holding company has a listed subsidiary which is itself a holding company, the above provisions shall apply to the listed subsidiary insofar as its subsidiaries are concerned. [Clause 49 (III)] 9.21 Clause 49 III (i) requires the appointment of at least one independent director of a holding company to be appointed as a director of a material non- listed Indian subsidiary company. The concept of “material” non-listed subsidiary is explained in Explanation 1, under the clause. 9.22 In regard to taking note of the proceedings of the Board of the unlisted company, Clause 49 III (iii) requires the minutes of the Board of every unlisted subsidiary to be placed before the Board of the holding company. The management of the holding company has also to periodically bring to the attention of the Board of Directors of the listed holding company, a statement of all the significant transactions and arrangements entered into by the unlisted subsidiary company. This applies only in regard to “significant transaction or arrangement” the meaning of which is given in Explanation 2 under the clause. 9.23 Reading the Explanation 2 in totality, it would seem that the disclosure to the Board of the holding company would apply only where such significant transaction or arrangement are entered into by a company which is a material unlisted subsidiary as mentioned above. 371 Handbook of Auditing Pronouncements-II 9.24 It may further be noted that the plain reading of Explanation 2 would indicate that the least of total revenues, total expenses, total assets or total liabilities of the immediately preceding accounting year are to be considered as the basis for computing benchmark of 10% thereof. However, the use of the words ‘or’ coupled with ‘as the case may be’ would support the more logical view that one has to apply the test by comparing like items. For example, a capital expenditure has to be compared with aggregate capital expenditure for the year. When comparing any transaction with ‘total revenues”, “total expenses”, etc., one may take into consideration the total revenue or expenditure ‘likely to’ arise for the entire preceding financial year and not necessarily the aggregate expenditure incurred. 9.25 Clause 49 III (ii) requires the audit committee of the listed holding company to review the financial statements and in particular, the investments made by the unlisted subsidiary company would apply to all the unlisted subsidiary companies. This is required in regard to all unlisted subsidiaries, without reference to materiality or place of incorporation etc. Where however the subsidiary of a listed company is itself a listed company, the Explanation 3 would apply. 9.26IV. Disclosures IV (A) Basis of related party transactions (i) A statement in summary form of transactions with related parties in the ordinary course of business shall be placed periodically before the audit committee. (ii) Details of material individual transactions with related parties which are not in the normal course of business shall be placed before the audit committee. (iii) Details of material individual transactions with related parties or others, which are not on an arm’s length basis should be placed before the audit committee, together with Management’s justification for the same. [Clause 49 IV (A)] 9.27. The Report on Corporate Governance requires disclosure of certain transactions with related parties or transactions, which may not be ‘arms length’ transactions. The auditor is required to verify whether the management has placed the information before the Audit Committee periodically. 9.28 The transactions to be disclosed by the management are: (a) Transactions with related parties; entered into in the ordinary course of business are to be disclosed in summary form (Grouping them into 372 Certification of Corporate Governance broad categories of the transactions). (b) Transactions with related parties which do not fall within the normal business transactions (and are therefore not covered in (a) above) are to be disclosed individually if such transactions are material transactions. (c) Transactions with any party (related or otherwise) which are not considered as arm’s length transactions are to be disclosed individually, if such transactions are material transactions. 9.29 The auditor has to verify whether a transaction is a related party transaction as per AS 18 (Related Party Disclosures). As per AS 18, parties are considered to be related if at any time during the reporting period one party has the ability to control the other party or exercise significant influence over the other party in making financial and / or operating decisions. For the purpose of verification, reference may be made to SA 550 (Related Parties). 9.30 Materiality depends on the size and nature of the item judged in the particular circumstances. 9.31IV (B) Disclosure of Accounting Treatment Where in the preparation of financial statements, a treatment different from that prescribed in an Accounting Standard has been followed, the fact shall be disclosed in the financial statements, together with the management’s explanation as to why it believes such alternative treatment is more representative of the true and fair view of the underlying business transaction in the Corporate Governance Report. [Clause 49 IV (B)] 9.32 In this regard the auditor has to refer to Sections 211(3B), 217(2AA) and 227 of the Companies Act, 1956. The auditor has also to refer to the CEO / CFO certification given under Clause 49 V. 9.33IV (C) Board Disclosures – Risk management The company shall lay down procedures to inform Board members about the risk assessment and minimization procedures. These procedures shall be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework. [Clause 49 IV (C)] 9.34 The auditor should ascertain whether the executive management has a properly defined framework for risk management and its control. This would involve defining such framework on the lines illustrated in Appendix – B27.. For a 27 See Appendix B. 373 Handbook of Auditing Pronouncements-II broad reference for assessment of risk etc., and techniques of assessment, he has to further ascertain that such framework in terms of procedure has been informed to the Board members. The evaluation of internal control and risk management is a part of the audit process mentioned in the auditing standards. 9.35 The risk management framework provides an integrated approach for identifying, assessing, prioritizing, mitigating, monitoring and reporting business risks across the organization. The company is required to develop a framework on the basis of which executive management is required to assess risks and minimize the impact of risk. Further, these risk management procedures are required to be reviewed periodically by the management. 9.36 The existence of a risk management framework may be evidenced by the parameters given in Appendix B28. Some of these are tangible and can be evidenced by appropriate documentation. Whereas intangibles are concerned, the existence of it needs to be ascertained through enquiries and interviews. Further the auditor should also ensure that the management has effectively implemented the risk management framework and that it is applied to activities and processes of the business and communicated throughout the organization. 9.37IV (D) Proceeds from Public Issues, Rights Issues, Preferential Issues etc. When money is raised through an issue (public issues, rights issues, preferential issues etc.), it shall disclose to the Audit Committee, the use / applications of funds by major category (capital expenditure, sales and marketing, working capital, etc), on a quarterly basis as a part of their quarterly declaration of financial results. Further, on an annual basis, the company shall prepare a statement of funds utilized for purposes other than those stated in the offer document / prospectus / notice and place it before the audit committee. Such disclosure shall be made only till such time that the full money raised through the issue has been fully spent. This statement shall be certified by the statutory auditors of the company. Furthermore, where the company has appointed a monitoring agency to monitor the utilization of proceeds of a public or rights issue, it shall place before the Audit Committee the monitoring report of such agency, upon receipt, without any delay.29 The audit committee shall make appropriate recommendations to the Board to take up steps in this matter. [Clause 49 IV (D)] 28 See Appendix-B. 29 SEBI/CFD/DIL/LA/4/2007/27/12, Circular dt 27th December, 2007. 374 Certification of Corporate Governance 9.38 The object of this sub-clause is to ensure that all cases of diversion of funds from the proceeds of issues30, should be appropriately brought to the notice of the audit committee for taking suitable action. Also, it is desirable that quarterly and yearly report on this is placed before the audit committee for its review and action if any. It is to be noted that the disclosure under the sub-clause should continue to be made till the time the issue money is utilized in full and the statutory auditors gave a certificate to this effect. Further it may be noted that statement shall pertain only to the year in which the money has been raised or till such time the money is fully spent whichever is later. 9.39 The following procedure may be noted for carrying out the aforesaid action on the uses and applications of the funds from proceeds from public issues etc: • The quarterly report on the uses / application of funds shall be placed before the Audit Committee by the management. • In case the company has appointed a monitoring agency for monitoring the proceeds of public or rights issue, to make sure that the report of such monitoring agency was placed before the Audit Committee31. • Diversion of funds, if any, shall be brought to the attention of the Audit Committee by the management • The management would then obtain a duly certified statement from the statutory auditors of the company and places it before the Audit Committee to enable the discontinuance of reporting thereafter. 9.40IV (E) Remuneration of Directors (i) All pecuniary relationship or transactions of the non- executive directors vis-à-vis the company shall be disclosed in the Annual Report. (ii) Further the following disclosures on the remuneration of directors shall be made in the section on the corporate governance of the Annual Report: (a) All elements of remuneration package of individual directors summarized under major groups, such as salary, benefits, bonuses, stock options, pension etc. (b) Details of fixed component and performance linked incentives, along with the performance criteria. (c) Service contracts, notice period, severance fees. 30 Issues would include public issues of depository receipts, Foreign Currency Convertible Bonds (FCCB) referred to by various SEBI Regulations. 31 SEBI/CFD/DIL/LA/4/2007/27/12 December 27, 2007. 375 Handbook of Auditing Pronouncements-II (d) Stock option details, if any – and whether issued at a discount as well as the period over which accrued and over which exercisable. (iii) The company shall publish its criteria of making payments to non-executive directors in its annual report. Alternatively, this may be put up on the company’s website and reference drawn thereto in the annual report. (iv) The company shall disclose the number of shares and convertible instruments held by non-executive directors in the annual report. (v) Non-executive directors shall be required to disclose their shareholding (both own or held by / for other persons on a beneficial basis) in the listed company in which they are proposed to be appointed as directors, prior to their appointment. These details should be disclosed in the notice to the general meeting called for appointment of such director. [Clause 49 IV (E)] 9.41 All pecuniary relationship or transactions of the non-executive director vis- à-vis the company is required to be disclosed in the annual report. The auditor should check whether the particulars regarding remuneration package of individual directors summarized under major groups have been disclosed in the section in the Corporate Governance of the annual report. 9.42 Sub-Clause (iii) requires the publication of the criteria of making payments to the non-executive directors. This implies that the Board or the Remuneration Committee will have to frame a specific policy for such remuneration. Such policy or criteria will have to be published in its annual report. Alternatively, if the same is put up on the company’s website, a reference to this disclosure will have to be made in the annual report. 9.43 Companies are required to disclose annually the details relating to shareholding by the non-executive directors. However, non-executive directors shall be required to make such disclosure on one time basis prior to his joining the Board. Further, the notice of general meeting proposing to appoint such a Director is required to disclose details of shareholding of the directors in the company. For this purpose, the Director shall make suitable disclosures to the company prior to his appointment and annually. 9.44IV (F) Management (i) As part of the directors’ report or as an addition thereto, a Management Discussion and Analysis report should form part of the Annual Report to the shareholders. This Management Discussion & Analysis should include discussion on the following matters within the limits set by the company’s competitive position: 376 Certification of Corporate Governance (i) Industry structure and developments (ii) Opportunities and Threats (iii) Segment–wise or product-wise performance (iv) Outlook (v) Risks and concerns (vi) Internal control systems and their adequacy (vii) Discussion on financial performance with respect to operational performance (viii) Material developments in Human Resources / Industrial Relations front, including number of people employed. (ii) Senior management shall make disclosures to the board relating to all material financial and commercial transactions, where they have personal interest, that may have a potential conflict with the interest of the company at large (for e.g. dealing in company shares, commercial dealings with bodies, which have shareholding of management and their relatives etc.) Explanation: For this purpose, the term "senior management" shall mean personnel of the company who are members of its core management team excluding the Board of Directors). This would also include all members of management one level below the executive directors including all functional heads. [Clause 49 IV (F)] 9.45 The above information presented by the Management is likely to include non-financial information, which may be outside the area of auditors’ expertise. In such a situation, the auditor may keep in mind SA 315 relating to Knowledge of the Entity and the fact that he is only required to review the compliance with disclosure requirements and not verify the particular facts as disclosed by the management. 9.46 The auditor should ascertain that this information [i.e. segment-wise or product-wise performance (sub-clause (iii) as stated above) and considered as a part of Management Discussion and Analysis Report ] is consistent with what is reported in financial statements complying with AS 17 (Segment Reporting) and also as per the provisions of Sections 211, 217(2AA) and 227 of the Companies Act, 1956. 9.47IV (G) Shareholders (i) In case of the appointment of a new director or re- appointment of a 377 Handbook of Auditing Pronouncements-II director the shareholders must be provided with the following information: (a) A brief resume of the director; (b) Nature of his expertise in specific functional areas; (c) Names of companies in which the person also holds the directorship and the membership of Committees of the Board; and (d) Shareholding of non-executive directors as stated in Clause 49 (IV) (E) (v) above (i) Disclosure of relationships between directors inter-se shall be made in the Annual Report, notice of appointment of a director, prospectus and letter of offer for issuances and any related filings made to the stock exchanges where the company is listed.32 (ii) Quarterly results and presentations made by the company to analysts shall be put on company’s web-site, or shall be sent in such a form so as to enable the stock exchange on which the company is listed to put it on its own web-site. (iii) A board committee under the chairmanship of a non- executive director shall be formed to specifically look into the redressal of shareholder and investors complaints like transfer of shares, non-receipt of balance sheet, non- receipt of declared dividends etc. This Committee shall be designated as ‘Shareholders / Investors Grievance Committee’. (iv) To expedite the process of share transfers, the Board of the company shall delegate the power of share transfer to an officer or a committee or to the registrar and share transfer agents. The delegated authority shall attend to share transfer formalities at least once in a fortnight. [Clause 49 IV (G)] 9.48 The auditor shall ascertain from the communications sent, whether in the case of appointment of a new director or re- appointment of a director the shareholders were provided with the information stipulated in sub-clause (i) and (ia)33 as mentioned above. 9.49 The auditor should see that the references contained in the above paragraph have been complied therewith. 9.50 The Auditor should ascertain from the company’s website whether information like quarterly results and presentation made by the entity to analyst 32 SEBI Circular NO. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 33 SEBI Circular NO. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 378 Certification of Corporate Governance which have been put on company’s website or whether such information has been sent in a form to the Stock Exchange in which the company’s securities are listed to enable it to put it on its own website. The auditor should also ascertain whether the other information which are mandatorily required to be disclosed to the shareholders as per the Listing Agreement or as per the Companies Act, 1956 are put on company’s website or alternatively sent to the stock exchange on which the company’s securities are listed to enable it to put it on its own website. 9.51 The auditor should ascertain from the minute book of the Board meeting whether a Board committee, Shareholders/Investors Grievance Committee has been set up under the chairmanship of a non-executive director to specifically look into redressing of shareholder and investors complaints such as transfer of shares, non receipt of balance sheet, non receipt of declared dividends, etc. Further the auditor should also ascertain from the minute book of the Shareholders/Investors Grievance Committee whether such committee is prima- facie functioning. 9.52 The auditor should also verify from the records of the Shareholders / Investors Grievance Committee as well as from the certificate obtained by the company from SEBI and Stock Exchange(s), if any, about the investors grievances pending upto the date of certificate of compliance of conditions of corporate governance. 9.53 The auditor should ascertain from the minute book of the Board meeting whether the company has delegated the power of share transfer to an officer or a committee or to the registrar and share transfer agents. The auditor should also verify from the records maintained to ascertain whether the delegated authority has attended to share transfer formalities at least once in a fortnight. The auditor may verify whether any transfer requests have remained pending for more than a fortnight and not attended to. 9.54V. CEO / CFO Certification The CEO, i.e. the Managing Director or Manager appointed in terms of the Companies Act, 1956 and the CFO i.e. the whole- time Finance Director or any other person heading the finance function discharging that function shall certify to the Board that: (a) They have reviewed financial statements and the cash flow statement for the year and that to the best of their knowledge and belief : (i) these statements do not contain any materially untrue statement or omit any material fact or contain statements that might be misleading; 379 Handbook of Auditing Pronouncements-II (ii) these statements together present a true and fair view of the company’s affairs and are in compliance with existing accounting standards, applicable laws and regulations. (b) There are, to the best of their knowledge and belief, no transactions entered into by the company during the year which are fraudulent, illegal or violative of the company’s code of conduct. (c) They accept responsibility for establishing and maintaining internal controls for financial reporting34 and that they have evaluated the effectiveness of the internal control systems of the company pertaining to financial reporting and they have disclosed to the auditors and the Audit Committee, deficiencies in the design or operation of internal controls, if any, of which they are aware and the steps they have taken or propose to take to rectify these deficiencies. (d) They have indicated to the auditors and the Audit committee: (i) significant changes in internal control over financial reporting35 during the year; (ii) significant changes in accounting policies during the year and that the same have been disclosed in the notes to the financial statements; and (iii) instances of significant fraud of which they have become aware and the involvement therein, if any, of the management or an employee having a significant role in the company’s internal control system over financial reporting36”. [Clause 49 V] 9.55 The amendments effected in Clause 49V(c) & (d) clearly bring out that (a) the responsibility entrusted to the CEO / CFO is for establishing and maintaining internal controls for financial reporting. (b) The CEO / CFO certificate has to state that they have evaluated the effectiveness of internal control systems of the company pertaining to financial reporting. (c) The CEO / CFO certificate will further state the manner in which deficiencies (if any) in the design or operation of such internal controls have been disclosed to the auditors and the audit committee. 34 Inserted by SEBI Circular dt 13th January, 2006 – See Appendix F. 35 Inserted by SEBI Circular dt 13th January, 2006 – See Appendix F. 36 Inserted by SEBI Circular dt 13 th January, 2006 – See Appendix F. 380 Certification of Corporate Governance (d) The CEO / CFO certification will also state the steps they have taken or propose to take to rectify these deficiencies in the design or operation of such internal controls pertaining to financial reporting. 9.56 In the context of internal controls, the auditor should ensure that (a) the management has institutionalized an internal control framework with respect to financial reporting controls. The framework should be examined in the context of the documentation created for each significant process in terms of the related risk and mitigating control; (b) he has further examined whether the assessment process followed for evaluation of controls is reasonable and that there is a process by which significant deficiencies as well as steps taken to correct them are communicated to the audit committee and to the auditors; and (c) he should also examine whether there is a process in the company whereby all significant changes in the accounting policies and the system of internal controls are communicated to the audit committee and the auditors. 9.57 The auditor should examine the adequacy of the process followed for issuing the CEO / CFO certificate and should review the same in regard to matters stated in Para 9.52 above and the consideration of the same by the audit committee. For this purpose he should refer to the minutes of the audit committee. 9.58 In situations where negative or adverse comment or exclusions / disclaimer are contained in the CEO / CFO certificate, the auditor should take cognizance of the same as the circumstances require in the audit report and or the Certificate of Compliance of conditions of Corporate Governance. 9.59 VI. Report on Corporate Governance (i) There shall be a separate section on Corporate Governance in the Annual Reports of company, with a detailed compliance report on Corporate Governance. Non-compliance of any mandatory requirement of this clause with reasons thereof and the extent to which the non-mandatory requirements have been adopted should be specifically highlighted. The suggested list of items to be included in this report is given in Annexure – I C and list of non-mandatory requirements is given in Annexure – I D. (ii) The companies shall submit a quarterly compliance report to the stock exchanges within 15 days from the close of quarter as per the format given in Annexure - I B. The report shall be signed either by the Compliance Officer or the Chief Executive Officer of the company. [Clause 49(VI)] 381 Handbook of Auditing Pronouncements-II 9.60 The auditor should ascertain whether the Board of directors have included in the annual report of the company a separate section on corporate governance, with a detailed compliance report on corporate governance. This would specifically highlight non-compliance of any mandatory requirement. (i.e., which is part of the Listing Agreement) with reasons thereof and also the extent to which the non-mandatory requirements have been adopted. The auditor should also verify whether the suggested list of items to be included in this report as per Annexure - I C of Clause 49 and list of non-mandatory requirements as per Annexure - I D of Clause 49 have been incorporated in such report. (Latest Circulars on Revised Clause 49 along with its Annexures are reproduced at the end of this guidance note.) 9.61 Any data in the report on corporate governance should not be inconsistent with what is contained in the financial statements. 10. Management Representations The auditor should consider obtaining management representations on conditions of Corporate Governance in accordance with SA 580, “Written Representations”. 11. Auditors’ Certificate 11.1VII. Compliance (1) The company shall obtain a certificate from either the auditors or practicing company secretaries regarding compliance of conditions of corporate governance as stipulated in this clause and annex the certificate with the directors’ report, which is sent annually to all the shareholders of the company. The same certificate shall also be sent to the Stock Exchanges along with the annual report filed by the company. (2) The non-mandatory requirements given in Annexure – I D may be implemented as per the discretion of the company. However, the disclosures of the compliance with mandatory requirements and adoption (and compliance) / non-adoption of the non-mandatory requirements shall be made in the section on corporate governance of the Annual Report. [Clause 49(VII)] 11.2 A draft of the Auditors’ Certificate on compliance of conditions of Corporate Governance is given in Appendix – C. Depending upon the facts and circumstances, some situations may require an adverse or qualified statement or a disclosure without necessarily making it a subject matter of qualification in 382 Certification of Corporate Governance the Auditors’ Certificate, in respect of compliance of requirements of Corporate Governance e.g., (a) The number of non-executive directors is less than 50% of the strength of Board of directors. (b) A qualified and independent audit committee is not set up. (c) The chairman of the audit committee is not an independent director. (d) The audit committee has not meet four times a year. (e) The necessary powers in terms of Clause 49 II (D) of the Listing Agreement have not been vested by the Board in the audit committee. (f) The time gap between two Board meetings is more than four months. (g) A director is a member of more than ten committees across all companies in which he is a director. (h) The information of quarterly results is neither put on the company’s website nor sent in a form so as to enable the Stock Exchange on which the entity’s securities are listed to enable such Stock Exchange to put it on its own website. (i) The power of share transfer is not delegated to an officer or a committee or to the registrar and share transfer agents. 12. Role of the Auditor in Audit Committee & Certification of Compliance of Conditions of Corporate Governance 12.1 The amendment to Listing Agreement and the Companies Act, 1956 in respect of the constitution of audit committee underline the importance of the audit process and its contribution to the corporate governance process. Clause 49 stipulates that a representative of the statutory auditor, when required, shall be present as an invitee for the meetings of the audit committee. Section 292A of the Companies Act, 1956 stipulates that the auditors, the internal auditor, if any, and the director-in-charge of finance shall attend and participate in meetings of the audit committee but shall have no right to vote. 12.2 The auditor would be informing the audit committee on various matters connected with the audit from time to time. He can contribute significantly in assisting and advising the audit committee as per the request of the audit committee, particularly in improving corporate governance, oversight of financial reporting process, implementation of accounting policies and practices, compliance with accounting standards and strengthening of the internal control systems in regard to financial reporting and reporting processes. 383 Handbook of Auditing Pronouncements-II 12.3 The auditor would devote substantial part of his professional time to assist the management and the audit committee to enable it to discharge its functions effectively and in certification of requirements of corporate governance. 12.4 The auditor has to bear in mind that his role is not to drive corporate governance directly, by ensuring compliance of the requirements of corporate governance. It is the responsibility of the management to ensure the same and in the process he would play a significant role in assisting the management for ensuring better standards of corporate governance. 384 Certification of Corporate Governance APPENDIX – A Sr. No. Reference No. Date 1. SMDRP/POLICY/CIR-10/2000 February 21, 2000 2. SMDRP/POLICY/CIR-13/2000 March 09, 2000 3. SMDRP/POLICY/CIR-42/2000 September12, 2000 4. SMDRP/POLICY/ CIR- 03/01 January 22, 2001 5. SMDRP/POLICY/ CIR- 19/01 March 16, 2001 6. SMDRP/POLICY/ CIR- 53/01 December 31, 2001 7. SEBI/MRD/SE/31/2003/26/08 August 26, 2003 8. SEBI/CFD/DIL/CG/1/2004/12/10 October, 29, 2004 9. SEBI/CFD/DIL/CG/1/2005/29/3 March 29, 2005 10. SEBI/CFD/DIL/CG/1/2006/13/1 January 13, 2006 11. SEBI/CFD/DIL/LA/4/2007/27/12 December, 27, 2007 12. SEBI/CFD/DIL/CG/1/2008/08/04 April, 08, 2008 13. SEBI/CFD/DIL/CG/2/2008/23/10 October 23, 2008 385 Handbook of Auditing Pronouncements-II APPENDIX - B DISCLOSURE ABOUT RISK MANAGEMENT Sources of Risk Components of Risk 1. Business Risk 1. Diversiable Risk (Unsystematic Risk) 2. Financial Risk 2. Non-diversiable Risk (Systematic Risk) 3. Interest Rate Risk 4. Liquidity Risk 5. Market Risk 6. Event Risk RISK MANAGEMENT FRAMEWORK Structure Infrastructure Processes Awareness 1. Reporting 1. Methodologies 1.Risk 1. Risk Policies Lines Identification 2. Systems 2. Risk Strategy 2. Role and 2.Risk 3. Tools 3. Risk Appetite Responsibilities Measurement of the 3.Risk Organization Prioritization 4.Risk Monitoring 5.Risk Escalation 386 Certification of Corporate Governance APPENDIX - C CERTIFICATE To the Members of (Name of the Company) We have examined the compliance of conditions of corporate governance by (name of the company), for the year ended on __________, as stipulated in Clause 49 of the Listing Agreement of the said company* with stock exchange(s). The compliance of conditions of corporate governance is the responsibility of the management. Our examination was limited to procedures and implementation thereof, adopted by the company* for ensuring the compliance of the conditions of the Corporate Governance. It is neither an audit nor an expression of opinion on the financial statements of the company*. In our opinion and to the best of our information and according to the explanations given to us, [subject to the following: 1. 2. ** We certify that the company* has complied with the conditions of Corporate Governance as stipulated in the abovementioned Listing Agreement. We state that such compliance is neither an assurance as to the future viability of the company* nor the efficiency or effectiveness with which the management has conducted the affairs of the company*. * In the event the entity is not a “company” under the Companies Act, 1956 appropriate reference may be made in place of the word “company ** Delete, if not applicable 387 Handbook of Auditing Pronouncements-II For and on behalf of ABC & Co. Chartered Accountants ( ) Partner / Proprietor Membership No. Place: Date: 388 Certification of Corporate Governance APPENDIX - D SEBI/CFD/DIL/CG/1/2004/12/10 October 29, 2004 The Managing Director / Executive Director / Administrator of all the Stock Exchanges Dear Sir / Madam, Sub: Corporate Governance in listed Companies – Clause 49 of the Listing Agreement 1. All Stock Exchanges are hereby directed to amend the Listing Agreement by replacing the existing Clause 49 of the listing agreement (issued vide circulars dated 21st February, 2000, 9th March 2000, 12th September 2000, 22nd January, 2001, 16th March 2001 and 31st December 2001) with the revised Clause 49 given in Annexure I through I D to this circular. SEBI Circular no. SEBI/MRD/SE/31/2003/26/08 dated August 26, 2003 (which has been since deferred) is hereby withdrawn. The revised Clause 49 also specifies the reporting requirements for a company. 2. Please note that this is a master circular which supersedes all other earlier circulars issued by SEBI on Clause 49 of the Listing Agreement. 3. The provisions of the revised Clause 49 shall be implemented as per the schedule of implementation given below: (a) For entities seeking listing for the first time, at the time of seeking in- principle approval for such listing. (b) For existing listed entities which were required to comply with Clause 49 which is being revised i.e. those having a paid up share capital of Rs. 3 crores and above or net worth of Rs. 25 crores or more at any time in the history of the company, by April 1, 2005. Companies complying with the provisions of the existing Clause 49 at present (issued vide circulars dated 21st February 2000, 9th March 2000, 12th September 2000, 22nd January 2001 16th March 2001 and 31st December 2001) shall continue to do so till the revised Clause 49 of the Listing Agreement is complied with or till March 31, 2005, whichever is earlier. 4. The companies which are required to comply with the requirements of the revised Clause 49 shall submit a quarterly compliance report to the 389 Handbook of Auditing Pronouncements-II stock exchanges as per sub Clause VI (ii), of the revised Clause 49, within 15 days from the end of every quarter. The first such report would be submitted for the quarter ending June 30, 2005. The report shall be signed either by the Compliance Officer or the Chief Executive Officer of the company. 5. The revised Clause 49 shall apply to all the listed companies, in accordance with the schedule of implementation given above. However, for other listed entities which are not companies, but body corporate (e.g. private and public sector banks, financial institutions, insurance companies etc.) incorporated under other statutes, the revised Clause 49 will apply to the extent that it does not violate their respective statutes and guidelines or directives issued by the relevant regulatory authorities. The revised Clause 49 is not applicable to Mutual Funds. 6. The Stock Exchanges shall ensure that all provisions of the revised Clause 49 have been complied with by a company seeking listing for the first time, before granting the in-principle approval for such listing. For this purpose, it will be considered satisfactory compliance if such a company has set up its Board and constituted committees such as Audit Committee, Shareholders / Investors Grievances Committee etc. in accordance with the revised clause before seeking in- principle approval for listing. 7. The Stock Exchanges shall set up a separate monitoring cell with identified personnel to monitor the compliance with the provisions of the revised Clause 49 on corporate governance. The cell, after receiving the quarterly compliance reports from the companies which are required to comply with the requirements of the revised Clause 49, shall submit a consolidated compliance report to SEBI within 60 days from the end of each quarter. Encl: Annexure I, I A, I B, I C & I D 390 Certification of Corporate Governance APPENDIX - E SEBI/CFD/DIL/CG/1/2005/29/3 March 29, 2005 The Managing Director / Executive Director / Administrator of all the Stock Exchanges Dear Sir / Madam, Sub: Corporate Governance – Clause 49 of the Listing Agreement Please refer to SEBI circular no. SEBI/CFD/DIL/CG/1/2004/12/10 dated October 29, 2004 containing the revised provisions of Clause 49 of the listing agreement. It has been brought to our notice that a large number of companies are still not in a state of preparedness to be fully compliant with the requirements as contained in the aforesaid circular. As it is our wont that all listed companies and companies desirous of getting listed should achieve best corporate governance status, it was felt that more time should be allowed to them to conform to Clause 49 of the listing agreement as revised in terms of the aforesaid circular. Accordingly, the date for ensuring compliance with the revised Clause 49 of the listing agreement has been now extended upto December 31, 2005. Yours faithfully, 391 Handbook of Auditing Pronouncements-II APPENDIX - F SEBI/CFD/DIL/CG/1/2006/13/1 January 13, 2006 The Managing Director / Executive Director / Administrator of all the Stock Exchanges Dear Sir / Madam, Sub: Corporate Governance in listed Companies – Clause 49 of the Listing Agreement SEBI, vide circular SEBI/CFD/DIL/CG/1/2004/12/10 dated October 29, 2004, issued the revised clause 49 of the listing agreement, which was to come into effect by April 1, 2005. Since it was brought to SEBI’s notice that a large number of companies were still not in a state of preparedness to be fully compliant with the requirements as contained in the revised clause 49, SEBI extended the date for ensuring compliance with the revised Clause 49 of the listing agreement upto December 31, 2005 vide circular no. SEBI/CFD/DIL/CG/1/2005/29/3 dated March 29, 2005. The revised clause 49 thus has come into effect from January 1, 2006. SEBI has been in receipt of a number of requests / suggestions to bring about clarifications on certain provisions of the revised Clause 49. After examining the same, it has been decided to make the following changes to certain provisions of the revised clause 49: • The maximum time gap between two Board meetings has been increased from three months to four months. • Sitting fees paid to non-executive directors as authorized by the Companies Act, 1956 would not require the previous approval of shareholders. • Certification of internal controls and internal control systems by CEO / CFO would be for the purpose for financial reporting. • In view of the above, certain changes have to be incorporated in the revised Clause 49, details of which are placed in Annexure I The Stock Exchanges are advised to accordingly amend the listing agreement with immediate effect. Yours faithfully, 392 Certification of Corporate Governance ANNEXURE I (to Circular dt 13th January 2006) Clause 49 of the Listing Agreement shall be amended as follows: 1. After sub-clause (I)(B), the following proviso shall be inserted, namely: “Provided that the requirement of obtaining prior approval of shareholders in general meeting shall not apply to payment of sitting fees to non- executive directors, if made within the limits prescribed under the Companies Act, 1956 for payment of sitting fees without approval of the Central Government.” 2. In sub-clause (I)(C), for the words “three months” occurring in the first sentence, the words “four months” shall be substituted; 3. Sub-clause (V)(c) shall be substituted with the following, namely: “(c) They accept responsibility for establishing and maintaining internal controls for financial reporting and that they have evaluated the effectiveness of internal control systems of the company pertaining to financial reporting and they have disclosed to the auditors and the Audit Committee, deficiencies in the design or operation of such internal controls, if any, of which they are aware and the steps they have taken or propose to take to rectify these deficiencies.” 4. Sub-clause (V)(d) shall be substituted with the following, namely: “(d) They have indicated to the auditors and the Audit committee (i) significant changes in internal control over financial reporting during the year; (ii) significant changes in accounting policies during the year and that the same have been disclosed in the notes to the financial statements; and (iii) instances of significant fraud of which they have become aware and the involvement therein, if any, of the management or an employee having a significant role in the company’s internal control system over financial reporting”. 393 Handbook of Auditing Pronouncements-II APPENDIX - G SEBI (Disclosure and Investor Protection) Guidelines, 2000 According to the Explanation I in paragraph 6.8.3.2, for the purpose of sub- clause (k) and (l) (of Clause 6.8.3.2) the term “promoter” shall include: (a) The person or persons who are in overall control of the company; (b) The person or persons who are instrumental in the formulation of a plan or programme pursuant to which the securities are offered to the public; (c) The person or persons named in the prospectus as promoter(s); Provided that a director / officer of the issuer company or person, if they are acting as such merely in the professional capacity shall not be included in the Explanation. Regulation 2(1)(h) of the SEBI (Substantial Acquisition of Shares and Takeovers) Regulation, 1997 'promoter' means (a) any person who is in control of the target company; (b) any person named as promoter in any offer document of the target company or any shareholding pattern filed by the target company with the stock exchanges pursuant to the Listing Agreement, whichever is later; and includes any person belonging to the promoter group as mentioned in Explanation I: Provided that a director or officer of the target company or any other person shall not be a promoter, if he is acting as such merely in his professional capacity. Explanation I: For the purpose of this clause, promoter group shall include: (a) in case promoter is a body corporate (i) a subsidiary or holding company of that body corporate; (ii) any company in which the promoter holds 10% or more of the equity capital or which holds 10% or more of the equity capital of the promoter; (iii) any company in which a group of individuals or companies or combinations thereof who holds 20% or more of the equity capital in 394 Certification of Corporate Governance that company also holds 20% or more of the equity capital of the target company; and (b) in case the promoter is an individual (i) the spouse of that person, or any parent, brother, sister or child of that person or of his spouse; (ii) any company in which 10% or more of the share capital is held by the promoter or an immediate relative of the promoter or a firm or HUF in which the promoter or any one or more of his immediate relative is a member; (iii) any company in which a company specified in (i) above, holds 10% or more, of the share capital; and (iv) any HUF or firm in which the aggregate share of the promoter and his immediate relatives is equal to or more than 10% of the total. Explanation II: Financial Institutions, Scheduled Banks, Foreign Institutional Investors (FIIs) and Mutual Funds shall not be deemed to be a promoter.or promoter group merely by virtue of their shareholding: Provided that the Financial Institutions, Scheduled Banks and Foreign Institutional Investors (FIIs) shall be treated as promoters or promoter group for the subsidiaries or companies promoted by them or mutual funds sponsored by them." SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) Guidelines, 1999 According to Clause 2.1.12, “promoter” means: (a) The person or persons who are in over all control of the company; (b) The person or persons who are instrumental in the formation of the company or programme pursuant to which the shares were offered to the public; (c) The person or persons named in the offer document as promoter (s); Provided that a director or officer of the company, if they are acting as such only in their professional capacity will not be deemed to be a promoter. Explanation: Where a promoter of a company is a body corporate, the promoters of that body corporate shall also be deemed to be promoters of the company. 395 Handbook of Auditing Pronouncements-II APPENDIX - H List of relatives as per Schedule 1A to the Companies Act, 1956 1. Father 2. Mother (including step Mother) 3. Son (including step-Son) 4. Son’s wife 5. Daughter including step-daughter 6. Father’s father 7. Father’s mother 8. Mother’s mother 9. Mother’s father 10. Son’s son 11. Son’s son’s wife 12. Son’s daughter 13. Son’s daughter’s husband 14. Daughter’s husband 15. Daughter’s son 16. Daughter’s son’s wife 17. Daughter’s daughter 18. Daughter’s daughter’s husband 19. Brother (including step brother) 20. Brother’s wife 21. Sister including step sister 22. Sister’s husband. 396 Certification of Corporate Governance APPENDIX - I SEBI/CFD/DIL/LA/4/2007/27/12 December 27, 2007 The Managing Director / Executive Director / Administrators of All Stock Exchanges Dear Sirs, Sub.: Amendments to Equity Listing Agreement. 1.0 In order to bring more transparency in the governance of a listed company with regard to utilisation of issue proceeds and to enhance availability of and accessibility to the continuing disclosures by listed companies, it has been decided to amend Equity Listing Agreement to provide for the following: 2.0 Monitoring of utilisation of Issue Proceeds: 2.1 As per SEBI (Disclosure and Investor Protector) (DIP) Guidelines, 2000, every issuer company making a public or rights issue of more than Rs. 500 crores is required to appoint an agency to monitor the utilisation of issue proceeds. SEBI has, vide circular dated November 29, 2007 amending the SEBI (DIP) Guidelines, mandated that a monitoring agency shall henceforth be required to file its report with the issuer company instead of with SEBI. 2.2 Presently, clause 49 of Equity Listing Agreement requires the Audit Committee of an issuer company to monitor the utilisation of issue proceeds and to make appropriate recommendations to the Board of the issuer company. It is therefore felt that even where a monitoring agency has been appointed, the report submitted by such agency may be placed before the Audit Committee of the issuer company, so as to enable the Audit Committee to make appropriate recommendations to the Board of the issuer company. Accordingly, it has been decided to amend clause 49 of Equity Listing Agreement, requiring the issuer company to place the monitoring report filed with it before its Audit Committee. 2.3 Further, every issuer company shall be required to inform material deviations in the utilisation of issue proceeds to the stock exchange and shall also be required to simultaneously make the material deviations / adverse comments of the Audit committee / monitoring agency public through advertisement in newspapers. 397 Handbook of Auditing Pronouncements-II 3.0 Electronic filing through Corporate Filing and Dissemination System (CFDS), viz., www.corpfiling.co.in 3.1 SEBI had, vide circular no. SMD/POLICY/Cir-13/02 dated June 20, 2002, introduced a clause in Equity Listing Agreement, which inter-alia mandated electronic filing of certain corporate information through the Electronic Data Information Filing and Retrieval (EDIFAR) system hosted by the National Informatics Centre on behalf of SEBI. It has been decided to phase out EDIFAR gradually in view of a new portal, viz., CFDS put in place jointly by BSE and NSE at the URL www.corpfiling.co.in. CFDS offers a XBRL enabled common platform for listed companies to file their returns with stock exchanges and also a common place for investors to view information related to listed companies. 3.2 Accordingly, it has been decided to introduce a new clause viz., Clause 52 in Equity Listing Agreement, requiring listed companies to file information with the stock exchange only through CFDS. Over period, other modes of sending public information to stock Exchanges for compliance with clauses of Equity Listing Agreement shall be dispensed with. The companies, which are mandated to file information through CFDS or have been registered on CFDS on their own volition though not so mandated, need not file information through the EDIFAR system. The companies which have commenced filing through CFDS shall continue to do so through CFDS only. 3.3 BSE and NSE (Participating Stock Exchanges), which jointly own and maintain CFDS, shall, in a phased manner, ensure that CFDS is made available to all listed companies for their corporate filings, irrespective of the stock exchange on which the companies are listed. Participating Stock Exchanges shall shortlist companies, based on market capitalization and disseminate and publish the said list from time to time and make it available on the website of the Exchanges as well as on CFDS at the URL www.corpfiling.co.in. 4.0 Accordingly, new clauses 43A and 52 shall be inserted in Equity Listing Agreement and existing clauses 49 and 51 of Equity Listing Agreement shall be amended as detailed in the Annexure I 5.0 All stock exchanges are advised to: 5.1 Give effect to the above mentioned policy amendments and appropriately amend the relevant clauses of Equity Listing Agreement in line with the text of the amendments specified in Annexure I. 5.2 Make consequential changes in other clauses of Equity Listing Agreement. 5.3 Communicate to SEBI the status of implementation of the requirements of this circular in the next Monthly Development Report. 398 Certification of Corporate Governance 6.0 Applicability: All Stock Exchanges shall ensure that: 6.1 Clause 52 shall be applicable to all those companies whose names shall be specified by the Participating Stock Exchanges from time to time. The first 100 companies identified by the Participating Stock Exchanges, a list of which is available on the websites of the Participating Stock Exchanges, shall make all their submissions through CFDS from the period starting from January 1, 2008. Initially, these companies shall be required to make their submissions to the respective stock exchanges through CFDS, in addition to the modes provided in Equity Listing Agreement, i.e., through fax/courier, etc. 6.2 Users are requested to give their feedback on the CFDS at cfdsfeedback@nse.co.in and corp.relations@bseindia.com so as to improve the efficiency and effectiveness of the portal. 6.3 All other amendments to Equity Listing Agreement shall come into force with effect from the date of amendment. 7.0 This circular is issued in exercise of powers conferred by subsection (1) of Section 11, read with sub-section (2) of Section 11A, of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. 8.0 This circular is available on SEBI website at www.sebi.gov.in under the categories “Legal Framework” and “Issues and Listing”. Yours faithfully Annexure I ( to Circular December 27, 2007) 1. After clause 43, the following clause shall be inserted, namely:- “43A. Statement of deviations in use of issue proceeds (1) The company agrees to furnish to the stock exchange on a quarterly basis, a statement indicating material deviations, if any, in the use of proceeds of a public or rights issue from the objects stated in the offer document. (2) Where the company has appointed a monitoring agency to monitor utilisation of proceeds of a public or rights issue and such monitoring agency has pointed out any deviation in the use of the proceeds of the issue from the objects stated in the offer document or has given any other reservations about the end use of funds, the company agrees to 399 Handbook of Auditing Pronouncements-II intimate the same to the stock exchange, without any delay. (3) The information mentioned in sub-clause (1) shall be furnished to the stock exchange along with the interim or annual financial results submitted under clause 41 and shall be published in the newspapers simultaneously with the interim or annual financial results, after placing it before the Audit Committee in terms of clause 49. (4) The information mentioned in sub- clause (2) shall, after review by the Audit Committee, be furnished to the stock exchange as and when received and shall simultaneously be published in the newspapers.” 2. In clause 49 – (a) in sub-clause (II)(D), after item (5), the following new item shall be inserted, namely:- “5A. Reviewing, with the management, the statement of uses / application of funds raised through an issue (public issue, rights issue, preferential issue, etc.), the statement of funds utilized for purposes other than those stated in the offer document/prospectus/notice and the report submitted by the monitoring agency monitoring the utilisation of proceeds of a public or rights issue, and making appropriate recommendations to the Board to take up steps in this matter.” (b) in sub-clause (IV)(D), after the words “statutory auditors of the company” and before the words “The audit committee shall make appropriate recommendations”, the following shall be inserted, namely:- “Furthermore, where the company has appointed a monitoring agency to monitor the utilisation of proceeds of a public or rights issue, it shall place before the Audit Committee the monitoring report of such agency, upon receipt, without any delay.” 3. In clause 51, after sub-clause (3), the following sub-clause shall be inserted, namely:- “(4) Notwithstanding anything in sub-clauses (1), (2) and (3), the company need not file on the EDIFAR website, any information, statement or report which has already been filed on the Corporate Filing and Dissemination System in pursuance of clause 52.” 4. After clause 51, the following clause shall be inserted, namely:- “52. Corporate Filing and Dissemination System (CFDS), viz., www.corpfiling.co.in (1) The company agrees - (a) to file on the CDFS, such information, statements and reports as may be specified by the Participating Stock Exchanges in this regard. (b) that the Compliance Officer, appointed under clause 47(a) and the company shall be responsible for ensuring the correctness, authenticity and comprehensiveness of the information, statements and 400 Certification of Corporate Governance reports filed under this clause and also for ensuring that such information is in conformity with the applicable laws and the listing agreement.” (c) to ensure that the electronic filing of information through CFDS, pursuant to compliance with any clause of the listing agreement, shall be done within the time limit specified in the respective clause of the listing agreement. (d) to put in place such infrastructure as may be required to comply with the clause. Explanation: For the purposes of this clause – (i) The term “Corporate Filing and Dissemination System (CFDS)” shall mean the portal at the URL www.corpfiling.co.in or such other website as may be specified by the participating stock exchanges from time to time to take care of exigencies, if any. (ii) The term “Participating Stock Exchanges” shall mean the stock exchanges owning and maintaining CFDS.” 401 Handbook of Auditing Pronouncements-II APPENDIX - J SEBI/CFD/DIL/CG/1/2008/08/04 April 08, 2008 The Managing Director/Executive Director/Administrator of all the Stock Exchanges Dear Sir/Madam, Sub: Corporate Governance in listed Companies – Clause 49 of the Listing Agreement I. SEBI, vide circular SEBI/CFD/DIL/CG/1/2004/12/10 dated October 29, 2004, issued the revised clause 49 of the listing agreement, which has come into effect from January 1, 2006. SEBI had received requests/suggestions to bring about clarifications on certain provisions of the clause. After examining the same, it has been decided to modify the existing Clause 49 by including the following provisions: Mandatory provisions: 1. If the non-executive Chairman is a promoter or is related to promoters or persons occupying management positions at the board level or at one level below the board, at least one-half of the board of the company should consist of independent directors. 2. Disclosures of relationships between directors inter-se shall be made in specified documents/filings. 3. The gap between resignation/removal of an independent director and appointment of another independent director in his place shall not exceed 180 days. However, this provision would not apply in case a company fulfils the minimum requirement of independent directors in its Board, i.e., one- third or one-half as the case may be, even without filling the vacancy created by such resignation/removal. 4. The minimum age for independent directors shall be 21 years. Non-mandatory provisions: The company shall ensure that the person who is being appointed as an 402 Certification of Corporate Governance independent director has the requisite qualifications and experience which would be of use to the company and which, in the opinion of the company, would enable him to contribute effectively to the company in his capacity as an independent director. In view of the above, certain changes have to be incorporated in Clause 49, details of which are placed in Annexure I. II. Advice to Stock Exchanges 1. All Stock Exchanges are advised to: a. Give effect to the abovementioned policies and appropriately amend Clause 49 of Equity Listing Agreement in line with the text of the amendments specified in Annexure I. b. Make consequential changes, if any, in other clauses of Equity Listing Agreement. 2. All Stock Exchanges are further advised to communicate to SEBI, status of implementation of the requirements of this circular in the next Monthly Development Report. III. This circular is issued in exercise of powers conferred by sub-section (1) of Section 11, read with sub-section (2) of Section 11A, of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. IV. This circular is available on the SEBI website at www.sebi.gov.in. Yours faithfully, ANNEXURE I to Circular dated April 08, 2008 Clause 49 of the Listing Agreement shall be amended as follows – 1. In item (I), (a) in para (A), (i) after sub-clause (ii), the following proviso shall be inserted, namely:– “Provided that where the non-executive Chairman is a promoter of the company or is related to any promoter or person occupying management positions at the Board level or at one level below the Board, at least one-half of 403 Handbook of Auditing Pronouncements-II the Board of the company shall consist of independent directors.” (ii) in sub-clause (iii), (A) in point (e), the word “and” occurring after “director;” shall be omitted; (B) after point (f), the following shall be inserted, namely:- “(g) is not less than 21 years of age.” (b) in para (C), after sub-clause (iii), the following sub-clause shall be inserted, namely:- “(iv) An independent director who resigns or is removed from the Board of the Company shall be replaced by a new independent director within a period of not more than 180 days from the day of such resignation or removal, as the case may be: Provided that where the company fulfils the requirement of independent directors in its Board even without filling the vacancy created by such resignation or removal, as the case may be, the requirement of replacement by a new independent director within the period of 180 days shall not apply.” 2. In item (IV), in para (G), after sub-clause (i), the following sub-clause shall be inserted, namely: – “(ia) Disclosure of relationships between directors inter-se shall be made in the Annual Report, notice of appointment of a director, prospectus and letter of offer for issuances and any related filings made to the stock exchanges where the company is listed.” 3. In Annexure 1D under the heading “Non-Mandatory Requirements”, for item no. 1, the following shall be substituted, namely:- “1. The Board - A non-executive Chairman may be entitled to maintain a Chairman’s office at the company’s expense and also allowed reimbursement of expenses incurred in performance of his duties. Independent Directors may have a tenure not exceeding, in the aggregate, a period of nine years, on the Board of a company. The company may ensure that the person who is being appointed as an independent director has the requisite qualifications and experience which would be of use to the company and which, in the opinion of the company, would enable him to contribute effectively to the company in his capacity as an independent director.” 404 Certification of Corporate Governance APPENDIX - K SEBI/CFD/DIL/CG/2/2008/23/10 October 23, 2008 The Managing Director/Executive Director/Administrator of all the Stock Exchanges Dear Sir/Madam, Sub: Corporate Governance in listed Companies – Clause 49 of the Listing Agreement I. SEBI vide circular SEBI/CFD/DIL/CG/1/2008/08/04 dated April 08, 2008 amended Clause 49 of the Equity Listing Agreement inter-alia including a provision stating that if the non-executive Chairman is a promoter or is related to promoters or persons occupying management positions at the board level or at one level below the board, at least one- half of the board of the company should consist of independent directors. SEBI had received queries requesting to bring about further clarity on the said amendment where the promoter of a listed company is a listed or unlisted entity. After examining the same, it has been decided to include the following explanation to the existing Clause 49. In Item I, Para (A), in sub-clause (ii), after the proviso, the following Explanation shall be inserted, namely -: Explanation-For the purpose of the expression “related to any promoter” referred to in sub-clause (ii): a. If the promoter is a listed entity, its directors other than the independent directors, its employees or its nominees shall be deemed to be related to it; b. If the promoter is an unlisted entity, its directors, its employees or its nominees shall be deemed to be related to it.” II. Applicability: The aforesaid amendments in Clause 49 of Equity Listing Agreement shall be implemented as per the schedule of implementation given below: (a) For entities seeking listing for the first time, at the time of seeking in- principle approval for such listing; (b) For existing listed entities which are required to comply with clause 49, before March 31, 2009. 405 Handbook of Auditing Pronouncements-II III. Advice to Stock Exchanges: 1. All Stock Exchanges are advised to: a. Give effect to the abovementioned policies and appropriately amend Clause 49 of Equity Listing Agreement in line with the text of the amendments specified above. b. Make consequential changes, if any, in other clauses of Equity Listing Agreement. 2. All Stock Exchanges are further advised to communicate to SEBI, status of implementation of the requirements of this circular in their quarterly report for the quarter ended March 31, 2009. III. This circular is issued in exercise of powers conferred by sub-section (1) of Section 11, read with sub-section (2) of Section 11A, of the Securities and Exchange Board of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market. IV. This circular is available on the SEBI website at www.sebi.gov.in. Yours faithfully, 406 Certification of Corporate Governance ANNEXURE - I Clause 49 - Corporate Governance – Text of the Full Circular as amended upto 23rd October, 2008 The company agrees to comply with the following provisions: I. Board of Directors (A) Composition of Board (i) The Board of directors of the company shall have an optimum combination of executive and non-executive directors with not less than fifty percent of the board of directors comprising of non-executive directors. (ii) Where the Chairman of the Board is a non-executive director, at least one-third of the Board should comprise of independent directors and in case he is an executive director, at least half of the Board should comprise of independent directors. Provided that where the non-executive Chairman is a promoter of the company or is related to any promoter or person occupying management positions at the Board level or at one level below the Board, at least one-half of the Board of the company shall consist of independent directors37 Explanation: For the purpose of the expression “related to any promoter” referred to in sub- clause (ii): a. If the promoter is a listed entity, its directors other than the independent directors, its employees or its nominees shall be deemed to be related to it; b. If the promoter is an unlisted entity, its directors, its employees or its nominees shall be deemed to be related to it.38 (iii) For the purpose of the sub-clause (ii), the expression ‘independent director’ shall mean a non-executive director of the company who: (a) apart from receiving director’s remuneration, does not have any material pecuniary relationships or transactions with the company, its promoters, its directors, its senior management or its holding company, its subsidiaries and associates which may affect 37 SEBI/CFD/DIL/CG/1/2008/08/04 dated April, 08, 2008 38 SEBI/CFD/DIL/CG/2/2008/23/10 October 23, 2008 407 Handbook of Auditing Pronouncements-II independence of the director; (b) is not related to promoters or persons occupying management positions at the board level or at one level below the board; (c) has not been an executive of the company in the immediately preceding three financial years; (d) is not a partner or an executive or was not partner or an executive during the preceding three years, of any of the following: (i) the statutory audit firm or the internal audit firm that is associated with the company, and (ii) the legal firm(s) and consulting firm(s) that have a material association with the company. (e) is not a material supplier, service provider or customer or a lessor or lessee of the company, which may affect independence of the director; and (f) is not a substantial shareholder of the company i.e. owning two percent or more of the block of voting shares. (g) is not less than 21 years of age.39 Explanation: For the purposes of the sub-clause (iii): (a) Associate shall mean a company which is an “associate” as defined in Accounting Standard (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements”, issued by the Institute of Chartered Accountants of India. (b) “Senior management” shall mean personnel of the company who are members of its core management team excluding Board of Directors. Normally, this would comprise all members of management one level below the executive directors, including all functional heads. (c) “Relative” shall mean “relative” as defined in section 2(41) and section 6 read with Schedule IA of the Companies Act, 1956. (iv) Nominee directors appointed by an institution which has invested in or lent to the company shall be deemed to be independent directors. Explanation: “Institution’ for this purpose means a public financial institution as defined in Section 4A of the Companies Act, 1956 or a “corresponding new bank” as defined in section 2(d) of the Banking Companies (Acquisition and Transfer of 39 Amendment by way of Circular SEBI/CFD/DIL/CG/1/2008/08/04 dated April, 08, 2008 408 Certification of Corporate Governance Undertakings) Act, 1970 or the Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980 [both Acts].” (B) Non Executive Directors’ Compensation and Disclosures All fees / compensation, if any paid to non-executive directors, including independent directors, shall be fixed by the Board of Directors and shall require previous approval of shareholders in general meeting. The shareholders’ resolution shall specify the limits for the maximum number of stock options that can be granted to non-executive directors, including independent directors, in any financial year and in aggregate. 40Provided that the requirement of obtaining prior approval of shareholders in general meeting shall not apply to payment of sitting fees to non-executive directors, if made within the limits prescribed under the Companies Act, 1956 for payment of sitting fees without approval of the Central Government. (C) Other Provisions as to Board and Committees (i) The board shall meet at least four times a year, with a maximum time gap of four months41 between any two meetings. The minimum information to be made available to the board is given in Annexure– I A. (ii) A director shall not be a member in more than 10 committees or act as Chairman of more than five committees across all companies in which he is a director. Furthermore it should be a mandatory annual requirement for every director to inform the company about the committee positions he occupies in other companies and notify changes as and when they take place. Explanation: 1. For the purpose of considering the limit of the committees on which a director can serve, all public limited companies, whether listed or not, shall be included and all other companies including private limited companies, foreign companies and companies under Section 25 of the Companies Act shall be excluded. 2. For the purpose of reckoning the limit under this sub- clause, Chairmanship / membership of the Audit Committee and the Shareholders’ Grievance Committee alone shall be considered. (iii) The Board shall periodically review compliance reports of all laws 40Inserted by SEBI Circular dt. 13th January, 2006 – See Appendix F. 41Substituted in place of ‘three months’ by SEBI Circular dt. 13th January, 2006 – See Appendix F. 409 Handbook of Auditing Pronouncements-II applicable to the company, prepared by the company as well as steps taken by the company to rectify instances of non-compliances. (iv) An independent director who resigns or is removed from the Board of the Company shall be replaced by a new independent director within a period of not more than 180 days from the day of such resignation or removal as the case may be: Provided that where the company fulfills the requirements of independent directors in its Board even without filling the vacancy created by such resignation or removal , as the case may be, the requirement of replacement by a new independent director within the period of 180 days shall not apply.42 (D) Code of Conduct (i) The Board shall lay down a code of conduct for all Board members and senior management of the company. The code of conduct shall be posted on the website of the company. (ii) All Board members and senior management personnel shall affirm compliance with the code on an annual basis. The Annual Report of the company shall contain a declaration to this effect signed by the CEO. Explanation: For this purpose, the term “senior management” shall mean personnel of the company who are members of its core management team excluding Board of Directors.. Normally, this would comprise all members of management one level below the executive directors, including all functional heads. II. Audit Committee (A) Qualified and Independent Audit Committee A qualified and independent audit committee shall be set up, giving the terms of reference subject to the following: (i) The audit committee shall have minimum three directors as members. Two-thirds of the members of audit committee shall be independent directors. (ii) All members of audit committee shall be financially literate and at least one member shall have accounting or related financial management expertise. Explanation 1: The term “financially literate” means the ability to read and 42 SEBI Circular NO. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 410 Certification of Corporate Governance understand basic financial statements i.e. balance sheet, profit and loss account, and statement of cash flows. Explanation 2: A member will be considered to have accounting or related financial management expertise if he or she possesses experience in finance or accounting, or requisite professional certification in accounting, or any other comparable experience or background which results in the individual’s financial sophistication, including being or having been a chief executive officer, chief financial officer or other senior officer with financial oversight responsibilities. (iii) The Chairman of the Audit Committee shall be an independent director; (iv) The Chairman of the Audit Committee shall be present at Annual General Meeting to answer shareholder queries; (v) The audit committee may invite such of the executives, as it considers appropriate (and particularly the head of the finance function) to be present at the meetings of the committee, but on occasions it may also meet without the presence of any executives of the company. The finance director, head of internal audit and a representative of the statutory auditor may be present as invitees for the meetings of the audit committee; (vi) The Company Secretary shall act as the secretary to the committee. (B) Meeting of Audit Committee The audit committee should meet at least four times in a year and not more than four months shall elapse between two meetings. The quorum shall be either two members or one third of the members of the audit committee whichever is greater, but there should be a minimum of two independent members present. (C) Powers of Audit Committee The audit committee shall have powers, which should include the following: 1. To investigate any activity within its terms of reference. 2. To seek information from any employee. 3. To obtain outside legal or other professional advice. 4. To secure attendance of outsiders with relevant expertise, if it considers necessary. 411 Handbook of Auditing Pronouncements-II (D) Role of Audit Committee The role of the audit committee shall include the following: 1. Oversight of the company’s financial reporting process and the disclosure of its financial information to ensure that the financial statement is correct, sufficient and credible. 2. Recommending to the Board, the appointment, re- appointment and, if required, the replacement or removal of the statutory auditor and the fixation of audit fees. 3. Approval of payment to statutory auditors for any other services rendered by the statutory auditors. 4. Reviewing, with the management, the annual financial statements before submission to the board for approval, with particular reference to: (a) Matters required to be included in the Director’s Responsibility Statement to be included in the Board’s report in terms of clause (2AA) of section 217 of the Companies Act, 1956 (b) Changes, if any, in accounting policies and practices and reasons for the same (c) Major accounting entries involving estimates based on the exercise of judgment by management d. Significant adjustments made in the financial statements arising out of audit findings (d) Compliance with listing and other legal requirements relating to financial statements (e) Disclosure of any related party transactions (f) Qualifications in the draft audit report. 5. Reviewing, with the management, the quarterly financial statements before submission to the board for approval 5A Reviewing, with the management the statement of uses/application of funds raised through an issue (public issue, rights issue, preferential issue, etc), the statement of funds utilized for purposes other than those stated in the offer document/prospectus/notice and the report submitted by the monitoring agency monitoring the utilisation of proceeds of a public or rights issue, and making appropriate recommendations to the Board to take up steps in this matter43 43 SEBI/CFD/DIL/LA/4/2007/27/12 dated 27th December, 2007 412 Certification of Corporate Governance 6. Reviewing, with the management, performance of statutory and internal auditors, adequacy of the internal control systems. 7. Reviewing the adequacy of internal audit function, if any, including the structure of the internal audit department, staffing and seniority of the official heading the department, reporting structure coverage and frequency of internal audit. 8. Discussion with internal auditors any significant findings and follow up there on. 9. Reviewing the findings of any internal investigations by the internal auditors into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the board. 10. Discussion with statutory auditors before the audit commences, about the nature and scope of audit as well as post-audit discussion to ascertain any area of concern. 11. To look into the reasons for substantial defaults in the payment to the depositors, debenture holders, shareholders (in case of non payment of declared dividends) and creditors. 12. To review the functioning of the Whistle Blower mechanism, in case the same is existing. 13. Carrying out any other function as is mentioned in the terms of reference of the Audit Committee. Explanation (i): The term "related party transactions" shall have the same meaning as contained in the Accounting Standard 18, Related Party Transactions, issued by The Institute of Chartered Accountants of India. Explanation (ii): If the company has set up an audit committee pursuant to provision of the Companies Act, the said audit committee shall have such additional functions / features as is contained in this clause. (E) Review of Information by Audit Committee The Audit Committee shall mandatorily review the following information: 1. Management discussion and analysis of financial condition and results of operations; 2. Statement of significant related party transactions (as defined by the audit committee), submitted by management; 3. Management letters / letters of internal control weaknesses issued by the statutory auditors; 413 Handbook of Auditing Pronouncements-II 4. Internal audit reports relating to internal control weaknesses; and 5. The appointment, removal and terms of remuneration of the Chief internal auditor shall be subject to review by the Audit Committee III. Subsidiary Companies (i) At least one independent director on the Board of Directors of the holding company shall be a director on the Board of Directors of a material non listed Indian subsidiary company. (ii) The Audit Committee of the listed holding company shall also review the financial statements, in particular, the investments made by the unlisted subsidiary company. (iii) The minutes of the Board meetings of the unlisted subsidiary company shall be placed at the Board meeting of the listed holding company. The management should periodically bring to the attention of the Board of Directors of the listed holding company, a statement of all significant transactions and arrangements entered into by the unlisted subsidiary company. Explanation 1: The term “material non-listed Indian subsidiary” shall mean an unlisted subsidiary, incorporated in India, whose turnover or net worth (i.e. paid up capital and free reserves) exceeds 20% of the consolidated turnover or net worth respectively, of the listed holding company and its subsidiaries in the immediately preceding accounting year. Explanation 2: The term “significant transaction or arrangement” shall mean any individual transaction or arrangement that exceeds or is likely to exceed 10% of the total revenues or total expenses or total assets or total liabilities, as the case may be, of the material unlisted subsidiary for the immediately preceding accounting year. Explanation 3: Where a listed holding company has a listed subsidiary which is itself a holding company, the above provisions shall apply to the listed subsidiary insofar as its subsidiaries are concerned. IV. Disclosures (A) Basis of related party transactions (i) A statement in summary form of transactions with related parties in the ordinary course of business shall be placed periodically before the audit committee. (ii) Details of material individual transactions with related parties which are not in the normal course of business shall be placed before the audit committee. 414 Certification of Corporate Governance (iii) Details of material individual transactions with related parties or others, which are not on an arm’s length basis should be placed before the audit committee, together with Management’s justification for the same. (B) Disclosure of Accounting Treatment Where in the preparation of financial statements, a treatment different from that prescribed in an Accounting Standard has been followed, the fact shall be disclosed in the financial statements, together with the management’s explanation as to why it believes such alternative treatment is more representative of the true and fair view of the underlying business transaction in the Corporate Governance Report. (C) Board Disclosures – Risk management The company shall lay down procedures to inform Board members about the risk assessment and minimization procedures. These procedures shall be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework. (D) Proceeds from public issues, rights issues, preferential issues etc. When money is raised through an issue (public issues, rights issues, preferential issues etc.), it shall disclose to the Audit Committee, the uses / applications of funds by major category (capital expenditure, sales and marketing, working capital, etc), on a quarterly basis as a part of their quarterly declaration of financial results. Further, on an annual basis, the company shall prepare a statement of funds utilized for purposes other than those stated in the offer document / prospectus / notice and place it before the audit committee. Such disclosure shall be made only till such time that the full money raised through the issue has been fully spent. This statement shall be certified by the statutory auditors of the company. Furthermore, where the company has appointed a monitoring agency to monitor the utilization of proceeds of a public or rights issue, it shall place before the Audit Committee the monitoring report of such agency, upon receipt, without any delay44. The audit committee shall make appropriate recommendations to the Board to take up steps in this matter. (E) Remuneration of Directors (i) All pecuniary relationship or transactions of the non-executive directors vis- à-vis the company shall be disclosed in the Annual Report. (ii) Further the following disclosures on the remuneration of directors shall be made in the section on the corporate governance of the Annual Report: 44 SEBI/CFD/DIL/LA/4/2007/27/12 dated 27th December, 2007 415 Handbook of Auditing Pronouncements-II (a) All elements of remuneration package of individual directors summarized under major groups, such as salary, benefits, bonuses, stock options, pension etc. (b) Details of fixed component and performance linked incentives, along with the performance criteria. (c) Service contracts, notice period, severance fees. (d) Stock option details, if any – and whether issued at a discount as well as the period over which accrued and over which exercisable. (iii) The company shall publish its criteria of making payments to non-executive directors in its annual report. Alternatively, this may be put up on the company’s website and reference drawn thereto in the annual report. (iv) The company shall disclose the number of shares and convertible instruments held by non-executive directors in the annual report. (v) Non-executive directors shall be required to disclose their shareholding (both own or held by / for other persons on a beneficial basis) in the listed company in which they are proposed to be appointed as directors, prior to their appointment. These details should be disclosed in the notice to the general meeting called for appointment of such director. (F) Management (i) As part of the directors’ report or as an addition thereto, a Management Discussion and Analysis report should form part of the Annual Report to the shareholders. This Management Discussion & Analysis should include discussion on the following matters within the limits set by the company’s competitive position: (i) Industry structure and developments. (ii) Opportunities and Threats (iii) Segment-wise or product-wise performance (iv) Outlook (v) Risks and concerns (vi) Internal control systems and their adequacy (vii) Discussion on financial performance with respect to operational performance (viii) Material developments in Human Resources / Industrial Relations front, including number of people employed. 416 Certification of Corporate Governance (ii) Senior management shall make disclosures to the board relating to all material financial and commercial transactions, where they have personal interest, that may have a potential conflict with the interest of the company at large (for e.g. dealing in company shares, commercial dealings with bodies, which have shareholding of management and their relatives etc.) Explanation: For this purpose, the term "senior management" shall mean personnel of the company who are members of its. core management team excluding the Board of Directors). This would also include all members of management one level below the executive directors including all functional heads. (G) Shareholders (i) In case of the appointment of a new director or re-appointment of a director the shareholders must be provided with the following information: (a) A brief resume of the director; (b) Nature of his expertise in specific functional areas; (c) Names of companies in which the person also holds the directorship and the membership of Committees of the Board; and (d) Shareholding of non-executive directors as stated in Clause 49 (IV) (E) (v) above (e) Disclosure of relationships between directors inter-se shall be made in the Annual Report, notice of appointment of a director, prospectus and letter of offer for issuances and any related filings made to the stock exchanges where the company is listed.45 (ii) Quarterly results and presentations made by the company to analysts shall be put on company’s web-site, or shall be sent in such a form so as to enable the stock exchange on which the company is listed to put it on its own web-site. (iii) A board committee under the chairmanship of a non-executive director shall be formed to specifically look into the redressal of shareholder and investors complaints like transfer of shares, non- receipt of balance sheet, non-receipt of declared dividends etc. This Committee shall be designated as ‘Shareholders / Investors Grievance Committee’. (iv) To expedite the process of share transfers, the Board of the company shall delegate the power of share transfer to an officer or a committee or to the 45 SEBI Circular NO. SEBI/CFD/DIL/CG/1/2008/08/04 dated April 8, 2008 417 Handbook of Auditing Pronouncements-II registrar and share transfer agents. The delegated authority shall attend to share transfer formalities at least once in a fortnight. V. CEO / CFO Certification The CEO, i.e. the Managing Director or Manager appointed in terms of the Companies Act, 1956 and the CFO i.e. the whole-time Finance Director or any other person heading the finance function discharging that function shall certify to the Board that: (a) They have reviewed financial statements and the cash flow statement for the year and that to the best of their knowledge and belief : (i) these statements do not contain any materially untrue statement or omit any material fact or contain statements that might be misleading; (ii) these statements together present a true and fair view of the company’s affairs and are in compliance with existing accounting standards, applicable laws and regulations. (b) There are, to the best of their knowledge and belief, no transactions entered into by the company during the year which are fraudulent, illegal or violative of the company’s code of conduct. (c) They accept responsibility for establishing and maintaining internal controls for financial reporting46 and that they have evaluated the effectiveness of the internal control systems of the company pertaining to financial reporting47 and they have disclosed to the auditors and the Audit Committee, deficiencies in the design or operation of internal controls, if any, of which they are aware and the steps they have taken or propose to take to rectify these deficiencies. (d) They have indicated to the auditors and the Audit committee (i) significant changes in internal control over financial reporting48 during the year; (ii) significant changes in accounting policies during the year and that the same have been disclosed in the notes to the financial statements; and (iii) instances of significant fraud of which they have become aware and 46 Inserted by SEBI Circular dt 13th January, 2006 – See Appendix F. 47 Inserted by SEBI Circular dt 13th January, 2006 - See Appendix F. 48 Inserted by SEBI Circular dt 13 th January, 2006 - See Appendix F. 418 Certification of Corporate Governance the involvement therein, if any, of the management or an employee having a significant role in the company’s internal control system over financial reporting49. VI. Report on Corporate Governance (i) There shall be a separate section on Corporate Governance in the Annual Reports of company, with a detailed compliance report on Corporate Governance. Non-compliance of any mandatory requirement of this clause with reasons thereof and the extent to which the non-mandatory requirements have been adopted should be specifically highlighted. The suggested list of items to be included in this report is given in Annexure- I C and list of non- mandatory requirements is given in Annexure – I D. (ii) The companies shall submit a quarterly compliance report to the stock exchanges within 15 days from the close of quarter as per the format given in Annexure I B. The report shall be signed either by the Compliance Officer or the Chief Executive Officer of the company VII. Compliance (1) The company shall obtain a certificate from either the auditors or practicing company secretaries regarding compliance of conditions of corporate governance as stipulated in this clause and annex the certificate with the directors’ report, which is sent annually to all the shareholders of the company. The same certificate shall also be sent to the Stock Exchanges along with the annual report filed by the company. (2) The non-mandatory requirements given in Annexure – I D may be implemented as per the discretion of the company. However, the disclosures of the compliance with mandatory requirements and adoption (and compliance) / non-adoption of the non-mandatory requirements shall be made in the section on corporate governance of the Annual Report. 49 Inserted by SEBI Circular dt 13th January, 2006 - See Appendix F. 419 Handbook of Auditing Pronouncements-II ANNEXURE - IA Information to be placed before Board of Directors 1. Annual operating plans and budgets and any updates 2. Capital budgets and any updates 3. Quarterly results for the company and its operating divisions or business segments 4. Minutes of meetings of audit committee and other committees of the board 5. The information on recruitment and remuneration of senior officers just below the board level, including appointment or removal of Chief Financial Officer and the Company Secretary 6. Show cause, demand, prosecution notices and penalty notices which are materially important 7. Fatal or serious accidents, dangerous occurrences, any material effluent or pollution problems 8. Any material default in financial obligations to and by the company, or substantial nonpayment for goods sold by the company 9. Any issue, which involves possible public or product liability claims of substantial nature, including any judgment or order which, may have passed strictures on the conduct of the company or taken an adverse view regarding another enterprise that can have negative implications on the company 10. Details of any joint venture or collaboration agreement 11. Transactions that involve substantial payment towards goodwill, brand equity, or intellectual property 12. Significant labour problems and their proposed solutions. Any significant development in Human Resources / Industrial Relations front like signing of wage agreement, implementation of Voluntary Retirement Scheme etc 13. Sale of material nature, of investments, subsidiaries, assets, which is not in normal course of business 14. Quarterly details of foreign exchange exposures and the steps taken by management to limit the risks of adverse exchange rate movement, if material 15. Non-compliance of any regulatory, statutory or listing requirements and shareholders service such as non-payment of dividend, delay in share transfer etc. 420 Certification of Corporate Governance ANNEXURE - IB Format of Quarterly Compliance Report on Corporate Governance Name of the Company: Quarter ending on: Particulars Clause of Compliance Remarks Listing Status Agreement Yes / No I. Board of Directors 49 I (A) Composition of Board 49(IA) (B) Non-executive Directors’ 49 (IB) compensation & disclosures (C) Other provisions as to 49 (IC) Board and Committees (D) Code of Conduct 49(ID) II. Audit Committee 49 (II) (A) Qualified & Independent 49 (IIA) Audit Committee (B) Meeting of Audit 49 (IIB) Committee (C) Powers of Audit 49 (IIC) Committee (D) Role of Audit Committee 49 (IIE) 421 Handbook of Auditing Pronouncements-II III. Subsidiary Companies 49 (IV) IV. Disclosures 49 (IV) (A) Basis of related party 49 (IVA) transactions (B) Board Disclosures 49 (IVB) (C) Proceeds from public 49 (IVC) issues, rights issues, preferential issues etc. (D) Remuneration of 49 (IVD) Directors (E) Management 49 (IVE) (F) Shareholders 49 (IVF) V. CEO / CFO Certification 49 (V) VI. Report on Corporate 49 (VI) Governance VII. Compliance 49 (VII) Note: (1) The details under each head shall be provided to incorporate all the information required as per the provisions of the Clause 49 of the Listing Agreement (2) In the column No.3, compliance or non-compliance may be indicated by Yes / No / N.A.. For example, if the Board has been composed in 422 Certification of Corporate Governance accordance with the Clause 49 I of the Listing Agreement, "Yes" may be indicated. Similarly, in case the company has no related party transactions, the words “N.A.” may be indicated against 49 (IV A) (3) In the remarks column, reasons for non-compliance may be indicated, for example, in case of requirement related to circulation of information to the shareholders, which would be done only in the AGM / EGM, it might be indicated in the "Remarks" column as – “will be complied with at the AGM”. Similarly, in respect of matters which can be complied with only where the situation arises, for example, "Report on Corporate Governance" is to be a part of Annual Report only, the words "will be complied in the next Annual Report" may be indicated. 423 Handbook of Auditing Pronouncements-II ANNEXURE - IC Suggested List of Items to be Included in the Report on Corporate Governance in the Annual Report of Companies 1. A brief statement on company’s philosophy on code of governance. 2. Board of Directors (i) Composition and category of directors, for example, promoter, executive, non-executive, independent non- executive, nominee director, which institution represented as lender or as equity investor (ii) Attendance of each director at the Board meetings and the last AGM (iii) Number of other Boards or Board Committees in which he / she is a member or Chairperson (iv) Number of Board meetings held, dates on which held. 3. Audit Committee (i) Brief description of terms of reference (ii) Composition, name of members and Chairperson (iii) Meetings and attendance during the year. 4. Remuneration Committee (i) Brief description of terms of reference (ii) Composition, name of members and Chairperson (iii) Attendance during the year (iv) Remuneration policy (v) Details of remuneration to all the directors, as per format in main report. 5. Shareholders Committee (i) Name of non-executive director heading the committee (ii) Name and designation of compliance officer (iii) Number of shareholders’ complaints received so far (iv) Number not solved to the satisfaction of shareholders 424 Certification of Corporate Governance (v) Number of pending complaints. 6. General Body meetings (i) Location and time, where last three AGMs held (ii) Whether any special resolutions passed in the previous 3 AGMs (iii) Whether any special resolution passed last year through postal ballot – details of voting pattern (iv) Person who conducted the postal ballot exercise (v) Whether any special resolution is proposed to be conducted through postal ballot (vi) Procedure for postal ballot. 7. Disclosures (i) Disclosures on materially significant related party transactions that may have potential conflict with the interests of company at large (ii) Details of non-compliance by the company, penalties, strictures imposed on the company by Stock Exchange or SEBI or any statutory authority, on any matter related to capital markets, during the last three years (iii) Whistle Blower policy and affirmation that no personnel has been denied access to the audit committee (iv) Details of compliance with mandatory requirements and adoption of the non-mandatory requirements of this clause. 8. Means of communication (i) Quarterly results (ii) Newspapers wherein results normally published (iii) Any website, where displayed (iv) Whether it also displays official news releases; and (v) The presentations made to institutional investors or to the analysts. 9. General Shareholder information (i) AGM : Date, time and venue (ii) Financial year (iii) Date of Book closure 425 Handbook of Auditing Pronouncements-II (iv) Dividend Payment Date (v) Listing on Stock Exchanges (vi) Stock Code (vii) Market Price Data : High., Low during each month in last financial year (viii) Performance in comparison to broad-based indices such as BSE Sensex, CRISIL index etc. (ix) Registrar and Transfer Agents (x) Share Transfer System (xi) Distribution of shareholding (xii) Dematerialization of shares and liquidity (xiii) Outstanding GDRs / ADRs / Warrants or any convertible instruments, conversion date and likely impact on equity (xiv) Plant Locations (xv) Address for correspondence 426 Certification of Corporate Governance ANNEXURE - ID Non-Mandatory Requirements (1) The Board A non-executive Chairman may be entitled to maintain a Chairman’s office at the company’s expense and also allowed reimbursement of expenses incurred in performance of his duties. Independent Directors may have a tenure not exceeding, in the aggregate, a period of nine years, on the Board of a company. The company may ensure that the person who is being appointed as an independent director has the requisite qualifications and experience which would be of use to the company and which, in the opinion of the company and which, in the opinion of the company would enable him to contribute effectively to the company in his capacity as an independent director50. (2) Remuneration Committee (i) The board may set up a remuneration committee to determine on their behalf and on behalf of the shareholders with agreed terms of reference, the company’s policy on specific remuneration packages for executive directors including pension rights and any compensation payment (ii) To avoid conflicts of interest, the remuneration committee, which would determine the remuneration packages of the executive directors may comprise of at least three directors, all of whom should be non-executive directors, theChairman of committee being an independent director (iii) All the members of the remuneration committee could be present at the meeting (iv) The Chairman of the remuneration committee could be present at the Annual General Meeting, to answer the shareholder queries. However, it would be up to the Chairman to decide who should answer the queries. (3) Shareholder Rights A half-yearly declaration of financial performance including summary of the significant events in last six-months, may be sent to each household of shareholders. 50 Amendment by way of Circular SEBI/CFD/DIL/CG/1/2008/08/04 dated April, 08, 2008 427 Handbook of Auditing Pronouncements-II (4) Audit qualifications Company may move towards a regime of unqualified financial statements. (5) Training of Board Members A company may train its Board members in the business model of the company as well as the risk profile of the business parameters of the company, their responsibilities as directors, and the best ways to discharge them. (6) Mechanism for evaluating non-executive Board Members The performance evaluation of non-executive directors could be done by a peer group comprising the entire Board of Directors, excluding the director being evaluated; and Peer Group evaluation could be the mechanism to determine whether to extend / continue the terms of appointment of non-executive directors. (7) Whistle Blower Policy The company may establish a mechanism for employees to report to the management concerns about unethical behaviour, actual or suspected fraud or violation of the company’s code of conduct or ethics policy. This mechanism could also provide for adequate safeguards against victimization of employees who avail of the mechanism and also provide for direct access to the Chairman of the Audit committee in exceptional cases. Once established, the existence of the mechanism may be appropriately communicated within the organization. 106 428 22 GUIDANCE NOTE ON SECTION 227(3)(e) AND (f) OF THE COMPANIES ACT, 1956 (REVISED)* Contents Paragraph(s) Introduction ........................................................................................ 1-4 Scope of the Guidance Note ................................................................ 5 Reporting under Section 227(3)(e) of the Act ................................ 6-11 Reporting under Section 227(3)(f) of the Act ............................... 12-38 Disqualification under Section 274(1)(g)................................... 21-28 Duties of the Auditor under the Rules ....................................... 29-31 Auditor’s Procedures for Compliance with Section 227(3)(f) and the Rules................................................ 32-37 Certificate under the Rules .............................................................38 Appendices * Issued in March, 2001. Revised in 2004. Handbook of Auditing Pronouncements-II Introduction 1. Section 227 of the Companies Act, 1956 (hereinafter referred to as the ”Act”) deals with the powers and duties of the auditors of companies. Section 227(1A) of the Act requires the auditor to make certain specific enquiries during the course of audit. Section 227(2) of the Act requires the auditor, inter alia, to give his report to the members of company on the accounts examined by him, and on every balance sheet and profit and loss account and every document declared to be a part of or annexed to such balance sheet or profit and loss account which are laid before the company in a general meeting during the tenure of the auditor’s office. Sub-section (3) of section 227 of the Act also lays down certain matters necessarily required to be reported upon by the auditor in his report. The auditor is also required to include a statement on the matters specified in the Companies (Auditor’s Report) Order, 2003 (Revised 2005) (hereinafter referred to as “CARO, 2003”), issued under section 227(4A) of the Act. Sub-section (3) of section 227 of Act provides as follows: "(3) The auditor's report shall also state - (a) whether he has obtained all the information and explanations, which to the best of his knowledge and belief, were necessary for the purposes of his audit; (b) whether, in his opinion, proper books of account, as required by law, have been kept by the company so far as appears from his examination of those books, and proper returns adequate for the purposes of his audit have been received from branches not visited by him; (bb) whether the report on the accounts of any branch office audited under section 228 by a person other than the company's auditor has been forwarded to him as required by clause (c) of sub-section (3) of that section and how he has dealt with the same in preparing the auditor's report; (c) whether the company's balance sheet and profit and loss account dealt with by the report are in agreement with the books of account and returns; 430 Section 227(3)(e) and (f) of the Companies Act, 1956 (d) whether, in his opinion, the profit and loss account and balance sheet comply with the accounting standards referred to in sub- section (3C) of section 211; (e) in thick type or in italics the observations or comments of the auditors which have any adverse effect on the functioning of the company; (f) whether any director is disqualified from being appointed as director under clause (g) of sub-section (1) of section 274; (g) whether the cess payable under section 441A has been paid and if not, the details of the amount of cess not paid.1" 2. In terms of reporting requirements under sub-sections (2) and (3) of section 227 of the Act, matters on which the auditor has to report upon, can be broadly divided into two categories as under: (i) statements of fact; and (ii) opinions. 3. The statements of fact are: (i) whether he has obtained all the information and explanations which to the best of his knowledge and belief were necessary for the purposes of his audit; (ii) whether the report on the accounts of any branch office audited under section 228 by a person other than the company's auditors has been forwarded to him as required by section 228(3)(c) and how he has dealt with the same in preparing the auditor's report; (iii) whether the company's balance sheet and profit and loss account dealt with by the report are in agreement with the books of account and returns; (iv) whether any director is disqualified from being appointed as a director under clause (g) of sub-section (1) of section 274; and (v) whether the cess payable under section 441A has been paid and if not, the details of the amount of cess not paid. 1 Inserted by the Companies (Second Amendment) Act, 2002. 431 Handbook of Auditing Pronouncements-II 4. The opinions which the auditor is required to express are: (i) whether proper books of account as required by law have been kept by the company so far as it appears from the examination of the books and proper returns adequate for the purposes of the audit have been received from branches not visited by him; (ii) whether the profit and loss account and balance sheet comply with the accounting standards referred to in sub-section (3C) of section 211; (iii) whether the accounts give the information required by the Act in the manner so required; and (iv) whether the accounts give a true and fair view, in the case of the balance sheet of the state of the company's affairs, and in the case of the profit and loss account, of the profit or loss for the year. Scope of the Guidance Note 5. This Guidance Note is intended to assist the auditors in discharging their duties in respect of clauses (e) and (f) of sub-section (3) of section 227 of the Act. Clause (e) of the said sub-section creates a requirement for the auditor to consider whether any matter leading to the modification of the auditor’s report on financial statements is likely to have an adverse effect on the functioning of the company. It may be noted that the matters that lead to modification in the auditor’s report on financial statements are an emphasis of matter paragraph, qualification, situation giving rise to limitation on scope and disagreement with the management2. If the matter leading to the modification of the auditor’s report on financial statements is likely to have an adverse effect on the functioning of the company, the auditor is required to highlight such matter in thick type or in italics. Under clause (f) of sub- section (3) of section 227 of the Act, the auditor is required to state whether any director of the company is disqualified from being appointed a director of a company in terms of clause (g) of sub-section (1) of section 274 of the Act. Reporting under Section 227(3)(e) of the Act 6. The relevant extracts of section 227(3)(e) of the Act are reproduced below: “3. The auditor’s report shall also state – ……………………………………. 2 Reference may be made to paragraphs 31 through 47 of Standard on Auditing (SA) 700, “The Auditor’s Report on Financial Statements.” 432 Section 227(3)(e) and (f) of the Companies Act, 1956 (e) in thick type or in italics, the observations or comments of the auditors, which have any adverse effect on the functioning of the company”. 7. Clause (e) requires the auditor to highlight "in thick type or in italics, the observations or comments which have any adverse effect on the functioning of the company". An auditor’s report may contain matters leading to modifications in the auditor’s report on financial statements. Such matters may be related to issues which may have an adverse effect on the functioning of the company. The words “observations” or “comments” as appearing in clause (e) of section 227(3) are construed to have the same meaning as referring to “emphasis of matter paragraphs, qualifications, situations giving rise to limitation on scope, disagreements with the management leading to modification in the auditors report”. Therefore, only such "observations" or "comments" which have an adverse effect on the functioning of the company are required to be stated in thick type or in italics. For the sake of clarity, it may be noted that neither the auditor’s observations nor the comments made by him have any adverse effect on the functioning of a company. Instead, these observations or comments made by the auditor might contain matters which might have an adverse effect on the functioning of a company. 8. The Act does not specify the meaning of the phrase 'adverse effect on the functioning of the company'. The expression may be interpreted to mean that any event affecting the functioning of the company, observed by the auditor, should be reported upon even though it does not affect the financial statements, e.g., revocation of a license to manufacture one out of the many products during the year to which the financial statements relate, etc. However, such an interpretation would not only be beyond the scope of the audit of financial statements of the company but would also not be in accordance with the objective and concept of audit stipulated under the Act. A more logical and harmonious interpretation is that the amendment does not intend to change the basic objective and the concept of audit of financial statements of a company, which is to examine the financial statements with a view to express an opinion thereon. 9. The scope of the audit and auditor’s role remains as contemplated under the Engagement Standards and other relevant pronouncements issued by the Institute of Chartered Accountants of India as well as laid down in the Act, i.e., to lend credibility to the financial statements by reporting whether 433 Handbook of Auditing Pronouncements-II they reflect a true and fair view. SA 200A, “Objective and Scope of the Audit of Financial Statements” specifies, “the auditor’s opinion helps determination of the true and fair view of the financial position and operating results of an enterprise. The user, however, should not assume that the auditor’s opinion is an assurance as to the future viability of the enterprise or the efficiency or effectiveness with which management has conducted the affairs of the enterprise”. It also states, “the auditor’s work involves exercise of judgement, for example, in deciding the extent of audit procedures and in assessing the reasonableness of the judgements and estimates made by management in preparing the financial statements. Furthermore, much of the evidence available to the auditor can enable him to draw only reasonable conclusions therefrom. Because of these factors, absolute certainty in auditing is rarely attainable”. Further, it also clarifies that “in forming his opinion on the financial statements, the auditor follows procedures designed to satisfy himself that the financial statements reflect a true and fair view of the financial position and operating results of the enterprise. The auditor recognises that because of the test nature and other inherent limitations of an audit, together with the inherent limitations of any system of internal control, there is an unavoidable risk that some material misstatement may remain undiscovered. While in many situations the discovery of a material misstatement by management may often arise during the conduct of the audit, such discovery is not the main objective of audit nor is the auditor’s programme of work specifically designed for such discovery”. 10. There is no change in the objective and scope of an audit of financial statements because of inclusion of clause (e) in sub-section (3) of section 227 of the Act. The auditor expresses his opinion on the true and fair view presented by the financial statements through his report which may be modified in certain circumstances. However, the auditor would now have to evaluate subject matters leading to modification of the audit report to make judgement as to which of them has an adverse effect on the functioning of the company within the overall context of audit of financial statements of the company. Only such matters, which in the opinion of the auditor, deal with matters that have an adverse effect on the functioning of the company should be given in thick type or in italics. Conversely, such qualifications or adverse remarks of the auditor, which do not deal with matters that have adverse effect on the functioning of the company, need not be given in thick type or in italics. Examples of qualifications or adverse comments which have an adverse effect on the functioning of the company include a situation 434 Section 227(3)(e) and (f) of the Companies Act, 1956 where the going concern assumption is considered inappropriate or there exists any item having a significant impact on the current financial results of the company and which might also have a material effect on the future results of the entity, e.g., non-determination of obsolete stocks / bad debts, significant impairment of the assets, etc. 11. As far as inquiries under section 227(1A) are concerned, the auditor is not required to report on these matters unless he has any special comments to make on any of the items referred to therein. The auditor may also consider highlighting such comments in thick type or in italics which have any adverse effect on the functioning of the company. Another issue which arises is whether any observation or comment made by the auditor in respect of his statements on matters specified in CARO, 2003 issued under section 227(4A) of the Act, which has any adverse effect on the functioning of the company, should also be reported in terms of this clause. In this regard, it is noted that section 227(4A) of the Act treats the comments on the matters specified in CARO, 2003 as a part of the auditor’s report. Accordingly, any observation or comment made by the auditor in his report under CARO, 2003 contain such matters, which, in his opinion, will have any adverse effect on the functioning of the company, should also be reported in thick type or italics as required by this clause. An example in this regard may be where an auditor in respect of paragraph 4(i)(c) of CARO, 2003 reports that there exists a substantial doubt that without the replacement of significant part of fixed assets sold during the year, the company would be able to continue as a going concern for the foreseeable future. Reporting under Section 227(3)(f) of the Act 12. Clause (f) of section 227(3) of the Companies Act, 1956, is reproduced below: “227(3) The auditor’s report shall also state – ……………………………………. ……………………………………. (f) whether any director is disqualified from being appointed as a director under clause (g) of sub-section (1) of section 274." 13. In order to report upon clause (f) of sub-section (3) of section 227 of the Act, it is essential that the auditor understands the requirements of clause (g) of sub-section (1) of section 274 of the Act. The relevant extracts of section 435 Handbook of Auditing Pronouncements-II 274(1)(g) referred to in clause (f) of section 227(3), are reproduced below: "274(1) A person shall not be capable of being appointed director of a company, if— .................………………………………………………………….. ………………………………………………………………………. (g) such person is already a director of a public company which − (A) has not filed the annual accounts and annual returns for any continuous three financial years commencing on and after the first day of April, 1999; or (B) has failed to repay its deposit or interest thereon on due date or redeem its debentures on due date or pay dividend and such failure continues for one year or more; Provided that such person shall not be eligible to be appointed as a director of any other public company for a period of five years from the date on which such public company in which he is a director failed to file annual accounts and annual returns under sub-clause (a) or has failed to repay its deposit or interest or redeem its debentures on due date or pay dividend referred to in clause (B)." 14. On a perusal of section 227(3)(f), it is apparent that the auditor of a company, public or private, has to report on whether any of the directors of the company is disqualified from being appointed as a director in terms of clause (g) of sub-section (1) of section 274 of the Act. This is because while clause (f) of section 227(3) is the operating clause, clause (g) of sub-section (1) of section 274 is the defining clause. Thus, in order to be able to make a statement pursuant to clause (f) of sub-section (3) of section 227 of the Act in his report, the auditor would need to satisfy himself as to whether any of the directors of the company is disqualified under section 274(1)(g) from being appointed as a director in a company. It may also be noted that where none of the directors of a private company have been directors in a public company, the disqualification mentioned under section 274(1)(g) would not get attracted since the disqualification under the said section is defined in respect of a person who is director of a public company. 15. Disqualification of a director for being appointed as a director of a company under section 274(1)(g) should be determined with reference to a particular date only. This is so because a director can become disqualified 436 Section 227(3)(e) and (f) of the Companies Act, 1956 under the said section at any point of time during the year. Further, a director can attract the disqualification if any of the defaults mentioned under section 274(1)(g) is either done by the company being audited (if the company being audited is a public company) or any other public company in which a director of the company being audited is a director or has been a director in a public company which incurred the defaults and the period of five years has not elapsed. These factors make it impracticable for an auditor to determine whether any of the directors of the company attracted the disqualification under section 274(1)(g) at any point of time during the period covered by the auditor’s report. It is, therefore, practicable that whether any of the directors of the company has attracted disqualification should be considered as on a particular date, namely, at the balance sheet date. 16. The Department of Company Affairs3 (“the Department”) vide its Notification numbered GSR 830(E) dated October 21, 2003, has issued “The Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003 (hereinafter referred to as the “Rules”) to carry out the purpose of clause (g) of sub-section (1) of section 274 of the Act. The text of the Rules is reproduced in Appendix I to this Guidance Note. 17. The Rules are applicable to all public limited companies. However, the question regarding the applicability of the Rules to a company, which has been granted license under section 25 of the Act, and a private company, which is a subsidiary of a body corporate incorporated outside India, is required to be examined. 18. Section 25 of the Act only contains conditions subject to which the Central Government may dispense with the requirement to use the word "limited" or “private limited” in the name of a company. Thus, a public company, which is granted a license under section 25 of the Act, continues to be a public limited company under the Act and therefore the Rules would be applicable to such a public limited company. 19. As far as a private company, which is a subsidiary of a body corporate incorporated outside India is concerned, it may be noted that section 4(7) of the Act provides that: “(7) A private company, being a subsidiary of a body corporate incorporated outside India, which, if incorporated in India, would be 3 Now “Ministry of Company Affairs”. 437 Handbook of Auditing Pronouncements-II a public company within the meaning of this Act, shall be deemed for the purposes of this Act to be a subsidiary of a public company if the entire share capital in that private company is not held by that body corporate whether alone or together with one or more other bodies corporate incorporated outside India.” 20. By virtue of section 3(iv)(c), a private company, if it is a subsidiary of a body corporate incorporated outside India, which if incorporated in India would have been a public company and some part of its share capital is held by a legal entity in India, would become a public company within the meaning of the Act. Therefore, the Rules would also be applicable to such a private company. Disqualification under Section 274(1)(g) 21. The situation for disqualification of a director, as envisaged in sub- clause (A) of clause (g) of section 274 (1) of the Act is that the concerned public company has not filed the annual accounts and annual returns for any continuous three financial years commencing on or after the first day of April 1999. Further, sub-rule (a) of Rule 3 lays down that in such a case, persons who are directors on the last due date for filing the annual accounts and the annual returns shall be disqualified from being appointed as a director of another public company. In this context, it is also necessary to understand as to what is the “last due date” as envisaged by the Rules. The last due date would mean the due date with reference to the annual accounts and annual returns of the last of the three consecutive financial years for which the annual accounts and annual returns have not been filed. The proviso to clause (g) of sub-section (1) of section 274 provides that the period of five years would be reckoned from the date as specified in sub-clause (A), on which the public company failed to file its annual accounts and annual returns. From the above, it is clear that if the following conditions are satisfied in respect of a person, he would become disqualified under sub- clause (A) of clause (g) of sub-section (1) of section 274 of the Act: (a) The person is a director in a public company as on the last due date for filing the annual accounts and annual return for three continuous financial years. Thus, even if the person concerned has been appointed as a director in the public company only a few days before the last due date, the person would attract disqualification under section 274(1)(g). Further, a person who ceased to be a director of the public 438 Section 227(3)(e) and (f) of the Companies Act, 1956 company as on the last due date for filing the annual accounts and annual return for three continuous financial years would not be disqualified from being appointed as a director of a public company. (b) The public company has not filed the annual accounts and annual return for three consecutive financial years. Thus, if the said failure is not for a period of three continuous financial years, the disqualification would not be attracted. (c) The public company has failed to file both, the annual accounts and annual return. Thus, if the company has filed either the annual accounts or annual return within the due dates, the disqualification would not be attracted. (d) The period of five years has not elapsed since the date of default made by the public company. Thus, if the period of five years has elapsed since the date of the default, the person concerned shall not remain disqualified under sub-clause (A) of section 274(1)(g). 22. The situation for disqualification of a director, as envisaged in sub-clause (B) of clause (g) of section 274 of the Act is that the concerned public company has failed to repay its deposit or interest thereon on due date or redeem its debentures on due date or pay dividend and such failure continues for a period of one year or more. Further, sub-rule (b) of Rule 3 provides that if a company has failed to repay any deposit, irrespective of the enactment, rules or regulations under which the deposits have been accepted by the companies, or interest thereon, or redeem its debentures, or pay any dividend declared on the respective due dates, and if such failure continues for one year, as described in sub-clause (B) of clause (g) of sub-section (1) of section 274, then the directors of that company would stand disqualified immediately on expiry of one year from the respective due dates. The proviso to the Rule further provides that that all the directors who have been directors in the relevant year, from the due date to the expiry of one year after the due date, will also be disqualified. It may also be noted that that the disqualification on account of the reasons cited under sub-rule (b) of Rule 3 of the Rules is also applicable to the reappointment as a director. 23. The explanation to Rule 3, however, clarifies that a company would not be considered as having defaulted in payment of the dividend referred to in sub-clause (B) of clause (g) of section 274(1) in the following situations: (i) The dividend in question has not been claimed; or 439 Handbook of Auditing Pronouncements-II (ii) The dividend in question has been transferred to a separate bank account, i.e., the Unpaid Dividend Account of the company in accordance with the requirements of section 205A of the Act; or (iii) The dividend in question has been paid into the Investor Education and Protection Fund as required under section 205C of the Act. 24. The Department has also issued certain Circulars/Notifications in respect of operation/applicability of clause (g) of section 274(1) of the Act. A gist of these Notifications/Circulars is as under: (i) In respect of sub clause (B) of clause (g) of section 274(1) of the Act, the Department, vide its general circular numbered 5 of 2003 (F No. 2/5/2001-CLV) dated 14-1-2003 has clarified that default in repayment of privately placed bonds/ debentures/ debt instruments by public financial institutions will not be considered as default to disqualify directors under section 274(1)(g) of the Act. (ii) The Department has, vide its notification numbered GSR 829(E), also clarified that the provisions of clause (g) of sub section (1) of section 274 of the Act shall not be applicable to a Government company. (iii) Further, the Department has also clarified, vide its general circular numbered 8/2002, dated 22-3-2002, that the nominee directors appointed by the public financial institutions and companies established under the Act of Parliament having non obstante provisions over the Companies Act, 1956 like IDBI, LIC, UTI, IIBI, etc., in their respective statutes shall not be liable to be disqualified under section 274(1)(g) of the Act. The Department has also clarified that the nominee directors appointed on the boards of assisted concerns or other public companies by (a) public financial institutions within the meaning of section 4A of the Act; (b) Central or State Government; and (c) banking companies are also exempt from the provisions of section 274(1)(g) of the Act. 25. The proviso to sub-section (1) of section 252 of the Act requires that a public company having a paid-up capital of rupees five crores or more; or one thousand or more small shareholders may have a director elected by such small shareholders in the manner as may be prescribed. The Department had, vide its Notification No. GSR. 168(E), dated March 9, 2001, issued the “Companies (Appointment of the Small Shareholders’ Director) Rules, 2001. The said Rules define “small shareholders” as “a shareholder holding shares of nominal value of twenty thousand rupees or less in a public 440 Section 227(3)(e) and (f) of the Companies Act, 1956 company to which section 252 of the Act applies. The said Rules deal with the manner of election of small shareholders’ director, disqualification of such directors and vacation of office by such directors. Rule 5 of the said Rules which deals with the disqualification of small shareholders’ directors lists out certain conditions wherein a person shall not be capable of being appointed as a small shareholders’ director of a company. The said Rule 5, however, does envisage the situations outlined in clause (g) of section 274(1) as a condition for disqualification. Thus, a logical interpretation of the situation would be that a person appointed as a small shareholders’ director pursuant to the above mentioned Rules would not be subject to any disqualification arising in terms of clause (g) of section 274(1) of the Act. 26. The Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003 (the “Rules”) have also introduced the concepts of “Disqualifying” and “Appointing” companies. As per Rule 2, a “disqualifying” company is “the company in which the default has occurred on account of which a director stands disqualified”. Further, Rule 2 also defines an “appointing” company as “the company in which an individual is seeking an appointment as a director, including reappointment as a director”. However, this distinction between the “appointing company” and “disqualifying company” apparently has no significance to the auditor since he is required to state in his report on the financial statements of the company whether any of the directors of the company as on the balance sheet is disqualified from being appointed as a director of a company under section 274(1)(g) of the Act. 27. Under Rule 9, every director in a public company registered under the Companies Act, 1956, is required to file Form DD-A, as prescribed in the Rules, before he is appointed or reappointed in any company. Rule 5 also casts a duty on every company which has failed to file its annual accounts and returns and/or fails to repay any deposit, interest, dividend, or fails to redeem its debentures, as described in clauses (A) and (B) of clause (g) of sub-section (1) of section 274 of the Act, to immediately file a return in duplicate in Form DD-B (prescribed in the said Rules) with the Registrar of Companies. 28. Another point to note is that the provisions of clause (g) of section 274(1) of the Act do not find a place in the provisions of section 283 of the Act, which deals with vacation of office by the director(s). Therefore, a director should not be construed as having vacated his office merely because of his having incurred a disqualification under clause (g) of section 274(1) of 441 Handbook of Auditing Pronouncements-II the Act. Another question that arises in this regard is whether in case all the directors of a company are disqualified under section 274(1)(g), whether such directors can approve the financial statements of the company. As mentioned, in case a director of a company becomes disqualified from being appointed as a director in a company in terms of section 274(1)(g) of the Act, he continues to be a director of the company until the expiry of his term. Therefore, even in a case where all the directors become disqualified from being appointed as a director in a company they can approve the financial statements and continue to discharge the duties and responsibilities assigned by the Act. Duties of the Auditor under the Rules 29. Rule 4 of the Rules deals with the duties of the statutory auditors of both the disqualifying as well as the appointing companies. Sub-rule (a) of Rule 4 requires that the statutory auditors of both the appointing as well as the disqualifying company to: (i) report under section 227(3)(f) of the Act to the members of the respective companies as to whether any director is disqualified from being appointed as a director under clause (g) of section 274(1) of the Companies Act, 1956; and (ii) furnish a certificate every year as to whether on the basis of his examination of the books and records of the company, any director of the company is disqualified as a director or not. 30. It is, therefore, clear that the statutory auditors of both the disqualifying as well as the appointing company would, in addition to their report in terms of section 227(3)(f) of the Act, would also have to, each financial year, furnish a certificate as required in Rule 4. 31. Sub Rule (b) of Rule 4 further casts a duty on the statutory auditors of the “disqualifying” company to report to the members of the company as required under section 227(3)(f) whether any director in the company has been disqualified during the year from being reappointed as director, or being appointed as a director in another company under clause (g) of section 274(1). 442 Section 227(3)(e) and (f) of the Companies Act, 1956 Auditor’s Procedures for Compliance with Section 227(3)(f) and the Rules 32. In order to comply with the requirements of section 227(3)(f) of the Act and the Rules, the auditor should obtain a written representation as to: (a) Names of directors of the company during the period covered by the auditor’s report (including the directors at the balance sheet date), showing separately, the names of nominee directors and directors appointed in accordance with the Companies (Appointment of the Small Shareholders’ Director) Rules, 2001 (b) Particulars of appointment/reappointment, resignation/retirement etc., of each of the above directors. (c) Whether in case of directors appointed on or after the date of the Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003 coming into effect, each such director has submitted Form DD-A, as required under the said Rules. (d) That the information contained in the register of directors maintained under section 303(1) is updated to show the position as on the balance sheet date. (e) Whether the company has committed any default as envisaged in sub- clauses (A) and/or (B) of clause (g) of section 274 (1) of the Act. (f) In case the company has committed a default under sub-clauses (A) and/ or (B) of clause (g) of section 274(1) of the Act, whether the company has furnished the Form DD-B, as required by the Rules. 33. The auditor should also obtain a written representation from the directors of the company as to whether they have attracted the disqualification in terms of clause (g) of sub-section (1) of section 274 of the Act. The auditor should require the directors to submit a written representation in respect of each public company in which they are directors as to whether as on the balance sheet date the public companies of which he is a director have defaulted in terms of the section 274(1)(g). There is a practice amongst many companies that the directors obtain a legal compliance report, periodically, to ensure that the companies have complied with all the legal requirements. Such compliance reports generally also contain the information regarding filing of annual accounts and annual return and compliance with clause (g) of sub-section (1) of section 443 Handbook of Auditing Pronouncements-II 274 can be a part of the said legal compliance report. Such a compliance report can, therefore, be submitted by the director as an evidence in this regard. In addition to written representation obtained from the director in respect of public companies of which he is a director, the auditor should also obtain written representation from the director in respect of each of those public companies in which he was a director in the past as to whether or not the director is disqualified to be appointed as a director in terms of proviso to Section 274(1)(g). The auditor should insist that written representations provided by the management as well as the directors appointed prior to the issuance of Rules or the legal compliance report, as the case may be, should be taken on record by the Board of Directors of the company being audited. However, in no case, is the auditor of either the appointing company or the disqualifying company expected to make any roving enquiries from such other companies in which the concerned director is also a director, as to whether or not they have committed any default in terms of sub clauses (A) and/ or (B) of clause (g) of section 274(1) of the Act. 34. The auditor should verify the information provided by the management and the directors from the information contained in the register maintained under section 303(1) of the Act. The said register contains various particulars relating to all the directors of the company including particulars in respect of the office of director, managing director, etc. The auditor can also examine the Form 32 filed by the company during the financial year under section 303(2) of the Act so as to know the changes, for example, appointment, retirement, resignation etc., of directors during the year. Form DD-A filed by the directors would also assist the auditor in assessing whether any director appointed during the year, at the time of appointed, was disqualified under section 274(1)(g) of the Act. 35. In case company being audited happens to be a public company which has not filed the annual accounts and annual returns for any continuous three financial years commencing on and after 1st April, 1999; or has failed to repay its deposit or interest thereon on due date or redeem its debentures on due date or pay dividend and such failure continues for one year or more; then the auditor must report that all the directors are disqualified from being appointed as director in terms of clause (g) of sub-section (1) of section 274 of the Act. The auditor, in such a case, should also examine the return in Form DD-B to be filed under the Rules. Form DD-B contains the particulars of directors during the relevant period. 444 Section 227(3)(e) and (f) of the Companies Act, 1956 36. Since the Rules are applicable to public limited companies only, Forms DD-A and DD-B would not be available to the auditor a private company. In such cases, the auditor’s employs the same procedures to comply with the requirements of section 227(3)(f) which are applied by an auditor of a public company except that the auditor is not required to examine Forms DD-A and DD-B because of their non-availability in a private company. 37. The reporting under clause (f) of sub-section (3) of section 227 of the Act may be as follows, keeping in view the situation concerned: (a) Where all the directors of the company are able to produce the evidence as specified in paragraph 33 above that the public company/(ies) of which they are directors have not defaulted in terms of section 274(1)(g), the auditor may report as follows: “On the basis of the written representations received from the directors, and taken on record by the Board of Directors, we report that none of the directors is disqualified as on 31st March, 2XXX from being appointed as a director in terms of clause (g) of sub-section (1) of section 274 of the Companies Act, 1956”. (b) In a situation where a director is unable to produce the written representation as specified in paragraph 33 above, the auditor may report as follows: “Mr. X, who is also a director of ABC Ltd., has not produced written representation as to whether ABC Ltd., in which Mr. X is a director as on 31st March, 2XXX, had not defaulted in terms of section 274(1)(g) of the Companies Act, 1956. In the absence of this representation, we are unable to comment whether Mr. X is disqualified from being appointed as a director under clause (g) of sub-section (1) of section 274 of the Companies Act, 1956. As far as other directors are concerned, on the basis of the written representations received from such directors, and taken on record by the Board of Directors, we report that none of the remaining directors is disqualified as on 31st March, 2XXX from being appointed as a director in terms of clause (g) of sub-section (1) of section 274 of the Companies Act, 1956.” (c) Where on the basis of the written representation received from a director, it is noted that the director was disqualified from being appointed as a director under this clause, the auditor may report as follows: 445 Handbook of Auditing Pronouncements-II “On the basis of the written representation received from Mr. Y, who is a director of ABC Ltd., as on 31st March 2XXX, and taken on record by the Board of Directors, we report that he is disqualified from being appointed as a director in terms of clause (g) of sub-section (1) of section 274 of the Companies Act, 1956. As far as other directors are concerned, on the basis of the written representations received from such directors, and taken on record by the Board of Directors, we report that none of the remaining directors is disqualified as on 31st March 2XXX from being appointed as a director in terms of clause (g) of sub-section (1) of section 274 of the Companies Act, 1956.” Certificate under the Rules 38. As mentioned, sub-rule (a) of Rule 4 requires that it shall be the duty of the statutory auditor to furnish a certificate each year as to whether on the basis of his examination of the books and records of the company, any director of the company is disqualified for appointment as a director or not. The Rules, however, are silent as to whom the said certificate would be addressed. An interpretation could be that the auditor should furnish such a certificate to the shareholders of the company. However, this does not seem to be logical since the shareholders would get the same information from the auditor’s statement in respect of clause (f) of sub-section (3) of section 227 of the Act. Therefore, it would be appropriate that the certificate is addressed to the Board of Directors of the Company. It may also be noted that the Rules are also silent as to the format and contents of the certificate. An illustrative format of the said certificate is given in Appendix II, which may be used by the auditors. 446 Section 227(3)(e) and (f) of the Companies Act, 1956 Appendix I PUBLISHED IN THE GAZETTE OF INDIA, PART II, SECTION 3(i), EXTRAORDINARY Ministry of Finance (Department of Company Affairs) NOTIFICATION New Delhi, the 21st October, 2003 G.S.R. 830 (E).- In exercise of the powers conferred by clause (b) of sub-section (1) of section 642 of the Companies Act, 1956 (1 of 1956), the Central Government hereby makes the following rules to carry out the purpose of clause (g) of sub-section (1) of section 274 of the said Act, namely :- 1. Short Title, Commencement and Extent (1) These rules may be called the Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003. (2) These rules shall come into force from the date of their notification in the Official Gazette. (3) These rules shall apply to all public limited companies registered under the Companies Act, 1956. 2. Definitions In these Rules, unless the context otherwise requires, - (a) “disqualifying company” is the company in which the default has occurred on account of which a director stands disqualified; (b) “appointing company” is the company in which an individual is seeking appointment as a director, including re-appointment as director. 3. Disqualifications under clause (g) of sub-section (1) of section 274 of the Companies Act, 1956 (a) Whenever a company fails to file the annual accounts and annual returns, as described in sub-clause (A) of clause (g) of sub-section (1) of section 274, persons who are directors on the last due date for filing the annual accounts and 447 Handbook of Auditing Pronouncements-II the annual returns for any continuous three financial years commencing on and after the first day of April, 1999, shall be disqualified. (b) If a company has failed to repay any deposit, irrespective of the enactment, rules or regulations under which the deposits have been accepted by the companies, or interest thereon, or redeem its debentures, or pay any dividend declared on the respective due dates, and if such failure continues for one year, as described in sub-clause (B) of clause (g) of sub-section (1) of section 274, then the directors of that company shall stand disqualified immediately on expiry of that one year from the respective due dates: Provided that all the directors who have been directors in the relevant year, from the due date to the expiry of one year after the due date, will be disqualified: Provided further that disqualification on account of the reasons cited under this Rule shall also apply to the reappointment as a director. Explanation-For the purpose of this rule, it is clarified that non-payment of dividend referred to in sub-clause (B) of clause (g) of sub-section (1) of section 274 due to the reason of dividend not being claimed or kept in separate bank account as required under section 205A of Companies Act, 1956 or paid into Investors Education & Protection Fund as required under section 205C of that Act shall not be deemed to be a failure to make payment of dividend. 4. Duty of Statutory Auditor to Report on Disqualification (a) It shall be the duty of statutory auditor of the appointing company as well as disqualifying company, as required under section 227(3)(f) to report to the members of the company whether any director is disqualified from being appointed as director under clause (g) of sub-section (1) of section 274 and to furnish a certificate each year as to whether on the basis of his examination of the books and records of the company, any director of the company is disqualified for appointment as a director or not. (b) It shall be the duty of the statutory auditors of the “disqualifying company” as required in section 227(3)(f) to report to the members of the company whether any director in the company has been disqualified during the year from being re- appointed as director, or being appointed as director in another company under clause (g), of sub-section (1) of section 274. 448 Section 227(3)(e) and (f) of the Companies Act, 1956 5. Duty of Company to Intimate Disqualification Whenever a company fails to file the annual accounts and returns, or fails to repay any deposit, interest, dividend, or fails to redeem its debentures, as described in clauses (A) and (B) of clause (g) of sub-section (1) of section 274, the company shall immediately file a return in duplicate in Form ‘DD-B’, prescribed under these rules for this purpose, to the Registrar of Companies, furnishing therein the names and addresses of all the Directors of the company during the relevant financial years: Provided that names of such directors who have been exempted from application of Section 274(1)(g) by the Central Government, from time to time, shall be excluded. Provided further that no unusual abbreviations or short forms shall be used in filling up the Form ‘DD-B’, which shall give such details as may be necessary to distinguish and identify each director without any ambiguity. 6. Failure to Intimate Disqualification shall render Director as Officer in Default When a company fails to file the Form ‘DD-B’ as above within 30 days of the failure that would attract disqualification under Section 274(1)(g), officers of the company listed in section 5 of the Companies Act, 1956 shall be officers in default. 7. (a) Upon receipt of the Form ‘DD-B’ in duplicate under Rule 5, the Registrar of Companies shall immediately register the document and place one copy of it in the document file for public inspection. (b) The Registrar of Companies shall forward the other copy to the Central Government. 8. Names of the Disqualified Directors on the Website etc. (a) The Central Government shall place on the web site of the Department of Company Affairs the names and addresses and such other details including names and details of the companies concerned, as may be necessary, in respect of all the disqualified directors. (b) The Central Government may also publicize the names of disqualified directors in such manner as it may consider appropriate. 449 Handbook of Auditing Pronouncements-II (c) The Central Government shall take such steps as may be required to update its web-site to ensure that name of the person, in whose respect disqualification period has expired after 5 years, is deleted from the web-site. 9. Duty of Every Director Every director in a public company registered under the Companies Act, 1956 shall file Form ‘DD-A’, prescribed under these Rules, before he is appointed or re-appointed. 10. If any question arises as to whether these rules are or are not applicable to a particular company, such question shall be decided by the Central Government. 11. Punishment for Contravention of the Rules If a company or any other person contravenes any provision of these rules for which no punishment is provided in the Companies Act, 1956, the company and every officer of the company who is in default or such other person shall be punishable with fine which may extend to five thousand rupees and where the contravention is a continuing one, with a further fine which may extend to five hundred rupees for every day after the first, during which the contravention continues. 12. On the commencement of these rules, all rules, orders or directions in force in relation to any matter for which provision is made in these Rules shall stand repealed, except as respects things done or omitted to be done before such repeal. [F. No.1/8/2002-CL.V] Rajiv Mehrishi, Joint Secretary 450 Section 227(3)(e) and (f) of the Companies Act, 1956 FORM ‘DD-A’ Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003 Intimation by Director [Pursuant to Section 274(1)(g)] Registration No. of Company ______________ Nominal Capital Rs._____________ Paid-up Capital Rs. _____________ Name of Company__________________________ Address of its Registered Office___________________ To The Board of Directors of __________________________ I _______________ son/daughter/wife of _______________ resident of ___________________ director/managing director/manager in the company hereby give notice that I am/was a director in the following companies during the last 3 years: Name of the Company Date of Appointment Date of 1……………. Cessation 2……………. I further confirm that I have not incurred disqualification under section 274(1)(g) of the Companies Act, 1956 in any of the above companies, in the previous financial year, and that I, at present, stand free from any disqualification from being a director. or I further confirm that I have incurred disqualifications under section 274(1)(g) of the Companies Act, 1956 in the following company(s) in the previous financial year, and that I, at present stand disqualified from being a director. 451 Handbook of Auditing Pronouncements-II Name of the Company Date of Appointment Date of 1……………. Cessation 2……………. Signature (Full Name) Dated this _________ day of _________ 452 Section 227(3)(e) and (f) of the Companies Act, 1956 FORM ‘DD-B’ Report by a Public Company [Pursuant to Section 274(1)(g) read with Rule 5 of Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003] Registration No. of Company:____________________________ Nominal Capital Rs.____________________________________ Paid-up Capital Rs. ____________________________________ Name of Company_____________________________________ Address of its Registered Office__________________________ To The Registrar of Companies, It is hereby reported under section 274(1)(g) of Companies Act, 1956, that M/s. ___________ have failed to (i) file the annual accounts and annual returns for the last three financial years, or (ii) repay deposits or interest thereon on due date being ___________ or redeem its debentures on due date being _________ or pay dividend declared by the company since __________ or both. The period of one year has expired on ___________. The name and address of directors at the relevant period are as under :- (a) Director’s name in full, without abbreviations (b) Director’s name as per company’s records (abbreviations may be expanded and shown) (c) Address of the Director (i) Permanent (ii) Present (d) Positions held by the director in the last 5 years, prior to disqualification: Signature Designation* Dated this _________ day of _________ *State whether Director, Managing Director, Manager or Secretary 453 Handbook of Auditing Pronouncements-II Appendix II FORMAT OF THE CERTIFICATE TO BE ISSUED UNDER RULE 4 (a) OF THE COMPANIES (DISQUALIFICATION OF DIRECTORS UNDER SECTION 274(1)(g) OF THE COMPANIES ACT, 1956) RULES, 2003 Auditor’s Certificate Rule 4 (a) of the Companies (Disqualification of Directors Under section 274(1)(g) of the Companies Act, 1956) Rules, 2003 To, The Board of Directors of __________(name of the company) In terms of Rule 4(a) of the Companies (Disqualification of Directors under section 274(1)(g) of the Companies Act, 1956) Rules, 2003, I/we ………………………………………………………. (name of the chartered accountant/ firm, as the case may be), based on our examination of the books and records of the company, carried out in accordance with the requirements of the Guidance Note on Section 227(3)(e) and (f) of the Companies Act, 1956, issued by the Institute of Chartered Accountants of India, do hereby certify that none of the directors of the company, i.e., …………………………………………… (name of the company) as on _______ (date of the balance sheet) is disqualified for appointment as a director in the aforementioned company in terms of clause (g) of sub section (1) of section 274 of the Companies Act, 1956. Date: For XYZ & Co., Chartered Accountants Address: …………………………………… (Signature) (Name of the Member Signing the Certificate) (Designation4) …………………………………… (Membership Number) 4 Partner or proprietor, as the case may be. 454 23 GUIDANCE NOTE ON AUDIT OF EXPENSES* Contents Paragraph(s) Introduction ........................................................................................ 1-5 Internal Control Evaluation .................................................................. 6 Verification ....................................................................................... 7-41 Goods and Raw Materials Consumed ........................................... 11 Purchases and Purchase Returns ............................................ 12-21 Wages and Salaries ................................................................. 22-27 Bonus ............................................................................................ 28 Retirement Benefits ....................................................................... 29 Other Conversion Costs ................................................................ 30 Establishment and General Administrative Expenses ................... 31 Interest and Financial charges ...................................................... 32 Depreciation .................................................................................. 33 Research and Development Expenses .................................... 34-35 Repairs and Maintenance ............................................................. 36 Contingencies ............................................................................... 37 Taxes on Income...................................................................... 38-41 Special Considerations in the Case of a Company .......................... 42 Examination of Presentation and Disclosure ................................... 43 Management Representation ............................................................. 44 Documentation .................................................................................... 45 * Published in November, 2001 issue of ‘The Chartered Accountant’. Handbook of Auditing Pronouncements-II Para 2.1 of the "Preface to the Statements on Standard Auditing Practices"1 issued by the Institute of Chartered Accountants of India states that the "main function of the APC is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs)** so that these may be issued by the Council of the Institute." Para 2.4 of the Preface states that the "APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary." The Auditing Practices Committee*** has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Committee. It is intended to issue, in due course of time, SAPs or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn. Accordingly, with the issuance of this Guidance Note on Audit of Expenses, paragraphs 11.2-11.8 of Chapter 11 of the Statement on Auditing Practices, titled `Profit and Loss Account', shall stand withdrawn. In due course of time, the entire Statement on Auditing Practices shall be withdrawn.2 The following is the text of the Guidance Note on "Audit of Expenses" issued by the Auditing Practices Committee of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Statements on Standard Auditing Practices issued by the Institute. Introduction 1. An expense is a cost relating to the operations of an accounting period or to the revenue earned during the period or the benefits of which do not extend beyond that period. The expression "cost" means the amount of expenditure incurred on or attributable to a specified article, product or activity. 1 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol-I.A of this Handbook. ** Now known as Engagement Standards. *** Now known as Auditing and Assurance Standards Board. 2 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 456 Audit of Expenses 2. Expenses are recognised by the following approaches: (a) Identification with revenue transactions Costs directly associated with the revenue recognised during the relevant period are considered as expenses and are charged to income for the period. (b) Identification with a period of time In many cases, although some costs may have connection with the revenue for the period, the relationship is so indirect that it is impracticable to attempt to establish it. However, there is a clear identification with a period of time.3 Such costs are regarded as `period costs' and are expensed in the relevant period, e.g, salaries, telephone, travelling, depreciation on office building, normal interest, etc. Similarly, the costs, the benefits of which, do not clearly extend beyond the accounting period are also charged as expenses. 3. The following features of expenses affect the nature, timing and extent of the related audit procedures: (a) In the case of most items of expenses, documentary evidence originating from third parties is available. (b) The nature and relative significance of various items of expenses usually differ from one enterprise to another, depending primarily on the nature of operations carried out by them. For example, in the case of most manufacturing enterprises, the principal items of expenses would include the cost of raw materials consumed, labour cost and other conversion costs. On the other hand, in the case of a trading enterprise, the principal items of expenses would generally be the cost of goods sold. In the case of an enterprise supplying, providing, maintaining and operating any services, the principal items of expense would include personnel and professional expenses, office maintenance, etc. (c) The amount of some expenses has a logical relationship with certain other financial statement items while the amount of some other expenses does not have such a relationship. For example, in an enterprise where the production process is standardised, the 3 Reference may be made in this regard to the Guidance Note on Accrual Basis of Accounting. 457 Handbook of Auditing Pronouncements-II consumption of raw materials (and, therefore, the cost of raw materials consumed) has a logical relationship with the quantum of output. Similarly, the proportion of various constituents of cost of production is expected to remain more or less constant in the absence of known conditions to the contrary. Likewise, proportion of the amount of interest for a period to the amount of loans outstanding during the period is expected to vary within certain specific limits. On the other hand, the expenditure on research and development often has little relationship with other items in the financial statements. (d) The amount of some items of expenses (e.g., gratuity, taxes, bonus, etc.) is significantly affected by applicable laws. 4. In an audit, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions (see SA 500, Audit Evidence). In carrying out an audit of expenses, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to corroborate the management's assertions regarding the following: Occurrence that recorded expenses arose from transactions or events which took place during the relevant period and pertain to the entity. Completeness that there are no unrecorded expenses. Measurement that expenses are recorded in the proper amounts and are allocated to the proper period. Presentation and that expenses are disclosed, classified, and Disclosure described in accordance with recognised accounting policies and practices and relevant statutory requirements, if any. 5. In view of the divergence in the nature of expenses incurred by different enterprises, it is not possible to describe the audit procedures applicable in carrying out an audit of expenses in all situations. This Guidance Note provides guidance on procedures to be employed in carrying out an audit of expenses which would be applicable in the case of most enterprises. It is recognised, however, that audit procedures different from or additional to 458 Audit of Expenses those described in this Guidance Note may be necessary in a particular case, depending upon its specific facts and circumstances. Internal Control Evaluation 6. The auditor should study and evaluate the system of internal control relating to expenses, to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects of internal control relating to expenses: 4 (a) The systems and procedures relating to incurring of expenses including authorisation procedures. (b) Accounting procedures relating to recognition of expenses. (c) Existence of periodic reports on actual performance vis a vis budgets and internal management reports, if any. Verification 7. Verification of expenses may be carried out by employing the procedures, viz., (a) examination of records; and (b) analytical procedures. The nature, timing and extent of substantive procedures to be performed is, however, a matter of professional judgment of the auditor which is based, inter alia, on the auditor's evaluation of the effectiveness of the related internal controls. The auditor should examine whether the basis of recognition of expenses by the entity is in accordance with the recognised accounting principles. (a) Examination of Records 8. Examination of records and documents is one of the most important techniques of auditing. An auditor has to examine a large number of documents in the course of an audit since most transactions are supported only by documentary evidence. The accounting systems of business enterprises are so designed that documentary evidence is created in respect of each transaction. The auditor should carry out an examination of the 4 The extent of review of internal controls would depend upon the facts and circumstances of each case. Reference may be made in this regard to the "Internal Control Questionnaire", issued by the Institute of Chartered Accountants of India in 1976 which contains, inter alia, an illustrative list of internal controls in relation to petty cash, cash and bank payments, salaries and wages and purchases. 459 Handbook of Auditing Pronouncements-II relevant records to satisfy himself about the validity, accuracy and other assertions with regard to various expenses incurred by the entity. The extent of such examination would depend on the auditor’s evaluation of the efficacy of internal controls. (b) Analytical Procedures 9. The auditor should conduct analytical procedures which involve analysis of significant ratios and trends, including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or which deviate from predicted amounts.5 10. The following paragraphs describe the audit procedures applicable in respect of various items of expenses. Goods and Raw Materials Consumed 11. The auditor's examination of the cost of goods, stores and materials consumed during the year would involve, inter alia, examination of purchases of goods and materials made during the year as well as of purchase returns and of opening and closing inventories. Purchases and Purchase Returns 12. The auditor should examine whether the entity has instituted adequate cut-off procedures in relation to purchases and purchase returns. The objective of cut-off procedures is to ensure that the transactions pertaining to a period are recorded in that period and not in a preceding or subsequent period. The auditor should examine the efficacy of such procedures. The auditor can examine the selected receipt documents (such as goods received notes) pertaining to a few days immediately before the year-end and verify that the related purchase invoices have been recorded as purchases of the current year. The auditor should pay particular attention to the cut-off procedures relating to purchases, both indigenous and imported, to determine whether these procedures ensure recognition of purchases at the time the significant risks and rewards of ownership of the related goods pass on to the entity. 13. The auditor should examine selected entries in the purchase journal with reference to the related purchase invoices, receipt records and other 5 Refer to Standard on Auditing (SA) 520, “Analytical Procedures”. 460 Audit of Expenses supporting documents such as the purchase orders. The auditor should also trace the selected entries to the suppliers' account. 14. While examining purchase invoices, the auditor should examine whether subsidies, rebates, duty drawbacks or other similar items have been properly accounted for. As per AS 2, costs of purchase consist of the purchase price including duties and taxes (other than those subsequently recoverable by the enterprise from the taxing authorities), freight inwards and other expenditure directly attributable to the acquisition. Trade discounts, rebates, duty drawbacks and other similar items are deducted in determining the costs of purchase. 15. The auditor should also examine selected receipt records with reference to related purchase invoices and the purchase journal. 16. The auditor should examine selected entries of purchase returns with reference to the goods returned notes, debit notes and entries in the suppliers' accounts. Similarly, the auditor should examine selected debit notes with reference to purchase returns, goods returned notes, and entries in the suppliers' accounts. 17. In case of transactions between related parties, the auditor should pay special attention to nature and description of such transactions.6 18. The auditor should obtain a representation from the management to the effect that the entity has complied with the legal and regulatory requirements, if any. When the auditor becomes aware of non-compliance, the auditor should obtain sufficient information to evaluate the possible effect in the financial statements. The auditor should also consider communication/reporting of non-compliance with the management including audit committee, users of financial statements and to regulatory authorities, as may be appropriate.7 19. In respect of imports, the auditor should carry out the following procedures in addition to the usual audit procedures applicable in respect of domestic purchases. 6Refer to Accounting Standard (AS) 18, “Related Party Disclosures”. 7 Refer to Standard on Auditing (SA) 250, “Consideration of Laws and Regulations in an Audit of Financial Statements”. 461 Handbook of Auditing Pronouncements-II (a) Besides examining the usual documents relating to purchases, the auditor should also examine such documents as bill of lading, custom documents, etc., which are specific to import transactions. (b) The auditor should pay special attention to the terms of import relating to the incidence of charges like insurance and freight, i.e., whether the imports are on C.I.F. basis, or F.O.B. basis, or some other basis. (c) The auditor should examine that imports for which consideration is payable in a foreign currency are recorded at an appropriate amount in accordance with Accounting Standard (AS) 11, Accounting for the Effects of Changes in Foreign Exchange Rates. 20. In addition to the audit procedures discussed above, the following analytical procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions relating to purchases. (a) Comparison, item-wise and location-wise, both quantity and value, of purchases for the current year/period with the corresponding figures for previous years/periods. (b) Comparison of ratio of gross margin to sales for the current year/period with the corresponding figures for previous years/periods. (c) Comparison of ratio of purchase returns to purchases for the current year/period with the corresponding figures for previous years/periods. (d) Product-wise reconciliation of quantity sold during the year/period with opening stock, purchases/production and closing stock. Apart from the above, the auditor may also work out quantitative ratios and reconciliations, e.g., he may relate the quantum of output to the quantum of input to judge its reasonableness. In case segment information is available, the above procedures may be carried out for each segment. 21. The auditor should also verify payments subsequent to the date of the balance sheet to identify any purchases which have not been recorded in the books of account. Wages and Salaries 22. The auditor should examine the entries in the payroll/wage sheets with reference to relevant records, e.g., employee’s records maintained by the personnel department showing details of pay such as basic pay, allowances, 462 Audit of Expenses annual increments, leaves availed, etc. Special attention may also be paid by auditor in respect of new employees joining the entity during the year. Similarly, the payroll may also be examined with reference to the time records/attendance records and leave records maintained by the personnel department. The deductions made in respect of income-tax, provident fund, Employees’ State Insurance (ESI), welfare schemes, health schemes, etc., may be examined with reference to the returns submitted to the authorities concerned and the receipts/acknowledgments issued by such authorities. 23. The auditor should examine whether any legal, regulatory or contractual requirements having a bearing on the rate or amount of wages and salaries have been complied with. Similar considerations would also apply to payments made to a contractor for hire of labour. Such requirements would include, inter alia, the provisions of the Minimum Wages Act, 1948, agreement with the employees, award of competent authority and judicial rulings. 24. In the case of senior management officials, the auditor should pay particular attention to determining whether the salaries payable are as per the terms of contract with the employees concerned. Special requirements of terms of contract such as granting stock options (as per schemes formulated by SEBI), availing leave encashment, total amount payable annually including ex-gratia, etc., should be specifically looked into. 25. In the case of casual labour, besides carrying out the other audit procedures, the auditor should specifically examine the sanction of the competent authority for employment of such labour and ascertain whether such employees are retained as per the time rate or piece-rate basis. In appropriate cases, the auditor may pay a surprise visit to the sites where the casual labour is employed to assess the correctness of the attendance records maintained in respect of such labour. In cases where complete outsourcing of labour has been given to an outside agency, the terms of agreement and compliance thereof would be examined. 26. The auditor should obtain a list of employees who have retired or otherwise left the services of the entity during the period under audit and examine that they have not been included in the payroll. 27. In addition to the audit procedures discussed above, the following analytical procedures may often be helpful as a means of obtaining audit evidence regarding the various assertions relating to wages and salaries: 463 Handbook of Auditing Pronouncements-II (a) comparison of wage bill for the year/period with the wage bill of previous years/periods; (b) comparison of the monthly wages and salaries of a month with other months during the year/period and with the corresponding month of the previous years/periods; (c) comparison of the wage bill for each department/unit for the current year/period with the corresponding figures for previous years/periods; (d) comparison of the ratios of wages and salaries to sales for the current year/period with the corresponding figures for the previous years/periods; (e) comparison of the ratio of wages and salaries to cost of production for the current year/period with the corresponding figures for previous years/periods; (f) comparison of the ratio of contribution towards provident fund to wages and salaries for the current year/period with the corresponding figures for previous years/periods; (g) comparison of the ratio of contribution towards provident fund to wages and salaries for the current year/period with the rate(s) of contribution specified under the law governing provident fund; (h) comparison of the ratio of contribution towards ESI to wages and salaries for the current year/period with the corresponding figure for previous years/periods; (i) comparison of the ratio of contribution towards ESI to wages and salaries for the current year/period with the rate(s) of contribution specified under the law governing the ESI. Bonus 28. In the case of provision for bonus, the auditor should examine whether the liability is provided for in accordance with the Payment of Bonus Act, 1965, and/or agreement with the employees or award of competent authority. Where the bonus actually paid is in excess of the amount required to be paid as per the provisions of the applicable law/agreement/award, the auditor should specifically examine the authority for the same (e.g., resolution of the board of directors in the case of a company). 464 Audit of Expenses Retirement Benefits 29. The auditor should examine whether the entity is liable to pay any retirement benefits to its employees such as provident fund, superannuation/pension, gratuity, etc., whether in pursuance of requirements of any law and/or in terms of agreement with the employees8. If so, the auditor should examine whether the amount payable has been computed in accordance with the relevant legal and/or contractual requirements. In respect of gratuity/pension, the auditor should specifically examine whether the provision for accruing gratuity/pension liability has been made by the entity. The auditor should examine the adequacy of provision with reference to the actuarial certificate obtained by the entity9. In case the entity has not obtained such an actuarial certificate, the auditor should examine that the method followed by it, say, group gratuity insurance scheme taken by the entity, for calculating the accrued liability for gratuity is rational. Other Conversion Costs 30. The auditor should verify the other conversion costs (such as power and fuel, processing charges, etc.) with reference to the supporting documents and related agreements. In case the material is sent outside to third parties for processing, necessary charges including existence of materials, wastage, etc., need to be ascertained and accounted for. In addition, the auditor may also compare the amount of expense on a particular item with the corresponding figure for previous years. Similarly, he may work out the ratios of different items of conversion costs to total cost of production for the current year and compare the same with the corresponding figures for previous years. Establishment and General Administrative Expenses 31. The auditor should verify establishment expenses and general administrative expenses such as insurance, rent, rates, conveyance, travelling, telephone, entertainment, printing and stationery, general expenses, etc., with reference to the sanction of the competent authority, the supporting documents, related agreements and the rules and regulations 8Attention is invited in this regard to Accounting Standard (AS) 15, “Employees Benefits”. 9Attention is also invited in this regard to Standard on Auditing (SA) 620, “Using the Work of an Auditor’s Expert”. 465 Handbook of Auditing Pronouncements-II followed by the entity. The auditor may also compare the amounts of these expenses with the corresponding figures for previous years. Similarly, he may work out the ratios of different items of expenses to sales for the current year and compare the same with the corresponding figures for previous years. Interest and Financial charges 32. The auditor should verify the amount of interest expense for the year with reference to the terms and conditions of relevant agreements. The auditor may also work out the ratio of interest expense for the year to average interest-bearing loans and advances outstanding during the year and compare it with the corresponding figure for previous years and reconcile the same. The auditor should particularly examine that interest as well as other financing costs such as commitment fees on funds borrowed for a qualifying asset included in the gross book value of the asset to which they relate and have not been charged to the Profit and Loss Account of the period in which they are incurred10. If the entity has paid any penal interest, it should also be examined. Such interest should be disclosed as part of normal interest. The auditor should consider, having regard to the materiality, whether it requires separate disclosure. Depreciation 33. The auditor should check the calculation of depreciation. The total depreciation arrived at should be compared with that of previous years to identify reasons for variations. The auditor should particularly examine whether the depreciation charge having regard to rate of depreciation and method of depreciation followed consistently is adequate keeping in view the generally accepted bases of accounting for depreciation11. Alternatively, the auditor may consider qualifying his report. In case, assets have been revalued by entity during the year, the auditor should ensure that the depreciation has been computed properly. Research and Development Expenses 34. The auditor should verify various items of expenses incurred on research and development with reference to supporting documents and 10 Attention is invited in this regard to Accounting Standard (AS) 16, “Borrowing Costs”. 11 Attention is also drawn to Accounting Standard (AS) 6, “Depreciation Accounting”. 466 Audit of Expenses related agreements. For example, the cost of materials consumed for research and development may be verified with reference to such documents as purchase invoices, goods received notes, records relating to issue of materials, etc. The auditor should particularly examine whether the accounting policy followed by the entity regarding treatment of research and development costs is in accordance with Accounting Standard (AS) 8, “Accounting for Research and Development”. 35. The auditor should examine whether the deferral meets the appropriate legal requirements, if any. If an accounting policy for deferral of research and developments is adopted, it should be applied to all such projects which meet the criteria laid down for deferral under AS 8. The auditor should examine whether the criteria laid down in AS 8 which previously justified the deferral of certain research and development costs no longer apply, the unamortised balance has been charged as an expense of the year. Similarly, the auditor should examine that where the criteria for deferral continue to be met but the amount of unamortised balance of the deferred research and development costs and other relevant costs exceed the expected future revenues/benefits related thereto, such excess has been charged as an expense immediately. Repairs and Maintenance 36. The auditor should scrutinise the repairs and maintenance account to ascertain that new fixed assets and substantial improvements to existing assets have not been included in repairs and maintenance. The auditor should exercise special care particularly in case large amounts charged to the Profit and Loss Account. Contingencies 37. In respect of product warranties, service contracts, performance warranties, etc., the auditor should examine whether provisions have been made in accordance with Accounting Standard (AS) 4, “Contingencies and Events Occurring After the Balance Sheet Date”. The auditor should also examine the reasonableness of the basis adopted for quantifying the provision with reference to the relevant agreements and the assessment based on his past experience. 467 Handbook of Auditing Pronouncements-II Taxes on Income 38. The auditor should examine that tax expense or tax saving has been properly computed and disclosed in the financial statements12. The tax expense for the period which comprises current tax and deferred tax is to be included in the determination of net profit or loss for the period under audit. In case of companies attracting minimum alternate tax, it has to be ensured that proper provision has been considered in the accounts. The auditor should examine that the deferred taxes have been recognised for all timing differences subject to consideration of prudence in respect of deferred tax assets as set out in Accounting Standard (AS) 22, Accounting for Taxes on Income. If there is a material departure from the provisions of AS 22, the auditor should qualify his report. 39. In respect of assessments completed, revised or rectified during the year, the auditor should examine whether suitable adjustments have been made in respect of additional demands or refunds, as the case may be. The relevant orders received up to the time of audit should be considered and, on this basis, it should be examined whether adjustment is required in the financial statements. 40. If the entity disputes its liability in regard to demands raised, the auditor should examine whether there is a positive evidence or action on the part of the entity to show that it has not accepted the demand for payment of tax or duty, e.g., where it has gone into appeal under relevant provisions of the Income-tax Act, 1961. Where an application for rectification of mistake has been made by the entity, the amount should be regarded as disputed. Where the demand notice/intimation for the payment of tax is for a certain amount and the dispute relates to only a part and not the whole of the amount, only such amount should be treated as disputed. A disputed tax liability may require a provision or suitable disclosure (see Accounting Standard 4, Contingencies and Events Occurring After the Balance Sheet Date). In determining whether a provision is required, the auditor should, among other procedures, make appropriate inquiries of management, review minutes of the meetings of the board of directors and correspondence with the entity's lawyers, and obtain appropriate management representations. 12 Attention is drawn to Accounting Standard (AS) 22, “Accounting for Taxes on Income”. 468 Audit of Expenses 41. The auditor should obtain from the management, a statement showing the status of pending tax matters. He should examine the statements to assess the adequacy of provisions made in respect of those matters in the context of their current status. Special Considerations in the Case of a Company 42. In the case of audit of a company, in addition to the procedures described above, the auditor should also carry out appropriate audit procedures in respect of matters which are specifically required to be examined under the provisions of the Companies Act, 1956. Some of the illustrative procedures specifically applicable in the case of audit of a company are described below. It may be clarified that the following is not an exhaustive list of additional procedures to be carried out in the case of audit of expenses in the case of a company. (a) The auditor should examine whether the managerial remuneration paid or payable by the company is within the limits laid own under section 198 and Schedule XIII to the Companies Act, 1956. The auditor should also examine whether the remuneration paid or payable to the directors of the company, including any managing or whole-time director, has been determined by the Articles of Association of the company or by a resolution of the company passed in a general meeting. The auditor should also examine whether the remuneration of directors complies with the provisions of section 309 of the Companies Act, 1956. The auditor should further examine whether the computation of net profit for purposes of managerial remuneration is in accordance with sections 349 and 350 of the Companies Act, 1956. (b) The auditor should examine whether the contributions, if any, made by the company to charitable and other funds not directly relating to the business of the company or the welfare of its employees comply with the provisions of section 293 of the Companies Act, 1956. According to this section, the board of directors of a public company cannot, except with the consent of the company in general meeting, contribute to charitable and other funds not directly relating to the business of the company or the welfare of its employees, any amounts the aggregate of which will, in any financial year, exceed Rs.50,000 or 5 per cent of the average net profits of the company as determined in accordance with the provisions of section 349 and section 350 during the three financial 469 Handbook of Auditing Pronouncements-II years immediately preceding, whichever is greater. The auditor should examine whether the Memorandum of Association of the company empowers it to make contributions to charitable or other funds not directly relating to the business of the company or the welfare of its employees. If the objects clause in the Memorandum does not contain such authority, the company has no power to make such contributions. The auditor should ask the management to prepare a schedule of contributions to various funds covered by section 293 made during the year, giving the names of the institutions to which contributions have been made, the amounts paid and the dates on which the contributions were approved by the board of directors. He should also ask the management to prepare a computation showing the limits of permissible contributions which can be made under this section. (c) The auditor should examine whether political contributions made by the company are within the limit prescribed in section 293A of the Companies Act, 1956.13 Where the limit laid down under section 293A is adhered to and the facts are properly disclosed, the auditor has no further duty. Where, however, the facts regarding such contributions are not properly disclosed, the auditor should qualify his report and state the facts therein. Where the auditor has genuine doubt regarding the applicability of the Section, he should ensure that the fact is properly disclosed in his audit report. Where the auditor is satisfied that political contributions have been made in excess of the limit prescribed in section 293A, he should bring this to the attention of the shareholders by qualifying his audit report and making a mention of the excess amount involved, if ascertainable. The auditor should obtain a certificate from company's board of directors to the effect that all amounts of contributions to political parties or for any political purpose to any person falling under the provisions of section 293A have been brought into the books of account of the company and that no amounts of such nature other than those so included in the books have been paid/given, directly or indirectly. 13 Reference may be made in this regard to the Guidance Note on Section 293A of the Companies Act and the Auditor. 470 Audit of Expenses (d) The auditor should examine whether the contribution, if any, to the National Defence Fund or any other fund approved by the Central Government for the purpose of national defence complies with the provisions of section 293B of the Companies Act, 1956. This section empowers the board of directors to make such contributions. It may be noted that unlike the contributions to charitable or other funds not directly relating to the business of the company or to the welfare of its employees, contributions to National Defence Fund (or other similar funds) can be made by a company even where the Memorandum of Association of the company does not specifically empower it in this regard. The auditor should examine whether the total amount or amounts contributed by the company to the National Defence Fund (or other similar funds) during the year have been suitably disclosed in the profit and loss account. (e) In respect of payments to sole-selling agents, the auditor should examine whether the provisions of sections 294, 294A and 294AA have been complied with. (f) The auditor should examine whether the provisions of section 297 have been complied with in appropriate cases. He should also examine compliance with the terms and conditions, if any, stipulated by the Central Government in its approval under the proviso to sub-section (1) of section 297. (g) In case any partner or relative of a director of the company, any firm in which such director, or relative of such director, is a partner, any private company of which such director is a director or member, or any director, or manager of such a private company, holds any office or place of profit under the company or under any subsidiary of the company, the auditor should examine whether the provisions of section 314 have been complied with. (h) The auditor should examine whether any personal expenses have been charged to revenue account. (i) The auditor should examine whether the transaction of purchase of goods and materials and services, made in pursuance of contracts or arrangements entered in the register(s) maintained under section 301 of the 471 Handbook of Auditing Pronouncements-II Companies Act, 1956, as aggregating during the year to Rs. 50,000@ (Rupees Fifty Thousand) or more in respect of each party, have been made at prices which are reasonable having regard to prevailing market prices for such goods, materials and services or the prices at which transaction for similar goods or service have been made with other parties.14 (j) The auditor should examine whether any undisputed amounts payable in respect of income tax, wealth tax, sales tax, customs duty and excise duty were outstanding as at the last day of financial year concerned, for a period of more than six months from the date they became payable have been reported under MAOCARO, 1988@@. Examination of Presentation and Disclosure 43. The auditor should satisfy himself that the expenses have been properly classified and disclosed in the financial statements. Where the relevant statute lays down any disclosure requirements in this behalf, the auditor should examine whether the same have been complied with. Management Representation 44. The auditor should consider obtaining a management representation on expenses charged to the statement of profit or loss when other sufficient appropriate audit evidence cannot reasonably be expected to exist.15 Documentation 45. The auditor should maintain adequate working papers regarding audit of expenses.16 @ This limit has been enhanced to Rs. five lacs by the Companies (Auditor’s Report) Order, 2003. 14 Reference may be made in this regard to Statement on the Companies (Auditor's Report) Order, 2003 (Revised in 2005). @@ Replaced by the Companies (Auditor’s Report) Order, 2003. 15 Reference may be made in this regard to Standard on Auditing (SA) 580, “Written Representations”. 16 Reference may be made in this regard to Standard on Auditing (SA) 230, “Audit Documentation”. 472 24 GUIDANCE NOTE ON SPECIAL CONSIDERATIONS IN THE AUDIT OF SMALL ENTITIES The Guidance Note has been withdrawn pursuant to the decision of the Council of ICAI taken at its 324th meeting held in March 2013. The entire text of the Guidance Note has been given in Vol. II of Handbook of Auditing Pronouncements 2012 edition. 25 GUIDANCE NOTE ON AUDIT OF MISCELLANEOUS EXPENDITURE (REVISED)* Contents Paragraph(s) Introduction ................................................................................. 1-9 Internal Control Evaluation ........................................................... 10 Verification ................................................................................ 11-13 Preliminary Expenses............................................................... 14-28 Expenses Related to Subscription or Issue of Shares .......... 20-24 Research and Development Expenditure ............................. 25-28 Other Items ............................................................................... 29-30 Disclosures .................................................................................... 31 * Issued in September, 2003. The Guidance Note on Audit of Miscellaneous Expenditure shown in the Balance Sheet shall stand withdrawn in respect of audit of financial statements of enterprises for which AS 26, “Intangible Assets” has become mandatory and in respect of entity that has chosen to apply AS 26 to account for intangible assets. Audit of Miscellaneous Expenditure Introduction 1. The following is the text of the Guidance Note on Audit of Miscellaneous Expenditure. This Guidance Note provides guidance on audit procedures to be applied while auditing miscellaneous expenditure. This Guidance Note also provides guidance for audit of items that generally constitute miscellaneous expenditure when Accounting Standard (AS) 26, “Intangible Assets” comes into effect or is voluntarily applied by an enterprise in accounting for intangible assets. This Guidance Note, however, does not provide any guidance on audit of intangible assets that are recognised in accordance with AS 26. The guidance provided herein is restricted to only those items which were hitherto (before application of AS 26—whether mandatory or otherwise) being classified as items of miscellaneous expenditure, but because of application of AS 26, accounting treatment of such items would change. 2. ‘Miscellaneous expenditure’ shown in the balance sheet of companies (or shown under this or some other appropriate heading in the balance sheet of other enterprises) embraces within its fold a variety of items of expenditure which are not entirely charged to income in the year in which they are incurred, but are carried forward in the balance sheet to be written-off in subsequent periods. Unless some benefit from the expenditure can reasonably be expected to be received in future and unless the amount of such benefit is reasonably determinable, there is no justification for carrying forward the expenditure for being written-off in subsequent periods. Also, the amount of expenditure to be carried forward should not exceed the expected future revenue/other benefits related to the expenditure. 3. The Guidance Note deals with the audit considerations related to the following items that normally constitute 'miscellaneous expenditure': (a) preliminary expenses; (b) expenses including commission or brokerage on underwriting or subscription of shares or debentures including discount allowed on the issue of shares or debentures; (c) research and development expenditure, etc. 4. The Council of the Institute of Chartered Accountants of India has issued Accounting Standard (AS) 26, “Intangible Assets”. The objective of this AS 26 is to prescribe the accounting treatment for intangible assets that 475 Handbook of Auditing Pronouncements-II are not dealt with specifically in another Accounting Standard. AS 26 requires an enterprise to recognise an intangible asset if, and only if, certain criteria are met. The accounting standard also specifies how to measure the carrying amount of intangible assets and requires certain disclosures about intangible assets. Consequently, the accounting treatment of some of the items that generally constitute 'miscellaneous expenditure' would change as and when an enterprise adopts Accounting Standard 26 'Intangible Assets' to account for intangible assets. 5. Accounting Standard (AS) 26, “Intangible Assets” comes into effect in respect of expenditure incurred on intangible items during accounting periods commencing on or after 1-4-2003 and is mandatory in nature from that date for the following: (i) Enterprises whose equity or debt securities are listed on a recognised stock exchange in India, and enterprises that are in the process of issuing equity or debt securities that will be listed on a recognised stock exchange in India as evidenced by the board of directors’ resolution in this regard. (ii) All other commercial, industrial and business reporting enterprises, whose turnover for the accounting period exceeds Rs. 50 crores. In respect of all other enterprises, the Accounting Standard comes into effect in respect of expenditure incurred on intangible items during accounting periods commencing on or after 1-4-2004 and is mandatory from that date. The Accounting Standard, however, encourages earlier application. 6. In respect of intangible items appearing in the balance sheet as on the aforesaid date, i.e., 1-4-2003 or 1-4-2004, as the case may be, the Standard has limited its application as stated in paragraph 99 of AS 26. From the date of this Standard becoming mandatory for the concerned enterprises, the following stand withdrawn: (i) Accounting Standard (AS) 8, “Accounting for Research and Development”; (ii) Accounting Standard (AS) 6, “Depreciation Accounting”, with respect to the amortisation (depreciation) of intangible assets; and (iii) Accounting Standard (AS) 10, “Accounting for Fixed Assets” - paragraphs 16.3 to 16.7, 37 and 38. 7. Since AS 26, applies to different entity from different dates, it may happen that certain enterprises, till the date the standard becomes mandatory for them 476 Audit of Miscellaneous Expenditure may continue to defer the expenditure incurred on items that normally constitute “miscellaneous expenditure”. Once an entity applies AS 26 to account for intangible assets, the expenditure incurred on items that normally constitute miscellaneous expenditure shall be governed by the Standard, except in the case of already appearing miscellaneous expenditure in the balance sheet which is to be accounted for using paragraph 99 of AS 26. 8. The following features of miscellaneous expenditure have an impact on the related audit procedures. (a) The items of expenditure included under this heading do not represent any tangible asset. (b) The expenditure on these items is usually of a non-recurring nature. (c) There is a justification for deferring the expenditure on the basis that the benefits from the expenditure can reasonably be expected as flowing into the future the amount of such benefits is reasonably determinable, and the amount of deferred expenditure does not exceed the expected future benefits related thereto. (d) Unless some fresh expenditure is incurred, the balance in these items reduces each year by the amount written-off in the year. 9. The auditor’s primary objective in audit of items that generally constitute miscellaneous expenditure is to satisfy himself that — (a) in case where some items are shown in the balance sheet under the head Miscellaneous Expenditure whether it is proper to defer the expenditure; (b) in case where some items are shown in balance sheet under the head ‘Miscellaneous Expenditure’, the period of amortisation of the expenditure is reasonable; (c) the expenditure shown to have been incurred during the year actually occurred during the year and there is proper authority for the expenditure and for its deferral; (d) the criteria which previously justified the deferral of the expenditure continue to be met and the expected future revenue/other benefits related to the expenditure continue to exceed the amount of unamortised expenditure. (e) Where the entity has applied AS 26, for accounting for items that normally constitute miscellaneous expenditure, whether the same has 477 Handbook of Auditing Pronouncements-II been done in accordance with the Standard and the already appearing items under the head miscellaneous expenditure have been dealt with in accordance with paragraph 99 of AS 26. Internal Control Evaluation 10. The auditor should study and evaluate the system of internal control relating to the various items of miscellaneous expenditure to determine the nature, timing and extent of his other audit procedures. He should particularly review the following aspects. (a) There should be a system of control over expenditure incurred on these items. An effective method of exercising such control is budgeting which, apart from ensuring proper authorisation of the expenditure incurred, also shows in general how effectively such expenditure is being controlled. This is accomplished through periodical comparisons of actual with budgeted figures. (b) Accountability should be established over each item of such expenditure. This can be achieved, inter alia, by up-to-date maintenance of proper records. (c) The system should ensure that reliable information (including reports of experts) is available for assessment of the results achieved against the objectives and estimates of the expenditure determined originally. Verification 11. The nature, timing and extent of substantive procedures to be performed are matters of professional judgment of the auditor which is based, inter alia, on the auditor’s evaluation of the effectiveness of the related internal controls. 12. While verifying an item of miscellaneous expenditure in the year in which the relevant expenditure is incurred, the auditor should satisfy himself regarding the amount of such expenditure and its deferral as also regarding the reasonableness of the period of amortisation of the expenditure. Till the amount is fully amortised, the auditor should examine every year that a proper amount is amortised during the year by way of a charge to income for the year (and not as its appropriation). The auditor should also examine every year that the criteria which previously justified the deferral of the expenditure continue to be met. If those criteria no longer apply, the auditor should examine whether the unamortised balance has been charged as expense immediately. Where the auditor finds that the criteria for deferral continue to be met but the amount 478 Audit of Miscellaneous Expenditure of unamortised balance of the expenditure exceeds the expected future revenue/other benefits related thereto, the auditor should examine whether such excess has been charged as an expense immediately. 13. The applicability of AS 26 on items that generally constitute miscellaneous expenditure and special considerations in audit of various items of miscellaneous expenditure when AS 26 is applied are discussed in subsequent paragraphs of this Guidance Note. Preliminary Expenses 14. Preliminary expenses are the expenses relating to the formation of an enterprise. For example, in the case of a company, preliminary expenses would normally include the following. (a) Legal cost in drafting the memorandum and articles of association. (b) Fees for registration of the company. (c) Cost of printing of the memorandum and articles of association and statutory books of the company. (d) Any other expenses incurred to bring into existence the corporate structure of the company. 15. Paragraph 55 of AS 26 requires that expenditure on an intangible item should be recognised as an expense when it is incurred unless: (a) it forms part of the cost of an intangible asset that meets the recognition criteria laid down in paragraphs 19-54 of AS 26; or (b) the item is acquired in an amalgamation in the nature of purchase and cannot be recognised as an intangible asset. If this is the case, this expenditure (included in the cost of acquisition) should form part of the amount attributed to goodwill (capital reserve) at the date of acquisition. 16. Paragraph 56 of AS 26 provides some examples where the expenditure is recognised as an expense when it is incurred. The examples given include, expenditure on start-up of activities (start-up costs), unless this expenditure is included in the cost of an item of fixed asset under AS 10. Start-up costs may consist of preliminary expenses incurred in establishing a legal entity such as legal and secretarial costs, expenditure to open a new facility or business (pre-opening costs) or expenditures for commencing new operations or launching new products or processes (pre-operating costs). 479 Handbook of Auditing Pronouncements-II 17. Preliminary expenses, therefore, incurred on or after the date on which the Standard becomes mandatory for an enterprise or the preliminary expenses incurred on or after the date on which the enterprise opts to apply the Standard in the preparation and presentation of financial statements would be written off in the year in which they are incurred. The expenditure on preliminary expenses shall not be carried forward in the balance sheet to be written off in subsequent accounting periods. 18. Preliminary expenses already shown in the balance sheet on the date the Standard is first applied would be required to be accounted for in accordance with the requirements laid down by paragraph 99 of AS 26. 19. The auditor should verify these expenses with reference to supporting documents such as invoices and contracts relating to these expenses. In the case of a company, the auditor should also examine that the reimbursement of such expenses to promoters is in accordance with the disclosures made in the prospectus. Compliance with legal provisions regarding reimbursement of the promoters’ expenses should be specifically examined. In addition to the audit procedures mentioned above, the auditor should also apply the following audit procedures with regard to preliminary expenditure: (a) The auditor should verify whether the preliminary expenses incurred on or after the date the Standard is applied by the enterprise are entirely charged to the profit and loss account in the year in which they are incurred. (b) In the case of preliminary expenses already appearing in the balance sheet on the date the Standard is applied, the auditor should satisfy himself that the estimate made by the management of the enterprise of the useful life of the preliminary expenses is appropriate. (c) The auditor should verify whether the carrying amount of the preliminary expenses already appearing in the balance sheet is eliminated with a corresponding adjustment to the opening balance of the revenue reserve in case the amortisation period determined under paragraph 63 of AS 26 has already expired. (d) The auditor should satisfy himself that the preliminary expenses already appearing in the balance sheet are being amortised in accordance with the requirements of AS 26 in case the amortisation period determined under paragraph 63 of AS 26 has not expired. Expenses Related to Subscription or Issue of Shares 20. Expenses related to subscription or issue of shares include commission or brokerage on underwriting or subscription of shares or debentures, 480 Audit of Miscellaneous Expenditure discount allowed on issue of shares or debentures. AS 26 excludes from its scope certain activities or transactions which are so specialised that they give rise to accounting issues that may need to be dealt with in a different way. Such accounting issues, inter alia, are accounting for discount or premium relating to borrowings and ancillary costs incurred in connection with the arrangement of borrowings, share issue expenses and discount allowed on the issue of shares. 21. The auditor should examine whether the payment of brokerage, commission, etc., is authorised by articles of association or other rules/regulations and is in accordance with the provisions of the relevant statute. 22. The auditor should also examine whether the rates of commission paid or payable to brokers and underwriters are in accordance with the disclosures made in the prospectus. The auditor should verify the commission with reference to the agreements with brokers and underwriters. 23. The auditor should examine the certificate issued by the merchant bankers with regard to commission payable to underwriters, and ensure that the payment made to underwriters is in accordance with such certificate. 24. Other expenses on issue of shares or debentures, such as fees of the managers to the issue, fees of the registrars to the issue including mailing and handling charges, fees of the advisors to the issue, advertisement expenses, expenses on printing and supply of prospectus and application forms, expenses on printing of share/debenture certificates, etc., should be verified with reference to supporting documents such as invoices, agreements, etc. The auditor should also examine whether the limits on such expenses as laid down in the applicable statute have been complied with. Research and Development Expenditure 25. Entities generally incur expenditure on research and development activities. Paragraph 41 of AS 26, Intangible Assets provides that no intangible asset arising from research or from the research phase of an internal project should be recognised and should therefore, be charged as an expenses, as and when incurred. According to AS 26, expenditure incurred in the development or during the development phase of an enterprise is required to be recognised as an intangible asset if, and only if, the requirements of paragraph 44 of AS 26 are met. It may be noted that the expenditure incurred on research or incurred during the research phase of an enterprise are required to be recognised as an expense when such expenses are incurred. 481 Handbook of Auditing Pronouncements-II 26. The expenditure, therefore, incurred in the development or during the development phase of an enterprise on or after the date on which the Standard becomes mandatory for an enterprise or the preliminary expenses incurred on or after the date on which the enterprise opts to apply the Standard in the preparation and presentation of financial statements would be recognised as an asset if the requirements of paragraph 44 of AS 26 are met. Where the expenditure qualifies to be recognised as an intangible asset then the requirements, related to carrying amount of the intangible asset, its amortisation and disclosures, laid down by AS 26 shall apply to the development expenditure. 27. The development expenditure shown in the balance sheet on the date on which the Standard is first applied shall be accounted for in accordance with the requirements of paragraph 99 of AS 26 from that date. If any expenditure incurred on the research or during the research phase of an enterprise already appears in the balance sheet, the same shall also be required to be accounted for in accordance with paragraph 99 of AS 26 from the date the Standard is first applied by the enterprise. 28. The auditor should perform the following audit procedures with regard to research and development expenditure: (a) The auditor should verify the research expenditure and development expenditure with reference to supporting documents such as purchase invoices, agreements with third parties etc. A variety of expenses may be incurred by an enterprise during the research phase or development phase of an enterprise. The auditor should apply the procedures mentioned in the Guidance Note on Audit of Expenses with regard to the items of expenditure covered therein. (b) The auditor should verify that the expenses incurred on research or incurred during the research phase of an internal project on or after the date the Standard is first applied by the enterprise are entirely charged to the profit and loss account in the year in which they are incurred; (c) In the case of research and development expenses already appearing in the balance sheet on the date the Standard is first applied, the auditor should satisfy himself that the estimate made by the management of the enterprise of the useful life of such expenses is appropriate; (d) The auditor should verify whether the carrying amount of the research and development expenses already appearing in the balance sheet is eliminated with a corresponding adjustment to the opening balance of 482 Audit of Miscellaneous Expenditure the revenue reserve in case the amortisation period determined under paragraph 63 of AS 26 has already expired. (e) The auditor should satisfy himself that the research and development expenses already appearing in the balance sheet are being amortised in accordance with the requirements of AS 26 in case the amortisation period determined under paragraph 63 of AS 26 has not expired. (f) The auditor should also examine that the intangible asset recognised is accounted for in accordance with the requirements of AS 26. (g) Where an intangible asset has been recognised, the auditor should verify whether the asset so recognised is tested for impairment in accordance with Accounting Standard (AS) 28, “Impairment of Assets”. The auditor should examine whether the test of impairment is appropriate and where impairment has occurred, an impairment loss has be provided for in the financial statements. Other Items 29. Expenditure during construction period includes a variety of expenditure. Some of the expenditure during construction period may also constitute miscellaneous expenditure. Where an enterprise applies AS 26 to account for intangible assets, either voluntarily or is required to do so by operation of the accounting standard itself, the accounting treatment of some of the items of expenditure during construction period might be governed by the principles enunciated in AS 26. The auditor, in such cases, should verify the expense incurred during the construction period with reference to the supporting documents, such as, invoices, contracts, etc., relating to those expenses. The auditor should also verify that the requirements of AS 26 have been complied with in accounting for such items. 30. In case where an enterprise does not apply AS 26 to account for intangible assets because it is not required to do so, the auditor apart from verifying the expense incurred during the construction period with reference to the supporting documents, such as, invoices, contracts, etc., relating to those expenses should also examine whether the deferral and the amortisation of expenditure incurred during the construction period are in accordance with recognised accounting policies and practices (see, for example, Guidance Note on Treatment of Expenditure During Construction Period, issued by the Institute of Chartered Accountants of India). Where the entity incurs heavy expenditure of a revenue nature during the year, the benefits of which are likely to extend beyond that year, the expenditure may sometimes be deferred and written-off over the number of years for which the 483 Handbook of Auditing Pronouncements-II benefits are expected to be derived by the entity. Some instances of such expenditure are removal of business from one location to another and massive advertisement in one year to introduce a product or develop a market. In such cases, the auditor should examine whether the deferred of the expenditure meets the relevant criteria and whether the amount of periodic write-off of the expenditure is appropriate. Disclosures 31. The auditor should examine whether the financial statements contain adequate disclosures as required by AS 26. The auditor should also examine that the financial statements disclose the accounting policy with regard to miscellaneous expenditure. On the first occasion when AS 26 is applied by an enterprise for accounting for items of miscellaneous expenditure, the financial statements should also disclose the change in accounting policy with regard to miscellaneous expenditure in accordance with the requirements of paragraph 32 of Accounting Standard (AS) 5, “Net Profit or Loss for the Period, Prior Period Items and Changes in Accounting Policies”. 484 26 GUIDANCE NOTE ON AUDIT OF CONSOLIDATED FINANCIAL STATEMENTS* Contents Paragraph(s) Introduction ........................................................................................ 1-3 Definitions ............................................................................................. 4 Responsibility of Parent .................................................................... 5-6 Responsibility of the Auditor of the Consolidated Financial Statements.................................................. 7-9 Audit Considerations..................................................................... 10-17 Auditing the Consolidation ........................................................... 18-25 Special Considerations ................................................................. 26-39 Management Representations ............................................................40 Reporting ..............................................................................................41 When the Parent’s Auditor is also the Auditor of its Subsidiaries .......................................................................... 42-43 When the Parent’s Auditor is not the Auditor of its Subsidiary(s)......................................................................... 44-45 Annexures *Issued in September, 2003. With the issuance of this Guidance Note, the Format of Auditor’s Report to the Board of Directors on Consolidated Financial Statements which was published in March, 2002 issue of ‘The Chartered Accountant’ stands withdrawn. Handbook of Auditing Pronouncements-II Introduction 1. The Council of the Institute of Chartered Accountants of India has issued Accounting Standard (AS) 21 ‘Consolidated Financial Statements’ which lays down principles and procedures for preparation and presentation of consolidated financial statements. Consolidated financial statements are presented for a group of entities under the control of a parent. A ‘parent’ is an entity that has one or more subsidiaries. A group comprises a parent and its subsidiaries. Thus, consolidated financial statements are the financial statements of a group presented as those of a single entity. AS 21 is applicable to a parent that presents consolidated financial statements. In other words, whenever a parent decides to prepare and present consolidated financial statements, it should do so in accordance with the requirements of Accounting Standard (AS) 21, Consolidated Financial Statements. 2. Consolidated financial statements normally include consolidated balance sheet, consolidated statement of profit and loss, and notes, explanatory material that form an integral part thereof, and also consolidated cash flow statement (in case a parent presents its own cash flow statement). Consolidated financial statements are presented, to the extent possible, in the same format as adopted by the parent for its separate financial statements. 3. An entity which prepares the consolidated financial statements, either under any law or regulation governing the entity or suo motu, might be required to or otherwise engage a member for conducting the audit of consolidated financial statements.1 The auditor of the consolidated financial statements may not necessarily be the auditor of the separate financial statements of the parent or one or more of the components2 included in the 1 The Securities and Exchange Board of India, vide its circular SMDRP/Policy/Cir.44/01 dated August 31, 2001 has amended clause 32 of the listing agreement which now requires the listed companies to publish consolidated financial statements in addition to the separate financial statements in its annual report. The amended clause further requires that the statutory auditors of the company should audit the consolidated financial statements. The filing of consolidated financial statements with stock exchanges has also been made mandatory. Similarly, the Reserve Bank of India, vide its circular no. DBOD No. BP.BC. 72/21.04.018/2001-02 dated February 25, 2003 have required the banks to prepare consolidated financial statements to facilitate consolidated financial supervision. 2 Paragraph 8 of Standard on Auditing (SA) 600, “Using the Work of Another Auditor”, defines “components” as a division, branch, subsidiary, joint venture, associated enterprises or other entity whose financial information is included in the financial information audited by the principal auditor. 486 Audit of Consolidated Financial Statements consolidated financial statements. However, a law or regulation governing the entity may require the consolidated financial statements to be audited by the statutory auditor of the entity. This Guidance Note provides guidance on the specific issues and audit procedures to be applied in an audit of consolidated financial statements. Definitions 4. Various terms used in this Guidance Note, have the same meaning as in Accounting Standard (AS) 21, ‘Consolidated Financial Statements’, Accounting Standard (AS) 23, ‘Accounting for Investments in Associates in Consolidated Financial Statements’ and Accounting Standard (AS) 27, ‘Financial Reporting of Interests in Joint Ventures’ respectively. Responsibility of Parent 5. The responsibility for the preparation and presentation of consolidated financial statements, among other things, is that of the management of the parent. This includes: (a) identifying components, and including the financial information of the components to be included in the consolidated financial statements; (b) where appropriate, identifying reportable segments for segmental reporting; (c) identifying related parties and related party transactions for reporting; (d) obtaining accurate and complete financial information from components; and (e) making appropriate consolidation adjustments. 6. Apart from the above, the parent ordinarily issues instructions to the management of the component specifying the parent’s requirements relating to financial information of the components to be included in the consolidated financial statements. The instructions ordinarily cover the accounting policies to be applied, statutory and other disclosure requirements applicable to the parent, including the identification of and reporting on reportable segments, and related parties and related party transactions, and a reporting timetable. 487 Handbook of Auditing Pronouncements-II Responsibility of the Auditor of the Consolidated Financial Statements 7. The auditor of the consolidated financial statements is responsible for expressing an opinion on whether the consolidated financial statements are prepared, in all material respects, in accordance with the financial reporting framework under which the parent prepares the consolidated financial statements. 8. Therefore, the auditor's objectives in an audit of consolidated financial statements are: (a) to satisfy himself that the consolidated financial statements have been prepared in accordance with the requirements of Accounting Standard (AS) 21, Consolidated Financial Statements, Accounting Standard (AS) 23, Accounting for Investments in Associates in Consolidated Financial Statements and Accounting Standard (AS) 27, Financial Reporting of Interests in Joint Ventures; and (b) to enable himself to express an opinion on the true and fair view presented by the consolidated financial statements. 9. Standards on Auditing, Statements and Guidance Notes on auditing matters issued by the Institute of Chartered Accountants of India apply in the same manner to audit of consolidated financial statements as they apply to audit of separate financial statements. It means that the auditors, while conducting the audit of consolidated financial statements are, inter alia, expected to: (a) plan their work to enable them to conduct an effective audit in an efficient and timely manner; (b) obtain an understanding of the accounting and internal control systems sufficient to plan the audit and determine the nature, timing and extent of his audit procedures. Such an understanding would help the auditors to develop an effective audit approach; (c) use professional judgement to assess audit risk and to design audit procedures to ensure that the risk is reduced to an acceptable level; etc. 488 Audit of Consolidated Financial Statements Audit Considerations 10. The following features of consolidated financial statements have an impact on the related audit procedures: (a) The consolidated financial statements are prepared on the basis of separate financial statements of the parent and its subsidiaries and associates and/or joint ventures, using the consolidation procedures prescribed by Accounting Standard (AS) 21, “Consolidated Financial Statements”, Accounting Standard (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements” and Accounting Standard (AS) 27, “Financial Reporting of Interests in Joint Ventures”; and (b) The auditor of the consolidated financial statements has to use the work of other auditors unless the auditor of consolidated financial statements is not the auditor of the other components of the group. This may, however, not be true in all cases. 11. The consolidated financial statements are prepared using the separate financial statements of the parent, subsidiaries, associates and joint ventures and also other financial information, which might not be covered by the separate financial statements of these entities. The ‘other financial information’ would include disclosures to be made in the consolidated financial statements about the subsidiaries associates and joint ventures, proportion of items included in the consolidated financial statements to which different accounting policies have been applied, adjustments made for the effects of significant transactions or other events that occur between the financial statements of subsidiaries, associates or joint ventures and the parent, as the case may be, etc. Thus, this ‘other financial information’ would be required to be additionally generated. 12. When an auditor accepts the audit of consolidated financial statements, the auditor should assess whether based on his work alone he would be able to express an opinion on the true and fair view presented by the consolidated financial statements. If the auditor is of the view that his own participation may not be enough or sufficient, he should consider using the work of ‘other auditors’. 13. Such ‘other auditors’ might be the auditors of the separate financial statements of one or more of the components of the consolidated financial 489 Handbook of Auditing Pronouncements-II statements or the auditors appointed specifically for assisting the auditor of the consolidated financial statements (the principal auditor). 14. Where the statutory auditors of one or more of the components of the consolidated financial statements are also requested to assist the principal auditor, the work to be performed by such statutory auditors for use by the principal auditor would constitute an assignment separate from the assignment to conduct the statutory audit of the respective component. 15. The Standard on Auditing (SA) 200, ‘Basic Principles Governing an Audit’, states (paragraph 9): “When the auditor delegates work to assistants or uses work performed by other auditors and experts, he will continue to be responsible for forming and expressing his opinion on the financial information. However, he will be entitled to rely on work performed by others, provided he exercises adequate skill and care and is not aware of any reason to believe that he should not have so relied. In the case of any independent statutory appointment to perform the work on which the auditor has to rely in forming his opinion, such as in the case of the work of branch auditors appointed under the Companies Act, 1956 the auditor’s report should expressly state the fact of such reliance”. 16. Standard on Auditing (SA) 600, ‘Using the Work of Another Auditor’ establishes standards when an auditor, reporting on the financial statements of an entity (the group—in the case of consolidated financial statements), uses the work of another auditor on the financial information of one or more components included in the financial statements of the entity. The principal auditor, if he decides to use the work of another auditor in relation to the audit of consolidated financial statements, should comply with the requirements of SA 600. 17. While complying with the requirements of SA 600, ‘Using the Work of Another Auditor’, the principal auditor should keep the following under consideration: (a) When planning to use the work of another auditor, the principal auditor is not required to consider the professional competence of the other auditor if the other auditor is a member of the Institute of Chartered Accountants of India. 490 Audit of Consolidated Financial Statements (b) The principal auditor should perform procedures to obtain sufficient appropriate audit evidence, that the work of the other auditor is adequate for the principal auditor's purposes, in the context of the audit of consolidated financial statements. When using the work of another auditor, the principal auditor should ordinarily perform the following procedures: (i) The principal auditor should determine the information/assurance required by the other auditor; this emanates/precludes the principal auditor’s determination of how the work of the other auditor would affect the audit of consolidated financial statements, for example, the information required from the auditor of a subsidiary would be different from that required from the auditor of a joint venture. (ii) Advise the other auditor of the use that is to be made of the other auditor's work and report and make sufficient arrangements for co- ordination of their efforts at the planning stage of the audit. The principal auditor would inform the other auditor of matters such as areas requiring special consideration, procedures for the identification of inter-component transactions that may require disclosure and the timetable for completion of audit. It may, however, be noted that the principal auditor, if using the work of the auditors of one or more of the components unless such other auditors are specifically appointed for the purpose, should not enlarge the scope of the audit of the separate financial statements of the subsidiary or component to be included in the consolidated financial statements. Thus, the instructions that are to be issued should be confined to the other information required for consolidation. (iii) Advise the other auditor of the significant accounting, auditing and reporting requirements and obtain representation as to compliance with them. Auditing the Consolidation 18. Before commencing an audit of consolidated financial statements, the auditor should plan his work to enable him to conduct an effective audit in an efficient and timely manner. The auditor should make plans, among other things, for the following: 491 Handbook of Auditing Pronouncements-II (a) understanding of accounting policies of the parent, subsidiaries, associates and joint ventures; (b) determining the extent of use of other auditor’s work in the audit; (c) determining and programming the nature, timing, and extent of the audit procedures to be performed; and (d) coordinating the work to be performed. 19. A parent which presents consolidated financial statements is required to consolidate all subsidiaries, include all associates and jointly controlled entities in the consolidated financial statements other than those for which exceptions have been provided in the relevant Accounting Standards. 20. The auditor should obtain a listing of subsidiaries, associates and joint ventures included in the consolidated financial statements. The auditor should review the information provided by the management of the parent identifying the subsidiaries, associates and joint ventures. The auditor should verify that all the subsidiaries, associates and joint ventures have been included in the consolidated financial statements unless a subsidiary, associate or joint venture meets a criterion for exclusion. In respect of completeness of this information, the auditor should perform the following procedures: (a) review his working papers for the prior years for the known subsidiaries, associates and joint ventures; (b) review the parent’s procedures for identification of subsidiaries, associates and joint ventures; (c) review the investments to determine the shareholding in other entities; (d) review the joint venture and other relevant agreements entered into by the parent; (e) review the statutory records maintained by the parent, for example registers under section 302, 372A of the Companies Act, 1956. The auditor should also identify the changes in the shareholding that might have taken place since the last audit. 21. It is also important to note that ownership of voting power is not necessary for an entity to own more than one-half of the voting power of 492 Audit of Consolidated Financial Statements another to control the other enterprise. Control of the composition of the Board of Directors (in the case of a company) or corresponding governing body (in the case of any other enterprise), with a view to obtain economic benefits from its activities, ownership of voting power is not important. For example, an entity holds only 10 percent of the share capital of another entity but it has control over the composition of the Board of Directors/governing body of the second entity. In such a case, the first entity would be considered as a parent of the second entity and, therefore, it would consolidate the second entity in the consolidated financial statements as subsidiary. The auditor, therefore, apart from carrying out above procedures, should verify whether the parent controls the composition of the Board of Directors or corresponding governing body of any entity. There would be various means by which such kind of control can be obtained. In this regard, the auditor may verify the Board’s minutes, shareholder agreements entered into by the parent, agreements with the entities to which the parent might have provided any technology or know how, enforcement of statute, as the case may be, etc. The auditor would have to use his professional judgement to determine whether the parent controls the composition of the Board of Directors of any other entity. If yes, whether that entity has been consolidated as a subsidiary in the consolidated financial statements. 22. Where a subsidiary or an associate or a jointly controlled entity is excluded from the consolidated financial statements, the auditor should examine the reasons for exclusion. There could be two reasons for exclusion of a subsidiary, associate or jointly controlled entity – one, that the relationship of parent with the subsidiary, associate or jointly controlled entity is intended to be temporary or the subsidiary, associate or joint venture operates under several long-term restrictions which significantly impair its ability to transfer funds to the parent. The auditor should satisfy himself that the exclusion made by the management falls within these two categories. The auditor should verify such long-term restrictions from the relevant laws and regulations, agreements entered by the parent with such entities which prohibit transfer of funds. In the case of an entity which is excluded from consolidation on the ground that the relationship of parent with the other entity as subsidiary, associate or joint venture is temporary, the auditor should verify that the intention of the parent, to dispose the subsidiary, investment in associate or interest in jointly controlled entity, in the near future, existed at the time of acquisition of the subsidiary, making investment in associate or jointly controlled entity. The auditor should also verify that the 493 Handbook of Auditing Pronouncements-II reasons for exclusion are given in the consolidated financial statements. If an entity is excluded from the consolidated financial statements for reasons other than those allowed by the relevant accounting standards, the auditor should consider its effect on the report to be issued. The auditor should consider the need to issue a modified report on the consolidated financial statements. The auditor should also verify that in consolidated financial statements, investments in such subsidiaries, associates or jointly controlled entities should be accounted for in accordance with Accounting Standard (AS) 13, “Accounting for Investments”. 23. The auditor should also examine whether any subsidiary, associate or jointly controlled entity has ceased to be a subsidiary, associate or jointly controlled entity during the period under audit. It is also possible that a subsidiary might have become an associate or an associate might have become a subsidiary of the parent. The auditor, in such cases, should examine whether these changes have been appropriately accounted for in the consolidated financial statements as required by the respective accounting standards. 24. In preparing consolidated financial statements, the financial statements of the parent and its subsidiaries are combined on a line by line basis by adding together like items of assets, liabilities, income and expenses and then certain calculations like determination of goodwill or capital reserve, minorities interest and adjustments like elimination of intra group transactions, balances and unrealised profits etc. are made in accordance with the requirements of Accounting Standard (AS) 21, “Consolidated Financial Statements”. Investments in associates are accounted for using the Equity Method as prescribed in Accounting Standard (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements”. A parent that has an interest in a jointly controlled entity, reports its interest in the consolidated financial statements using proportionate consolidation method in accordance with Accounting Standard (AS) 27, “Financial Reporting of Interests in Joint Ventures”. Many of the procedures appropriate for the application of equity method and the proportionate consolidation are similar to the consolidation procedures set out in Accounting Standard (AS) 21, “Consolidated Financial Statements”. 25. The auditor should verify that the adjustments warranted by the relevant accounting standards have been made wherever required and have been properly authorised by the management of the parent. The preparation of 494 Audit of Consolidated Financial Statements consolidated financial statements gives rise to permanent consolidation adjustments and current period consolidation adjustments. Special Considerations Permanent Consolidation Adjustments3 26. Permanent consolidation adjustments are those adjustments that are made only on the first occasion of the preparation and presentation of consolidated financial statements. Permanent consolidation adjustments are: (a) determination of excess or deficit of the cost to the parent of its investment in a subsidiary over the parent’s portion of equity of the subsidiary, at the date on which investment in the subsidiary is made (determination of goodwill or capital reserve); (b) determination of the amount of equity attributable to minorities at the date on which investment in subsidiary is made; and (c) determination of goodwill or capital reserve arising on application of equity method to account for investments in associates in consolidated financial statements. 27. The auditor should verify that the above calculations have been made appropriately. The auditor should pay particular attention to the determination of pre-acquisition reserves of the subsidiary and associates. Date(s) of investment in subsidiary and associates assumes importance in this regard. The auditor should also examine whether the pre-acquisition reserves have been allocated appropriately between the parent and the minorities of the subsidiary. The auditor should also verify the changes that might have taken place in these permanent adjustments on account of subsequent acquisition of shares in the subsidiary/associates, disposal of the subsidiary/associate in the subsequent years. The auditor should also examine the joint venture agreements, to establish whether any change has taken place in the interest of the parent in the joint venture. 28. It may happen that in the case of one subsidiary, goodwill arises and in the case of another subsidiary a capital reserve arises. The parent may choose to net off these amounts to disclose a single amount in the 3 Reference may be made to Appendix I ‘Consolidated Balance Sheet of Group’ for an understanding of permanent consolidation adjustments. 495 Handbook of Auditing Pronouncements-II consolidated balance sheet. In such cases, the auditor should verify that the gross amounts of goodwill and capital reserves arising on acquisition of various subsidiaries have been disclosed in the notes to the consolidated financial statements to reflect the excess/shortage over the parents’ portion of the subsidiary’s equity. Current Period Consolidation Adjustments4 29. Current period adjustments are those adjustments that are made in the accounting period for which the consolidation of financial statements is done. Current period consolidation adjustments primarily relate to elimination of intra-group transactions and account balances including: (a) intra-group interest paid and received, or management fees, etc; (b) unrealised intra-group profits on assets acquired from other subsidiaries; (c) intra-group indebtedness; (d) adjustments related to harmonising the different accounting policies being followed by the parent enterprise and its subsidiaries; (e) adjustments made for the effects of significant transactions or other events that occur between the date of the financial statements of the parent and one or more of the components, if the financial statements to be used for consolidation are not drawn upto the same reporting date; and (f) determination of movement in equity attributable to the minorities since the date of acquisition of the subsidiary. 30. The adjustments required for preparation of consolidated financial statements are made in memorandum records kept for the purpose by the parent. The auditor should review the memorandum records to verify the adjustment entries made in the preparation of consolidated financial statements. This would also help the auditor in ascertaining whether there is any difference in the elimination. Apart from reviewing the memorandum records, the auditor should: (a) verify that the inter-group transactions and account balances have been eliminated; 4 Reference may be made to Appendix I and II for current period consolidation adjustments. 496 Audit of Consolidated Financial Statements (b) verify that the consolidated financial statements have been prepared using uniform accounting policies for like transactions and other events in similar circumstances; (c) verify that adequate disclosures have been made in the consolidated financial statements of application of different accounting policies in case, it was impracticable to do so; (d) verify the adjustments made to harmonise the different accounting policies; and (e) verify that the calculation of minorities interest has been correctly done. 31. The auditor should gain an understanding of the procedures adopted by the management of the enterprise to make the above mentioned adjustments. This helps the auditor in reducing the audit risk to an acceptably low level. 32. One of the important adjustment that may be required in the current period is determination of impairment loss that might exist for goodwill arising on consolidation. Goodwill arising on consolidation is carried at the value determined at the date of acquisition of the subsidiary, and the same is to be tested for impairment at every balance sheet date. The auditor should examine whether any impairment loss has been determined by the parent. If yes, the auditor should examine the procedure followed for determination of impairment. The auditor should satisfy himself that the amount of impairment loss determined is fair. 33. The auditor should also verify that the disclosures required by Accounting Standard (AS) 21, “Consolidated Financial Statements”, Accounting Standard (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements” and Accounting Standard (AS) 27, “Financial Reporting of Interests in Joint Ventures” have been made in the consolidated financial statements. 34. Apart from verifying that the calculation and disclosures regarding minorities interest have been made appropriately, the auditor also determines, in cases where the minority interests’ share of the losses exceed the minority interests’ share of the equity, the excess, and any further losses applicable to the minority interest, have been accounted for in accordance with the relevant accounting standards. Where the minority interest has a 497 Handbook of Auditing Pronouncements-II binding obligation to make good losses, the auditor of the consolidated financial statements determines whether it is able to do so. 35. If the financial statements of one or more of the components are drawn upto different financial reporting dates, the auditor of the consolidated financial statements should review the component’s results between its financial reporting date and that of the parent for significant transactions or other events that have taken place during the period and therefore, need to be reflected in the consolidated financial statements. For example, where a subsidiary has a different accounting period and after the end of its accounting period, the subsidiary has discontinued its one of the major operations, adjustments would be required to be made to reflect this in the consolidated financial statements. 36. The fundamental accounting assumption of “consistency” requires the auditor of the consolidated financial statements to consider whether the length of the reporting periods and any difference in financial year-ends are the same from period to period. 37. Notes to accounts and other explanatory material are an integral part of any financial statements since they provide information which is per se not reflected in the balance sheet and profit and loss account. Consolidated financial statements are not an exception to the need of notes to accounts and other explanatory material. In this regard paragraph 6 of Accounting Standard (AS) 21, “Consolidated Financial Statement” states as below: “6. Consolidated financial statements normally include consolidated balance sheet, consolidated statement of profit and loss, and notes, other statements and explanatory material that form an integral part thereof. Consolidated cash flow statement is presented in case a parent presents its own cash flow statement. The consolidated financial statements are presented, to the extent possible, in the same format as that adopted by the parent for its separate financial statements”. 38. The Accounting Standards Board of the Institute has issued General Clarification (GC)–5/2002 on Notes to the Consolidated Financial Statements. The Clarification lays down certain principles that should be observed in respect of notes and other explanatory material that form integral part of the consolidated financial statements. The auditor should verify that the principles 498 Audit of Consolidated Financial Statements enunciated by the Clarification have been followed in preparation of notes to accounts. The auditor to verify, the compliance, should: (a) examine that the notes which are necessary for presenting a true and fair view of the consolidated financial statements have been included in the consolidated financial statements as an integral part thereof; and (b) examine that additional statutory information disclosed in separate financial statements of the subsidiary and/or a parent having bearing on the true and fair view of the consolidated financial statements have been disclosed in the consolidated financial statements. 39. If as a result of the above examinations, the auditor is of the view that the consolidated financial statements do not disclose all the information which is necessary for presenting a true and fair view, the auditor should give a modified report. Management Representations 40. Standard on Auditing (SA) 580, “Written Representations” requires the auditor to obtain appropriate representations from management. The auditor of the consolidated financial statements should obtain evidence that the management of the parent acknowledges its responsibility for a true and fair presentation of the consolidated financial statements in accordance with the financial reporting framework applicable to the parent and that parent management has approved the consolidated financial statements. In addition, the auditor of the consolidated financial statements obtains written representations from parent management on matters material to the consolidated financial statements. Examples of such representations include: (a) Completeness of components included in the consolidated financial statements; (b) Identification of reportable segments for segmental reporting; (c) Identification of related parties and related party transactions for reporting; (d) Appropriateness and completeness of consolidation adjustments, including the elimination of intra-group transactions. 499 Handbook of Auditing Pronouncements-II Reporting** 41. There could be two situations in an audit of consolidated financial statements–-when the parent’s auditor is also the auditor of all the components to be included in the consolidated financial statements and when the parent’s auditor is not the auditor of one or more subsidiaries and therefore, uses the work of other auditors in the audit. The auditor should, while preparing the report, should consider the requirements of Standard on Auditing (SA) 700, “Forming an Opinion and Reporting on Financial Statements”. Where, the auditor uses the work of other auditors in the audit of consolidated financial statements, the requirements of Standard on Auditing (SA) 600, “Using the Work of Another Auditor” should also be considered. When the Parent’s Auditor is also the Auditor of its Subsidiaries 42. While drafting the audit report, the auditor should report whether principles and procedures for preparation and presentation of consolidated financial statements as laid down in the relevant accounting standards have been followed. In case of any deviation, the auditor should make adequate disclosure in the audit report so that users of the consolidated financial statements are aware of such deviation. 43. Auditor should issue an audit report expressing opinion whether the consolidated financial statements give a true and fair view of the state of affairs of the Group as on balance sheet date and as to whether consolidated profit and loss statement gives true and fair view of the results of consolidated profit or losses of the Group for the period under audit. Where the consolidated financial statements also include a cash flow statement, the auditor should also give his opinion on the true and fair view of the cash flows presented by the consolidated cash flow statements. Suggested format of the audit report to be issued in such circumstance is given as Annexure I to this Guidance Note. ** With the issuance of this Guidance Note, the format of report on Consolidated Financial Statements issued in March, 2001 shall stand withdrawn. 500 Audit of Consolidated Financial Statements When the Parent’s Auditor is not the Auditor of its Subsidiary(ies) 44. In a case where the parent’s auditor is not the auditor of the components included in the consolidated financial statements, the auditor of the consolidated financial statements should also consider the requirement of SA 600. 45. When the parent’s auditor decides that he will make reference to the audit of the other auditors, the auditor’s report on consolidated financial statements should disclose clearly the magnitude of the portion of the financial statements audited by the other auditor(s). This may be done by stating the rupee amounts or percentages of total assets and total revenue of subsidiary(s) included in consolidated financial statements not audited by the parent’s auditor. However, reference in the report of the auditor of consolidated financial statements to the fact that part of the audit of the group was made by other auditor(s) is not to be construed as a qualification of the opinion but rather as an indication of the divided responsibility between the auditors of the parent and its subsidiaries. Suggested format of the audit report to be issued by the auditor of consolidated financial statements in this circumstance is given in Annexure II to this Guidance Note. 501 Handbook of Auditing Pronouncements-II Annexure I Illustrative Auditor’s Report on the Consolidated Financial Statements When the Parent’s Auditor is also the Auditor of all the Components Auditor’s Report The Board of Directors _________ (Name of the Parent)5 We have audited the attached consolidated balance sheet of XYZ Group, as at 31st March 2XXX, and also the consolidated profit and loss account and the {consolidated cash flow statement}6 for the year ended on that date annexed thereto. These financial statements are the responsibility of the XYZ’s management. Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with the auditing standards generally accepted in India. Those Standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion. We report that the consolidated financial statements have been prepared by the XYZ’s management in accordance with the requirements of Accounting Standards (AS) 21, “Consolidated Financial Statements”, {Accounting Standards (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements” and Accounting Standard (AS) 27, “Financial Reporting of interests in Joint Ventures”} 7 issued by the Institute of Chartered Accountants of India. 5 As per paragraph 8 of SA 700, “The Auditor’s Report on Financial Statements”, “The auditor’s report should be appropriately addressed as required by the circumstances of the engagement and applicable laws and regulations. Ordinarily, the auditor’s report is addressed to the authority appointing the auditor”. 6 Where applicable. 7 ibid. 502 Audit of Consolidated Financial Statements In our opinion and to the best of our information and according to the explanations given to us, the consolidated financial statements give a true and fair view in conformity with the accounting principles generally accepted in India: (a) in the case of the consolidated balance sheet, of the state of affairs of the XYZ Group as at 31st March 2XXX; (b) in the case of the consolidated profit and loss account, of the profit / loss8 for the year ended on that date; and (c) in the case of the consolidated cash flow statement, of the cash flows for the year ended on that date. . For ABC and Co. Chartered Accountants Signature (Name of the Member Signing the Audit Report) (Designation9) Membership Number Place of Signature Date 8 ibid. 9 Partner or proprietor, as the case may be. 503 Handbook of Auditing Pronouncements-II Annexure II Illustrative Auditor’s Report on the Consolidated Financial Statements When the Parent’s Auditor is Not the Auditor of All the Components Auditor’s Report The Board of Directors _________ (Name of the Parent)10 We have audited the attached consolidated balance sheet of XYZ Group, as at 31st March 2XXX, and also the consolidated profit and loss account and the {consolidated cash flow statement}11 for the year ended on that date annexed thereto. These financial statements are the responsibility of the XYZ’s management and have been prepared by the management on the basis of separate financial statements and other financial information regarding components. Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with the auditing standards generally accepted in India. Those Standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion. We did not audit the financial statements of certain subsidiaries, whose financial statements reflect total assets of Rs.____ as at 31st March 2XXX, the total revenue of Rs. _____ and cash flows amounting to Rs._____ for the year then ended. These financial statements and other financial information have been audited by other auditors whose report(s) has (have) been furnished to us, and our opinion is based solely on the report of other auditors. 10 See Footnote 5. 11 Where applicable. 504 Audit of Consolidated Financial Statements We report that the consolidated financial statements have been prepared by the XYZ’s management in accordance with the requirements of Accounting Standards (AS) 21, “Consolidated Financial Statements”, {Accounting Standards (AS) 23, “Accounting for Investments in Associates in Consolidated Financial Statements” and Accounting Standard (AS) 27, “Financial Reporting of interests in Joint Ventures”} 12 issued by the Institute of Chartered Accountants of India. Based on our audit and on consideration of reports of other auditors on separate financial statements and on the other financial information of the components, and to the best of our information and according to the explanations given to us, we are of the opinion that the attached consolidated financial statements give a true and fair view in conformity with the accounting principles generally accepted in India: (a) in the case of the consolidated balance sheet, of the state of affairs of the XYZ Group as at 31st March 2XXX; (b) in the case of the consolidated profit and loss account, of the profit / loss13 for the year ended on that date; and (c) in the case of the consolidated cash flow statement, of the cash flows for the year ended on that date. . For ABC and Co. Chartered Accountants Signature (Name of the Member Signing the Audit Report) (Designation14) Membership Number Place of Signature: Date: 12 ibid. 13 ibid. 14 Partner or proprietor, as the case may be. 505 Handbook of Auditing Pronouncements-II Appendix I Consolidated Balance Sheet of a Group The appendix is illustrative only and does not form part of the Guidance Note. The purpose of this appendix is to illustrate the application of Accounting Standard (AS) 21, Consolidated Financial Statements. 1. The example shows only current period amounts. 2. The amounts given in the brackets indicate deductions. 3. The working notes given towards the end of this appendix are intended to assist in understanding the manner in which the various figures appearing in the consolidated balance sheet have been derived. These working notes do not form part of the consolidated balance sheet and, accordingly, need not be published. 4. The following are the balance sheets as at 31st March, 2003 of X Limited (the holding company), Y Limited and Z Limited (both subsidiaries of X Limited) (Rs.’000) Sources of Funds X Limited Y Limited Z Limited Share Capital 4,500.00 1,000.00 2,000.00 Reserves and Surplus 150.00 195.00 390.00 6% Debentures - 250.00 - Current Liabilities 420.00 210.00 300.00 Total 5,070.00 1,655.00 2,690.00 Application of Funds X Limited Y Limited Z Limited Fixed Assets 1,600.00 490.00 1,400.00 Investments in 2,560.00 - - Subsidiaries Inventories 520.00 650.00 850.00 Cash 200.00 230.00 160.00 Other Current Assets 190.00 285.00 280.00 Total 5,070.00 1,655.00 2,690.00 506 Audit of Consolidated Financial Statements 5. The following additional information is also relevant for the preparation of the consolidated balance sheet: (i) The break-up of investments of X Limited is as follows: Carrying Cost (a) 80,000 equity shares of Rs.10 each of Y Limited 880.00 (b) 1,35,000 equity shares of Rs.10 each of Z 1,200.00 Limited (c) 4,000 preference shares of Rs.100 each of Z 400.00 Limited (d) 800 6% Debentures of Rs.100 each of Y Limited 80.00 Total 2,560.00 6. All the above investments were made on 30th September, 1998. The summarised balance sheets of Y Limited and Z Limited as on that date were as follows: (Rs.’000) Sources of Funds Y Limited Z Limited Share Capital 1,000.00 2,000.00 Reserves and Surplus 152.50 305.00 6% Debentures 250.00 - Current Liabilities 300.00 400.00 Total 1,702.50 2,705.00 Application of funds Fixed Assets 500.00 1,450.00 Current Assets 1,202.50 1,255.00 Total 1,702.50 2,705.00 7. The Share Capital of Subsidiary consisted of Y Limited Z Limited Equity Shares of Rs.10/- each 1,000.00 1,500.00 Pref. Shares of Rs.100/- each Nil 500.00 Total 1,000.00 2,000.00 8. Current assets of Y Limited includes bills receivables for Rs.8,000 accepted by X Limited. 9. Current Liabilities of Z Limited include Rs.2,000 due to X Limited. 507 Handbook of Auditing Pronouncements-II 10. Stock of X Limited include goods of Rs.10,000 purchased from Y Limited on which the latter company made a profit of Rs.2,000. Consolidated Balance Sheet of X Limited and its Subsidiaries Y Limited and Z Limited as at 31st March 2003. (Rs.’000) Sources of Funds X Limited Y Limited Z Limited Elimination Consolidated Entries Amounts Share Capital 4,500.00 1,000.00 2,000.00 (3,000.00)1 4,500.00 Reserves and Surplus 150.00 195.00 390.00 (476.50)2 258.50 Capital Reserve -- -- -- 466.50 3 466.50 (Negative Goodwill) 6% Debentures -- 250.00 -- (80.00)4 170.00 Current Liabilities 420.00 210.00 300.00 (28.00)5 902.00 Minorities Interest -- -- -- 528.006 528.00 Total 5070.00 1655.00 2690.00 (2590.00) 6,825.00 Application of Funds X Limited Y Limited Z Limited Elimination Consolidated Entries Amounts Fixed Assets 1,600.00 490.00 1,400.00 - 3,490.00 Investments 2,560.00 - - (2,560.00) NIL Cash 200.00 230.00 160.00 - 590.00 Inventories 520.00 650.00 850.00 (2.00)7 2,018.00 Other Current Assets 190.00 285.00 280.00 (28.00)5 727.00 Total 5070.00 1655.00 2690.00 (2590.00) 6,825.00 WORKING NOTES 1. Elimination of share capital of subsidiaries@: Y Limited Z Limited Total Equity Share Capital (i) Used in elimination of carrying cost of investment in each subsidiary 800.00 1,350.00 2,150.00 (ii) Included in the Minorities Interest 200.00 150.00 350.00 Preference Share Capital (i) Held within the Group (held by Nil 400.00 400.00 holding company) (ii) Included in the Minorities Interest Nil 100.00 100.00 Total share capital eliminated 1,000.00 2,000.00 3,000.00 @ Permanent consolidation adjustments. 508 Audit of Consolidated Financial Statements 2. Break-up of reserves and surplus eliminated: Y Limited Z Limited Total (i) Reserves up to the date of investment@@: a) Attributable to the holding company (utilised in eliminating carrying cost of investment) 122.00 274.50 396.50 b) Attributable to Minorities (included in minorities interest) 30.50 30.50 61.00 (ii) Movement in reserves and surplus after the date of investment@@@: a) Attributable to Minorities (included in minorities interest) 8.50 8.50 17.00 (iii) Profit earned by the subsidiary Y Limited on account of sale of goods to X Limited. 2.00 -- 2.00 Total reserves and surplus eliminated 163.00 313.50 476.50 3. Elimination of carrying cost of investments in equity shares of each subsidiary: Y Limited Z Limited Carrying Cost 880.00 1,200.00 Less: Equity attributable to the holding company at the date at which investment was (922.00) (1,624.50) made (see working note 8 below) Negative Goodwill (capital reserve) (42.00) (424.50) 4. The elimination of investment in Y Limited’s 6% Debentures needs explanation. The holding company acquired debentures at face value of Rs.80,000. The consolidated amounts should represent debentures of the subsidiary Y Limited outside the group. @@ ibid. @@@ Current period consolidation adjustments. 509 Handbook of Auditing Pronouncements-II 5. Bills payable of Rs.8,000 and debtors of Rs.20,000 are inter company owings and therefore eliminated. 6. Computation of Minorities Interest Y Limited Z Limited Total (a) Amount of equity attributable to minorities at the date at which investment in each subsidiary is made (as computed in working note 8 below) 230.50 180.50 411.00 (b) Minorities’ share in movement in equity since the date of investment in each subsidiary (as computed in working note 9 below) 8.50 8.50 17.00 (c) Amount of Preference Share Capital held outside the Group Nil 100.00 100.00 Total 239.00 289.00 528.00 7. The profit earned by Y Limited is reduced from the consolidated amount of inventories so that it can be valued at cost to the group as a whole. 8. Equity of the subsidiary companies Y Limited and Z Limited at the date at which investment is made: Y Limited Z Limited Fixed Assets 500.00 1,450.00 Current Assets 1,202.50 1,255.00 Debentures (250.00) -- Current Liabilities (300.00) (400.00) Preference Share Capital -- (500.00) Equity on the date of investment 1,152.50 1805.00 Equity attributable to the holding company (see working note 10 below) 922.00 1,624.50 Equity attributable to the minorities 230.50 180.50 (see working note 10 below) Total 1,152.50 1,805.00 9. Movement in equity of subsidiaries since the date of investment in each subsidiary: 510 Audit of Consolidated Financial Statements Y Limited Z Limited Equity as on 31st March, 1999 1,195.00 1,890.00 Less: Equity on the date of Investment (as computed in working note 8 above) (1,152.50) (1,805.00) Movement in equity 42.50 85.00 Movement in Equity attributable to the holding 34.00 76.50 company (see working note 10 below) Movement in Equity attributable to the minorities 8.50 8.50 (see working note 10 below) 42.50 85.00 10. Compilation of extent of holding of X Limited and minority interest: Y Limited Z Limited Total equity shares 1,00,000 1,50,000 No. of equity shares with X Limited 80,000 1,35,000 Extent of holding of X Limited 80% 90% Minority Interest 20% 10% 511 Handbook of Auditing Pronouncements-II Appendix II Consolidated Profit and Loss Statement The appendix is illustrative only and does not form part of the Guidance Note. The purpose of this appendix is to illustrate the application of the Accounting Standard, (AS) 21, Consolidated Financial Statements. 1. The example shows only current period amounts. 2. The following additional information is also relevant for the preparation of the consolidated profit and loss statement (figures are in Rs.’000): (a) The holding company A Limited purchased 2,70,000 equity shares of Rs.10 each (75% of the total equity share capital) and 9,000 9% preference shares of Rs.100 each (50% of the total preference share capital) of the subsidiary company B Limited on 1st November, 1998. (b) A Limited proposes to pay a final dividend on equity shares @ 25%. A Limited paid an interim dividend of Rs.1,350 during the financial year 2002-2003. (c) B Limited proposes to pay a final divided on equity shares @ 20%. B Limited paid an interim dividend of Rs.720 on 1st October 2002. An interim dividend of Rs.81 was paid on preference shares also. The holding company did not participate in the interim dividend. (d) B Limited sold to A Limited in March, 1999 material for Rs.750 at cost plus 25% of which A Limited still had unsold stock of Rs.500 as on 31st March, 2003. Consolidated Profit and Loss Statement of A Limited and its Subsidiary B Limited for the year ended 31st March, 2003 (Rs.’000) Income A Limited B Limited Elimination Consolidated Entries Amounts Sales 16,200.00 15,300.00 (750.00)1 30,750.00 Proposed Dividend 540.00 - (540.00)2 NIL from B Limited Dividend on 40.50 - (40.5)2 NIL Preference Shares of B Ltd. 512 Audit of Consolidated Financial Statements Total Income (A) 16,780.50 15,300.00 (1,330.50) 30,750.00 Expenditure A Limited B Limited Elimination Consolidated Entries Amount Consumption of raw 8,280.00 8,820.00 (750.00)1 16,350.00 materials Overhead Expenses 2,070.00 945.00 - 3,015.00 Selling Expenses 810.00 1,215.00 - 2,025.00 Provision for Tax 2,700.00 1,944.00 - 4,644.00 Total Expenditure (B) 13,860.00 12,924.00 (750.00) 26,034.00 Net Profit for the 2,920.50 2,376.00 (580.50) 4,716.00 year (A-B) Consolidated Profit and Loss Appropriation Account of A Limited and its Subsidiary B Limited for the year ended 31st March, 2003 A Limited B Limited Elimination Consolidated Entries Amounts Opening Balance 481.50 576.00 - 1,057.50 Add: Net Profit for the year 2,920.50 2,376.00 (580.50) 4,716.00 Less: Preference Dividend (162.00) 40.502 (121.50) for the year Less: Equity Dividend for (2,700.00) (1,440.00) 540.002 (3,600.00) the year Balance to be adjusted 702.00 1,350.00 000.00 2,052.00 for consolidation Amount credited to 321.753 - - 321.75 Investment Account Amount utilised in - - 545.624 545.62 elimination of the Cost of Investment in Subsidiary Balance attributable to - - 337.505 337.50 minorities Unrealised Profit on Stock - 100.006 100.00 (stock reserve) Amounts transferred to 380.25 1,350.00 (983.12) 747.13 consolidated Balance Sheet Total 702.00 1,350.00 000.00 2,052.00 513 Handbook of Auditing Pronouncements-II Working Notes For the purpose of the working notes, it is assumed that profits accrued evenly throughout the financial year 2003-2003. Accordingly, the profits are apportioned as ‘Profits upto the date of Investment’ and ‘Profits after the date of Investment’ on the basis of months. An alternative treatment calls for preparation of Profit and Loss Statement and Balance Sheet of the subsidiary company on the date at which investment is made by the Holding Company. 1. Since sales made by the subsidiary company B Limited to A Limited in March 2003 is an inter-company transaction, it is therefore, eliminated. 2. The holding company did not participate in the interim dividend declared by the subsidiary. The holding company is entitled to receive the final dividend as follows: (a) Final dividend on equity shares [72 x 0.75] Rs.540.00 (b) Final dividend on preference share [81 x 0.5] Rs. 40.50 Since the above dividends are also inter-company transactions, therefore, eliminated. 3. Amount credited to Investment Account: The holding company A Limited credited to its Profit and Loss Statement the dividends received from the subsidiary B Limited. The dividends pertaining to pre- acquisition period represent recovery of cost and do not form part of income. Therefore, the same is required to be credited to the Investment Account. Pre-acquisition period is for 7 months i.e., April 1998 to 1st November 1999 (a) Pre-acquisition equity dividend [Rs.540 x 7/12] Rs. 31.50 (b) Pre-acquisition preference dividend [Rs.40.50 x 1/6] Rs. 6.75 4. Holding company’s share in the profit upto the date of investment in subsidiary forms part of equity on the date at which investment in subsidiary is made. Therefore, such profits are utilised in eliminating the cost of investments in subsidiary. Profits are computed as under: (a) Opening Balance of the Profit and Loss Account Rs. 576.00 514 Audit of Consolidated Financial Statements (b) Net Profit earned during the period 1.4.98 to 1.11.98 i.e., 2376 x 7/12 Rs.1,386.00 (c) Interim dividend on equity shares Rs. (720.00) (d) Final dividend on equity shares for the period 2002-2003 (apportioned in the ratio of months 7:5) [720 x 7/12] Rs. (420.00) (e) Interim dividend on preference shares Rs. (81.00) (f) Final dividend on preference shares (it relates to the last six months of the financial year, therefore, apportioned in the ratio of 1:5) [Rs.81.00 x 1/6] Rs. (13.50) Total profits of the subsidiary upto the date of Investment Rs. 727.50 Holding Company’s share in the profits computed (0.75 x 727.5) Rs. 545.62 5. Minorities have a share of 25% in the total profit of the subsidiary company. [Rs.1,350 x 0.25] Rs. 337.50 6. Computation of Unrealised Profit on Stock (i) Value of unsold stock Rs. 500.00 (ii) Profit included is 20% on cost Unrealised profit [Rs.500.00 x 0.20] Rs. 100.00 515 27 GUIDANCE NOTE ON COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS)* Contents Paragraph(s) Introduction ........................................................................................ 1-2 Description of Computer Assisted Audited Techniques (CAATs) ............................................................................................. 3-4 Considerations in the Use of CAATs.............................................. 5-14 IT Knowledge, Expertise and Experience of the Audit Team ........... 6 Availability of CAATs and Suitable Computer Facilities ................ 7-8 Impracticability of Manual Tests ...................................................... 9 Effectiveness and Efficiency ..................................................... 10-12 Time Constraints ...................................................................... 13-14 Using CAATs .................................................................................. 15-22 Testing CAAT .................................................................................16 Controlling CAAT Application ................................................... 17-22 Documentation ............................................................................... 23-24 Arrangements with the Entity ....................................................... 25-27 Using CAATs in Small Entities ...........................................................28 Appendices * Issued in September, 2003 Computer Assisted Audit Techniques (CAATs) Introduction 1. The overall objectives and scope of an audit do not change when an audit is conducted in a computer information systems (CIS) environment. The application of auditing procedures may, however, require the auditor to consider techniques known as Computer Assisted Audit Techniques (CAATs) that use the computer as an audit tool for enhancing the effectiveness and efficiency of audit procedures. CAATs are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance, contained in an entity’s information systems. 2. The purpose of this Guidance Note is to provide guidance in the use of CAATs. This Guidance Note describes computer assisted audit techniques including computer tools, collectively referred to as CAATs. This Guidance Note applies to all uses of CAATs when a computer of any type or size is involved whether that computer is operated by the entity or by a third party. Description of Computer Assisted Audit Techniques (CAATs) 3. Computer Assisted Audit Techniques (CAATs) are important tools for the auditor in performing audits. CAATs may be used in performing various auditing procedures, including the following: ♦ tests of details of transactions and balances, for example, the use of audit software for recalculating interest or the extraction of invoices over a certain value from computer records; ♦ analytical procedures, for example, identifying inconsistencies or significant fluctuations; ♦ tests of general controls, for example, testing the set-up or configuration of the operating system or access procedures to the program libraries or by using code comparison software to check that the version of the program in use is the version approved by management ; ♦ sampling programs to extract data for audit testing; ♦ tests of application controls, for example, testing the functioning of a programmed control; and ♦ reperforming calculations performed by the entity’s accounting systems. 517 Handbook of Auditing Pronouncements-II 4. CAATs allow the auditor to give access to data without dependence on the client, test the reliability of client software, and perform audit tests more efficiently. CAATs are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance contained in an entity’s information systems. CAATs may consist of package programs, purpose-written programs, utility programs or system management program. Regardless of the origin of the programs, the auditor substantiates their appropriateness and validity for audit purposes before using them. A brief description of the programs commonly used is given below. ♦ Package Programs are generalized computer programs designed to perform data processing functions, such as reading data, selecting and analyzing information, performing calculations, creating data files and reporting in a format specified by the auditor. ♦ Purpose-Written Programs perform audit tasks in specific circumstances. These programs may be developed by the auditor, the entity being audited or an outside programmer hired by the auditor. In some cases, the auditor may use an entity’s existing programs in their original or modified state because it may be more efficient than developing independent programs. ♦ Utility Programs are used by an entity to perform common data processing functions, such as sorting, creating and printing files. These programs are generally not designed for audit purposes, and therefore may not contain features such as automatic record counts or control totals. ♦ System Management Programs are enhanced productivity tools that are typically part of a sophisticated operating systems environment, for example, data retrieval software or code comparison software. As with utility programs these tools are not specifically designed for auditing use and their use requires additional care. Details of some of the techniques used are mentioned in the Appendix. Considerations in the Use of CAATs 5. When planning an audit, the auditor may consider an appropriate combination of manual and computer assisted audit techniques. In determining whether to use CAATs, the factors to consider include: ♦ the IT knowledge, expertise and experience of the audit team; 518 Computer Assisted Audit Techniques (CAATs) ♦ the availability of CAATs and suitable computer facilities and data; ♦ the impracticability of manual tests; ♦ effectiveness and efficiency; and ♦ time constraints. Before using CAATs the auditor considers the controls incorporated in the design of the entity’s computer systems to which CAAT would be applied in order to determine whether, and if so, how, CAATs should be used. IT Knowledge, Expertise and Experience of the Audit Team 6. Standard on Auditing (SA) 401, “Auditing in a Computer Information Systems Environment” deals with the level of skill and competence the audit team needs to conduct an audit in a CIS environment. It provides guidance when an auditor delegates work to assistants with CIS skills or when the auditor uses work performed by other auditors or experts with such skills. Specifically, the audit team should have sufficient knowledge to plan, execute and use the results of the particular CAAT adopted. The level of knowledge required depends on “availability of CAATs” and “suitable computer facilities”. Availability of CAATs and Suitable Computer Facilities 7. The auditor considers the availability of CAATs, suitable computer facilities and the necessary computer-based information systems and data. The auditor may plan to use other computer facilities when the use of CAATs on an entity’s computer is uneconomical or impractical, for example, because of an incompatibility between the auditor’s package program and entity’s computer. Additionally, the auditor may elect to use their own facilities, such as PCs or laptops. 8. The cooperation of the entity’s personnel may be required to provide processing facilities at a convenient time, to assist with activities such as loading and running of CAAT on the entity’s system, and to provide copies of data files in the format required by the auditor. Impracticability of Manual Tests 9. Some audit procedures may not be possible to perform manually because they rely on complex processing (for example, advanced statistical 519 Handbook of Auditing Pronouncements-II analysis) or involve amounts of data that would overwhelm any manual procedure. In addition, many computer information systems perform tasks for which no hard copy evidence is available and, therefore, it may be impracticable for the auditor to perform tests manually. The lack of hard copy evidence may occur at different stages in the business cycle. ♦ Source information may be initiated electronically, such as by voice activation, electronic data imaging, or point of sale electronic funds transfer. In addition, some transactions, such as discounts and interest calculations, may be generated directly by computer programs with no specific authorization of individual transactions. ♦ A system may not produce a visible audit trail providing assurance as to the completeness and accuracy of transactions processed. For example, a computer program might match delivery notes and suppliers’ invoices. ♦ In addition, programmed controlled procedures, such as checking customer credit limits, may provide hard copy evidence only on an exception basis. ♦ A system may not produce hard copy reports. In addition, a printed report may contain only summary totals while computer files retain the supporting details. Effectiveness and Efficiency 10. The effectiveness and efficiency of auditing procedures may be improved by using CAATs to obtain and evaluate audit evidence. CAATs are often an efficient means of testing a large number of transactions or controls over large populations by: ♦ analyzing and selecting samples from a large volume of transactions; ♦ applying analytical procedures; and ♦ performing substantive procedures. 11. Matters relating to efficiency that an auditor might consider include: ♦ the time taken to plan, design, execute and evaluate CAAT; ♦ technical review and assistance hours; 520 Computer Assisted Audit Techniques (CAATs) ♦ designing and printing of forms (for example, confirmations); and ♦ availability of computer resources 12. In evaluating the effectiveness and efficiency of CAAT, the auditor considers the continuing use of CAAT application. The initial planning, design and development of CAAT will usually benefit audits in subsequent periods. Time Constraints 13. Certain data, such as transaction details, are often kept for a short time and may not be available in machine-readable form by the time auditor wants them. Thus, the auditor will need to make arrangements for the retention of data required, or may need to alter the timing of the work that requires such data. 14. Where the time available to perform an audit is limited, the auditor may plan to use CAAT because its use will meet the auditor’s time requirement better than other possible procedures. Using CAATs 15. The major steps to be undertaken by the auditor in the application of CAAT are to: (a) set the objective of CAAT application; (b) determine the content and accessibility of the entity’s files; (c) identify the specific files or databases to be examined; (d) understand the relationship between the data tables where a database is to be examined; (e) define the specific tests or procedures and related transactions and balances affected; (f) define the output requirements; (g) arrange with the user and IT departments, if appropriate, for copies of the relevant files or database tables to be made at the appropriate cut off date and time; 521 Handbook of Auditing Pronouncements-II (h) identify the personnel who may participate in the design and application of CAAT; (i) refine the estimates of costs and benefits; (j) ensure that the use of CAAT is properly controlled; (k) arrange the administrative activities, including the necessary skills and computer facilities; (l) reconcile data to be used for CAAT with the accounting and other records; (m) execute CAAT application; (n) evaluate the results; (o) document CAATs to be used including objectives, high level flowcharts and run instructions; and (p) assess the effect of changes to the programs/system on the use of CAAT. Testing CAAT 16. The auditor should obtain reasonable assurance of the integrity, reliability, usefulness, and security of CAAT through appropriate planning, design, testing, processing and review of documentation. This should be done before reliance is placed upon CAAT. The nature, timing and extent of testing is dependent on the commercial availability and stability of CAAT. Controlling CAAT Application 17. The specific procedures necessary to control the use of CAAT depend on the particular application. In establishing control, the auditor considers the need to: (a) approve specifications and conduct a review of the work to be performed by CAAT; (b) review the entity’s general controls that may contribute to the integrity of CAAT, for example, controls over program changes and access to computer files. When such controls cannot be relied on to ensure the integrity of CAAT, the auditor may consider processing CAAT application at another suitable computer facility; and 522 Computer Assisted Audit Techniques (CAATs) (c) ensure appropriate integration of the output by the auditor into the audit process. 18. Procedures carried out by the auditor to control CAATs applications may include: (a) participating in the design and testing of CAAT; (b) checking, if applicable, the coding of the program to ensure that it conforms with the detailed program specifications; (c) asking the entity’s staff to review the operating system instructions to ensure that the software will run in the entity’s computer installation; (d) running the audit software on small test files before running it on the main data files; (e) checking whether the correct files were used, for example, by checking external evidence, such as control totals maintained by the user, and that those files were complete; (f) obtaining evidence that the audit software functioned as planned, for example, by reviewing output and control information; and (g) establishing appropriate security measures to safeguard the integrity and confidentiality of the data. When the auditor intends to perform audit procedures concurrently with online processing, the auditor reviews those procedures with appropriate client personnel and obtains approval before conducting the tests to help avoid the inadvertent corruption of client records. 19. To ensure appropriate control procedures, the presence of the auditor is not necessarily required at the computer facility during the running of CAAT. It may, however, provide practical advantages, such as being able to control distribution of the output and ensuring the timely correction of errors, for example, if the wrong input file were to be used. 20. Audit procedures to control test data applications may include: ♦ controlling the sequence of submissions of test data where it spans several processing cycles; ♦ performing test runs containing small amounts of test data before submitting the main audit test data; 523 Handbook of Auditing Pronouncements-II ♦ predicting the results of the test data and comparing it with the actual test data output, for the individual transactions and in total; ♦ confirming that the current version of the programs was used to process the test data; and ♦ testing whether the programs used to process the test data were the programs the entity used throughout the applicable audit period. 21. When using CAAT, the auditor may require the cooperation of entity staff with extensive knowledge of the computer installation. In such circumstances, the auditor considers whether the staff improperly influenced the results of CAAT. 22. Audit procedures to control the use of audit-enabling software may include: ♦ verifying the completeness, accuracy and availability of the relevant data, for example, historical data may be required to build a financial model; ♦ reviewing the reasonableness of assumptions used in the application of the tool set, particularly, when using modeling software; ♦ verifying availability of resources skilled in the use and control of the selected tools; and ♦ confirming the appropriateness of the tool set to the audit objective, for example, the use of industry specific systems may be necessary for the design of audit programs for unique business cycles. Documentation 23. The various stages of application of CAATs should be sufficiently documented to provide adequate audit evidence. 24. The audit working papers should contain sufficient documentation to describe CAAT application, including the details set out in the sections below: (a) Planning ♦ CAAT objectives; ♦ CAAT to be used; 524 Computer Assisted Audit Techniques (CAATs) ♦ Controls to be exercised; and ♦ Staffing, timing and cost. (b) Execution ♦ CAAT preparation and testing procedures and controls; ♦ Details of the tests performed by CAAT; ♦ Details of inputs (e.g., data used, file layouts), processing (e.g., CAATs high-level flowcharts, logic) and outputs (e.g., log files, reports); ♦ Listing of relevant parameters or source code; and ♦ Relevant technical information about the entity’s accounting system, such as file layouts. (c) Audit Evidence ♦ Output provided; ♦ Description of the audit work performed on the output; ♦ Audit findings; and ♦ Audit conclusions; (d) Other ♦ Recommendations to the entity management; and In addition, it may be useful to document suggestions for using CAAT in future years. Arrangements with the Entity 25. The auditor may make arrangements for the retention of the data files, such as detailed transaction files, covering the appropriate audit time frame. 26. In order to minimize the effect on the organisation’s production environment, access to the organisation’s information system facilities, programs/systems and data should be arranged well in advance of the needed time period 27. The auditor should also consider the effect of these changes on the integrity and usefulness of CAAT, as well as the integrity of the programs/system and data used by the auditor. 525 Handbook of Auditing Pronouncements-II Using CAATs in Small Entities 28. Although the general principles outlined in this Guidance Note apply in small entity IT environments, the following points need special consideration: (a) The level of general controls may be such that the auditor will place less reliance on the system of internal control. This will result in greater emphasis on tests of details of transactions and balances and analytical review procedures, which may increase the effectiveness of certain CAATs, particularly, audit software. (b) Where smaller volumes of data are processed, manual methods may be more cost effective. (c) A small entity may not be able to provide adequate technical assistance to the auditor, making the use of CAATs impracticable. (d) Certain audit package programs may not operate on small computers, thus restricting the auditor’s choice of CAATs. The entity’s data files may, however, be copied and processed on another suitable computer. 526 Computer Assisted Audit Techniques (CAATs) Appendix Examples of Computer Assisted Audit Techniques Techniques Description Advantages Disadvantages Audit ♦ Expert ♦ These ♦ Not applicable in the Automation Systems techniques are case of mainframe more useful computers. ♦ Tools to when auditors evaluate a are using client’s risk laptops which management can be directly procedures linked with the ♦ Electronic entity’s working system. papers, which provide for the direct extraction of data from clients computer records ♦ Corporate and financial modeling programs for use as predictive audit test Audit Software ♦ Software used ♦ Performs a ♦ Requires a reasonable by the auditor wide variety of degree of skill to use to read data on audit tasks ♦ Initial set up costs can client’s files, to ♦ Long term be high provide economies information for ♦ Adaptation often the audit and/or ♦ Reads actual needed from machine to re-perform records to machine procedures ♦ Capable of carried out by dealing with the client’s large volumes programs. of transactions Core Image Software used by the ♦ Provides a ♦ Requires a high Comparison auditor to compare high degree of degree of skill to set up the executable comfort and to interpret the version of a program concerning the results. 527 Handbook of Auditing Pronouncements-II with a secure master executable ♦ Where programs have copy version of the been recompiled the program comparison may be ♦ Particularly invalidated as the useful where program records only everything as a executable difference versions are ♦ Printouts are hard to distributed interpret and the actual changes made are difficult to establish ♦ Availability restricted to certain machine types Database Software used by the ♦ Provides ♦ Requires a high Analysers auditor to examine the detailed degree of skill to set up rights associated with information and to interpret the terminals and the concerning the results ability of users to operation of ♦ Restricted availability access information on the database both as regards a database ♦ Enhances the machine types and auditor’s database management understanding systems of the ♦ Specific and limited database audit applicability management system Embedded Software used by the ♦ Performs a ♦ There is a processing Code auditor to examine wide variety of overhead involved transactions passing audit tasks because of the extra through the system by programs ♦ Examines placing his own each ♦ Definition of what program in the suite transaction as constitutes an unusual of programs used for it passes transaction needs to processing. through the be very precise system ♦ Precautions need to be ♦ Operates taken over the output continuously from the programs to ensure is security ♦ Capable of identifying ♦ Precautions need to be unusual taken to ensure that transactions the program cannot be passing suppressed or through the tampered with system. ♦ Requires some degree of skill to use and to interpret the results 528 Computer Assisted Audit Techniques (CAATs) Log Analysers Software used by the ♦ Provides ♦ Requires a high auditor to read and detailed degree of skill to use analyse records of information on and to interpret the machine activity machine results usage. ♦ Limited availability as ♦ Long term regards machine types economies ♦ High volume of records ♦ Effective when restricts extent of test testing integrity controls Mapping Software used by the ♦ Identifies ♦ Very specific objective auditor to list unused program code ♦ Requires a high program instructions which may be degree of skill to use there for and to interpret the fraudulent results reasons. ♦ Adaptation needed from machine to machine. Modelling A variety of software, ♦ Can be a very ♦ A high volume of data usually associated powerful may need to be with a microcomputer, analytical tool entered initially enabling the auditor to ♦ Can enable ♦ Results require careful carry out analytical the auditor to interpretation reviews of client’s examine results, to alter provisions on conditions so as to a number of identify amounts for different bases provisions or claims, or to project results ♦ Very flexible in and compare actual use results with those ♦ Can provide expected the auditor with useful information on trends and patterns On-line Testing Techniques whereby ♦ Very widely ♦ Each use satisfies only the auditor arranges applicable one particular objective or manipulates data ♦ Easy to use ♦ Care must be taken to either real or fictitious, ensure that “live” data in order to see that a ♦ Can be targetted does not impact actual specific program or for specific results screen edit test is functions carried doing its work out by programs 529 Handbook of Auditing Pronouncements-II Program Code An examination by the ♦ Gives a ♦ The auditor must Analysis auditor of the source reasonable understand the code of a particular degree of program language program with a view comfort about ♦ The auditor needs to to following the logic the program check that the source of the program so as logic code represents the to satisfy himself that ♦ The auditor version in the source it will perform can examine library, and that this according to his every function version equates to the understanding of the program executable version code Program Software used by the ♦ Provides the ♦ Requires a high Library auditor to examine auditor with degree of skill to use Analysers dates of changes useful and to interpret the made to the information results executable library and concerning the ♦ Availability restricted to the use of utilities to program certain machine types amend programs library ♦ Only relevant when ♦ Identifies testing integrity abnormal controls changes to the library ♦ Useful when testing program security Snapshots Software used by the ♦ Permits the ♦ Can be expensive to auditor to take a auditor to set up “picture” of a file of examine data or a transaction processing at passing through the a specific point system at a particular in time to carry point in time out tests, or to confirm the way a particular aspect of the system operates Source Software used by the ♦ Compares ♦ Other procedures are Comparison auditor to compare source code necessary to ensure the source version of line by line that the executable a program with a and identifies version reflects the secure master copy all differences source code examined ♦ Useful when ♦ Requires some degree testing of skill to use and to integrity 530 Computer Assisted Audit Techniques (CAATs) controls or interpret the results particularly ♦ Availability restricted to important certain machine types program procedures Test Data - Fictitious data applied ♦ Performs a ♦ “Dead” test data “Live”, “Dead”, against the client’s wide variety of requires additional Integrated Test programs either whilst tasks work for the auditor to Facility or they are running or in satisfy himself the right ♦ Gives Base Case an entirely separate programs were used considerable System operation. comfort about ♦ Care must be taken to Evaluation The results of the operation ensure that “live” data processing the of programs does not impact actual fictitious data are results ♦ Can be compared with the precisely ♦ Technique can be expected results targetted for expensive to set up based on the auditor’s specific and cumbersome to understanding of the programs involved procedures use within ♦ Adequate for detection programs of major error but less ♦ Long term likely to detect deep- economies seated fraud Tracing Software used by the ♦ Helps to ♦ There may be less auditor to identify analyse the costly ways to achieve which instructions way in which a the same objectives, were used in a program although not in the program and in what operates same detail order ♦ Requires a high degree of skill to use and to interpret the results ♦ Adaptation needed from machine to machine 531 28 GUIDANCE NOTE ON AUDIT OF PAYMENT OF DIVIDEND* Contents Paragraph(s) Introduction ................................................................................. 3-6 Internal Control Evaluation ......................................................... 7-8 Verification ..................................................................................9-29 Disclosure ................................................................................. 30-32 Management Representation ........................................................ 33 Documentation .............................................................................. 34 Appendices * Issued in August, 2005. Audit of Payment of Dividend The following is the text of the Guidance Note on Audit of Payment of Dividend issued by the Auditing and Assurance Standards Board of the Council of the Institute of Chartered Accountants of India. This Guidance Note should be read in conjunction with the Standards on Auditing issued by the Institute. 1. Paragraph 2.1 of the “Preface to the Statements on Standard Auditing Practices1” issued by the Institute of Chartered Accountants of India states that the “main function of the Auditing Practices Committee (APC)2 is to review the existing auditing practices in India and to develop Statements on Standard Auditing Practices (SAPs)3 so that these may be issued by the Council of the Institute”. Paragraph 2.4 of the Preface states that the “APC will issue Guidance Notes on the issues arising from the SAPs wherever necessary”. 2. The Auditing and Assurance Standards Board has also taken up the task of reviewing the Statements on auditing matters issued prior to the formation of the Board. It is intended to issue, in due course of time, Engagement Standards or Guidance Notes, as appropriate, on the matters covered by such Statements which would then stand withdrawn. Accordingly, with the issuance of this Guidance Note on Audit of Payment of Dividends, paragraphs 8.19 to 8.24 of the “Capital and Reserve” section of “Statement on Auditing Practices” shall stand withdrawn.4. Introduction 3. Guidance Note on Terms Used in the Financial Statements, issued by the Institute, defines dividend as “A distribution to shareholders out of profits or reserves available for this purpose”. 4. Dividend means a return on shares held in an entity and payable out of distributable surplus. The dividends, which are paid on winding up, are in fact distribution of the entity’s assets and not of profits, even if those assets include some profit earned on winding up of the entity. However, the proviso to section 205(3) of the aforementioned Act permits a company to capitalise its profits by issuing fully paid bonus shares or paying up any amount being unpaid on shares held by its members. Further, under section 205(3) of the Companies Act, 1956, no dividend is payable otherwise than in cash. 1 The said Preface has been withdrawn pursuant to issuance of the Revised “Preface to Standards on Quality Control, Auditing, Review, Other Assurance and Related Service”, by the Institute of Chartered Accountants of India. The Revised Preface is effective from April 1, 2008. The text of the revised Preface is reproduced in the Vol-I.A of this Handbook. 2 Now known as the Auditing and assurance Standards Board (AASB). 3 Now known as Engagement Standards. 4 Since the Statement was withdrawn in March, 2005, the entire paragraph is redundant. 533 Handbook of Auditing Pronouncements-II 5. Dividend includes any interim dividend. It may also be noted that in case of a company, provisions of section 205, 205A, 205C, 206, 206A and 207 of the Companies Act, 1956 apply to interim dividend as well. 6. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions as laid down in paragraph 6 of the Standard on Auditing 500, “Audit Evidence”. In carrying out the audit of payment of dividends, the auditor’s primary objective is to obtain sufficient appropriate audit evidence to satisfy himself that dividend has been declared and paid in accordance with the applicable provisions, if any, of the relevant laws and regulations applicable to the entity and that all the transactions relating to declaration and payment of dividend have been properly accounted for and disclosed. The auditor’s scope of examination would, therefore, include: (a) verifying whether dividend has been declared out of distributable surplus after proper authorisation, as required under law; (b) evaluating the internal control system regarding procedure of preparation and issuance of dividend warrants /instructions for direct transfer of funds to the shareholders’ accounts and also check the timeliness of dispatch of warrants and deposition of the dividend amount in the separate bank account, if any, maintained for this purpose; (c) examining compliance with the requirements of the relevant laws and regulations relating to payment of dividend, for example, mandatory transfer to a reserve fund or transfer to other funds, such as unclaimed dividend account., Investor Education and Protection Fund, etc., as applicable to the entity; and (d) examining the system for recording and appropriate disclosure of transactions during the year relating to payment of dividend. Internal Control Evaluation 7. The auditor should ascertain whether the governing charter, for example, Articles of Association in case of a company, or any similar document of the entity, permits payment of dividend to the members by the entity. For example, a company formed under section 25 of the Companies Act, 1956 is prohibited under the said section itself from paying any dividend to its members. 8. The auditor should study and evaluate the system of internal control relating to payment of dividend to determine the nature, timing and extent of 534 Audit of Payment of Dividend his other audit procedures. He should particularly review the following aspects relating to payment of dividend: (a) whether all transactions in the dividend account have been authorised by the competent authority; (b) whether the registers containing the details of members and dividend have been properly maintained by the entity; (c) whether there is an effective system of segregation of duties in place. Special attention should be given to the segregation of the duties towards maintenance of shareholders’ register, preparation of dividend warrants and maintenance of warrant dispatch register; (d) the internal control procedures with regard to preparation of dividend warrants and posting them to the members, or the instructions given for electronic transfer of funds or any other mode of payment of dividend to the members, and records maintained to record the details of unclaimed dividend. Separate records of unclaimed dividend should be maintained for each year’s dividend/interim dividend; (e) the procedures for payment of unclaimed dividend and should satisfy himself that they are not paid without adequate safeguards being taken as to identification of the payee, checking of the payee’s claim, etc. In case, the above activities are outsourced, the auditor should evaluate the activities of the service organisation and if finds them significant, he should obtain sufficient information to understand the accounting and internal control systems of the service organisation and assess control risk at either the maximum or a lower level, as appropriate, if tests of control are performed. For detailed guidance in this respect, reference may be made to Standard on Auditing 402, “Audit Considerations Relating to an Entity Using a Service Organisation.” Verification 9. Verification of payment of dividend may be carried out by performing the following procedures: (a) examination of compliance with laws and regulations and such other relevant information having a bearing on payment of dividend; and (b) examination of the system of maintenance of records. 535 Handbook of Auditing Pronouncements-II 10. The auditor should verify the compliance with laws and regulations, provisions contained in the governing charter, e.g. Articles of Association in case of companies, bye-laws or rules and directions/instructions issued by any regulatory authority applicable to the entity and/or the terms of the banks/financial institutions which may lay down certain restrictions or conditions on declaration of dividend. For example: (a) In case of companies, the following conditions have to be complied with before declaration of dividend: ♦ It has provided for depreciation for any previous financial year(s) which fall(s) after the commencement of the Companies (Amendment) Act, 1960 [section 205(1)] and further that such depreciation has been computed in accordance with the requirements of section 350 and other provisions of section 205(2) of the Act ♦ It has provided for any losses incurred in any previous financial year(s) which fall(s) after the commencement of the Companies (Amendment) Act, 1960 [section 205(1)] ♦ Where the company has declared dividend for any financial year out of the profits for that year, it has also transferred to a reserve such percentage (or a higher percentage) of profits as may be prescribed in the Companies (Transfer of Profits to Reserves) Rules, 1975 [section 205(2A)] ♦ It has complied with the requirements of section 80A, dealing with redemption of irredeemable preference shares etc., of the Companies Act, 1956. (b) Under the Banking Regulation Act, 1949, dividend can not be paid without first writing off intangible assets and transferring certain percentage of profits to statutory reserves unless permitted by the Central Government to do so. Section 17 of the Banking Regulation Act, 1949 requires that a banking company incorporated in India must transfer twenty per cent of its annual profits to a reserve fund before any dividend is distributed unless a specific exemption has been obtained from the Central Government. (c) State Co-operative laws lay down that certain percentage of profits have to be transferred to various reserves and a minimum percentage of profit has to be paid as dividend. 536 Audit of Payment of Dividend 11. The auditor has to verify that the dividend is declared only out of distributable surplus. For example, in case of a company, under section 205 of the Companies Act, 1956, dividends can be distributed out of profits for the year in which dividend is declared, accumulated profits of any preceding year or under any guarantee given by Central or any State Government. 12. The auditor should verify that a specific resolution for payment of dividend has been duly passed at the meeting of the Board or any similar authority. In case of interim dividend, the dividend declared by the Board of Directors or similar authority is final. In case of final dividend, the auditor should also verify that the recommendations of the Board have been approved by the members at the annual general meeting. It may, however, be noted that in case of companies, the members can reduce the amount of dividend or decide for non- payment of dividend but they can not increase the dividend recommended by the Board. 13. If the entity has non-voting shares and/or shares with variable rights and /or preference shares with various options like, cumulative, participatory, etc., the resolution declaring the dividend should also specify different rates of dividend on the shares having variable rights or preferential rights as to dividend. In such cases, the auditor has to verify that the dividend paid is in accordance with the terms of the resolution and also the resolution is in accordance with the terms attached to these shares. 14. Other laws and regulations, relating to payment of dividend, governing the entity may impose similar or other restrictions. The auditor has to be familiar with the laws and regulations governing the entity and verify whether these laws and regulations have been complied with. For example, the auditor has to examine the compliance with provisions of the Foreign Exchange Management Act, 1999 for the payment of dividend in foreign currency pursuant to issue of shares to non- residents and issue of ADR/GDR. Appendix to this Guidance Note contains relevant extracts of the provisions of various statutes having a bearing on the declaration and payment of dividend. 15. In case of a listed company, the auditor should also verify whether the provisions of the Listing Agreement as to declaration of dividend, e.g., prior intimation to the Stock Exchange about the Board meeting at which declaration/recommendation of dividend is to be considered, intimation to Stock Exchanges of all dividends and/or cash bonuses recommended or declared or the decision to pass any dividend or interest payment at the Board meeting, have been complied with or not. 537 Handbook of Auditing Pronouncements-II 16. The nature, timing and extent of substantive procedures to be performed by the auditor is, however, a matter of professional judgment of the auditor which is based, inter alia, on the auditor’s evaluation of the effectiveness of the related internal controls. 17. The auditor should examine that the mandatory transfer of the amount specified to a separate fund, where so required by the relevant laws and regulations, have been made before payment of dividend. 18. The auditor has to verify that the dividend is paid in accordance with the terms prescribed in resolution by the Board/members. 19. The auditor should verify that the dividend warrants have been dispatched to the members within the time limit prescribed. 20. If an interim dividend is declared, the auditor has to verify whether the same is approved in a general meeting of the members and the provisions contained in the Articles of Association or bye-laws or other statutes governing the body corporate permit it to pay interim dividend. In case of statutory corporations and nationalised banks, the Board may be empowered to declare and pay the dividend and resolution by the members may not be necessary. In case of companies, the auditor should verify that the financial statements have been prepared and presented before the Board and the Board while considering the interim dividend, has taken into account the depreciation to be provided for the full year, profit to be transferred to reserves under Companies (Transfer of Profits to Reserves) Rules, 1975 and the dividend payable to preference shareholders. 21. If the laws and regulations applicable to the entity require it to deposit the amount of dividend, interim and/or final, in a separate bank account, the auditor has to verify whether such transfer of funds to the separate account has been made within the prescribed time limit. The auditor should also verify the compliance of law with regard to unclaimed dividend. For example, in case of companies, the dividend declared has to be deposited within prescribed period in a separate bank account and if dividend is not claimed within such number of days, of such transfer, as may be specified by the Companies Act, 1956 or rules made thereunder and the amount remaining in the separate bank account has to be transferred to unpaid dividend account separately opened with any scheduled bank and the amount remaining in that account after the expiry of such period of opening such unpaid dividend account, as may be prescribed together with interest accrued thereon, if any, has to be transferred to Investor Education and Protection Fund Account established under the 538 Audit of Payment of Dividend Companies Act, 1956. It may be noted, that within specified number of months prior to the transfer of unclaimed dividend to Investor Education & Protection Fund, the company has to give notice to individuals who have not claimed such dividend. If the auditor finds that the amounts required to be transferred as above have a material effect on the financial statements, and have not been properly reflected in the financial statements, the auditor should assess the impact of such non-compliance on his audit report. 22. The auditor should verify that adjustment, if any, made in the dividend payable, towards calls in arrears or any other sums due from members is in accordance with the terms of issue, laws and regulations applicable to the entity. 23. The auditor may verify the total amount of dividend transferred to a separate bank account is in agreement with the statement prepared by the body corporate reconciling the total dividend payable on shares in physical form, dematerialised form, and dividend withheld in respect of shares pending for registration of transfer and adjustments, if any, made for the calls in arrears and other dues from the members. 24. The listed companies are required to electronically transfer dividend to bank accounts of the shareholders, wherever Electronic Clearing Services (ECS) facility is available and the members/depositories furnish details of the respective bank accounts of the members and in respect of others, distribute the dividend through dividend warrants. In such cases, in addition to test checks for individual payments, the auditor should examine the overall reconciliation of the total payment made through electronic transfer and payment made through dividend warrants. 25. The auditor should verify that the dividend is paid: (a) (i) in respect of shares held in electronic form, to those persons whose details as on record date/book closure date are furnished by the depositories; and/or (ii) in respect of shares held in physical form, to the members whose names are appearing on the record date/ immediately after effecting the transfers submitted till the date of book closure; and (b) in respect of share warrants to the holders of share warrants. 26. The auditor should apply the analytical procedures before forming any overall conclusion so as to find out any material fluctuations and deviations from the relevant information that he has gained during the course of audit. 539 Handbook of Auditing Pronouncements-II Such analytical procedures may be regarding the changes in the shareholding pattern, dividend pay out ratio, ratio of gross dividend payable to the paid up share capital or ratio of net dividend payable with the gross dividend payable by the entity. In case of listed companies, the auditor may also review the minutes of the meetings of the Investors’ Grievances Committee, wherever such Committee exists, to have an overview of the nature and number of complaints related to dividends as the same would provide the auditor an additional evidence as to the efficacy of the internal control system in relation to payment of dividend. 27. The auditor should verify that the total amount remaining in the unclaimed dividend account, for example, because of dispute about ownership on account of court cases etc., or the amount not claimed by shareholders, tallies with the schedule of unclaimed dividend for each year for which dividend remains unclaimed. 28. The auditor has to verify that in case the entity proposes to pay dividend out of its accumulated reserves, whether the same has been paid after complying with the statutory requirements, if any. For example, a company can pay dividend out of its accumulated reserves only after complying with the provisions of sub-section (3) of Section 205A of the Companies Act, 1956 and the Companies (Declaration of Dividend out of Profits) Rules, 1975. These Rules provide for the maximum amount that can be paid as dividend. In cases where the company declares dividend that is not in accordance with these Rules, the auditor must verify that the company has obtained prior approval from the Central Government for the same. Similar provisions, if any, in the laws applicable to other entities have to be complied with. 29. The auditor should also verify that: (a) If capital profits are distributed as dividend: (i) the Articles or the bye-laws or other rules and regulations applicable to the entity, permit such distribution; and (ii) it has been realised in cash; and (iii) the Board or similar authority is satisfied that net aggregate value of the assets remaining after distribution of that profit will not be less than the book values so that share capital and reserves remaining after the distribution will be fully represented by the remaining assets. 540 Audit of Payment of Dividend (b) Capital surplus arising on the revaluation of fixed assets is not directly or indirectly available for distribution as dividend. (c) Any reserve in the nature of capital reserve arising on acquisition of a business as a going concern or on amalgamation in the nature of purchase and Securities premium collected on the issue of securities can not be utilised for declaration of dividend. Disclosure 30. Proposed dividend should be shown as appropriation of profit in the Profit and Loss Account and as provision under “ Provisions” in the Balance Sheet. 31. Unclaimed dividends should be shown in Balance Sheet under the head “Current Liabilities”. 32. In respect of companies, all arrears of cumulative preference dividends should be shown as a contingent liability. Management Representation 33. The auditor should obtain representation from the management of the entity about the amount retained in unclaimed dividend account by reason of disputes pending in various courts of law and also that it has complied with all laws and regulations applicable to the provisioning and payment of dividend including transfers to Unclaimed Dividend Fund or any other fund such as Investors Education and Protection Fund, where so required and that the dividend has been paid to the persons entitled to it. Documentation 34. The auditor’s working papers should contain the plan devised for verification of payment of dividend. Among other papers, he should maintain in his audit file, the management representations and any other relevant document, such as copy of the Board resolution authorising payment of dividend, etc. He should ensure that all significant matters that require the exercise of his professional judgment, together with the auditor’s conclusion thereon have been properly included in his working papers. 541 Handbook of Auditing Pronouncements-II Appendix Provisions of Certain Acts and Rules With Regard to Declaration and Payment of Dividend5 The Companies Act, 1956 205. Dividend to be Paid only out of Profits – (1) No dividend shall be declared or paid by a company for any financial year except out of the profits of the company for that year arrived at after providing for depreciation in accordance with the provisions of sub-section (2) or out of the profits of the company for any previous financial year or years arrived at after providing for depreciation in accordance with those provisions and remaining undistributed or out of both or out of moneys provided by the Central Government or a State Government for the payment of dividend in pursuance of a guarantee given by that Government: Provided that – (a) if the company has not provided for depreciation for any previous financial year or years which falls or fall after the commencement of the Companies (Amendment) Act, 1960 (65 of 1960) it shall, before declaring or paying dividend for any financial year provide for such depreciation out of the profits of that financial year or out of the profits of any other previous financial year or years; (b) if the company has incurred any loss in any previous financial year or years, which falls or fall after the commencement of the Companies (Amendment ) Act, 1960 (65 of 1960) then, the amount of the loss or an amount which is equal to the amount provided for depreciation for that year or those years whichever is less, shall be set off against the profits of the company for the year for which dividend is proposed to be declared or paid or against the profits of the company for any previous financial year or years, arrived at in both cases after providing for depreciation in accordance with the provisions of sub-section (2) or against both; (c) the Central Government may, if it thinks necessary so to do in the public interest, allow any company to declare or pay dividend for any financial 5 The Acts and Rules specified in this Appendix are only illustrative in nature and are not meant to be exhaustive for the purposes of the laws dealing with the payment of dividend by different entities. 542 Audit of Payment of Dividend year out of the profits of the company for that year or any previous financial year or years without providing for depreciation: Provided further that it shall not be necessary for a company to provide for depreciation as aforesaid where dividend for any financial year is declared or paid out of the profits of any previous financial year or years which falls or fall before the commencement of the Companies (Amendment) Act, 1960 (65 of 1960). (1A) The Board of directors may declare interim dividend and the amount of dividend including interim dividend shall be deposited in a separate bank account within five days from the date of declaration of such dividend. (1B) The amount of dividend including interim dividend so deposited under sub-section (1A) shall be used for payment of interim dividend. (1C) The provisions contained in sections 205, 205A, 205C, 206, 206A and 207 shall, as far as may be, also apply to any interim dividend. (2) For the purpose of sub-section (1), depreciation shall be provided either – (a) to the extent specified in section 350; or (b) in respect of each item of depreciable asset, for such an amount as is arrived at by dividing ninety-five per cent of the original cost thereof to the company by the specified period in respect of such asset; or (c) on any other basis approved by the Central Government which has the effect of writing off by way of depreciation ninety-five per cent of the original cost to the company of each such depreciable asset on the expiry of the specified period; or (d) as regards any other depreciable asset for which no rate of depreciation has been laid down by this Act or any rules made there under, on such basis as may be approved by the Central Government by any general order published in the Official Gazette or by any special order in any particular case: Provided that where depreciation is provided for in the manner laid down in clause (b) or clause (c), then, in the event of the depreciable asset being sold, discarded, demolished or destroyed the written down value thereof at the end of the financial year in which the asset is sold, discarded, demolished or destroyed, shall be written off in accordance with the proviso to section 350. (2A) Notwithstanding anything contained in sub-section (1), on and from the commencement of the Companies (Amendment) Act, 1974 (41 of 1974), no 543 Handbook of Auditing Pronouncements-II dividend shall be declared or paid by a company for any financial year out of the profits of the company for that year arrived at after providing for depreciation in accordance with the provisions of sub-section (2), except after the transfer to the reserves of the company of such percentage of its profits for that year, not exceeding ten per cent, as may be prescribed: Provided that nothing in this sub-section shall be deemed to prohibit the voluntary transfer by a company of a higher percentage of its profits to the reserves in accordance with such rules as may be made by the Central Government in this behalf. (2B) A company which fails to comply with the provisions of section 80A shall not, so long as such failure continues, declare any dividend on its equity shares. (3) No dividend shall be payable except in cash: Provided that nothing in this sub-section shall be deemed to prohibit the capitalization of profits or reserves of a company for the purpose of issuing fully paid-up bonus shares or paying up any amount, for the time being unpaid, on any shares held by the members of the company. (4) Nothing in this section shall be deemed to affect in any manner the operation of the section 208. (5) For the purposes of this section – (a) “specified period” in respect of any depreciable asset shall mean the number of years at the end of which at least ninety-five per cent of the original cost of that asset to the company will have been provided for by way of depreciation if depreciation were to be calculated in accordance with the Provisions of section 350; (b) any dividend payable in cash may be paid by cheque or warrant sent through the post directed to the registered address of the shareholder entitled to the payment of the dividend, or in the case of joint shareholders, to the registered address of that one of the joint shareholders which is first named on the register of members, or to such person and to such address as the shareholder or the joint shareholders may in writing direct. 205A. Unpaid dividend to be transferred to special dividend account— (1) Where, after the commencement of the Companies (Amendment) Act, 1974 (41 of 1974), a dividend has been declared by a company but has not 544 Audit of Payment of Dividend been paid, or claimed, within thirty days from the date of the declaration, to any shareholder entitled to the payment of the dividend, the company shall, within seven days from the date of expiry of the said period of thirty days, transfer the total amount of dividend which remains unpaid or unclaimed within the said period of thirty days to a special account to be opened by the company in that behalf in any scheduled bank, to be called “Unpaid Dividend Account of …… Company Limited/ Company (Private) Limited”. Explanation: In this sub-section, the expression “dividend which remains unpaid” means any dividend the warrant in respect thereof has not been encashed or which has otherwise not been paid or claimed. (2) Where the whole or any part of any dividend, declared by a company before the commencement of the Companies (Amendment) Act, 1974 (41 of 1974), remains unpaid at such commencement, the company shall within a period of six months from such commencement, transfer such unpaid amount to the account referred to in sub-section (1). (3) Where, owing to inadequacy or absence of profits in any year, any company proposes to declare dividend out of the accumulated profits earned by the company in previous years and transferred by it to the reserves, such declaration of dividend shall not be made except in accordance with such rules as may be made by the Central Government in this behalf, and, where any such declaration is not in accordance with such rules, such declaration shall not be made except with the previous approval of the Central Government. (4) If the default is made in transferring the total amount referred to in sub- section (1) or any part thereof to the unpaid dividend account of the concerned company, the company shall pay, from the date of such default, interest on so much of the amount as has not been transferred to the said account, at the rate of twelve per cent per annum and the interest accruing on such amount shall ensure to the benefit of the members of the company, in proportion to the amount remaining unpaid to them. (5) Any money transferred to the unpaid dividend account of a company in pursuance of this section which remains unpaid or unclaimed for a period of seven years from the date of such transfer shall be transferred by the company to the fund established under sub-section (1) of section 205C. (6) The company shall, when making any transfer under sub-section (5) to the Fund established under section 205C any unpaid or unclaimed dividend, furnish to such authority or committee as the Central Government may appoint in this behalf a statement in the prescribed form setting forth in respect of all 545 Handbook of Auditing Pronouncements-II sums included in such transfer, the nature of the sums, the names and last known addresses of the persons entitled to receive the sum, the amount to which each person is entitled and the nature of his claim thereto, and such other particulars as may be prescribed. (7) The company shall be entitled to a receipt from the authority or committee under sub-section (4) of section 205C for any money transferred by it to the Fund and such a receipt shall be an effectual discharge of the company in respect thereof. (8) If a company fails to comply with any of the requirements of this section, the company and every officer of the company who is in default, shall be punishable with fine which may extend to five thousand rupees for every day during which the failure continues. 205B. Payment of unpaid or unclaimed dividend— Any person claiming to be entitled to any money transferred under sub-section (5) of section 205A to the general revenue account of the Central Government, may apply to the Central Government for an order for payment of the money claimed; and the Central Government may, if satisfied, whether on a certificate by the company or otherwise, that such person is entitled to the whole or any part of the money claimed, make an order for the payment to that person of the sum due to him after taking such security from him as it may think fit: Provided that nothing contained in this section shall apply to any person claiming to be entitled to any money transferred to the fund referred to in section 205C on and after the commencement of the Companies (Amendment) Act, 1999. 205C. Establishment of Investor Education and Protection Fund— (1) The Central Government shall establish a fund to be called the Investor Education and Protection Fund (hereafter in this section referred to as the “Fund”). (2) There shall be credited to the Fund the following amounts, namely: (a) amounts in the unpaid dividend accounts of companies; (b) the application moneys received by companies for allotment of any securities and due for refund; (c) matured deposits with companies; (d) matured debentures with companies; (e) the interest accrued on the amounts referred to in clauses (a) to (d); 546 Audit of Payment of Dividend (f) grants and donations given to the Fund by the Central Government, State Governments, companies or any other institutions for the purposes of the Fund; and (g) the interest or other income received out of the investments made from the Fund: Provided that no such amounts referred to in clauses (a) to (d) shall form part of the Fund unless such amounts have remained unclaimed and unpaid for a period of seven years from the date they became due for payment. Explanation: For the removal of doubts, it is hereby declared that no claims shall lie against the Fund or the company in respect of individual amounts which were unclaimed and unpaid for a period of seven years from the dates that they first became due for payment and no payment shall be made in respect of any such claims. (3) The Fund shall be utilised for promotion of investor’s awareness and protection of the interests of investors in accordance with such rules as may be prescribed. (4) The Central Government shall, by notification in the Official Gazette, specify an authority or committee, with such members as the Central Government may appoint, to administer the Fund, and maintain separate accounts and other relevant records in relation to the Fund in such form as may be prescribed in consultation with the Comptroller and Auditor – General of India. (5) It shall be competent for the authority or committee appointed under sub- section (4) to spend moneys out of the Fund for carrying out the objects for which the Fund has been established. 206. Dividend not to be paid except to registered shareholders or to their order or to their bankers—(1) No dividend shall be paid by a company in respect of any share therein, except— (a) to the registered holder of such share or to his order or to his bankers; or (b) in case a share warrant has been issued in respect of the share in pursuance of section 114, to the bearer of such warrant or to his bankers. (2) Nothing contained in sub-section (1) shall be deemed to require the bankers of a registered shareholder to make a separate application to the company for the payment of the dividend. 547 Handbook of Auditing Pronouncements-II 206A. Right to dividend, right shares and bonus shares to be held in abeyance pending registration of transfer of shares— Where any instrument of transfer of shares has been delivered to any company for registration and the transfer of such shares has not been registered by the company, it shall, notwithstanding anything contained in any other provisions of this Act,— (a) transfer the dividend in relation to such shares to the special account referred to in section 205A unless the company is authorised by the registered holder of such share in writing to pay such dividend to the transferee specified in such instrument of transfer; and (b) keep in abeyance in relation to such shares any offer of rights shares under clause (a) of sub-section (1) of section 81 and any issue of fully paid-up bonus shares in pursuance of sub-section (3) of section 205. 207. Penalty for failure to distribute dividends within thirty days – Where a dividend has been declared by a company but has not been paid, or the warrant in respect thereof has not been posted, within thirty days from the date of declaration, to any shareholder entitled to the payment of the dividend, every director of the company shall, if he is knowingly a party to the default, be punishable with simple imprisonment for a term which may extend to three years and shall also be liable to a fine of one thousand rupees for every day during which such default continues and the company shall be liable to pay simple interest at the rate of eighteen per cent per annum during the period for which such default continues: Provided that no offence shall be deemed to have been committed within the meaning of the foregoing provisions in the following cases, namely: (a) where the dividend could not be paid by reason of the operation of any law; (b) where a shareholder has given directions to the company regarding the payment of the dividend and those directions cannot be complied with; (c) where there is a dispute regarding the right to receive the dividend; (d) where the dividend has been lawfully adjusted by the company against any sum due to it from the shareholder; or (e) where, for any other reason, the failure to pay the dividend or to post the warrant within the period aforesaid was not due to any default on the part of the company. 548 Audit of Payment of Dividend Companies (Transfer of Profits to Reserves) Rules, 1975 [GSR 426 (E), Dated 24-7-1975] In exercise of the powers conferred by sub-section (2A) of section 205, read with clause (a) of subsection (1) of section 642, of the Companies Act, 1956 (1 of 1956), the Central Government hereby makes the following rules, namely: Short title 1. These rules may be called the Companies (Transfer of Profits to Reserves) Rules, 1975. Percentage of profits to be transferred to reserves 2. No dividend shall be declared or paid by a company for any financial year out of the profits of the company for that year arrived at after providing for depreciation in accordance with the provisions of sub-section (2) of section 205 of the Act, except after the transfer to the reserves of the company of a percentage of its profits for that year as specified below: (i) where the dividend proposed exceeds 10 per cent but not 12.5 per cent of the paid-up capital, the amount to be transferred to the reserves shall not be less than 2.5 per cent of the current profits; (ii) where the dividend proposed exceeds 12.5 per cent but does not exceed 15 per cent of the paid-up capital, the amount to be transferred to the reserves shall not be less than 5 per cent of the current profits; (iii) where the dividend proposed exceeds 15 per cent but does not exceed 20 per cent of the paid-up capital, the amount to be transferred to the reserves shall not be less than 7.5 per cent of the current profits; and (iv) where the dividend proposed exceeds 20 per cent of the paid-up capital, the amount to be transferred to reserves shall not be less than 10 per cent of the current profits. Conditions governing voluntary transfer of a higher percentage 3. Nothing in rule 2 shall be deemed to prohibit the voluntary transfer by a company of a percentage higher than 10 per cent of its profits to its reserves for any financial year, so however, that: (i) Where a dividend is declared, - (a) a minimum distribution sufficient for the maintenance of dividends to shareholders at a rate equal to the average of the rates at which 549 Handbook of Auditing Pronouncements-II dividends declared by it over the three years immediately preceding the financial year, or (b) in a case where bonus shares have been issued in the financial year in which the dividend is declared or in the three years immediately preceding the financial year, a minimum distribution sufficient for the maintenance of dividends to share holders at an amount equal to the average amount (quantum) of dividend declared over the three years immediately preceding the financial year, is ensured: Provided that in a case where the net profits after tax are lower by 20 per cent or more than the average net profits after tax of the two financial years immediately preceding, it shall not be necessary to ensure such minimum distribution, (ii) where no dividend is declared, the amount proposed to be transferred to its reserves from the current profits shall be lower than the average amount of the dividends to the shareholders declared by it over the three years immediately preceding the financial year. Penalty 4. If a company fails to comply with any of the provisions contained in these rules, the company and every officer of the company in default, shall be punishable with fine which may extend to five hundred rupees, and, where the contravention is a continuing one, with a further fine which may extend to fifty rupees for every day, after the first, during which such contravention continues. Companies (Declaration of Dividend out of Reserves) Rules, 1975 [GSR No. 427 (E), Dated 24-7- 1975] In exercise of the powers conferred by sub-section (3) of section 205A, read with clause (a) of sub-section (1) of section 642, of the Companies Act, 1956 (1 to 1956), the Central Government hereby makes the following rules, namely: Short title 1. These rules may be called the Companies (Declaration of Dividend out of Reserves) Rules, 1975. Declaration of dividend out of reserves 2. In the event of inadequacy or absence of profits in any year, dividend may be declared by a company for that year out of the accumulated profits earned by it in previous years and transferred by it to the reserves, subject to the conditions that - 550 Audit of Payment of Dividend (i) the rate of the dividend declared shall not exceed the average of the rates at which dividend was declared by it in the five years immediately preceding that year or ten per cent of its paid up capital, whichever is less; (ii) the total amount to be drawn from the accumulated profits earned in previous years and transferred to the reserves shall not exceed an amount equal to one-tenth of the sum of its paid-up capital and free reserves and the amount so drawn shall first be utilised to set off the losses incurred in the financial year before any dividend in respect of preference or equity shares is declared; and (iii) the balance of reserves after such drawal shall not fall below fifteen per cent of its paid-up share capital. Explanation: For the purposes of this rule, “profits earned by a company in previous years and transferred by it to the reserves” shall mean the total amount of net profits after tax, transferred to reserves as at the beginning of the year for which the dividend is to be declared; and in computing the said amount, the appropriations out of the amount transferred from the Development Rebate Reserve [at the expiry of the period specified under the Income-tax Act, 1961 (43 of 1961) shall be included and all items of Capital Reserves including reserves created by revaluation of assets shall be excluded. Insurance Act, 1938 Restriction on dividends and bonuses 49. (1) No insurer, being an insurer specified in sub-clause (a) (ii) or sub- clause (b) of clause (9) of section 2, who carries on the business of life insurance or any other class or sub-class of insurance business to which section 13 applies, shall, for the purpose of declaring or paying any dividend to shareholders or any bonus to policy-holders or of making any payment in service of any debentures, utilize directly or indirectly any portion of the life insurance fund or of the fund of such other class or sub class of insurance business, as the case may be, except a surplus shown in the valuation balance-sheet in such form as may be specified by the regulations made by the Authority submitted to the Authority as part of the abstract referred to in section 15, as a result of an actuarial valuation of the assets and liabilities of the insurer; nor shall he increase such surplus by contributions out of any reserve fund or otherwise unless such contributions have been brought in as revenue through the revenue account applicable to that class or sub-class of 551 Handbook of Auditing Pronouncements-II insurance business on or before the date of valuation aforesaid, except when the reserve fund is made up solely of transfers from similar surpluses disclosed by valuations in respect of which returns have been submitted to the Authority under section 15 of this Act or to the Central Government under section 11 of the Indian Life Assurance Companies Act, 1912 (6 of 1912): Provided that payments made out of any such surplus in service of any debentures shall not exceed fifty per-cent of such surplus including any payment by way of interest on the debentures, and interest paid on the debentures shall not exceed ten per-cent of any such surplus except when the interest paid on the debentures is offset against the interest credited to the fund or funds concerned in deciding the interest basis adopted in the valuation disclosing the aforesaid surplus: Provided further that the share of any such surplus allocated to or reserved for the shareholders (including any amount for the payment of dividends guaranteed to them, whether by way of first charge or otherwise), shall not exceed such sums as may be specified by the Authority and such share shall in no case exceed ten per-cent of such surplus in case of participating policies and in other cases the whole thereof. (2) For the purposes of sub-section (1), the actual amount of income-tax deducted at source during the period following the date as at which the last preceding valuation was made and preceding the date as at which the valuation in question is made may be added to such surplus after deducing an estimated amount for income-tax on such surplus, such addition and deduction being shown in an abstract of the report of the actuary referred to in sub- section (1) of section 13: Declaration of interim bonuses 112. Notwithstanding anything to the contrary contained in this Act, an insurer carrying on the business of life insurance shall be at liberty to declare an interim bonus or bonuses to policy-holders whose policies mature for payment by reason of death or otherwise during the inter-valuation period on the recommendation of the investigating of actuary made at the last preceding valuation. The Banking Regulation Act, 1949 15. Restrictions as to Payment of Dividend (1) No banking company shall pay any dividend on its shares until all its capitalised expenses (including preliminary expenses, organisation expenses, 552 Audit of Payment of Dividend share-selling commission, brokerage, amounts of losses incurred and any other item of expenditure not represented by tangible assets) have been completely written off. (2) Notwithstanding anything to the contrary contained in sub-section (1) or in the Companies Act, 1956 (1 of 1956), a banking company may pay dividends on its shares without writing off- (i) the depreciation, if any, in the value of its investments in approved securities in any case where such depreciation has not actually been capitalised or otherwise accounted for as a loss; (ii) the depreciation, if any, in the value of its investments in shares, debentures or bonds (other than approved securities) in any case where adequate provision for such depreciation has been made to the satisfaction of the auditor of the banking company; (iii) the bad debts, if any, in any case where adequate provision for such debts has been made to the satisfaction of the auditor of the banking company. 17. Reserve Fund (1) Every banking company incorporated in India shall create a reserve fund and shall, out of the balance of profit of each year, as disclosed to the profit and loss account prepared under Section 29 and before any dividend is declared, transfer to the reserve fund a sum equivalent to not less than twenty per cent of such profit. (1A) Notwithstanding anything contained in sub-section (1), the Central Government may, on the recommendation of the Reserve Bank and having regard to the adequacy of the paid-up capital and reserves of a banking company in relation to its deposit liabilities, declare by order in writing that the provisions of sub-section (1) shall not apply to the banking company for such period as may be specified in the order: Provided that no such order shall be made unless, at the time it is made, the amount in the reserve fund under sub-section (1), together with the amount in the share premium account is not less than the paid-up capital of the banking company. (2) Where a banking company appropriates any sum or sums from the reserve fund or the share premium account, it shall, within twenty-one days from the date of such appropriation, report the fact to the Reserve Bank, explaining the circumstances relating to such appropriation: 553 Handbook of Auditing Pronouncements-II Provided that the Reserve Bank may, in any particular case, extend the said period of twenty-one days by such period as it thinks fit or condone any delay in the making of such report. The Regional Rural Banks Act, 1976 21. Disposal of profits— After making provisions for bad and doubtful debts, depreciation in assets, contributions to staff and superannuation funds and all other matters for which provision is, under law, necessary or which are usually provided for by banking companies, a Regional Rural Bank may, out of its net profits, declare a dividend. The Multi-State Co-Operative Societies Act, 2002 62. Funds not to be divided by way of profit– (1) No part of the funds, other than net profits, of a multi-State co-operative society shall be divided by way of bonus or dividend or otherwise distributed among its members. (2) The net profit of a multi-State co-operative society referred to in sub- section (1) in respect of a society earning profits shall be calculated by deducting from the gross profits for the year, all interest accrued and accruing in relation to amounts which are overdue, establishment charges, interest payable on loans and deposits, audit fees, working expenses including repairs, rent, taxes and depreciation, bonus payable to employees under the law relating to payment of bonus for the time being in force, and equalization fund for such bonus, provision for payment of income-tax and making approved donations under the Income-tax Act, 1961 (43 of 1961), development rebate, provision for development fund, bad debt fund, price fluctuation fund, dividend equalization fund, share capital redemption fund, investment fluctuation fund, provision for retirement benefits to employees, and after providing for or writing off bad debts and losses not adjusted against any fund created out of profit: Provided that such society may add to the net profits for the year interest accrued in the preceding years, but actually recovered during the year: Provided further that in the case of such multi-State co-operative societies, as do not have share capital, the surplus of income over expenditure shall not be treated as net profits and such surplus shall be dealt with in accordance with the bye-laws. 63. Disposal of net profits (1) A multi-State co-operative society shall, out of its net profits in any year. (a) transfer an amount not less than twenty-five per cent to the reserve fund; 554 Audit of Payment of Dividend (b) credit one per cent, to co-operative education fund maintained, by the National Co-operative Union of India Limited, New Delhi, in the manner as may be prescribed; (c) transfer an amount not less than ten per cent, to a reserve fund for meeting unforeseen losses. (2) Subject to such conditions as may be prescribed, the balance of the net profits may be utilised for all or any of the following purposes, namely: - (a) payment of dividend to the members on their paid-up share capital at a rate not exceeding the prescribed limit; (b) constitution of, or contribution to, such special funds including education funds, as may be specified in the bye-laws; (c) donation of amounts not exceeding five per cent of the net profits for any purpose connected with the development of co-operative movement or charitable purpose as defined in Section 2 of the Charitable Endowments Act, 1890 (6 of 1890); (d) payment of ex-gratia amount to employees of the multi-State co-operative society to the extent and in the manner specified in the bye-laws. 64. Investment of funds: A multi-State co-operative society may invest or deposit its funds— (a) in a co-operative bank, State co-operative bank, co-operative land development bank or Central co-operative bank; or (b) in any of the securities specified in Section 20 of the Indian Trusts Act, 1882 ; or (c) in the shares or securities of any other multi-State co-operative society or any co-operative society; or (d) in the shares, securities or assets of a subsidiary institution or any other institution; or (e) with any other bank; or (f) in such other mode as may be provided in the bye-laws. Explanation: For the purposes of clause (e), “bank” means any banking company as defined in clause (c) of Section 5 of the Banking Regulation Act, 1949, and includes- (a) the State Bank of India constituted under the State Bank of India Act, 1955; 555 Handbook of Auditing Pronouncements-II (b) a subsidiary bank as defined in clause (k) of Section 2 of the State Bank of India (Subsidiary Banks) Act, 1959; (c) a corresponding new bank constituted under Section 3 of the Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970 (5 of 1970) or a corresponding new bank constituted under Section 3 of the Banking Companies (Acquisition and Transfer of Undertakings) Act, 1980 (40 of 1980). Multi-State Co-operative Societies Rules, 2002 24. Distribution of profit to members. (1) No part of the funds, other than net profits of a multi-State co-operative society shall be distributed by way of bonus or dividend or otherwise among its members. (2) Payment of dividend to the members on their paid-up share capital shall be as specified in the bye-laws. (3) The bye-laws of a multi-State co-operative society may provide for distribution of patronage bonus to its members in consonance with the transactions of a member with the society. (4) Every multi-State Co-operative society may also provide for in their bye- laws the subjects and purposes for which the reserve fund will be utilised. 556 29 GUIDANCE NOTE ON AUDIT OF CAPITAL AND RESERVES1 Contents Paragraph(s) Introduction ................................................................................................. 1-6 Internal Control Evaluation ........................................................................ 7-9 Internal Controls relating to Outsourced Activities ................................... 9 Verification .............................................................................................. 10-11 Entities Other Than Partnership and Sole Proprietorships ................ 12-58 Examination of Records ................................................................... 12-54 Examination of Compliance with Laws and Regulations ............................................................................... 55-57 Examination of Presentation and Disclosure ......................................... 58 Special Considerations Applicable to Partnership Entities ................................................................................ 59-71 Special Considerations Applicable to a Sole Proprietary Entity ........................................................................... 72-78 Management Representations .................................................................... 79 Documentation ............................................................................................. 80 Appendix A: Extracts from Counsel’s Opinion Referred to in Para 22 – “Subscription in Cash and Kind” 1 Issued in January, 2006. Attention of the readers is invited to the fact that prior to the issuance of this Guidance Note, the aspect of audit of Capital and Reserves was covered by paragraphs 8.1 to 8.18 of the Statement on Auditing Practices.The Statements was withdrawn pursuant to the issuance of the Guidance Note on Audit of Payment of Dividend in August 2005. Handbook of Auditing Pronouncements-II The following is the text of the Guidance Note on Audit of Capital and Reserves, issued by the Council of the Institute of Chartered Accountants of India. The Guidance Note should be read in conjunction with the Standards on Auditing issued by the Institute. Introduction 1. Capital and reserves constitute the owners’ funds. Capital comprises both the amounts contributed by the owners and the profits capitalised over a period of time (by way of issue of bonus shares in case of corporate entities or by way of crediting the retained earnings to the capital account in case of non- corporate entities). 2. Capital may consist of various classes of shares with varying voting rights in case of corporate entities. 3. Reserves are the portion of earnings, receipts or other surplus of an enterprise (whether capital or revenue) appropriated by the management for a general or a specific purpose other than a provision for depreciation or diminution in the value of assets or for a known liability. Reserves comprise both capital and revenue reserves. Ordinarily, revenue reserves are retained earnings, whereas the capital reserves may constitute both retained capital profits and owners’ contribution in the form of premium on issue of shares and surpluses resulting from re-issue of forfeited shares. Revaluation reserve arising from revaluation of fixed assets is also a capital reserve. 4. The auditor, in many audit engagements, particularly those relating to corporate entities, may find very few changes in the capital account and/ or reserve accounts. However, the transactions in the capital and reserve accounts are normally material in amount in addition to being significant in nature and, therefore, each transaction in these accounts requires careful attention. 5. In any auditing situation, the auditor employs appropriate procedures to obtain reasonable assurance about various assertions (see Standard on Auditing (SA) 500, Audit Evidence). In carrying out the audit of capital and reserves, the auditor is particularly concerned with obtaining sufficient appropriate audit evidence to corroborate the management’s assertions regarding the following: 558 Audit of Capital and Reserves Existence: that the recorded amounts of capital and reserves exist at the given date Occurrence: that the transactions recorded in the capital and reserve account(s) occurred during the period under audit Obligation: that the amounts appearing in the capital and reserves account(s) are in fact a liability of the entity Completeness: that there are no unrecorded transactions in respect of capital and reserves account(s) Measurement : that the transactions in the capital and reserves account(s) have been recorded at the proper amount Valuation: that the amounts recorded in the capital and reserve account(s) are recorded at appropriate carrying value Presentation that the items of capital and reserves have been disclosed, and disclosure: classified, and described in the financial statements in accordance with recognised financial reporting framework applicable to the client. 6. The principal objectives of the auditor in the examination of capital and reserves, therefore, are: (a) to ascertain that amounts shown in capital and reserve account(s) as at the balance sheet date are correct; (b) to determine that all transactions during the year, affecting owners’ funds were properly authorised and recorded; (c) to examine whether the applicable laws and regulations and terms of issue/ agreement, if any, have been complied with; and (d) to verify whether these amounts have been properly classified and disclosed in the financial statements. Internal Control Evaluation 7. Paragraph 2 of the Standard on Auditing (SA) 400, Risk Assessments and Internal Control, requires the auditor to obtain an understanding of the accounting and internal controls relating to capital and reserves sufficient to plan the audit and develop an effective audit approach. Paragraph 1 of the SA 500 requires the auditor to “obtain sufficient appropriate audit evidence through 559 Handbook of Auditing Pronouncements-II the performance of compliance and substantive procedures to enable him to draw reasonable conclusions therefrom on which to base his opinion on the financial information”. Paragraph 1 further states: “Compliance procedures are tests designed to obtain reasonable assurance that those internal controls on which audit reliance is to be placed are in effect. Substantive procedures are designed to obtain evidence as to the completeness, accuracy and validity of the data produced by the accounting system.” In certain cases, the client may employ a third party to carry out any of its transactions in respect of capital and/ or reserves. For example, it is quite common for listed companies to outsource the administrative aspects related to allotment, issuance of share certificates, share transfer, maintenance of records of shareholders, etc. In such situations, the auditor, as required by Standard on Auditing (SA) 402, “Audit Considerations Relating to Entities Using Service Organisations”, should also consider how such arrangements affect the client’s accounting and internal control system so as to plan and develop an effective audit approach. 8. In the case of non-corporate entities, the auditor needs to ascertain general terms and conditions regarding contribution of capital, interest payable on capital, interest chargeable on withdrawals, limits imposed on withdrawals, etc. In respect of corporate entities, the auditor should particularly review the following aspects of internal controls relating to capital and reserves: (a) Proper authorisation of transactions: All transactions in the capital and reserves accounts such as issue of fresh shares and allotment, buy back of shares, forfeiture, making calls on the shares, should be properly authorised as required by the Companies Act, 1956. Outsourcing of any services, e.g., depository services should also be with the proper authorisation of a competent authority. The authority to sign the share certificates may be delegated to a person as per the laws applicable to the entity. (b) Proper control over issue and custody of share certificates: In case where shares are in the physical form, the auditor is required to examine that proper internal control system exists to ensure that the share certificates are pre-numbered, proper accounts are maintained for certificates cancelled due to defacement, wear out, exhaustion of cages to record 560 Audit of Capital and Reserves transfer particulars, dematerialisation. The auditor should examine whether blank share certificates are under the lock and control of the company secretary or some other responsible officer of the entity. He should also examine whether at least one officer of the entity personally signs the share certificates issued, though other signatures can be facsimile type and whether such a signing officer also verifies the register of share certificates, wherein the issue particulars are recorded. It may be noted that share certificates are generally issued for a fixed lot of shares (marketable lot, or some other predetermined denomination). (c) Allotment and call intimations etc.: The auditor should examine whether allotment of shares and calls is done pursuant to a resolution of the Board and that proper internal controls exist for dispatch of allotment advices and call letters. (d) Internal control on receipts and accounting of application, allotment and call money: Internal controls applicable for receipt and accounting of money received on application, allotment and calls need to be evaluated. Proper records should be maintained for recording the said transactions. Periodical reconciliation of bank accounts opened specially for transactions in capital account have to be made. (e) Maintenance of adequate records: The auditor should verify whether proper system of internal controls for documentation is in operation. It includes maintenance of proper and adequately detailed records in respect of the details of members, share certificate stock ledger, duplicate certificates, cancelled certificates, etc. (f) Proper control over issue of instructions to depository participants: There should exist proper controls over issue of instructions to and for execution of requests received from the depository participants for the dematerialisation/re-materialisation of shares and proper records are required to be maintained for recording such transactions. Internal Controls relating to Outsourced Activities 9. For the efficient carrying out of the day to day transactions like issue of share certificates/instructions to depository participants for the credit of shares on allotment, either on public issue or rights issue, issue of call letters, etc., authority may be delegated, at the general meeting, to registrars and share transfer agents. In such cases, the auditor should follow the procedures described by the SA 402. 561 Handbook of Auditing Pronouncements-II Verification 10. Verification of capital and reserves may be carried out by employing the following procedures: (i) examination of records; (ii) examination of compliance with laws and regulations and terms of issue/ contract, if any; and (iii) examination of presentation and disclosure. 11. The nature, timing and extent of substantive procedures to be performed is, however, a matter of professional judgment of the auditor which is based, inter alia, on the auditor’s evaluation of the effectiveness of the related internal controls. Entities Other Than Partnerships and Sole Proprietorships Examination of Records Capital Authorised Capital 12. The authorised capital shown in the balance sheet should be checked with the Memorandum of Association in case of a company, registered byelaws in case of a co-operative society, relevant statute or the Government Order in case of a statutory corporation or other body corporate. The auditor may also refer the audited balance sheet of the immediately preceding year. 13. The minutes of the general meeting and/ or Board should be examined to see, if any, change in the capital structure has taken place since the last balance sheet and whether it is properly authorised. A company, having a share capital, in terms of the provisions of section 94 of the Companies Act, 1956 may change its share capital as follows: (i) increase its share capital by such amount as it thinks expedient by issuing new shares (ii) consolidate or divide all or any of its share capital into shares of larger amount than its existing shares (iii) convert all or any of its fully paid up shares into stock, and reconvert that stock into fully paid-up shares of any denomination 562 Audit of Capital and Reserves (iv) sub-divide its shares, or any of them, into shares of smaller amount than is fixed by the memorandum (v) cancel shares which, at the date of passing of the resolution in that regard, have not been taken or agreed to be taken by any person, and diminish the amount of its share capital by the amount of the shares so cancelled In such cases, the auditor should also examine the copy of the documents filed with the Registrar of Companies in relevant form along with the specified fee pursuant to the requirements of section 97 of the Companies Act, 1956. In addition to the situations envisaged in section 94 of the Companies Act, 1956, the auditor should also enquire whether the Central Government has, under Section 81(4) ordered or directed under Section 94A(2) of the Companies Act, 1956, the conversion of debentures or loans into share capital, resulting in an increase in the authorised capital of the company. The authorised capital may also undergo a change, as a consequence of a merger or a demerger. Similarly, in case of statutory corporations, amendments made to the statute governing the entity or the Government Order in case of other public sector bodies should be enquired into. Issued and Subscribed Capital 14. Issued Capital: The following records/documents would ordinarily provide necessary evidence for issued capital: (a) The minutes of the general and/ or board meetings for further issue of shares, e.g., under section 81 of the Companies Act, 1956; (b) Offer documents, if any, filed with the Securities and Exchange Board of India (SEBI)/Registrar of Companies (ROCs) and Reserve Bank of India (RBI) in respect of permission in case of ADR/GDR issue. (c) Return of allotment filed with the Registrar of Companies. 15. Subscribed Capital: Shares subscribed in response to the issue of capital can be verified by reviewing the applications received for the subscription of shares. The subscribed capital is the capital for which the application money is received. The subscribed share capital cannot exceed the issued capital. Paid up capital 16. Periodical reconciliation of outstanding shares held in demat and physical form as on book closure/ record date should also be done. 563 Handbook of Auditing Pronouncements-II 17. The auditor should review the minutes books of Board of Directors and the members and also any amendments made to the statutory register to ascertain whether any changes have taken place in the capital of the entity, for example – A. Increase in capital due to: (i) Fresh issue of shares/ADR/GDR. (ii) Allotment of shares pursuant to merger/amalgamation or acquisition of property or services. (iii) Part/full conversion of loans or debentures (iv) Allotment of shares pursuant to exercise of option either by the promoters or the employees or other option holders. (v) Allotment of Bonus shares (vi) Rights issue B. Decrease in capital due to: (i) Forfeiture (ii) Buy-back of shares (iii) Redemption of redeemable preference shares (iv) Reduction of capital (v) Surrender of shares as in the case of Co-operative societies (vi) De-merger 18. A list of members, together with shares held by them and the amounts paid-up thereon, should be available with the company/entity as at the balance sheet date and the aggregate of these should agree, with the details of capital shown in the balance sheet. A copy of the annual return for the previous year filed under the Companies Act, 1956 or any other statue or a list of members prepared for issuing dividend warrants may also be examined. If the auditor chooses to verify the list of members as per the annual return or list of members prepared for issuing dividend warrants, he should also check the reconciliation with the amount as at the balance sheet date, with the changes occurred during the period from the date of balance sheet and record date/ book closure date. Where the registration work is carried out by independent specialised agencies, a certificate, containing the list of members, the number 564 Audit of Capital and Reserves of shares held, including those in the demat form and physical form and amount paid up on these shares and calls in arrears, if any, should be obtained and reconciliation of the particulars with the amount credited as paid up in the share capital account of the General Ledger be checked on a test basis. 19. If a change in the capital has taken place during the year under audit, inquiries should be made to ascertain that it is properly authorised in the manner prescribed by the Articles and appropriate resolutions have been passed with requisite majority. 20. The auditor should enquire whether the Central Government has passed any order under Section 108 or Section 250 of the Companies Act, 1956 freezing the voting rights of any shareholders. It may be noted that there are provisions in the Banking Regulation Act, 1949 limiting the voting rights of a person. Similarly, the Co-operative Societies Act, 1912 provides for issue of two types of shares, one having voting rights and other not having voting rights. The Companies Act, 1956 also provides for issue of shares with non voting rights. These matters have a bearing while examining the validity of the resolutions passed by the members of the entity. The auditor should, therefore, also check that the classes of shares have been appropriately disclosed. Subscription in Cash and Kind 21. The law requires a distinction to be made between shares subscribed for in cash and shares subscribed for consideration other than in cash. Shares subscribed for in cash should include only the following kinds of subscription: - (a) where the subscription amount is received either in cash or by cheque; (b) where the amount is adjusted against a bona fide debt payable in money at once by the company. There might be situations where a company has taken a loan under a stipulation that in case of default in repayment of the loan, the loan would get converted into shares. In such a situation, on a default in repayment of the loan by the company, if the loan gets converted into shares in the company, such shares would be considered as having been allotted for cash. Where shares are allotted against credit balance in a person’s account, inquiry should be made as to how the credit balance in that account has arisen, whether it was for a valid consideration and whether the amount was due for payment at the time of issue. 565 Handbook of Auditing Pronouncements-II 22. The Department of Company Affairs2 has clarified through its circular No. 8/32(75) 77-CL-V dated 13th March, 1978, that a genuine debt adjusted against the amount receivable towards share capital can be treated as amount paid in cash. The extracts from the advice received from an eminent Counsel in this regard are given as Appendix A to this Guidance Note. 23. Where the subscription for share capital is paid into a bank account in a foreign country, it should be verified that the amount deposited in the foreign currency is in accordance with the terms of issue and such an amount as, if remitted into India on the day on which the deposit is made in the foreign country, would have realised in Indian rupees a sum equal to the amount credited as paid up and premium, if any, on the shares. The auditor should verify that the guidelines issued by SEBI for inviting, collecting and recording of foreign capital have been complied with by the company. The foreign exchange fluctuations, if any, should be accounted for in the balance with bank in accordance with the provisions of Accounting Standard 11, The Effects of Changes in Foreign Exchange Rates. 24. Issue of Shares for Consideration Other than Cash: Shares may also be issued for a consideration other than cash, e.g., for supply of machinery or technical know-how. The auditor should examine the underlying agreement in respect of the same and verify whether the agreement has been properly approved. The auditor should treat the shares issued for consideration other than cash separate from those issued against cash in his audit approach. He needs to verify that the consideration for which shares are issued, viz., supply of machinery or technical know-how is prima facie fully received. 25. Further, as per the provisions of section 75 of the Companies Act, 1956, whenever company having a share capital makes any allotment of its shares, the company has to comply with the following conditions: i. It has to file with the Registrar of Companies, a return of the allotment, stating the number and nominal amount of shares comprised in the allotment, the names, addresses and occupations of the allottees, and the amount if any, paid or due and payable on the shares. ii. In case of shares allotted for other than cash, it has to produce before the Registrar, inter alia, a contract in writing, constituting the title of the allottee to the allotment together with any contract of sale, or a contract 2 Now known as the Ministry of Company Affairs. 566 Audit of Capital and Reserves for services or other consideration in respect of which allotment was made. 26. The auditor may examine the following records to the extent they are applicable to the particular circumstances, in case of increase in paid-up capital: (a) Final price determined in case of offer through book building process3. (b) Scheme of compromise or arrangement as referred to in section 394 of the Companies Act, 1956, approved by the Court. (c) Compromise proposal with creditors and the consequential Order of the Court or an Order of Central Government under Section 397 of the Companies Act, 1956. (d) Procedure and terms of reissue of forfeited shares. 27. In case the payment is allowed to be made on allotment and/ or also in installments of one or more calls, the auditor has to verify the resolution of the Board for making calls, amount received against the calls and the posting of the amount to the correct member’s account/folio. A schedule of allotment money and a schedule for each call have to be verified on test check basis and reconciled with total amount received and due on allotment and each call. If the accounting work relating to the share capital is outsourced to a Registrar and Share Transfer Agent, the auditor should follow the principles enunciated in SA 402. If the Articles of Association permit and the terms of issue state that in the event of delay in payment of either allotment money or calls, the investor has to pay interest, the auditor should verify whether such interest is collected and properly accounted for in the books of account. The auditor should review the schedules of calls in arrears and calls in advance, and ensure that interest is provided in accordance with the Articles of Association, Offer Documents/Terms of Issue. The auditor may verify the Board Resolution, if any, for waiver of interest on calls in arrears. Interest on calls in arrears may 3 Book Building Process: Listed companies can also issue shares through Book Building Process. Book Building is a process wherein the issuer of securities asks investors to bid for his securities at different prices. These bids are within an indicative price-band, decided by the issuer. Here, investors bid for different quantity of shares, at different prices. Considering these bids, the issuer determines a cutoff price, which is the price at which the securities are allotted. SEBI has issued guidelines on issue of shares through Book Building Process. The auditor has to verify whether the company has complied with all the guidelines issued by SEBI in this regard and also that the basis of determination of the floor price and the final price by the company is consistent with the provisions in that regard. 567 Handbook of Auditing Pronouncements-II be accounted at the time of receipt, with proper disclosure in the balance sheet for deviating from the accrual principle. The schedule of calls in arrears should show separately the amounts, if any, due from the directors. Similarly, the auditor should also examine the payment of interest on calls received in advance, if any, made by the company. He should verify whether any such payment of interest on calls received in advance is permitted by the articles of association of the company. He should also examine the Board resolution in this regard. 28. In case shares are issued at discount, the auditor has to verify the compliance of Section 79 of the Companies Act, 1956. 29. Generally, employees are offered shares at a price lesser than the market rate. Sections 79 and 79A of the Companies Act, 1956 and SEBI (Employee Stock Option Scheme and Employees Stock Purchase Scheme) Guidelines, 1999 (ESOS and ESPS), Employee Stock Option Scheme for Public Sector Enterprises and others statues governing the entity have to be complied with. Transactions relating to options are to be accounted as required by the said scheme or the Accounting Standards and provisions of any relevant statute, if any, in force, on treatment of discount etc., on ESOS/ESPS. 30. Issue of Sweat Equity: Section 79A of the Companies Act, 1956 deals with the issue of sweat equity by the company to its employees and directors, at a discount or for consideration other than cash for providing know-how or making available rights in the nature of intellectual property rights or value additions, by whatever name called. SEBI has also issued SEBI (Issue of Sweat Equity) Regulations, 2002 for issue of the sweat equity by the listed companies. The issue of sweat equity by unlisted companies is governed by Unlisted Companies (Issue of Sweat Equity Shares) Rules, 20034.. The auditor must verify that if the company has issued any sweat equity, whether the provisions of Section 79A of the Companies Act, 1956 and the Rules applicable to the company, depending whether listed or not, have been complied with. 31. Companies are now allowed to buy-back their own shares. Sections 77A and 77B of the Companies Act, 1956 lay down the conditions and procedures for buy-back of the shares of a company. In case of private limited and unlisted companies, the Private Limited Company and Unlisted Public Limited 4Issued by the Ministry of Company Affairs vide Notification number GSR 923E dated 4th December, 2003. 568 Audit of Capital and Reserves Company (Buy-back of Securities) Rules 1999, and in case of listed companies, SEBI (Buy-back of Securities) Regulations, 1998 have to be complied with. The auditor should verify particularly that the funds employed for the buy-back are from the resources as permitted by the law. The reconciliation of entries in escrow account or the bank account separately opened for payment of purchase consideration have to be verified with the number of shares bought back and price paid. The auditor should also verify the entries made in the concerned books/registers with regard to destruction of share certificates and extinguishments of dematerialised shares and a reconciliation of these two to arrive at the total number of securities purchased under buy- back process. 32. Registered Byelaws of the Co-operative Societies specify the terms and conditions for surrender of all or certain class of shares. Generally, surrender of shares is allowed only at par. The auditor has to verify the certificates surrendered vis-à-vis the payment made and the entries made in the Register of members, share certificate ledger etc. 33. In case of reduction of capital is by way of reduction of the nominal value of the shares, either by canceling unpaid portion of the partly paid shares, or extinguishing some part of the paid up capital, the auditor has to verify that the High Court Order under Section 100 of the Companies Act, 1956 for reduction of capital has been complied with. Further, he has to verify the share certificates surrendered and the statement of corresponding new share certificates issued. In case reduction is achieved by canceling fully paid shares proportionately, the auditor should also verify the surrendered shares/issue of stickers/intimation to the depositories vis-à-vis the amount reduced. 34. It may be noted that the buy-back of shares under Section 77A and redemption of redeemable preference shares under Section 80 do not attract the provisions of Section 100 of the Companies Act, 1956. Application Money 35. Schedule VI to the Companies Act, 1956 does not prescribe the manner of disclosure of share application money. However, as a matter of prudence and better disclosure, share application money should be shown separately between “Share Capital” and “Reserves & Surpluses” in the Balance Sheet till the time share application money is transferred to the Share Capital Account. However, in the following situations, the share application money would be disclosed separately under the head “Current Liabilities” in the Balance Sheet: 569 Handbook of Auditing Pronouncements-II • invalid or revoked applications; • excess application money received due to over subscription; and • when minimum subscription stated in the offer document is not received. 36. The auditor has to verify whether application money stated is fully backed by the share application forms/certificate from the Share Transfer Agent and applications are received pursuant to a resolution of the appropriate authority for issue of capital. Amount received without satisfying any of the above conditions should be refunded by the company. 37. Share application money accepted by the company, if not backed by the application form/Registrar’s certificate alongwith the resolution of the Board as stated above, should be treated as unsecured loan. The auditor should verify that the application money received in excess of capital offered for subscription, if any, has been stated under Current Liabilities. The auditor may examine the reasonableness of the period for which the share application money remains pending allotment. 38. In case of refund of excess application money/revoked applications, the auditor should verify the same and apply the similar audit procedures as applied for audit of any other liability. The auditor should also verify whether the company has complied with the Guidelines prescribed by SEBI with regard to time schedule and payment of interest in case of delay in such refunds. Calls Received in Advance 39. The auditor should examine whether the calls received in advance and payment of interest, if any, thereon is in accordance with the provisions contained in the Articles of Association in this regard. Schedule of calls received in advance is to be reviewed with reference to the amounts deposited in the bank. 40. Interest, if any, paid on the amount received in advance of calls should be verified and the audit procedure to be employed is same as in case of payment of interest on borrowings. General 41. The auditor should examine whether proper accounts have been maintained with regard to amounts received on application, allotment and calls and the payments by way of refunds/interest and all other relevant accounts are duly reconciled. Where shares are issued at a premium, the auditor should 570 Audit of Capital and Reserves ensure that such sums are accounted for separately. In case of buy back, reissue or redemption of preference shares and reduction of capital by payment of money, the auditor should examine whether these have been properly accounted and duly reconciled with payments made for the same. 42. Proviso to section 383A of the Companies Act, 1956 requires certain companies to obtain a certificate of compliance with the provisions of the Companies Act, 1956 from a practicing company secretary. The auditor of such companies may review the same. Reserves 43. Reserves should be distinguished from provisions. For this purpose, reference may be made to the definitions of the expressions, “provision” and “reserve”, etc., in the Guidance Note on Terms Used in Financial Statements issued by the Institute. The definition of the term “reserve” as given in the said Guidance Note is explained in paragraph 3. It is important to remember that any amount provided in excess of the requirements is in the nature of reserve and should be shown as such. 44. It is also necessary to make a distinction between capital reserves and revenue reserves in the accounts. A Revenue Reserve is ordinarily available for distribution as dividend. 45. Reserves may also contain amount received from the Government. These grants may be in the nature of promoters’ contribution or related to any specific fixed asset. The auditor should verify that the principles of Accounting Standard 12, ‘Accounting for Government Grants’ for recognition, presentation, refund, if required, and disclosure of the grant have been appropriately complied with. 46. A reserve account is styled as Reserve Fund only when such reserves are represented by specifically earmarked assets or investments. 47. In case of amalgamations and mergers, reserves of the amalgamated /merged company have to be treated as prescribed in Accounting Standard 14, ‘Accounting for Amalgamations’ issued by the Institute. However, the auditor, especially in cases of amalgamations/ mergers, may come across a situation where the relevant Court/ Tribunal has made an order sanctioning an accounting treatment different from that prescribed by an Accounting Standard. In such a situation, the attention of the members is drawn to the announcement of the Council of the Institute in this respect. The Council has recommended 571 Handbook of Auditing Pronouncements-II that the following disclosures be made in the financial statements for the year in which different treatment has been given: (i) A description of the accounting treatment made alongwith the reason that the same has been adopted because of the Court/ Tribunal order. (ii) Description of the difference between the accounting treatment prescribed in the Accounting Standard and that followed by the Company. (iii) The final impact, if any, arising due to such a difference. Capital Reserves Capital Redemption Reserve 48. In terms of the provisions of sections 77A and 80 of the Companies Act, 1956, if the company redeems the preferential share capital or buys back its own shares, using the retained earnings, the amount equivalent to the nominal value of the shares redeemed/bought back have to be transferred to the capital redemption reserve, and such reserve can be utilised only for issue of bonus shares to the members of the company. Securities Premium Account 49. Any premium realised on issue of securities should be transferred to Securities Premium Account and utilised only for the purposes laid down in section 78 of the Companies Act, 1956. Government Grants 50. Grants, contributions and subsidies received from Government specifically for acquisition of assets have to be treated and disclosed in the financial statements as laid down in Accounting Standard 12, issued by the Institute. Revaluation Reserve 51. Reserves arising out of revaluation of fixed assets are to be transferred to the Revaluation Reserve account. The treatment and utilisation of these reserves is governed by the “Guidance Note on Treatment of Reserve Created on Revaluation of Fixed Assets” and “Guidance Note on Availability of Revaluation Reserve for Issue of Bonus Shares” issued by the Institute. 572 Audit of Capital and Reserves Statutory Reserves 52. Section 17 of the Banking Regulation Act, 1949 and certain provisions in the Co-operative Societies Act, 1912 provide for creation and utilisation of certain specific reserves. Laws governing other entities may contain similar provisions as to the creation and utilisation of such reserves. The regulators may also direct the entities to create some specific reserves, for example, the Reserve Bank of India has directed all banking companies to create and transfer certain amount of profits earned on trading of investments to Investment Fluctuation Reserve and has also stipulated the purpose for which such reserve can be utilised. The auditor should familiarise himself with such regulatory directions with respect to creation and utilization of such specific reserve and verify compliance therewith. Revenue Reserves 53. A revenue reserve is a reserve, which is available for distribution as dividend. The auditor should examine the legal provisions governing the entity with regard to transfer of certain percentage of profits to reserves, for example, the requirements of section 205 (2A) of the Companies Act, 1956, the Reserve Bank of India Directions in case of Non Banking Financial Companies, etc. 54. Certain other statutes may require transfer of profits to reserves. For example, the Income-tax Act, 1961 may require creation of certain reserves and provide for rules for utilisation of such reserves to claim certain fiscal benefits. The auditor should examine the need for transfer of profits to reserves and utilisation of such transfers. Examination of Compliance with Laws and Regulations 55. Standard on Auditing (SA) 250, Consideration of Laws and Regulations in an Audit of Financial Statements requires that “when planning and performing audit procedures and in evaluating and reporting the results thereof, the auditor should recognise that non compliance by the entity with laws and regulations may materially affect the financial statements.” The auditor should therefore acquire sufficient knowledge of the legal and regulatory framework within which the client operates. This assumes added importance in cases of audit of capital and reserves of companies since the matters relating to the share capital and reserves are governed by the provisions of the Companies Act, 1956, especially the provisions contained in sections 69 to 116, section 177C, section 205(2A) of the said Act. For example, sections 69 to 116 of the Companies Act, 1956 regulate the matters relating to issue and allotment of 573 Handbook of Auditing Pronouncements-II shares, section 205 (2A) and section 177C of the Companies Act, 1956 contain provisions relating to creation and utilisation of certain reserves and section 187C deals with the situation where the beneficial owner of the shares of the company is different from the person whose name is appearing in the shareholders’ register of the company. Guidelines issued by the Securities and Exchange Board of India from time to time also contain the matters relating to the issue and allotment of shares in case of public offer and substantial acquisition of shares in case of existing listed companies. Moreover, the Articles of Association of the entity may also have provisions relating to share capital and reserves. The Companies Act, 1956 requires compliance with the Articles of Association in so far as they are not contradictory to the provisions of the Act. Hence, it is very important to verify the compliance with the laws and regulations governing the entity. 56. The State Co-operative Societies Acts may have conditions as to minimum paid up capital and also minimum number of members for co- operative societies and with regard to creation and utilisation of various reserves. Statutes governing the entity may contain similar provisions with regard to the number of members and minimum amount of capital. The auditor should be familiar with the laws governing the entity. The auditor has to carefully examine the compliance of such legal requirements. 57. The auditor has to examine the compliance with the various rules and regulations, for example: (a) Government Order, if any, the Memorandum and the Articles of Association of the company or the Rules and Regulations governing the entity. (b) Terms of issue attached or subsequently approved in case of conversion of loans or convertible preference shares. (c) Issue of Foreign Currency Convertible Bonds and Ordinary Shares (Through Depository Receipt Mechanism) Scheme, 1993 and Guidelines on Euro Issues. (d) Rules and Regulations relating to issue and buy back of ADR/GDR. (e) Chapter XIII of SEBI (Disclosure and Investor Protection) Guidelines 2000 in case of preferential issue. (f) Unlisted Public Companies (Preferential Allotment) Rules, 2003. 574 Audit of Capital and Reserves (g) Unlisted Companies (Issue of Sweat Equity Shares) Rules, 2003. (h) Any other Rules and Regulations prescribed by Government/SEBI from time to time. Examination of Presentation and Disclosure 58. The laws governing the entity may prescribe the format for disclosure of information relating to the Capital and Reserves in its Balance Sheet. For example, the Companies Act, 1956, the Banking Regulation Act, 1949, the Electricity Act, 2003 and Insurance laws prescribe the format of Balance Sheet and the manner of disclosure of the capital and reserves in the financial statements. The auditor should examine compliance with such disclosure requirements and adequacy thereof. Where the relevant statute lays down any disclosure requirements in this behalf, the auditor should examine whether the same are complied with, for example, SEBI requires that in case of public issue and preferential issue of shares and/or partly/fully convertible debentures, purpose for which these monies are utilised and the manner in which the unutilised money is invested should be disclosed. Sometimes, it may be necessary to disclose the information either in the Significant Accounting Policies and Notes on Accounts to clarify the matters, for example, any employee options outstanding, etc. The auditor should examine such necessity and consider whether appropriate disclosures such as those listed below have been made: • Aggregate number and class of shares allotted as fully paid up pursuant to contract(s) with or without payment being received in cash • Aggregate number and class of shares allotted as fully paid by way of bonus shares • Aggregate number and class of shares bought back • Source of issuance of bonus shares during the year, if any • Preference Share Capital, including terms of redemption or conversion • Shares with differential rights Special Considerations Applicable to Partnership Entities 59. The most significant document underlying the partnership form of organisation is the Partnership Deed. 60. The Partnership Deed generally provides the capital required to be contributed by the partners and their respective share in profits and losses and 575 Handbook of Auditing Pronouncements-II interest, if any, on the capital contributed or balances to their credit. The Partnership Deed may also provide for the treatment of excess capital contributed by any partner and their respective rights relating to the withdrawals from capital/drawing accounts. 61. It may be possible that one or more partners contributes the capital in kind rather than in cash. For example, the premises required for the business may be provided by a partner as his capital contribution. If such contributions are in kind at the time of admission of the partners, the value of such assets is generally mentioned in the Partnership Deed. If the value is not mentioned in the Partnership Deed, the auditor may request for a declaration of the value in writing by all the partners. He should also obtain necessary audit evidence for supporting the valuation. 62. The partnership deed may also provide for fixed capital contribution and timing of contribution by each partner. The auditor should examine whether the capital contributed by each of the partners is in accordance with the Partnership Deed and the capital is maintained at the level mentioned in the Partnership Deed throughout the period of audit. 63. If the Partnership Deed places any restrictions on the drawings of the partners, the auditor should examine whether the drawings have been within the permissible limit. 64. The auditor has to verify the correctness of the interest, if any, credited or debited to the partners’ capital or drawings account. 65. Generally, remuneration, interest on capital, interest on drawings, profits or losses are adjusted in the capital accounts or the drawing accounts of the partners, and Reserve accounts are not maintained in case of partnership accounts. However, if fiscal or any other law require any reserve has to be created for claiming any benefit, a reserve with appropriate title may be created out of the profits of the firm. The rules for utilisation of the reserve may be provided in the relevant laws. In such event, the auditor should examine the compliance with the same. Sometimes, the partners may decide to create and utilise certain reserves due the exigencies of the business, in which case the auditor has to verify the compliance of the decision of the partners. In case the entity has not complied with the prescribed reserve utilization requirements, he should consider the effect of the same on his audit report in terms of the principles laid down in the SA 250, Consideration of Laws and Regulations in an Audit of Financial Statements. 576 Audit of Capital and Reserves 66. Special Reserves, created to meet the requirements of any law, may be credited to the Partners’ Capital Accounts on fulfillment of such statutory requirements or the terms of creation of such reserves. 67. Government grants and subsidies received shall have to be accounted for in accordance with Accounting Standard 12. 68. Where either investments or drawings have come from Non Resident Indians or foreign sources involving foreign currency, the auditor has to verify the compliance of RBI regulations as well as the provisions of the Foreign Exchange Management Act, 1999 in this regard. 69. All transactions in the partners’ capital account and drawings account have to be vouched for their correctness. 70. The auditor has to verify that the distribution of profit/loss is as per the terms of Partnership Deed. It may be noted that if any minor is admitted to the benefits of partnership, no loss should be apportioned to the share of minor. 71. If a partner dies/retires during the year, the partnership entity may prepare accounts up to the date of such death/retirement to ascertain the claim of heirs/retiring partner. In such event, the auditor has to verify the apportionment of the profit/loss for both the periods. Special Considerations Applicable to a Sole Proprietary Entity 72. The audit of capital account of the sole proprietor poses considerable problems, as the capital account is generally maintained as a current account. Generally, the entries in the capital account are many, when compared with other forms of entities. The capital introduced by the proprietor in the entity may be in cash or in kind. The introduction of capital can take place at number of times, depending upon the need for the working capital in the entity. Similarly, the drawings are made for various personal expenses. 73. It may also be possible that the personal expenses of the proprietor are booked in the accounts of the business without appropriately reflecting them in those accounts. 74. Generally, internal control procedures are inadequate or absent in many sole proprietary entities. Hence, the auditor should be careful while examining the accounts of such entity. Though the auditor needs to obtain the same level of assurance in order to express an unqualified opinion on the financial 577 Handbook of Auditing Pronouncements-II statements of both small and large entities, however, many internal controls which would be relevant to large entities are not practical in the small business. For example, in small businesses, accounting procedures may be performed by a few persons who may have both operating and custodial responsibilities, and therefore segregation of duties may be missing or severely limited. Inadequate segregation of duties may, in some cases, be offset by a strong management control system in which owner/manager supervisory controls exist because of direct personal knowledge of the entity and involvement in transactions. In circumstances where segregation of duties is limited and audit evidence of supervisory controls is lacking, the audit evidence necessary to support the auditor's opinion on the financial statements may have to be obtained entirely through the performance of substantive procedures. He should apply his professional judgment based on the knowledge of the business he has acquired to determine whether the expenditure recorded is in fact relevant and appropriate to the business and also all expenditures are recorded in the books of account. 75. The auditor should examine the nature of assets included in the balance sheet of the entity and verify whether such assets are relevant and appropriate to the nature of the business and recorded at fair value. 76. Generally profits or losses are adjusted in the capital account or the drawings account of the proprietor, and reserve accounts are not maintained in case of sole proprietorship accounts. However, if fiscal laws require any reserve to be created for claiming any fiscal benefit, a reserve account with appropriate title may be created out of the profits of the firm. The rules for utilisation of the reserve account may be provided in the same fiscal laws. In such event the auditor should examine the compliance with such laws. 77. Special Reserves created, if any, pursuant to fiscal laws, upon fulfillment of the terms of such reserves, have to be transferred to the capital account of the sole proprietor. 78. Government grants and subsidies received shall have to be accounted for in accordance with Accounting Standard 12. Management Representations 79. The auditor should obtain from the management of the entity, a written representation on significant aspects of capital and reserves accounts, viz., that all the transactions in the capital and reserves have been recorded and 578 Audit of Capital and Reserves recorded at correct values; that there are no unrecorded transactions in the capital and reserves accounts, that the year end balances (including any notes to the accounts in respect thereof) of the capital and reserves accounts have been appropriately presented and disclosed in accordance with applicable financial reporting framework, in the financial statements, that the management has complied with all the applicable rules and regulations while undertaking transactions relating to capital and reserves. Documentation 80. The auditor should maintain adequate working papers documenting significant aspects of audit such as: (a) the nature, timing, extent and results of the audit procedures performed to comply with Standards on Auditing and applicable legal and regulatory requirements; (b) the audit evidence obtained; (c) the conclusions reached on significant matters ; and (d) in relation to audit procedures designed to address identified risks of material misstatement, conclusions that are not otherwise readily determinable from the procedures performed or audit evidence obtained. However, it may be noted that the extent of documentation is a matter of professional judgment since it is neither necessary nor practical that every observation, consideration or conclusion is documented by the auditor in his working papers. 579 Handbook of Auditing Pronouncements-II APPENDIX A EXTRACTS FROM COUNSEL’S OPINION REFERRED TO IN PARA 22 –“SUBSCRIPTION IN CASH AND KIND” “The ratio of Spargo’s case is that if there is on the one side a bona-fide debt payable in money at once by the company (hereinafter called “debt”), and on the other side a bona-fide liability to pay money on allotment of shares, so that if bank notes are handed from one side of the table to other in payment of calls, they may legitimately be handed back in payment of the debt. The law does not make it necessary that the formality should be gone through of the money being handed over be taken back again, and if the two demands are set off against each other the shares have been paid for in cash. This is still good law and on facts similar to those of Spargo’s case it would be right for a company to show in its accounts the shares as having been allotted for cash. It is the necessary implication of Section 227(1A)(f) that shares may be correctly stated to have been allotted for cash even though cash may not have been actually received in respect of such allotment …….. If the Auditors find that the case is covered by the ratio of the decision in Spargo’s case, no comment would be required from the Auditors and the statement in the Balance Sheet and other accounts that the shares were allotted for cash must be accepted as correct, regular and not misleading, although no cash had been actually received by the company……….. The function of Section 75(1) is merely to impose an obligation on the company to file a Return of the Allotments with the Registrar. Now, the expression “share allotted for cash” is an ambiguous expression. It may mean shares allotted for cash actually received by the Company, or it may mean shares allotted for cash not actually received but adjusted against a debt. In order that this ambiguity may be removed and the Registrar may know the precise factual position, Section 75(1)(a) requires that in the Return of Allotments to be filed with the Registrar shares should not be shown as having been allotted for cash if cash has not been actually received. This, however, does not prevent the company from stating in the Return that shares not shown in the Return as having been allotted for cash were in fact allowed against adjustment of a debt, and consequently such shares would be shown in the company’s accounts as having been allotted for cash.” 580 30 GUIDANCE NOTE ON CERTIFICATION OF XBRL FINANCIAL STATEMENTS Contents Paragraph(s) Introduction ................................................................................ 1-6 XBRL Financial Statements – Requirements in India.................... 7 Objective of this Guidance Note ................................................. 8-9 Management Responsibility ................................................... 10-13 General Approach to Preparation of XBRL Financial Statements ............................................................................. 14-22 Practitioner’s Responsibility with Reference to Certification of XBRL Financial Statements ................................................... 23-30 Appendices Appendix A: Glossary of XBRL Related Terms Appendix B: Text of the Circulars of the Ministry of Corporate Affairs on XBRL Financial Statements Appendix C: XBRL Tool Features Appendix D: Illustrative Engagement Letter Appendix E: Illustrative Management Representation Letter Appendix F: Illustrative Format of Certificate on XBRL Financial Statements Appendix G: Form 23AC-XBRL and Form 23ACA-XBRL Handbook of Auditing Pronouncements-II NOTE: The Forms 23AC-XBRL and 23ACA-XBRL, issued by the Ministry of Corporate Affairs for filing of returns by the Companies are enclosed vide Appendix G. The forms require the following certificate to be issued by, inter alia, a chartered accountant: Certificate - Form 23AC-XBRL (Balance Sheet) It is hereby certified that I have verified the above particulars (including attachments) from the audited financial statements of .................................................... and that all required attachment(s) have been completely attached to this form. It is further certified that the attached XBRL document(s) fairly present, in all material respects, the audited financial statements of the company, in accordance with the XBRL taxonomy as notified under Companies (Filing of documents and forms in Xtensible Business Reporting Language) Rules. Certificate - Form 23ACA-XBRL (Profit and Loss Account) It is hereby certified that I have verified the above particulars (including attachment(s)) from the audited financial statements of ........................................................... and that all required attachment(s) have been completely attached to this form. It is further certified that the attached XBRL document(s) fairly present, in all material respects, the audited financial statements of the company, in accordance with the XBRL taxonomy as notified under Companies (Filing of documents and forms in eXtensible Business Reporting Language) Rules, 2011. The guidance provided in this Guidance Note enables the chartered accountant (the practitioner) to issue a certificate in the format as envisaged vide Form No. 23AC-XBRL and 23ACA-XBRL. In addition, however, Appendix F to the Guidance Note also contains an illustrative format of a certificate. Practitioners undertaking engagements to certify XBRL financial statements other than as envisaged under Form 23AC-XBRL and Form 23ACA-XBRL may consider drawing guidance on the form and content of such certificate from the illustrative format given in the Appendix F in case they decide to issue such a certificate in terms of the Engagement Letter. 582 Certification of XBRL Financial Statements Introduction What is XBRL 1. XBRL or the eXtensible Business Reporting Language, is a language for the electronic communication of business and financial data. It is an open, royalty free, international information format (software specification) developed through a process of collaboration between accountants and technologists from all over the world who came together to form the XBRL International1. 2. XBRL requires that all individual items requiring disclosure in the financial statements be assigned unique, electronically readable tags, which in turn are mapped to taxonomies that have or are being developed by the accounting standard setters, regulators, etc., and are available in public domain. 3. XBRL makes the data readable with the help of two documents – the taxonomy and the instance document. Taxonomies are dictionaries that contain the terms used in the financial statements and their corresponding XBRL tags (i.e., electronically readable codes for each item of financial statements). Thus, taxonomies define the elements and their relationships based on the regulatory requirements and the basic XBRL properties. It includes terms such as net income, earnings per share, cash, etc. Each term has specific attributes that help define it, including label and definition and potential references. Taxonomies may represent a number of individual business reporting concepts, mathematical and definitional relationships among them, along with text labels in multiple languages, references to authoritative literature, and information about how to display each concept to a user2. Instance document is a file that contains business reporting information and represents a collection of financial facts and report – specific information using tags from one or more XBRL taxonomies. The instance document is a computer file that contains entity’s data and other entity specific information and is generally not intended to be read by the human eye. Thus, an XBRL instance document is a business report in an electronic format created according to the rules of the XBRL. It contains the facts that are defined by the elements in the taxonomy it refers to, together with 1 Source: General Circular No. 09/2011 dated March 31, 2011, issued by the Ministry of Corporate Affairs. 2 Source: General Circular No. 09/2011 dated March 31, 2011, issued by the Ministry of Corporate Affairs. 583 Handbook of Auditing Pronouncements-II their values and an explanation of the context in which they are placed. XBRL Instances contain the reported data with their values and “contexts”. Instances documents must be linked to at least one taxonomy, which defines the contexts, labels or references.3 A glossary of important terms used in the context of XBRL financial statements is given in APPENDIX A to this Guidance Note. 4. The entities use the prescribed taxonomies to map their reports and generate a valid instance document. In other words, they match the terms/ concepts as used in their financial statements to the corresponding element/s in the taxonomy. 5. National jurisdictions may develop their own standardised taxonomies based on their differing accounting regulations and other requirements of the financial reporting framework. Tagging of financial statements may, however, require considerable amount of judgment on the part of the preparers of the financial statements as there may be multiple tags that could be seen as applicable to a particular financial statement line item. 6. In India, the taxonomy has been developed by the Ministry of Corporate Affairs (MCA), based on the requirements of: • Schedule VI of Companies Act; • The Accounting Standards; and • SEBI Listing requirements. Taxonomies for manufacturing and services sector (referred as Commercial and Industrial, or C&I) and Banking sector, is acknowledged by the XBRL International. XBRL Financial Statements – Requirements in India 7. The Ministry of Corporate Affairs, Government of India, vide its General Circular No. 37/2011, dated June 07, 2011 has required the following class of companies (except banking companies, insurance companies, power companies 3 Source: General Circular No. 09/2011 dated March 31, 2011, issued by the Ministry of Corporate Affairs. 584 Certification of XBRL Financial Statements and the Non Banking Financial Companies) to file the financial statements in XBRL form only from the year 2010 – 2011: (i) All companies listed in India and their Indian subsidiaries; (ii) All companies having a paid up capital of Rs 5 crore and above; and (iii) All companies having a turnover of Rs 100 crore and above. Objective of this Guidance Note 8. The objective of the Guidance Note is to provide guidance to the practitioners in certification of XBRL formatted statements in terms of the requirements of the Ministry’s General Circular No. 57/ 2011 dated July 28, 2011 read with MCA’s General Circular No. 43/2011 dated July 07, 2011. These Circulars require that besides signing by signatories as specified under section 215 of the Companies Act, 1956, the financial statements prepared in XBRL mode for filing on MCA-21 portal would also need to be certified by, inter alia, a Chartered Accountant. The financial statements referred here would mean the balance sheet, the profit and loss account, the cash flow statements and the related notes to account. The text of relevant circulars issued by the MCA in respect of XBRL mode financial statements in India is given in APPENDIX B to this Guidance Note. 9. It is the responsibility of the management to ensure that the financial statements generated in the XBRL format are in accordance with the taxonomy defined by MCA. Management Responsibility 10. The responsibility for ensuring that the financial statements generated in the XBRL format are in accordance with the prescribed taxonomy is that of the management of the Company. Accordingly, the management needs to exercise appropriate controls over the following three areas to manage risks associated with generation of XBRL financial statements: a) Selecting, maintaining, and testing the taxonomy; b) Accurately mapping and tagging data elements to XBRL reports; and c) Enforcing change management procedures for XBRL processes. 585 Handbook of Auditing Pronouncements-II 11. Selecting an appropriate taxonomy is one of the most important tasks in an XBRL implementation because the taxonomy is the basis for tagging data in an XBRL document. In the instant case the taxonomy is prescribed by the MCA. The organisations must take the time to review and understand the applicable taxonomy. The organisations should also ensure that they remain aware of the updations, if any, to the prescribed taxonomy from time to time and appropriate controls should be put in place to ensure usage of the most appropriate version. 12. Accurately mapping and tagging data elements to XBRL reports creates the normal mapping control issues. Controls should require the appropriate personnel in the organization to review and approve the completeness and accuracy of tagged data elements and watch for consistency of tagged data elements within the selected taxonomy. Generating XBRL documents is a multistep process and changes throughout the process must be appropriately managed. 13. Change management procedures are critical because of the iterative nature of producing financial reports. Adding a tagging step adds complexity, particularly if an organization uses an outside service provider, because it requires several iterations of file transfer and tagging operations. General Approach to Preparation of XBRL Financial Statements How XBRL Financial Statements Are Generated 14. There are a number of ways in which XBRL mode financial statements can be generated by the company. These include using XBRL-aware accounting software that enable export of data in XBRL form and allow users to map charts of accounts and other structures to XBRL tags; the financial statements can be mapped into XBRL using XBRL software tools designed for this purpose; data from accounting databases can be extracted in XBRL format. It is not strictly necessary for an accounting software vendor to use XBRL; third party products can achieve the transformation of the data to XBR. Further, applications can transform data in particular format into XBRL.4 To summarise, generation of XBRL formatted financial statements, can be through the following modes: 4 Source: General Circular No. 09/2011 dated March 31, 2011, issued by the Ministry of Corporate Affairs. 586 Certification of XBRL Financial Statements a. Conversion: At the most basic level of adoption, an organization takes information from various sources within the organization and then copies or keys this information into an XBRL tool. There is no process change in this approach, merely a conversion of the results of the existing processes to a different format—including the existing inefficiencies. b. Outsourced: A second alternative is to use a third-party service provider to generate the XBRL financial statements by interfacing with them with the financial reporting tool. The organization may use XBRL to layer internal metrics and definitions within a permitted extension5 to the taxonomy required by the external parties. The process must be robust and repeatable. The mapping of internal metrics to the taxonomy is critical and should involve both management and the service provider so that the risk of communicating invalid or incorrect information is minimized. 15. Ordinarily, creation of XBRL instance document involves the following procedures: • Obtaining audited financial statements. • These audited financial statements would preferably be in Excel and/ or Word format. • Preparation of the source document based on the audited financial statement for XBRL conversion. • Mapping the source document to the Target Taxonomy as mandated by MCA. • Validating the mapped document to create instance document. • Eliminating errors arising out of validation based on error logs. • Approval of Instances and mapping by the Board of Directors before creating XBRL instance document. • Creating XBRL instance document. 5 As on date, no extensions are permitted under the taxonomy prescribed by the MCA. 587 Handbook of Auditing Pronouncements-II • Validation of the XBRL instance document by the management using the tool provided by the MCA before filing with the Office of the Registrar of Companies (ROC). An overview of the features of XBRL tools and the process of generation of XBRL financial statements is given in APPENDIX C to this Guidance Note. 16. Regardless of which implementation strategy the company selects, it has to be ensured that the XBRL financial statements so generated are as per the taxonomy defined by MCA. This includes ensuring completeness, accuracy, mapping and structure of the XBRL financial statements. • Completeness means that all required information is formatted at the required levels as defined by the entity’s reporting environment. Only permitted information selected by the entity is included in the eXtensible Business Reporting Language (XBRL) files. • Mapping means that the elements selected are consistent with the meaning of the associated concepts in the source information in accordance with the requirements of the entity’s reporting environment. • Accuracy means that the amounts, dates, other attributes (for example, Monetary units), and relationships (order and calculations) in the instance document and related files are consistent with the source information in accordance with the requirements of the entity’s reporting environment. • Structure means that XBRL files are structured in accordance with the requirements of the entity’s reporting environment. Completeness 17. All the information needs to be formatted at the required levels as defined by the applicable reporting requirements in the instance document and related files. Only permitted information selected by the entity is to be included in the XBRL files. Missing information will lead to incomplete reporting and will hamper the users’ ability to access information. For example, the Cash Flow Statement needs to be included along with the financial statements as per MCA’s General Circular No. 57/ 2011 dated July 28, 2011. 18. Where the company has formatted information that is permitted but not required, it should be ensured that inclusion of such formatted information in the 588 Certification of XBRL Financial Statements source document is not at the level of detail that is misleading to the users. For example, the audit fees is included in the taxonomy related to Profit and Loss Account while in the source document it is shown under Notes to Accounts. 19. The instance document and related files should contain only facts or presentation or calculation relationships and other information that are included in the source information. Mapping 20. Elements are essential to communicate the meaning of the information being reported. Thus, selection of appropriate element is important to enable the users to properly analyse and compare disclosure among companies. Accordingly, the elements selected should be consistent with the meaning of the associated concepts in the source information in accordance with the requirements of the company’s financial reporting framework. This includes ensuring that: (i) Taxonomies, including versions, referenced in the instance document and related files are those as are permitted by the Ministry of Corporate Affairs. (ii) Element attributes are consistent with the underlying source information. (iii) The most specific element, whose definition is consistent with the concept, has been used. (iv) Use of the selected element is permitted (for example, not deprecated). For example, if the element is deleted in future taxonomy this should not be used. (v) Facts appearing multiple times in the source information are formatted using the same element throughout the instance document and related files when appropriate. (vi) The same element is used for each period for which a concept appears in the underlying source information. For example, if element changes due to taxonomy change, the previous classification needs to be changed. 589 Handbook of Auditing Pronouncements-II (vii) A new element is only created when no suitable element exists in the selected taxonomy and only if creation such new element is permitted by the Ministry of Corporate Affairs. Accuracy 21. The instance document and related files must contain information consistent with the source information. Inaccurate amounts, dates and other attributes will impact the usability of the data. Accordingly, the amounts, dates, other attributes (for example, monetary units), and relationships (order and calculations) in the instance document and related files need to be consistent with the source information in accordance with the requirements of the entity’s reporting environment. For this it should be ensured that: (i) Elements for accounting concepts with debit or credit balances include a balance attribute. (ii) Elements for currency amounts for items other than accounting concepts include (1) a debit or credit balance attribute or (2) a documentation label with an indication of the meaning of a positive or negative value when applicable. (iii) Contextual information is consistent with the source information in accordance with the requirements of the entity’s reporting environment including the following: • The context reporting periods are consistent with the source information (for example, year ended March 31, 2011). • The decimal values are consistent with the level of accuracy of the amount as represented in the source information (for example, MCA has permitted two decimals and are presented in full figures in the current taxonomy). • The units defined in the instance document are consistent with the measurements represented in the source information (for example, Indian Rupees). • The entity identifier in the instance document properly represents the reporting entity (for example, the acronym allotted by the stock exchange on which the securities of the company are listed). 590 Certification of XBRL Financial Statements (iv) Formatted amounts have the appropriate sign based on the nature of the value in the source information, balance attribute, and definition (documentation label) of the element. For example, changes in general ledger can have both debit and credit values. (v) When required, the rendered text block information is consistent with the format and layout of the content in the source information. For example, transactions with related parties may need to be reflected as given in the source document (no specific format has been given in taxonomy and can be given in table format). (vi) When required, the order and hierarchy reflected in the presentation linkbase are consistent with all headers, captions, and line items in the source information. For example, the MCA taxonomy tree definition should match with the source document. (vii) Labels are consistent with the captions in the source information. For example, the elements need to match with the closest definition in taxonomy else this has to be explained with a footnote for the Profit and Loss/ Balance Sheet items while in case of ‘Notes to Accounts’, these can be disclosed under ‘Others’. (viii) Calculations reflected in the source information are included in the calculation linkbase in accordance with the requirements of the entity’s reporting environment to the extent possible within the technical limitations of XBRL. Only those calculations that are reflected in the source information are included in the calculation linkbase. For example, Consumption of Raw Material is disclosed as Opening + Purchase – Closing is derived in the source document. Since this is not defined in the calculation linkbase in the taxonomy, it can be shown as presentation linkbase in the taxonomy document. (ix) All formatted data is consistent with the information underlying source information. For example, profit figures should not change and analytical review between XBRL and source information should be done. Structure 22. It is essential to structure instance documents and related files in accordance with the requirements to which the entity’s XBRL files are subject. Failure to comply with such requirements may prohibit those files from operating 591 Handbook of Auditing Pronouncements-II within the requesting party’s system. Other structural errors may cause XBRL files to be inconsistent with the HTML version of the source information or not usable by other XBRL software applications. Therefore, the XBRL files should be structured in accordance with the requirements of the entity’s reporting requirements. For this, it should be ensured that: (i) All information is organized using any required presentation groupings. For example, accounting policy in MCA taxonomy document specifies required formatting information in revenue needs to be specified. (ii) The entity scheme and identifier for each context throughout the instance document are identical and in accordance with the requirements of the entity’s reporting environment. For example, in real estate company, land is inventory document for retail sales while in case of manufacturing company it can be classified under fixed assets. (iii) New table structures are only created when no suitable table structure exists in the taxonomy prescribed by the Ministry of Corporate Affairs. For example, employee benefits are only partly defined in MCA taxonomy and hence new table needs to be defined. (iv) Where a test submission validation tool (which may not include validation of all technical requirements) is made available by the Ministry of Corporate Affairs, the instance document and related files pass such validation tests. Practitioner’s Responsibility with Reference to Certification of XBRL Financial Statements 23. The members of the Institute may be engaged to perform an assurance or an agreed upon procedures engagement in respect of XBRL financial statements. The Ministry of Corporate Affairs, vide its General Circular No. 43/ 2011 dated July 07, 2011 has required that besides signing by signatories as specified under section 215 of the Companies Act, 1956, a chartered accountant has to certify the financial statements prepared in XBRL mode for filing on MCA- 21 portal. 24. The current Standards on Audit issued by the Institute of Chartered Accountants of India do not require the statutory auditors to perform procedures on XBRL data as part of the audit of financial statements. Accordingly, the 592 Certification of XBRL Financial Statements auditor’s report issued on the financial statements in accordance with these Standards on Audit does not cover the process by which XBRL data is tagged or the XBRL data that results from this process. 25. In so far as the Standard on Audit (SA) 720, ‘The Auditor’s Responsibilities in Relation to Other Information in Documents Containing Audited Financial Statements’ is concerned, it may be noted that XBRL data does not construe “other information” as envisaged in SA 720 because it is only a machine readable rendering of the data within the financial statements. 26. The responsibility of the practitioner in carrying out a certification of XBRL financial statements in terms of MCA’s circular no. 43/2011 of July 07, 2011 read with circular no. 57/2011 of 28 July, 2011 is to certify that the said XBRL financial statements fairly present, in all material respects, the audited financial statements of the Company from which such XBRL financial statements have been prepared, in accordance with the taxonomy prescribed by MCA. 27. The XBRL financial statements though prepared on the basis of the audited financial statements of the company, do not per se result in a verbatim reproduction of the latter. The process of conversion of audited financial statements into XBRL financial statements requires application of judgment, including, in matters of mapping the financial statement items to the appropriate tags in the taxonomy. Currently, the taxonomy prescribed by MCA does not permit any extensions. As a result, many financial statement items/ account heads in certain industry sectors may not have exact corresponding tags in the taxonomy. In such cases, judgement is required to be exercised by the management, having regard to factors such as the nature of the financial statement item/ account head to ensure selection of the most appropriate tag to represent that financial statement item/ account head. Accordingly, having regard to exercise of such judgment by the management as well as the limitations of any normal procedure of certification, would normally not be possible for the practitioner to certify, that the XBRL financial statements fully represent or reflect the audited financial statements of the company or the accuracy or correctness of such XBRL financial statements. In such circumstances, a practitioner can, at best, only certify that the XBRL financial statements fairly present, in all material respects, the audited financial statements of the Company from which such XBRL financial statements have been prepared, in accordance with the taxonomy prescribed by MCA. 593 Handbook of Auditing Pronouncements-II Procedures for Certification 28. The practitioner’s procedures in respect of XBRL financial statements would, ordinarily, be as follows: • Examination of Source Document with the XBRL rendered document using relevant document reader in human readable form. This may be elaborate process of call and compare information with the source documents for all practical purposes. • Validation for errors using the MCA tool. • Examination of Error Logs at Mapping and Tagging Stage, and also the Error logs generated while carrying out validating using the MCA Tool. • In case the XBRL financial statements have been generated by a third party service provider, the practitioner can rely on the report given by the former and may specifically request for following areas such as completeness, mapping, accuracy and structure. • Running the formatted XBRL information using relevant reader to satisfy that no changes have been made after validation before filing. • Notifying the management of any exceptions observed during the certification. Exceptions have to be brought to the notice of the company. • Using the relevant reader, satisfying that no changes have been made after validation but before filing. 29. Any exceptions observed during this process have to be brought to the notice of the management. If the exceptions are significant, they should be communicated to the management immediately for necessary rectification before filing. In case, it is not possible to rectify these exceptions or the management refuses to take necessary corrective action, these exceptions should be reported by practitioner in his certificate giving reasons and whether it would affect the XBRL filing as a whole. 30. The practitioner should also have regard to the following aspects which are also of particular importance in carrying out such certification engagements: (i) There should be clear understanding of the terms of the certification engagement, including: 594 Certification of XBRL Financial Statements • the scope of the engagement, i.e., the scope of the engagement comprises : ○ conversion of audited financial statements of the company to XBRL mode financial statements in accordance with the taxonomy prescribed by MCA.6 ○ Certification of the fact that the XBRL financial statements fairly present, in all material respects, the audited financial statements of the Company in accordance with the MCA’s taxonomy. • the responsibilities of the management for the preparation and presentation of XBRL financial statements in accordance with the MCA taxonomy, which includes the responsibility for ensuring the completeness, accuracy, mapping and structure of these financial statements. Management is also responsible for the design, implementation, effectiveness, and monitoring of controls over the preparation and submission of the Company’s XBRL-tagged data. The practitioner should obtain a written representation to that effect. • the responsibility of the practitioner for, where applicable, conversion of audited financial statements of the Company to XBRL mode financial statements and certification of XBRL financial statements. It should be made clear that the certification of XBRL financial statements would not involve: ○ Performing procedures that would enable the practitioner to express an opinion on the truth and fairness of such XBRL financial statements. ○ Performing procedures to verify the completeness or accuracy of information provided by the management. ○ Performing procedures that would enable the practitioner to express an opinion on the effectiveness of the design, implementation, effectiveness, and 6 Applicable to cases where the certifying practitioner also undertakes conversion of audited financial statements of the company to XBRL mode financial statements. 595 Handbook of Auditing Pronouncements-II monitoring of controls over the preparation of these XBRL financial statements by the management. • A statement that the certification would be carried out in accordance with the Guidance Note on Certification of XBRL Financial Statements issued by the Institute of Chartered Accountants of India. • The fact that, as a part of the certification engagement, the practitioner would request written representations from the management. • Billing arrangements, etc. • Restrictions, if any, on distribution of the certificate. To avoid any misunderstandings at a later date, it would be appropriate that terms of the engagement are formalized in an engagement letter. An illustrative engagement letter is given as APPENDIX D. An illustrative management representation letter is given as APPENDIX E. (ii) The practitioner should properly plan the certification engagement to ensure that the engagement is carried out in the most effective and timely manner. Besides, the practitioner should also maintain adequate documentation to support his conclusions as contained in the certificate issued by him. (iii) The practitioner may not be an expert in evaluating and examining all the technical aspects involved in the preparation of the XBRL financial statements and, may, therefore, need to engage an expert. Ordinarily, the practitioner should not refer to the work of an expert in the Certificate that does not contain his reservations/ exceptions on the subject matter of the certification unless required by law or regulation to do so. If such reference is required by law or regulation, the practitioner should indicate in the Certificate that the reference does not reduce the practitioner’s responsibility in respect of the certificate. (iv) Since such certification is undertaken after the statutory audit of the general purpose financial statements on which these XBRL financial statements are based has been completed, the practitioner should invariably review the statutory audit report to ascertain whether there are any matters which have a bearing on his certificate. 596 Certification of XBRL Financial Statements (v) In respect of the format of the certificate, certain factors need to be taken care of, including: • The certificate should, generally, be addressed to the engaging party. • Specific items covered by the certificate should be clearly identified and indicated. • The certificate should clearly lay down the responsibilities of the management vis-a-vis the practitioner with respect to the XBRL financial statements. • The certificate should indicate the manner in which the certification was conducted, e.g., any specific tests performed. • If the certificate is subject to any limitations in scope, such limitations should be clearly mentioned. • Assumptions on which the XBRL financial statements are based should be clearly indicated if they are fundamental to the understanding of these financial statements. • Reference to the information and explanations obtained should be included in the certificate. In certain cases apart from a general reference to information and explanations obtained, the practitioner may also find it necessary to refer in his certificate to specific information or explanations on which he has relied. • Since the XBRL financial statements are based on the general purpose financial statements, the certificate should contain a reference to such general purpose financial statements. It should be clearly mentioned that the statutory audit of the aforesaid general purpose financial statements has been completed. Further, the Certificate should also clearly mention whether such audit has been conducted by the practitioner issuing the certificate or by some other Chartered Accountant. In case the general purpose financial statements have been audited by a practitioner other than the one issuing the certificate, he should specify the extent to which he has relied upon them. He may communicate with the statutory auditor for 597 Handbook of Auditing Pronouncements-II securing his cooperation and in appropriate circumstances, discuss relevant matters with him, if possible. • The certificate should ordinarily be a self-contained document. It should not confine itself to a mere reference to another report or certificate issued by the practitioner or another auditor but should include all relevant information contained in such report or certificate. • The practitioner should clearly indicate in his certificate, the extent of responsibility which he assumes. An illustrative format of the Practitioner’s Certificate is given in the APPENDIX F. 598 Appendix A Glossary of XBRL Related Terms Source: XBRL International abstract An attribute of an element to indicate that the element is only used in a hierarchy to group related elements together. An abstract element cannot be used to tag data in an instance document. attribute A property of an element, such as its name, balance, data type, period type, and whether the element is abstract. balance An attribute of a monetary item type designated as debit, credit, or neither; a designation, if any, should be the natural or most expected balance of the element—credit or debit—and thus indicates how calculation relationships involving the element may be assigned a weight attribute (-1 or +1). calculation linkbase Part of a taxonomy that defines additive relationships between numeric items expressed as parent-child hierarchies. concept XBRL technical term for element. context Entity and report-specific information (reporting period, segment information, and so forth) required by XBRL that allows tagged data to be understood in relation to other information. decimal Instance document fact attribute used to express the number of decimal places to which numbers have been rounded. Handbook of Auditing Pronouncements-II deprecated element Elements within a taxonomy that have been declared not to be used in instance documents due to various reasons (for example, superseded, redundant, or incorrect) element XBRL components (items, domain members, dimensions, and so forth). The representation of a financial reporting concept, including line items in the face of the financial statements, important narrative disclosures, and rows and columns in tables. element definition A human-readable description of a reporting concept. From an XBRL technical point of view, the element definition is the label with the type “documentation,” and there are label relationships in a label relationships file, but from a user point of view, the definition is an unchangeable attribute of the element. extension taxonomy or extension A taxonomy that allows users to add to or modify a published taxonomy in order to define new elements or change element relationships and attributes (presentation, calculation, labels, and so forth) without altering the original. face of the financial statements Financial statements without the notes or schedules. fact The occurrence in an instance document of a value or other information tagged by a taxonomy element. hierarchy Trees (presentation, calculation, and so forth) used to express and navigate relationships. instance or instance document XML file that contains business reporting information and represents a collection of financial facts and report-specific information using tags from one or more XBRL taxonomies. 600 Certification of XBRL Financial Statements item XBRL technical term for a kind of element. label Human-readable name for an element; each element has a standard label that corresponds to the element name and is unique across the taxonomy. label type A distinguishing name for each distinct element indicating the circumstances in which it should be used; each is given a separate defining role to use in different presentation situations. line item Elements that conventionally appear on the vertical axis (rows) of a table. linkbase XBRL technical term for a relationships file. mapping Process of determining the elements that correspond to lines and columns in a financial statement and which elements must be created by extension. name Unique identifier of an element in a taxonomy. nillable An attribute that appears on all taxonomy elements and is used (false) on elements that, if used in an instance document, must have a nonempty value. XBRL taxonomy tools normally have the default value for nillable as “true.” There is no need for any extension to define an element with nillable “false.” parent-child hierarchy Relationship between elements that indicates subordination of one to the other as represented in a print listing or financial statement presentation. Relationships files use parent-child hierarchies to model several different relationships, 601 Handbook of Auditing Pronouncements-II including presentation, summation of a set of facts, and membership of concepts within a domain used as the axis of a table. period type An attribute of an element that reflects whether it is reported as an instant or duration time period. presentation linkbase Part of a taxonomy that defines relationships that arrange elements allowing them to navigate the taxonomy content in parent-child tree structures (hierarchies). render or rendering To process an instance document into a layout that facilitates readability and understanding of its contents. scenario Tag that allows for additional information to be associated with facts in an instance document; this information encompasses in particular the reporting circumstances of the fact, for example, “actual” or forecast.” The scenario of any fact can be left unspecified. sign value Denotes whether a numeric fact in an instance has a positive (+) or negative (-) value. table An element that organizes a set of axes and a set of line items to indicate that each fact of one of the line items could be further characterized along one or more of its axes. For example, if a line item is “Sales” and an axis is “Scenario,” this means that an instance document could have facts that are either for an unspecified scenario or for a specific scenario, such as “actual” or “forecast.” tag (noun) Identifying information that describes a unit of data in an instance document and encloses it in angle brackets (<>). All facts in an instance document are enclosed by tags that identify the element of the fact. 602 Certification of XBRL Financial Statements tag (verb) To apply tags to an instance document. taxonomy, taxonomies Electronic dictionary of business reporting elements used to report business data. A taxonomy is composed of an element names file (.xsd) and relationships files directly referenced by that schema. The taxonomy schema files together with the relationships files define the concepts (elements) and relationships that form the basis of the taxonomy. The set of related schemas and relationships files altogether constitute a taxonomy. type or data type Data types (monetary, string, share, decimal, and so forth) define the kind of data to be tagged with the element name. unit of measure The units in which numeric items have been measured, such as dollars, shares, Euros, or dollars per share. validation Process of checking that instance documents and taxonomies correctly meet the rules of the XBRL specification. XBRL footnote link Additional information that is attached to an element. 603 Handbook of Auditing Pronouncements-II Appendix B MCA’s Circulars on XBRL Financial Statements Circular No. Date Issue 09/2011 31.03.2011 Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode. 14/2011 08.04.2011 Certification of e-forms under the Companies Act, 1956 by the Practicing professionals 26/2011 18.05.2011 Certification of e-forms under the Companies Act, 1956 by the Practicing professionals 37/2011 07.06.2011 Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode 43/2011 07.07.2011 Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode 57/2011 28.07.2011 Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode 604 Certification of XBRL Financial Statements General Circular No. 09/2011 17/70/2011 –CL.V Government of India Ministry of Corporate Affairs 5th Floor, A Wing, Shastri Bhavan, Dr. R.P. Road, New Delhi Dated the 31.03.2011 To All Regional Directors All Registrar of Companies Subject: Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language( XBRL) mode. It has been decided by the Ministry of Corporate Affairs to mandate certain class of companies to file balance sheets and profit and loss account for the year 2010-11 onwards by using XBRL taxonomy. The Financial Statements required to be filed in XBRL format would be based upon the Taxonomy on XBRL developed for the existing Schedule VI, as per the existing, (non converged) Accounting Standards notified under the Companies (Accounting Standards) Rules, 2006. The said Taxonomy is being hosted on the website of the Ministry at www.mca.gov.in shortly. The Frequently Asked Questions ( FAQs ) about XBRL have been framed by the Ministry and they are being annexed as Annexure I with this circular for the information and easy understanding of the stakeholders. Coverage in Phase I 2. The following class of companies have to file the Financial Statements in XBRL Form only from the year 2010-2011 :- (i) All companies listed in India and their subsidiaries, including overseas subsidiaries; (ii) All companies having a paid up capital of Rs. 5 Crore and above or a Turnover of Rs 100 crore or above . 605 Handbook of Auditing Pronouncements-II Additional Fee Exemption 3. All companies falling in Phase -I are permitted to file upto 30-09-2011 without any additional filing fee. Training Requirement 4. Stakeholders desirous to have training on the XBRL or on taxonomy related issues, may contact the persons as mentioned in Annexure II. (J.N. Tikku) Joint Director Tel: 011-23381295 606 Certification of XBRL Financial Statements Annexure I Frequently Asked Questions 1. What is XBRL? XBRL is a language for the electronic communications of business and financial data which is revolutionizing business reporting around the world. It provides major benefits in the preparation, analysis and communication of business information. It offers cost savings, greater efficiency and improved accuracy and reliability to all those involved in supplying or using financial data. XBRL stands for eXtensible Business Reporting Language. It is already being put to practical use in a number of countries and implementation of XBRL are growing rapidly around the world. 2. Who developed XBRL? XBRL is an open, royalty-free software specification developed through a process of collaboration between accountants and technologists from all over the world. Together, they formed XBRL International which is now made up of over 650 members, which includes global companies, accounting, technology, government and financial services bodies. XBRL is and will remain an open specification based on XML that is being incorporated into many accounting and analytical software tools and applications. 3. What are the advantages of XBRL? XBRL offers major benefits at all stages of business reporting and analysis. The benefits are seen in automation, cost saving, faster, more reliable and more accurate handling of data, improved analysis and in better quality of information and decision-making. XBRL enables producers and consumers of financial data to switch resources away from costly manual processes, typically involving time- consuming comparison, assembly and re-entry of data. They are able to concentrate effort on analysis, aided by software which can validate and process XBRL information. XBRL is a flexible language, which is intended to support all current aspects of reporting in different countries and industries. Its extensible nature means that it can be adjusted to meet particular business requirements, even at the individual organization level. 4. Who can benefit from using XBRL? All types of organizations can use XBRL to save costs and improve efficiency in handling business and financial information. Because XBRL is extensible and 607 Handbook of Auditing Pronouncements-II flexible, in can be adapted to a wide variety of different requirements. All participants in the financial information supply chain can benefit, whether they are preparers, transmitters or users of business date. 5. What is the future of XBRL? XBRL is set to become the standard way of recording, storing and transmitting business financial information. It is capable of use throughout the world, whatever the language of the country concerned, for a wide variety of business purposes. It will deliver major cost savings and gains in efficiency, improving processes in companies, government and other organizations. 6. Does XBRL benefit the comparability of financial statements? XBRL benefits comparability by helping to identify data which is genuinely alike and distinguishing information which is not comparable. Computers can process this information and populate both pre defined and customized reports. 7. Does XBRL cause a change in accounting standards? No. XBRL is simply a language for information. It must accurately reflect data reported under different standards – It does not change them. 8. What are the benefits to a company from putting its financial statements into XBRL? XBRL increases the usability of financial statement information. The need to re- key financial data for analytical and other purposes can be eliminated. By presenting its statements in XBRL, a company can benefit investors and other stakeholders and enhance its profile. It will also meet the requirements of regulators, lenders and others consumers of financial information, who are increasingly demanding reporting in XBRL. This will improve business relations and lead to a range of benefits. With full adoption of XBRL, companies can automate data collection. For example, data from different company divisions with different accounting systems can be assembled quickly, cheaply and efficiently. Once data is gathered in XBRL, different types of reports using varying subsets of the data can be produced with minimum effort. A company finance division, for example, could quickly and reliably generate internal management reports, financial statements for publication, tax and other regulatory filings, as well as credit reports for 608 Certification of XBRL Financial Statements lenders. Not only can data handling be automated, removing time-consuming, error-prone processes, but the data can be checked by software for accuracy. 9. How does XBRL work? XBRL makes the data readable, with the help of two documents – Taxonomy and instance document. Taxonomy defines the elements and their relationships based on the regulatory requirements. Using the taxonomy prescribed by the regulators, companies need to map their reports, and generate a valid XBRL instance document. The process of mapping means matching the concepts as reported by the company to the corresponding element in the taxonomy. In addition to assigning XBRL tag from taxonomy, information like unit of measurement, period of data, scale of reporting etc., needs to be included in the instance document. 10. How to companies create statements in XBRL? There are a number of ways to create financial statements in XBRL: • XBRL-aware accounting software products are becoming available which will support the export of data in XBRL form. These tools allow users to map charts of accounts and other structures to XBRL tags. • Statements can be mapped into XBRL using XBRL software tools designed for this purpose. • Data from accounting databases can be extracted in XBRL format. It is not strictly necessary for an accounting software vendor to use XBRL; third party products can achieve the transformation of the data to XBRL. • Applications can transform data in particular formats into XBRL. The route which an individual company may take will depend on its requirements and the accounting software and systems it currently uses, among other factors. 11. Is India a member of XBRL International? India is now an established jurisdiction of XBRL International. A separate company, under section 25 has been created, to manage the operations of XBRL India. The main objectives of XBRL India are 609 Handbook of Auditing Pronouncements-II • To create awareness about XBRL in India • To Develop and maintain Indian Taxonomies • To help companies, adopt and implement XBRL. For more information, visit www. xbrl.org/in 12. Which taxonomies developed for Indian reporting requirements? Where can I find the taxonomies? Taxonomies for Indian companies are developed based on the requirements of • Schedule VI of Companies Act, • Accounting Standards, issued by ICAI • SEBI Listing requirements. Taxonomies for Manufacturing and service sector (referred as Commercial and Industrial, or C&I) and Banking sector, is acknowledged by XBRL International. These taxonomies are available at http://www.xbrl.org/in/ 13. Where can I find more information about XBRL? Please visit www.xbrl.org. Also Ministry of Corporate Affairs would be shortly developing its webpage on XBRL with list of contact persons for training purposes. 14. What are XBRL Documents? An XBRL document comprises the taxonomy and the instance document. Taxonomy contains description and classification of business & financial terms, while the instance document is made up of the actual facts and figures. Taxonomy and Instance document together make up the XBRL documents. 15. What is Taxonomy? Taxonomy can be referred as an electronic dictionary of the reporting concepts. Taxonomy consists of all the data definitions, the basic XBRL properties and the interrelationships amongst the concepts. It includes terms such as net income, EPS, cash, etc. Each term has specific attributes that help define it, including 610 Certification of XBRL Financial Statements label and definition and potentially references. Taxonomies may represent hundreds or even thousands of individual business reporting concepts, mathematical and definitional relationships among them, along with text labels in multiple languages, references to authoritative literature, and information about how to display each concept to a user. 16. What is meant by extending taxonomy? Taxonomy is extended to accommodate items/relationship specific to the owner of the information. Taxonomy extension therefore can be (a) Modification in the existing relationships (b) Addition of new elements in the taxonomy (c) Combination both a & b 17. Are Taxonomies based on any standards? Yes, taxonomies are based on the regulatory requirements and standards which are to be followed by the companies. Accordingly, depending on the requirements of every country, there can be country-specific taxonomies. 18. What is an Instance document? An XBRL instance document is a business report in an electronic format created according to the rules of XBRL. It contains facts that are defined by the elements in the taxonomy it refers to, together with their values and an explanation of the context in which they are placed. XBRL Instances contain the reported data with their values and “contexts”. Instance document must be linked to at least one taxonomy, which defines the contexts, labels or references. Thus, in order to concluded the usage and explain the XBRL technology which leads to more information exchanges that can be effectively automated by use. This one standard approach leads to the best interest of the company or more so for the international business interests globally that warrant the accuracy of all the financial data for the end users and early collaborative decisions by the companies or those whose interest is involved for acquisition/ rights etc. 611 Handbook of Auditing Pronouncements-II Circular 14/2011 No 17/102/2011 CL-V Government of India Ministry of Corporate Affairs 5th floor, ‘A’ Wing, Shastri Bhawan, Dr. Rajendra Prasad Road, New Delhi Dated: 08.04.2011 To All the Regional Directors, All the Registrar of Companies/ Official Liquidators Subject:- Certification of e-forms under the Companies Act,1956 by the Practicing professionals Ministry of Corporate Affairs has been steadily progressing towards total electronic filing and approval regime. Objective is to do away with human intervention in MCA approvals to the maximum extent possible. 2. For this purpose, Ministry of Corporate Affairs has entrusted practicing professionals registered as Members of the professional bodies namely, ICAI, ICSI & ICWAI with the responsibility of ensuring integrity of documents filed by them with MCA in electronic mode. Professionals are now to be responsible for submitting /certifying documents (to be signed digitally by them) and system would accept most of these documents online without approval by Registrar of Companies or other officers of the Ministry. 3. However, to ensure that the data integrity is maintained at all times, there will be checking of such submissions to guard against fraudulent filing. In addition to the penal actions against the companies and their officers in default for furnishing incorrect or false information in the documents as provided under the Companies Act, 1956, action would also be taken on receipt of any complaint, anonymous or otherwise, against such professionals in the following manner:- 612 Certification of XBRL Financial Statements a) Alleged wrong submissions: In such cases, quick enquiry will be conducted by the concerned RD who will be assessing prima facie, cases of wrong doing by the professionals. Concerned professionals will be given time for furnishing explanation before conveying to a cancellation. b) This report will be submitted to e-Governance Cell of MCA. The Cell will inform in the concerned Professional Institute to initiate an enquiry and complete the same within a month’s time. c) Simultaneously, the concerned professional shall be debarred and shall not be allowed to enter to submit any document on MCA Portal. This debarment will be for a period of 30 days or till the final enquiry report is received from the respective Professional Institute. d) MCA will take a final decision after considering the report so received. Yours faithfully, (Sanjay Shorey) Dy. Director 613 Handbook of Auditing Pronouncements-II General Circular No. 26/2011 Corrigendum to Circular No. 14/2011 dated 08th April, 2011 [F. No. 17/102/2011-CL V] Government of India Ministry of Corporate Affairs 5th Floor, A Wing, Shastri Bhavan, Dr. R.P. Road, New Delhi Dated: 18.05.2011 To All Regional Directors All Registrar of Companies Subject: Certification of E-forms under the Companies Act, 1956 by the practicing professionals The undersigned is to draw the attention on the Circular No. 14/2011 dated 08.04.2011 of this Ministry on the subject cited above. The following errata has been noticed which is rectified as under:- 2. In the said circular in line 4 (Four) of Paragraph 2, the words should be inserted “including filing of Financial Statements in the Extensible Business Reporting Language (XBRL) mode from the year 2011-12 onwards” after the words “MCA in electronic mode”. 3. This issues with approval of Competent Authority. (J.N. Tikku) Joint Director Tel: 011 2338 1295 614 Certification of XBRL Financial Statements General Circular 37/2011 17/70/2011-CL.V Government of India Ministry of Corporate Affairs 5th Floor, “A” Wing, Shastri Bhawan, Dr. R.P. Road, New Delhi – 110 001 Dated : 07-06-2011 To All Regional Directors All Registrar of Companies Subject: Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode. In supersession of this Ministry’s Circular no. 9/2011 dated 31.03.2011 and 25/2011 dated 12.05.2011, Ministry of Corporate Affairs hereby mandated certain class of companies to file Balance Sheets and Profit and Loss Account along with Director’s and Auditor’s Report for the year 2010-11 onwards by using XBRL taxonomy. The Taxonomy Business Rules, Validity tools etc required for preparation the above documents in XBRL format as the existing Schedule VI and Accounting Standards notified under the Companies (Accounting Standards) Rules, 2006 have been prepared and hosted on the website of the Ministry at www.mca.gov.in. The Frequently Asked Questions (FAQs) about XBRL have been framed by the Ministry and they are being annexed as Annexure I with this circular for the information and easy understanding of the stakeholders. To enable filing on XBRL by stakeholders, MCA-21 portal will have XBRL filing module by July, 2011. Actual date will be informed separately. Coverage in Phase I 2. The following class of companies have to file the Financial Statements in XBRL Form only from the year 2010-2011:- (i) All companies listed in India and their Indian subsidiaries; (ii) All companies having a paid up capital of Rs. 5 Crore and above 615 Handbook of Auditing Pronouncements-II (iii) All companies having a turnover of Rs. 100 crore and above. However, banking companies, Insurance companies, power companies and Non Banking Financial Companies (NBFCs) are exempted for XBRL filing, till further orders. Additional Fee exemption 3. All companies falling in Phase – I whose Balance Sheets are adopted in the Annual General Meeting held before 30.09.2011 are permitted to file upto 30- 09-2011 without any additional filing fee. However, where companies hold the Annual General Meeting in the month of September 2011, they will file the Balance Sheet within 30 days from the date of adoption in the General Meeting as per section 220 of the Companies Act, 1956. Training Requirement 4. Stakeholders desirous to have training on the XBRL or on taxonomy related issues, may contact the persons as mentioned in Annexure II. (J.N. Tikku) Joint Director Tel: 23381295 Email: jyotinder.nath@mca.gov.in 616 Certification of XBRL Financial Statements Annexure I Frequently Asked Questions 1. What is XBRL? XBRL is a language for the electronic communications of business and financial data which is revolutionizing business reporting around the world. It provides major benefits in the preparation, analysis and communication of business information. It offers cost savings, greater efficiency and improved accuracy and reliability to all those involved in supplying or using financial data. XBRL stands for eXtensible Business Reporting Language. It is already being put to practical use in a number of countries and implementation of XBRL are growing rapidly around the world. 2. Who developed XBRL? XBRL is an open, royalty-free software specification developed through a process of collaboration between accountants and technologists from all over the world. Together, they formed XBRL International which is now made up of over 650 members, which includes global companies, accounting, technology, government and financial services bodies. XBRL is and will remain an open specification based on XML that is being incorporated into many accounting and analytical software tools and applications. 3. What are the advantages of XBRL? XBRL offers major benefits at all stages of business reporting and analysis. The benefits are seen in automation, cost saving, faster, more reliable and more accurate handling of data, improved analysis and in better quality of information and decision-making. XBRL enables producers and consumers of financial data to switch resources away from costly manual processes, typically involving time- consuming comparison, assembly and re-entry of data. They are able to concentrate effort on analysis, aided by software which can validate and process XBRL information. XBRL is a flexible language, which is intended to support all current aspects of reporting in different countries and industries. Its extensible nature means that it can be adjusted to meet particular business requirements, even at the individual organization level. 4. Who can benefit from using XBRL? All types of organizations can use XBRL to save costs and improve efficiency in handling business and financial information. Because XBRL is extensible and 617 Handbook of Auditing Pronouncements-II flexible, in can be adapted to a wide variety of different requirements. All participants in the financial information supply chain can benefit, whether they are preparers, transmitters or users of business date. 5. What is the future of XBRL? XBRL is set to become the standard way of recording, storing and transmitting business financial information. It is capable of use throughout the world, whatever the language of the country concerned, for a wise variety of business purposes. It will deliver major cost savings and gains in efficiency, improving processes in companies, government and other organizations. 6. Does XBRL benefit the comparability of financial statements? XBRL benefits comparability by helping to identify data which is genuinely alike and distinguishing information which is not comparable. Computers can process this information and populate both pre defined and customized reports. 7. Does XBRL cause a change in accounting standards? No. XBRL is simply a language for information. It must accurately reflect data reported under different standards – It does not change them. 8. What are the benefits to a company from putting its financial statements into XBRL? XBRL increases the usability of financial statement information. The need to re- key financial data for analytical and other purposes can be eliminated. By presenting its statements in XBRL, a company can benefit investors and other stakeholders and enhance its profile. It will also meet the requirements of regulators, lenders and others consumers of financial information, who are increasingly demanding reporting in XBRL. This will improve business relations and lead to a range of benefits. With full adoption of XBRL, companies can automate data collection. For example, data from different company divisions with different accounting systems can be assembled quickly, cheaply and efficiently. Once data is gathered in XBRL, different types of reports using varying subsets of the data can be produced with minimum effort. A company finance division, for example, could quickly and reliably generate internal management reports, financial statements for publication, tax and other regulatory filings, as well as credit reports for 618 Certification of XBRL Financial Statements lenders. Not only can data handling be automated, removing time-consuming, error-prone processes, but the data can be checked by software for accuracy. 9. How does XBRL work? XBRL makes the data readable, with the help of two documents – Taxonomy and instance document. Taxonomy defines the elements and their relationships based on the regulatory requirements. Using the taxonomy prescribed by the regulators, companies need to map their reports, and generate a valid XBRL instance document. The process of mapping means matching the concepts as reported by the company to the corresponding element in the taxonomy. In addition to assigning XBRL tag from taxonomy, information like unit of measurement, period of data, scale of reporting etc., needs to be included in the instance document. 10. How to companies create statements in XBRL? There are a number of ways to create financial statements in XBRL: • XBRL-aware accounting software products are becoming available which will support the export of data in XBRL form. These tools allow users to map charts of accounts and other structures to XBRL tags. • Statements can be mapped into XBRL using XBRL software tools designed for this purpose. • Data from accounting databases can be extracted in XBRL format. It is not strictly necessary for an accounting software vendor to use XBRL; third party products can achieve the transformation of the data to XBRL. • Applications can transform data in particular formats into XBRL. The route which an individual company may take will depend on its requirements and the accounting software and systems it currently uses, among other factors. 11. Is India a member of XBRL International? India is now an established jurisdiction of XBRL International. A separate company, under section 25 has been created, to manage the operations of XBRL India. The main objectives of XBRL India are 619 Handbook of Auditing Pronouncements-II • To create awareness about XBRL in India • To Develop and maintain Indian Taxonomies • To help companies, adopt and implement XBRL. For more information, visit www. xbrl.org/in 12. Which taxonomies developed for Indian reporting requirements? Where can I find the taxonomies? Taxonomies for India companies are developed based on the requirements of • Schedule VI of Companies Act, • Accounting Standards, issued by ICAI • SEBI Listing requirements. Taxonomies for Manufacturing and service sector (referred as Commercial and Industrial, or C&I) and Banking sector, is acknowledged by XBRL International. These taxonomies are available at http://www.xbrl.org/in/ 13. Where can I find more information about XBRL? Please visit www.xbrl.org. Also Ministry of Corporate Affairs would be shortly developing its webpage on XBRL with list of contact persons for training purposes. 14. What are XBRL Documents? An XBRL document comprises the taxonomy and the instance document. Taxonomy contains description and classification of business & financial terms, while the instance document is made up of the actual facts and figures. Taxonomy and Instance document together make up the XBRL documents. 15. What is Taxonomy? Taxonomy can be referred as an electronic dictionary of the reporting concepts. Taxonomy consists of all the data definitions, the basic XBRL properties and the interrelationships amongst the concepts. It includes terms such as net income, EPS, cash, etc. Each term has specific attributes that help define it, including 620 Certification of XBRL Financial Statements label and definition and potentially references. Taxonomies may represent hundreds or even thousands of individual business reporting concepts, mathematical and definitional relationships among them, along with text labels in multiple languages, references to authoritative literature, and information about how to display each concept to a user. 16. What is meant by extending taxonomy? Taxonomy is extended to accommodate items/relationship specific to the owner of the information. Taxonomy extension therefore can be (a) Modification in the existing relationships (b) Addition of new elements in the taxonomy (c) Combination both a & b 17. Are Taxonomies based on any standards? Yes, taxonomies are based on the regulatory requirements and standards which are to be followed by the companies. Accordingly, depending on the requirements of every country, there can be country-specific taxonomies. 18. What is an Instance document? An XBRL instance document is a business report in an electronic format created according to the rules of XBRL. It contains facts that are defined by the elements in the taxonomy it refers to, together with their values and an explanation of the context in which they are placed. XBRL Instances contain the reported data with their values and “contexts”. Instance document must be linked to at least one taxonomy, which defines the contexts, labels or references. Thus, in order to concluded the usage and explain the XBRL technology which leads to more information exchanges that can be effectively automated by use. This one standard approach leads to the best interest of the company or more so for the international business interests globally that warrant the accuracy of all the financial data for the end users and early collaborative decisions by the companies or those whose interest is involved for acquisition/ rights etc. 621 Handbook of Auditing Pronouncements-II General Circular No. 43/2011 No. HQ/MCA/DigitisedBS/AR/2009 Government of India Ministry of Corporate Affairs 5th Floor, “A” Wing, Shastri Bhawan, Dr. R.P. Road, New Delhi – 110 001 Dated : 07-07-2011 All the Regional Directors All the Registrar of Companies/Official Liquidators All Stakeholders Sub: Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode. Sir, In partial modification to Para 2 of Ministry’s Circular No. 26/2011 dated 18.05.2011, the filing on MCA 21 in the XBRL mode will be effective in respect of financial statements closing on or after 31.03.2011 instead of the year 2011-12. 2. Further, in continuation to the Circular no. 37/2011 dated 07.06.2011, the further information is given as under:- (i) Besides signing by signatories as specified u/s 215 of the Companies Act, 1956, the Statutory Auditor has to certify the financial statements prepared in XBRL mode for filing on MCA-21 portal. (ii) Phase – 1 class of companies as per Circular 9/2011 dated 31.03.2011 and later exempted from XBRL filing (under Power sector, Insurance sector, NBFC and Banking sector) who are unable to file their financial statements would be exempted from additional fee due to delay in filing up to 30.09.2011. 3. This issue with approval of Competent Authority. Yours faithfully, (J.N. Tikku) Joint Director 622 Certification of XBRL Financial Statements Circular No: 57/2011 No. HQ/MCA/DigitisedBS/AR/2009 Government of India Ministry of Corporate Affairs 5th Floor, A Wing, Shastri Bhavan, Dr. R.P. Road, New Delhi Dated: 28.07.2011 All the Regional Directors All the Registrar of Companies/Official Liquidators All Stakeholders Sub: Filing of Balance Sheet and Profit and Loss Account in eXtensible Business Reporting Language (XBRL) mode. Sir, The Para 3 of the Circular No. 37/2011 dated 07.06.2011 may be read as under:- “All companies falling in Phase-1 class of companies (excluding exempted class) are permitted to file their financial statements without any additional fee up to 30.11.2011 or within 60 days of their due date, whichever is later.” 2. Further, in supersession of Para 2 (i) of Ministry’s Circular No. 43/2011 dated 07.07.2011, it is informed that the verification and certification of the XBRL document of financial statements on the e-forms would continue to be done by authorized signatory of the company as well as professional like Chartered Accountant or Company Secretary or Cost Accountant in whole time practice. 3. This issue with approval of Competent Authority. Yours faithfully, (J.N. Tikku) Joint Director 623 Handbook of Auditing Pronouncements-II Appendix C XBRL Tool Features The tools used for the data conversion into XBRL document should ordinarily have at the minimum the following features: 1. Simple process of creating source data using EXCEL template and uploading into or keying into the XBRL software conversion tools in an efficient method. 2. All the Mandatory Items in the Taxonomy should be included in the Generic Source Tool Data Template, which is necessary for Taxonomy Validation purposes. 3. The Tool should include the Business Rules Validation Tool (Mandatory Business Rules) which are not part of generic taxonomy validation tools. Tool should include other optional business rules as well. 4. The calculation and presentation should be validated before the instance is created, which gives second layer of validation for instance created. 5. The XBRL document should be viewed in ONE viewer and should have the option of printing (aligned printing). 6. The Tool has the complete cycle included from creation, mapping, create instances, validate instances (both taxonomy and business rules), create XBRL document for filing. How XBRL Instance Documents Are Created Documents required a) Audited Accounts including Balance Sheet, Profit & Loss account and Cash Flow Statement b) Director’s Report c) Auditor’s Report d) Subsidiary Company Information 624 Certification of XBRL Financial Statements e) Additional information required under XBRL Taxonomy. 1. XBRL Source Information Documentation 2. XBRL Mapping Documentation 3. XBRL Instance Creation and internal validation, error logs and their solutions. 4. XBRL Document – *.xml file 5. XBRL Document – Validation by MCA Tool. Error reports and Solutions. 6. XBRL Document – Client acceptance and confirmation. 7. XBRL Document – Practitioner’s Certification – Obtain copy after certification. 8. XBRL filing information and confirmation from client for filing. 625 Handbook of Auditing Pronouncements-II PROCESS NOTES: XBRL APPROACH: There are five steps involved in the XBRL approach, they are namely: 1. XBRL Design and Planning 2. XBRL Setup 3. XBRL Mark-up and Tagging. 4. XBRL Review and Validate 5. Sustain – Maintenance of XBRL information in documented format. Each of the above steps is briefly explained in the following paragraphs. 1. XBRL Design and Planning In this stage, the company’s financial information is examined in detail to analyse and understand how the financial information and relevant data can be used in the XBRL document creation considering the current taxonomy. 2. XBRL Setup In this stage, based on the design and structure, the client information is validated with taxonomy design structure is ready for mapping and tagging. This stage can be treated or considered as “Data Cleansing” Stage to have readily available data prepared using taxonomy ready for next level. 3. XBRL Mark-up and Tagging. After the Data Cleansing Stage the information is mapped and tagged to relevant taxonomy information and instance creation. Once the instance is created, it is validated for taxonomy calculation, presentation and business rules. If there are any errors on the process of validation, those errors are addressed and finally create an error-free XBRL document. 4. XBRL Review and Validate The XBRL document created is rendered again in any Viewer in a human readable form and reviewed for their presentation, calculation and validation with 626 Certification of XBRL Financial Statements the source documents such as audited accounts, director’s report, auditor’s report and subsidiary information. On examination with the necessary information, the XBRL document has to again to be validated by the tool provided by Ministry of Corporate Affairs (MCA Tool) before filing. If there are any errors arising out of such validation has to be addressed before XBRL documents are being filed with the company law authorities. 5. Sustain – Maintenance of XBRL information in documented format In the stage, all the information used and processed for the XBRL documentation at each level has to be maintained for all practical purposes to substantiate the instance created. Once the XBRL document has been validated by MCA Tool, immediately the necessary XBRL file has to be backed up and archived along with the relevant data information used for the XBRL document creation. The source information needs to be kept in safe custody and no further processing should be performed in that file. The XBRL information back-up may be performed using MD5 cryptography to protect the content from any changes using the text editors. 627 Handbook of Auditing Pronouncements-II Appendix D Illustrative Engagement Letter *** To the Board of Directors of …………. Company Limited You have requested that we convert the audited financial statements of ………………… Company Limited, which comprise the Balance Sheet as at March 31, 20XX, and the Statement of Profit & Loss, and Cash Flow Statement for the year then ended, and a summary of significant accounting policies and other explanatory information to XBRL mode financial statements and also certify that these XBRL financial statements fairly present in all material respects, the audited financial statements of the company for the year ended March 31, 20XX, in accordance with the taxonomy specified by the Ministry of Corporate Affairs for filing of the financial statements in the XBRL mode. We are pleased to confirm our acceptance and our understanding of this certification engagement by means of this letter. Our engagement will be conducted on the basis that the management acknowledges and understands that they have responsibility: (a) For the preparation of XBRL financial statements in accordance with the taxonomy prescribed by the Ministry of Corporate Affairs. This includes: • ensuring Completeness, Accuracy, Mapping and Structure of these XBRL financial statements. • ensuring existence and operation of appropriate controls over the process of conversion of audited financial statements to XBRL financial statements. (b) To provide us with: (i) Audited financial statements of ……………….Company Limited, viz. • audited Balance Sheet of …………………….. Company Limited for the year ended March 31, 20XX; • audited Profit and Loss Account of ………………… Company Limited for the year ended March 31, 20XX; 628 Certification of XBRL Financial Statements • audited Cash Flow Statement of ………………… Company Limited for the year ended March 31, 20XX; and • audit report of ………………… Company Limited for the year ended March 31, 20XX. (ii) Access, at all times, to all information, including the books, account, vouchers and other records and documentation, of the Company, whether kept at the head office of the company or elsewhere, of which [management] is aware that is relevant to the certification of XBRL mode financial statements; (iii) Additional information that we may request from [management] for the purpose of the certification; and (iv) Unrestricted access to persons within the entity from whom we determine it necessary to obtain evidence. This includes our entitlement to require from the officers of the Company such information and explanations as we may think necessary for the performance of the certification engagement. We will conduct our certification in accordance with the Guidance Note on Certification of XBRL Financial Statements, issued by the Institute of Chartered Accountants of India (ICAI). As part of our engagement, we will request from [management and, where appropriate, those charged with governance], written confirmation concerning representations made to us in connection with the certification. We look forward to full cooperation from your staff during our certification engagement. [Insert other information, such as fee arrangements, billings7 and other specific terms, as appropriate.] Our certification does not constitute an audit conducted in accordance with the Standards on Audit issued by the Institute of Chartered Accountants of India. Accordingly, we will not express an opinion on the truth and fairness of the XBRL financial statements. Accordingly, as a part of our engagement we will also not perform procedures to verify the completeness and accuracy of the information provided by the management or such procedures as would enable us to express 7 For example, “Our fees will be billed as the work progresses”. 629 Handbook of Auditing Pronouncements-II an opinion on the effectiveness of the design, implementation and monitoring of controls by the management over the preparation of XBRL financial statements. We will, however, bring to your attention any material errors in these XBRL financial statements of which we become aware during our certification process. Upon completion of our engagement, we will provide you with the XBRL mode a certification on XBRL financial statements referred to above. A draft of the certificate is attached for your reference. The form and content of our certificate may need to be amended in the light of our findings. Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with, the arrangements for our certification of the XBRL financial statements including our respective responsibilities. XYZ & Co. Chartered Accountants ………………………… (Signature) Date : (Name of the Member) Place : (Designation8) Acknowledged on behalf of Company by ……………………………. (Signature) Name and Designation Date 8 Partner or proprietor, as the case may be. 630 Certification of XBRL Financial Statements Appendix E Illustrative Management Representation Letter [Date] M/s ………………………. Chartered Accountants We are providing this letter in connection with your engagement to convert the audited financial statements of …………………. (the “Company”) as of March 31, 20XX, and related financial statement schedules(s) to XBRL financial statements for being furnished by the Company to the Ministry of Corporate Affairs (“MCA”) vide their General Circular No. 43/2011 dated July 07, 2011 and also certification of aforementioned XBRL financial statements, prepared from the audited financial statements for the aforesaid period. The term “XBRL-tagged data” in this letter refers to the Company’s XBRL instance document, and the related taxonomy extension schema, label linkbase, calculation linkbase, presentation linkbase, and definition linkbase documents, all of which were provided to you on [specify date documents were provided or file names with date(s)]. We confirm that we are responsible for: a. The XBRL-tagged data relating to above mentioned financial statements [and related financial statement schedule(s)]; the completeness, accuracy, and consistency of our XBRL-tagged data; and the related assertions; b. Identifying the applicable XBRL-tagged data filing requirements, determining that the substance of the XBRL-tagged data satisfies the regulatory requirements and filing the XBRL-tagged data in a form and manner that satisfies any regulatory or other requirements of the MCA to which the XBRL-tagged data is to be submitted; c. The design, implementation, effectiveness, and monitoring of controls over the preparation and tagging of the Company’s financial statement data and over the submission of the XBRL-tagged data to the MCA; d. Evaluating and monitoring the completeness, accuracy, and consistency of our XBRL-tagged data, including the work performed by 631 Handbook of Auditing Pronouncements-II any third parties in assisting us with the preparation of our XBRL-tagged data; and e. Complying with all applicable laws and regulations. We confirm, to the best of our knowledge and belief, the following representations made to you during your Assistance in XBRL filing engagement: 1. All known matters related to the XBRL-tagged data relating to our financial statements or the related assertions have been disclosed to you. 2. We have made available to you all: a. Financial records and related data b. Documentation relevant to the preparation of the XBRL files, such as [specify documents, e.g., information provided to a third party, tagging worksheets] c. Output of all validation reports. 3. There have been no communications from regulatory agencies affecting the XBRL-tagged data relating to our financial statements referred to above [except for [insert appropriate description]]. 4. We have no knowledge of any fraud or suspected fraud affecting the entity’s XBRL-tagged data. 5. We have no knowledge of any significant matters contrary to your findings [except for [insert appropriate description]]. 6. [Insert any specific representations appropriate for this engagement]. (Name of Chief Executive Officer and Title) (Name of Chief Financial Officer and Title) 632 Certification of XBRL Financial Statements Appendix F Illustrative Format of Certificate on XBRL Financial Statements To The Board of Directors of ……………… Company Limited We have examined the attached Balance Sheet of ……………. Company Limited (“the Company”) as at March 31, 2011, and the Profit and Loss Account and the Cash Flow Statement of the Company (“the Financial Statements) for the year ended on that date, both annexed thereto, prepared by the Company in the eXtensible Business Reporting Language (XBRL) mode (“the XBRL financial statements”). These XBRL financial statements have been prepared on the basis of the audited financial statements of the Company for the year ended March 31, 2011, on which we/ M/s…….. Chartered Accountants (whichever is applicable) have expressed an opinion vide our/ their (whichever is applicable) Audit Report dated ________, 2011. The Management of the Company is responsible for the preparation of the XBRL financial statements in accordance with the taxonomy specified by the Ministry of Corporate Affairs for filing of the financial statements in the XBRL mode. Our responsibility is to certify the XBRL financial statements based on our examination, which was conducted in accordance with the Guidance Note on Certification of XBRL Financial Statements issued by the Institute of Chartered Accountants of India. Based on our aforesaid examination and to the best of our knowledge and belief and according to the information, explanations and representations given to us by the management of the Company, we certify that these XBRL financial statements fairly present, in all material respects, the aforementioned audited financial statements of the Company for the year ended March 31, 2011, in 633 Handbook of Auditing Pronouncements-II accordance with the taxonomy specified by the Ministry of Corporate Affairs for filing of the financial statements in the XBRL mode. 9 This Certificate is intended solely for your information and for purposes of filing of the Company’s financial statements in the XBRL mode in accordance with the Ministry of Corporate Affairs’ General Circular No. 43/2011 dated 7thJuly, 2011 and is not to be used, referred to or distributed for any other purpose without our prior written consent. For ………………………… Chartered Accountants (Firm Registration No.______) ………………………………… (Name of the member) Designation (Membership No. _______) Place: Date: 9 In case of any material unresolved exceptions/ departures from MCA taxonomy, noted by the practitioner, the aforementioned paragraph would need to be suitably reworded as follows: “Based on our aforesaid examination and to the best of our knowledge and belief and according to the information, explanations and representations given to us by the management of the Company, we noted certain material departures from the MCA Taxonomy and on which we have a disagreement with the management. These departures are given in Appendix to this Certificate. Accordingly, these XBRL financial statements do not fairly present, in all material respects, the aforementioned audited financial statements of the Company for the year ended March 31, 2011, in accordance with the taxonomy specified by the Ministry of Corporate Affairs for filing of the financial statements in the XBRL mode.” 634 Certification of XBRL Financial Statements Appendix G Form 23AC-XBRL and Form 23ACA-XBRL FORM NO. 23AC-XBRL Form for filing XBRL [Pursuant to section 220 of the document in respect of Companies Act, 1956, and balance sheet and other Companies(Filling of documents and documents with the forms in eXtensible Business Reporting Registrar Language) Rules, 2011] Note - All fields marked in * are to be mandatorily filled. Authorised capital of the company as on the date of filing (in Rs.) Number of members of the company as on the date of filing 1.(a) *Corporate identity number (CIN) of company Pre-fill (b) Global location number (GLN) of company 2. (a) Name of the company (b) Address of the registered office of the company (c) * e-mail ID of the company 3. *Date of Balance Sheet as at (DD/MM/YYYY) 4. *Whether the attached Balance sheet has been audited Yes No by the auditors 5.(a) * Whether annual general meeting (AGM) held Yes No (b) If yes, date of AGM (DD/MM/YYYY) (c) * Due date of AGM (DD/MM/YYYY) 635 Handbook of Auditing Pronouncements-II (d) Date of AGM in which accounts are adopted (DD/MM/YYYY) by shareholders (e) * Whether any extension for financial ear or Yes No AGM granted (f) If yes, due date of AGM after grant of (DD/MM/YYYY) extension 6. *Whether Schedule VI of the Companies Act, 1956 Yes No is applicable 7. * Type of Industry 8. *Whether consolidated balance sheet is also being filed Yes No 9.(a) In case of a government company, whether Comptroller and Auditor General of India (CAG of India) has commented upon or supplemented the audit report under section 619(4) of the Companies Act, 1956 Yes No (b) Provide details of comment(s) or supplement(s) received from CAG of India (c) Director’s reply(s) on comments received from CAG of India (d) Whether CAG of India has conducted supplementary or test audit under section 619(3)(b) Yes No Attachments List of attachments 1. * XBRL document in respect of balance Attach sheet, schedules, notes thereto, director’s report and auditor’s report 2. XBRL document in respect of consolidated Attach balance sheet, schedules, notes thereto, director’s report and auditor’s report 3. Statement of subsidiaries as per section 212 Attach (To be attached in respect of foreign subsidiaries) 636 Certification of XBRL Financial Statements 4. Statement of the fact and reasons for not Attach adopting balance sheet in the annual general meeting (AGM) 5. Statement of the fact and reasons for not Attach holding the AGM 6. Approval letter for extension of financial year Attach or AGM 7. Supplementary or test audit report under Attach section 619(3)(b) 8. Corporate governance report, Management Attach discussion and analysis and any other document 9. Optional attachment(s) – if any Attach Remove attachment Verification * To the best of my knowledge and belief, the information given in the form and its attachments is correct and complete. * I have been authorised by the Board of directors’ resolution number * dated * (DD/MM/YYYY) to sign and submit this form. * It is confirmed that the attached XBRL document(s) are the XBRL converted copy(s) of the duly signed Balance sheet and all other documents which are required to be annexed or attached to the Balance Sheet as required under Section 220 of the Companies Act, 1956. It is further confirmed that such document(s) have been prepared using the XBRL taxonomy as notified under Companies (Filing of documents and forms in eXtensible Business Reporting Language) Rules, 2011. To be digitally signed by Managing Director or director or manager or secretary of the company *Designation *DIN of the director or Managing Director; or Income-tax PAN of the manager; or Membership number, if applicable or income-tax PAN of the secretary (secretary of a company who is not a member of ICSI, may quote his/ her income-tax PAN) 637 Handbook of Auditing Pronouncements-II Certificate * It is hereby certified that I have verified the above particulars (including attachment(s)) from the audited financial statements of and that all required attachment(s) have been completely attached to this form. It is further certified that the attached XBRL document(s) fairly present, in all material respects, the audited financial statements of the company, in accordance with the XBRL taxonomy as notified under Companies (Filing of documents and forms in eXtensible Business Reporting Language)Rules, 2011. * It is confirmed that the attached XBRL document(s) are the XBRL converted copy(s) of the duly signed Balance Sheet and all other documents which are required to be annexed or attached to the Balance Sheet as required under Section 220 of the Companies Act, 1956. Chartered accountant Cost accountant (in whole-time practice) or (in whole-time practice) or Company secretary (in whole-time practice) *Whether associate or fellow Associate Fellow *Membership number or certificate of practice number Modify Check Form Prescrutiny Submit This eForm has been taken on file maintained by the registrar of companies through electronic mode and on the basis of statement of correctness given by the filing company 638 Certification of XBRL Financial Statements FORM NO. 23ACA-XBRL Form for filing XBRL [Pursuant to section 220 of the document in respect of Companies Act, 1956, Companies(Filling Profit and Loss account of documents and forms in eXtensible and other documents with BusinessReporting Language) Rules, the Registrar 2011] Note - All fields marked in * are to be mandatorily filled. Authorised capital of the company as on the date of filing (in Rs.) Number of members of the company as on the date of filing 1.(a) *Corporate identity number (CIN) of company Pre-fill (b) Global location number (GLN) of company 2. (a) Name of the company (b) Address of the registered office of the company 3. *Period of profit and loss account From (DD/MM/YYYY) To (DD/MM/YYYY) 4. *Whether consolidated profit and loss account is being filed Yes No 5. *Whether Schedule VI of the Companies Act, 1956 Yes No is applicable 6. * Type of Industry 7. *Whether the attached annual accounts have been audited Yes No by the auditors Attachments List of attachments 1. * XBRL document in respect of profit Attach and loss account, schedules and notes thereto 2. XBRL document in respect of Attach consolidated profit and loss account, schedules and notes thereto 3. Statement of subsidiaries as per Attach 639 Handbook of Auditing Pronouncements-II section 212 (To be attached in respect of foreign subsidiaries) 4. Optional attachment(s) – if any Attach Remove attachment Verification * To the best of my knowledge and belief, the information given in the form and its attachments is correct and complete. * I have been authorised by the Board of directors’ resolution number * dated * (DD/MM/YYYY)to sign and submit this form. * It is confirmed that the attached XBRL document(s) are the XBRL converted copy(s) of the duly signed Profit and Loss account and all other documents which are required to be annexed or attached to the Profit and Loss account as required under Section 220 of the Companies Act, 1956. It is further confirmed that such document(s) have been prepared using the XBRL taxonomy as notified under Companies (Filing of documents and forms in eXtensible Business Reporting Language) Rules, 2011. To be digitally signed by Managing Director or director or manager or secretary of the company *Designation *DIN of the director or Managing Director; or Income-tax PAN of the manager; or Membership number, if applicable or income-tax PAN of the secretary (secretary of a company who is not a member of ICSI, may quote his/ her income-tax PAN) Certificate * It is hereby certified that I have verified the above particulars (including attachment(s)) from the audited financial statements of and that all required attachment(s) have been completely attached to this form. It is further certified that the attached XBRL document(s) fairly present, in all material respects, the audited financial statements of the company, in 640 Certification of XBRL Financial Statements accordance with the XBRL taxonomy as notified under Companies (Filing of documents and forms in eXtensible Business Reporting Language) Rules, 2011. * It is confirmed that the attached XBRL document(s) are the XBRL converted copy(s) of the duly signed Profit and Loss account and all other documents which are required to be annexed or attached to the Profit and Loss account as required under Section 220 of the Companies Act, 1956. Chartered accountant Cost accountant (in whole-time practice) or (in whole-time practice) or Company secretary (in whole-time practice) *Whether associate or fellow Associate Fellow *Membership number or certificate of practice number Modify Check Form Prescrutiny Submit This eForm has been taken on file maintained by the registrar of companies through electronic mode and on the basis of statement of correctness given by the filing company 641 31 GUIDANCE NOTE ON REPORTING ON FRAUD UNDER SECTION 143(12) OF THE COMPANIES ACT, 2013* Contents Section Topic Paragraph Reference PART A OVERVIEW I Persons covered for Reporting on Fraud under Section 143(12) of the Companies Act, 2013 II Auditors’ Responsibility for Consideration of Fraud in an Audit of Financial Statements III Reporting on Suspected Offence Involving Frauds Identified/Noted during Audit/Limited Review of Interim period Financial Statements/Results, Other Attest Services and Permitted Non-attest Services * Readers may note that the Guidance Note was issued in February 2015 and the law stated in Guidance Note is updated as of February 2015. Readers may also note that after the issuance of this Guidance Note, the Companies (Amendment) Act, 2015 issued in May 2015 has amended the Section 143(12). However, the Rules relating to amended Section 143(12) have not been issued as on date of issuance of this Handbook of Auditing Pronouncements. Such Rules, when issued, should be considered by the auditors when reporting on frauds to the Central Government or the Audit Committee/Board. Section Topic Paragraph Reference IV Reporting on Frauds Detected by the Management or Other Persons and already Reported under Section 143(12) by such Other Person V Reporting on Suspected Offence Involving Fraud in case of Consolidated Financial Statements VI Reporting under Section 143(12) when the Suspected Offence Involving Fraud Relates to Periods Prior to Coming into effect of the 2013 Act VII When does an Auditor Commence Reporting under Section 143(12) – Based on Suspicion - Reason to Believe – Knowledge – or on Determination of Offence? VIII Can the Auditor apply the Concept of Materiality for Reporting on Fraud? IX Should the Auditor Report under Section 143(12) in case of Corruption, Bribery, Money Laundering and Non-compliance with Other Laws and Regulations X Reporting on Fraud under Section 143(12) – Decision Tree/Flow Chart PART B DETAILED GUIDANCE Section I Introduction 1-16 Introduction 1-2 Requirements for Reporting on Fraud 3-8 under the Companies Act, 2013 Consideration of Fraud in an Audit of 9 Financial Statements as required by Standards on Auditing Reporting on Fraud under Section 227 10 643 Section Topic Paragraph Reference (4A) of the Companies Act, 1956 as per the Companies (Auditor’s Report) Order, 2003 (as amended) (‘CARO’) Reporting to RBI in case of Fraud noted in 11 Audit of Banks Responsibility of Management 12 Audit Committee’s Responsibility on Vigil 13 Mechanism Code of Conduct for Independent 14 Directors Various Definitions of Fraud 15 – 16 Section II Auditors’ Reporting on Fraud under 17-58 Section 143(12) Auditors’ Reporting on Fraud under 17 – 25 Section 143(12) Issues for Consideration by Auditors 26-58 for Reporting under Section 143(12): Auditors’ Responsibility for Consideration 26 – 32 of Fraud in an Audit of Financial Statements Reporting on Suspected Offence Involving 33 – 35 Frauds noted during Audit/Limited Review of Interim Period Financial Statements/Results and Other Attest Services Reporting Responsibility in case of 36 – 38 Suspected Offence Involving Fraud Noted during Performance of Permitted Non- attest Services Reporting on Frauds Detected by the 39 – 41 Management or Other Persons and already Reported under Section 143(12) 644 Section Topic Paragraph Reference by such Other Person Reporting on Suspected Offence Involving 42 – 43 Fraud in case of Consolidated Financial Statements Reporting under Section 143(12) when 44 – 45 the Suspected Offence Involving Fraud Relates to Periods Prior to Coming into effect of the 2013 Act When does an Auditor Commence 46 – 48 Reporting under Section 143(12) – Based on Suspicion - Reason to Believe – Knowledge – or on Determination of Offence? Can the Auditor apply the Concept of 49 - 55 Materiality for Reporting on Fraud? Should the Auditor Report under Section 56 – 58 143(12) in case of Corruption, Bribery, Money Laundering and Non-compliance with Other Laws and Regulations Section III Applicability of Standards on Auditing 59 – 73 Section IV Technical Guidance on Reporting on 74 – 112 Fraud under Section 143(12) Modifications to Terms of Engagement 77 with regard to Reporting on Fraud under Section 143(12) Fraud Risk Factors – Assessed Risk of 78 Material Misstatement due to Fraud Audit procedures to Address Assessed 79 Risk of Material Misstatement due to Fraud Stages of Identification of Fraud 80 - 82 645 Section Topic Paragraph Reference Audit Procedures If Auditor has Reasons 83 to Believe a Fraud has Occurred or is being Carried Out Working with the Board or the Audit 84 - 85 Committee in case the Auditor has Reasons to Believe a Fraud may Exist Reporting to the Board or Audit 86 - 89 Committee on Auditor’s Sufficient Reason to Believe and Knowledge of Fraud against the Company by Officers or Employees of the Company Obtaining response from the Board or 90 – 95 Audit Committee Evaluating reply of the Board or Audit 96 – 100 Committee Reporting to Central Government in Form 101 – 104 ADT – 4 Management Representation 105 Audit Documentation and Quality Control 106 – 109 Evaluation of Impact on the Financial 110 Statements, Audit Opinion on the Financial Statements and Internal Financial Controls Consideration in Joint Audits 111 Consideration of disclosure of frauds in 112 the Board’s report Section V Appendices 1. Illustrative Matters for Engagement Team Discussion on Fraud 2. Illustrative Checklist for Inquiries with Board/Audit Committee, Management and Internal Auditor 3. Illustrative Fraud Risk Factors 646 Section Topic Paragraph Reference 4. Illustrative Possible Audit Procedures to Address the Assessed Risks of Material Misstatement due to Fraud 5. Illustrative Format for Reporting to Board or the Audit Committee on Fraud 6. Form ADT-4 7. Illustrative Management Representation Letter 647 PART - A OVERVIEW Reporting on Fraud under Section 143(12) OVERVIEW I. Persons Covered for Reporting on Fraud under Section 143(12) of the Companies Act, 2013 Sub-section 12 of Section 143 of the Companies Act, 2013 (“the 2013 Act” or “the Act”) states, “Notwithstanding anything contained in this section, if an auditor of a company, in the course of the performance of his duties as auditor, has reason to believe that an offence involving fraud is being or has been committed against the company by officers or employees of the company, he shall immediately report the matter to the Central Government within such time and in such manner as may be prescribed.” The reporting requirement under Section 143(12) is for the statutory auditors of the company and also equally applies to the cost accountant in practice, conducting cost audit under Section 148 of the Act; and to the company secretary in practice, conducting secretarial audit under Section 204 of the Act. However, the provisions of Section 143(12) do not apply to other professionals who are rendering other services to the company. For example, Section 143(12) does not apply to auditors appointed under other statutes for rendering other services such as tax auditor appointed for audit under Income-tax Act; Sales Tax or VAT auditors appointed for audit under the respective Sales Tax or VAT legislations. It may also be noted that internal auditors covered under Section 138 are not specified as persons who are required to report under Section 143(12). As per sub-rule (3) of Rule 12 of the Companies (Audit and Auditors) Rules, 2014, the provisions of sub-section (12) of Section 143 read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014 regarding reporting of frauds by the auditor shall also extend to a branch auditor appointed under Section 139 to the extent it relates to the concerned branch. It may be noted that Section 143(12) includes only fraud by officers or employees of the company and does not include fraud by third parties such as vendors and customers. 649 Handbook of Auditing Pronouncements-II II. Auditors’ Responsibility for Consideration of Fraud in an Audit of Financial Statements Section 143(12) requires an auditor to report on fraud if in the course of performance of his duties as an auditor, the auditor has reason to believe that an offence involving fraud is being or has been committed against the company by its officers or employees. It may be noted that under section 143(9) read with Section 143(10), the duty of the auditor, inter alia, in an audit is to comply with the Standards on Auditing (SAs). Further, Section 143(2) requires the auditor to make out his report after taking into account, inter alia, the auditing standards. Accordingly, the term, “in the course of performance of his duties as an auditor” implies in the course of performing an audit as per the SAs. The definition of fraud as per SA 240 and the explanation of fraud as per Section 447 of the 2013 Act are similar, except that under Section 447, fraud includes ‘acts with an intent to injure the interests of the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss.’ However, an auditor may not be able to detect acts that have intent to injure the interests of the company or cause wrongful gain or wrongful loss, unless the financial effects of such acts are reflected in the books of account/financial statements of the company. For example, • an auditor may not be able to detect if an employee is receiving pay-offs for favoring a specific vendor, which is a fraudulent act, since such pay- offs would not be recorded in the books of account of the company; • if the password of a key managerial personnel is stolen and misused to access confidential/restricted information, the effect of the same may not be determinable by the management or by the auditor; • if an employee is alleged to be carrying on business parallel to the company’s business and has been diverting customer orders to his company, the auditor may not be able to detect the same since such sales transactions are not recorded in the books of the company. Therefore, the auditor shall consider the requirements of the SAs, insofar as it relates to the risk of fraud, including the definition of fraud as stated in SA 240, in planning and performing his audit procedures in an audit of 650 Reporting on Fraud under Section 143(12) financial statements to address the risk of material misstatement due to fraud. III. Reporting on Suspected Offence Involving Frauds Identified/Noted during Audit/Limited Review of Interim period Financial Statements/Results, Other Attest Services and Permitted Non-attest Services Section 143 of the 2013 Act was notified and is effective from April 1, 2014. Whilst Section 143 deals with auditor’s duties and responsibilities under the Act with respect to financial statements prepared under the Act, the auditors perform other attest services in their capacity as auditors of the company. For example, (a) Clause 41 of the Listing Agreement with Stock Exchanges requires the statutory auditor to perform limited review/audit of the quarterly financial results published by the listed companies; (b) the auditor may also be engaged by the Board of directors of the company to carry out the audit of interim financial statements prepared by the management as per Accounting Standard 25 and report on such interim financial statements to the Board of Directors; (c) the auditor may also perform Tax Audit under the Income-tax Act; or (d) the auditor may be engaged to issue certificates, etc. In the case of the aforesaid attest services for financial years beginning on or after 1st April, 2014, the following needs to be considered: (a) Such attest services may not be pursuant to any requirement of the 2013 Act. They may rather be prepared to meet the specific requirements of the company (such as complying with the equity listing agreement, to meet the requirements of the Board of Directors of the company, etc.). (b) Wherever a statute or regulation requires such attest services to be performed by the auditor of the company, the auditor should consider the requirements and provisions of Section 143(12) since any such work carried out by the auditor during such attest services could be construed as being in the course of performing his duties as an auditor, albeit not under the Companies Act, 2013. (c) The objective and scope of such attest services and the procedures performed by the auditor may not be of the same extent and level as in the case of the audit of the financial statements prepared under the 2013 Act. For example, the quarterly results under clause 41 of the equity listing agreement may be subject to a limited review performed in 651 Handbook of Auditing Pronouncements-II accordance with the Standards on Review Engagements and hence would not have been performed in accordance with the SAs. Auditors could be engaged to provide non-attest services that are not prohibited under Section 144 of the Act. It is possible that the auditor, when providing such non-attest services may become aware of a fraud that is being or has been committed against the company by its officers or employees. A question that arises is – should the auditor report under Section 143(12) on frauds noted in the course of providing such other attest or non-attest services? If an offence involving fraud against the company by its officers or employees that is identified/noted by the auditor in the course of providing such attest or non-attest services as referred above, is of such amount that may be considered to be material to the financial statements of the company prepared under the 2013 Act or if the auditor uses or intends to use the information that is obtained in the course of performing such attest or non-attest services when performing the audit under the 2013 Act, then in such cases, the matter may become reportable under Section 143(12), read with the Rules thereunder, as specified in this Guidance Note. This would require exercise of professional judgement in evaluating if the amount involved will be material to the financial statements to be prepared under the 2013 Act. (Refer paragraphs 49 to 55 of this Guidance Note). If the auditor considers that the amount involved will be material to the financial statements to be prepared under the 2013 Act, the auditor should report the offence involving such fraud to the Central Government as per the requirements of Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014, and as per the provisions of this Guidance Note. IV. Reporting on Frauds Detected by the Management or Other Persons and already Reported under Section 143(12) by Such Other Person Paragraph 4 of SA 240 states and clarifies that the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. In the context of the 2013 Act, this position is reiterated in Section 134(5) which states that the Board report shall include a responsibility statement, inter alia, that the directors had taken proper and sufficient care for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. Based on the above, it may be 652 Reporting on Fraud under Section 143(12) considered that Section 143(12) envisages the auditor to report to the management and thereafter to the Central Government an offence involving fraud against the company by its officers or employees only if he is the first person to identify/note such instance in the course of performance of his duties as an auditor. Accordingly, in case a fraud has already been reported or has been identified/detected by the management or through the company’s vigil/whistle blower mechanism and has been/is being remediated/dealt with by them and such case is informed to the auditor, he will not be required to report the same under Section 143(12) since he has not per se identified the fraud. The auditor should apply professional skepticism to evaluate/verify that the fraud was indeed identified/detected in all aspects by the management or through the company’s vigil/whistle blower mechanism so that distinction can be clearly made with respect to frauds identified/detected due to matters raised by the auditor vis-à-vis those identified/detected by the company through its internal control mechanism. Since reporting on fraud under Section 143(12) is required even by the cost auditor and the secretarial auditor of the company, it is possible that a suspected offence involving fraud may have been reported by them even before the auditor became aware of the fraud. Here too, if a suspected offence involving fraud has already been reported under Section 143(12) by such other person, and the auditor becomes aware of such suspected offence involving fraud, he need not report the same to the Central Government under the section since he has not per se identified the suspected offence involving fraud. However, the auditor should review the steps taken by the management/those charged with governance with respect to the reported instance of suspected offence involving fraud stated above, and if he is not satisfied with such steps, he should state the reasons for his dissatisfaction in writing and request the management/those charged with governance to perform additional procedures to enable the auditor to satisfy himself that the matter has been appropriately addressed. If the management/those charged with governance fail to undertake appropriate additional procedures within 45 days of his request, the auditor would need to evaluate if he should report the matter to the Central Government in 653 Handbook of Auditing Pronouncements-II accordance with Rule 13 of the Companies (Audit and Auditors) Rules, 2014. V. Reporting on Suspected Offence Involving Fraud in case of Consolidated Financial Statements As per Section 129(4) of the 2013 Act, the provisions relating to audit of the standalone financial statements of the holding company shall also apply to the audit of the consolidated financial statements. Since the audit of the consolidated financial statements has also been made one of the duties of the auditor, a question that arises is – should the auditor report on suspected offence involving frauds that may have taken place in any of the subsidiaries, joint ventures, associates of the company? Reporting under Section 143(12) arises only if a suspected offence involving fraud is being or has been committed against the company by its officers or employees. Accordingly, the auditor of the parent company is not required to report on frauds under Section 143(12) if they are not being or have not been committed against the parent company by the officers or employees of the parent company but relate to frauds in: a) A component that is an Indian company, since the auditor of that Indian company is required to report on suspected offence involving frauds under Section 143 (12) in respect of such company; and b) A foreign corporate component or a component that is not a company since the component auditors’ of such components are not covered under Section 143(12). However, the auditor of the parent company in India will be required to report on suspected offence involving frauds in the components of the parent company, if the suspected offence involving fraud in the component is being or has been committed by employees or officers of the parent company and if such suspected offence involving fraud in the component is against the parent company, if: a) the principal auditor identifies/detects such suspected offence involving fraud in the component “in the course of the performance of his duties as an auditor” of the consolidated financial statements; or 654 Reporting on Fraud under Section 143(12) b) the principal auditor is directly informed of such a suspected offence involving fraud in the component by the component auditor and the management had not identified/is not aware of such suspected offence involving fraud in the component; or c) a component that is not a company since the component auditors of such components are not covered under Section 143(12). VI. Reporting under Section 143(12) when the Suspected Offence Involving Fraud relates to periods prior to coming into effect of the 2013 Act Requirements similar to Section 143(12) of the 2013 Act were not prescribed in the 1956 Act. Even the reporting under the Companies (Auditor’s Report) Order, 2003 (CARO) only required the auditors to report to the members on any fraud on or by the company that had been noticed or reported during the year. As such, auditors would not have reported on frauds as envisaged under Section 143(12) in those periods prior to coming into effect of the 2013 Act. Accordingly, in case of fraud relating to earlier years to which the Companies Act, 1956 was applicable, reporting under Section 143(12) will arise only if the suspected offence involving fraud is identified by the auditor in the course of performance of his duties as an auditor during the financial years beginning on or after April 1, 2014 and to the extent that the same was not dealt with in the prior financial years either in the financial statements or in the audit report or in the Board’s report under the Companies Act, 1956. VII. When does an Auditor Commence Reporting under Section 143(12) – Based on Suspicion - Reason to Believe – Knowledge – or on Determination of Offence? Section 143(12) states that an auditor should report under the Section if he has “reasons to believe” that an offence involving fraud has or is being committed against the company by its officers or employees. Rule 13 of the Companies (Audit and Auditors) Rules, 2014 specifies the threshold for reporting as “sufficient reason to believe” and “knowledge”. The Form ADT – 4 in which the auditor is required to report to the Central Government uses the term “suspected offence involving fraud”. It is important to understand the terms “reason to believe”, “sufficient reason to believe”, “knowledge” and “suspected offence involving fraud” to determine the point of time when the reporting requirement is triggered 655 Handbook of Auditing Pronouncements-II for an auditor under Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014. • ‘Suspicion’ is a state of mind more definite than speculation, but falls short of knowledge based on evidence. It must be based on some evidence, even if that evidence is tentative – simple speculation that a person may be engaged in fraud is not sufficient grounds to form a suspicion. Suspicion is a slight opinion but without sufficient evidence. • For 'reason to believe' to come into existence, it cannot be based on suspicion. There needs to be sufficient information or convincing evidence to advance beyond suspicion that it is possible someone is committing or has committed a fraud. For example, identification of fraud risk factors in itself cannot cause ‘reason to believe’ that a fraud exists. • The term 'reason to believe' creates an objective test. SA 240, “The Auditor’s Responsibilities Relating to Frauds in an Audit of Financial Statements” specifies the requirements to be complied by the auditors in assessing and responding to the risk of fraud in an audit of financial statements. For example, when complying with the requirements of SA 240, an auditor might be considered to have reasons to believe that a fraud has been or is being committed if he had actual knowledge of, or possessed information which would indicate to a reasonable person, that another person was committing or had committed a fraud. • The term ‘reason to believe’ which has been used in the SAs indicate that it arises when: − Evaluating audit evidence and information provided; or − Evaluating misstatements, including deviations noted on audit sampling and further audit procedures carried out; or − Exercising professional skepticism. • Rule 13 of the Companies (Audit and Auditors) Rules, 2014 has used the terms ‘sufficient reason to believe’ and ‘knowledge’ (of fraud). The condition of ‘sufficient reason to believe’ would be met if on evaluation of all the available information with the auditor and applying appropriate level of skepticism the auditor concludes that a fraud is being or has been committed on the company. 656 Reporting on Fraud under Section 143(12) • Having ‘knowledge’ means knowing ‘that’ something. In the case of reporting on fraud under Section 143(12), it occurs when the auditor has sufficient reason to believe that a fraud has been or is being committed on the company by its officers or employees. This implies that there exists a fraud. • Whilst Section 143(12) uses the term ‘offence involving fraud’ and the Form ADT – 4 uses the term “suspected offence involving fraud”. As per paragraph 3 of SA 240, although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determination of whether fraud has actually occurred. Determination of “offence” is legal determination and accordingly, the auditor will not be able to legally determine that an “offence or suspected offence involving fraud” has been or is being committed against the company by its officers or employees. Accordingly, based on a harmonious reading of Section 143(12), Rule 13 of the Companies (Audit and Auditors) Rules, 2014 and Form ADT - 4, reporting on fraud in the course of performance of duties as auditor, is applicable only when the auditor has sufficient reason to believe and has knowledge that a fraud has occurred or is occurring i.e., when the auditor has evidence that a fraud exists. VIII. Can the Auditor apply the Concept of Materiality for Reporting on Fraud? The Companies (Amendments) Bill, 2014 that has been introduced and approved by the Lok Sabha to amend certain provisions of the Companies Act, 2013 includes an amendment to the provisions relating to auditor reporting on frauds. As per this amendment, in case of a fraud involving lesser than a specified amount, the auditor shall report the matter to the Audit Committee constituted under Section 177 or to the Board in other cases within such time and in such manner as may be prescribed. Accordingly, only those frauds, where the amount exceeds the specified amount, shall be reported to the Central Government. However, in the case of frauds that are reported by the auditors only to the Audit Committee or the Board of Directors, where the amounts involved are less than the threshold that may be specified by the Ministry of Corporate Affairs, the details of such fraud will need to be disclosed in the Board's report in such manner as may be prescribed. It may be noted that as on date of issuance of this Guidance Note, the above amendment is pending approval of the Rajya Sabha and Presidential assent. 657 Handbook of Auditing Pronouncements-II The concept of materiality is fundamental for setting up an appropriate system of internal control, preparation of financial statements and its audit. Due to its inherent limitations, internal control systems cannot provide absolute assurance that no fraud or error has taken place. Since the auditor is required to comply with the SAs in performance of duties as an auditor, the audit will be performed applying the concept of materiality provided in the SAs. It may be noted that even when reporting on fraud under CARO, the Statement on CARO issued by the ICAI referred to procedures that were required to be performed by the auditor, taking into account the concept of materiality, with respect to misstatements in the financial statements resulting from fraud. This concept of materiality is fundamental to the entire auditing process and was applied even when reporting under CARO. For example, paragraph 36 of the Statement on CARO states, ‘Where a requirement of the Order is not complied with but the auditor decides not to make an adverse comment, he should record in his working papers the reasons for not doing so, for example, the immateriality of the item. The auditor should continue to apply the concept of materiality in performing the audit in accordance with SA 320, “Materiality in Planning and Performing an Audit”. SA 450, “Evaluation of Misstatements Identified During the Audit” considers the concept of materiality in classifying the manner of disposition of misstatements, including those arising from fraud. Misstatements, including those arising from fraud, that are less than the threshold, as may be specified by the Ministry of Corporate Affairs, will need to be communicated to the management and/or those charged with governance as required under paragraphs A21 to A23 of SA 450 and the Rules specified under Section 143(12) in this regard. * Materiality is applicable wherever the amount is quantifiable. Also aggregation is required for each fraud separately to compare with the threshold to be specified by the Ministry of Corporate Affairs. Where the amount is not quantifiable, the auditor should apply professional judgement to estimate the likelihood of the amount exceeding the aforesaid threshold. For this purpose it can be based on management estimate or reasonable range of estimates made by the auditor. Subsequent reporting may be required if the amount initially estimated was lower than the aforesaid threshold but was eventually determined to be higher than * The draft Rules pursuant to the proposed amendment to Section 143(12) have not been issued as on date of issuance of this Guidance Note. Such Rules, when issued, should be considered by the auditors when reporting on frauds to the Audit Committee / Board of Directors or to the Central Government. 658 Reporting on Fraud under Section 143(12) such threshold. Under these circumstances, the timeline for reporting under Rule 13 of the Companies (Audit and Auditors) Rules, 2014 will commence when the amount involved is determined to be in excess of such threshold. IX. Should the Auditor Report under Section 143(12) in case of Corruption, Bribery, Money Laundering and Non-compliance with other Laws and Regulations In case of corruption, bribery and money laundering, the direct effect of such act (benefit or penal consequence) is on the company. The auditor should comply with the relevant SAs with regard to illegal acts (e.g. SA 240 and SA 250, “Consideration of Laws and Regulations in an Audit of Financial Statements”) when performing the audit. If the auditor, in the course of performance of his/her duties as the auditor, comes across instances of corruption, bribery and money laundering and other intentional non-compliances with laws and regulations, the auditor would need to evaluate the impact of the same in accordance with SA 250 to determine whether the same would have a material effect on the financial statements. With respect to reporting under Section 143(12), consequent to corruption, bribery, money laundering and other intentional non-compliance with other laws and regulations, the auditor should consider whether such acts have been carried out by officers or employees of the company for the purpose of reporting and also take into account the requirements of SA 250, particularly paragraph 28 of SA 250 read with paragraphs A19 and A20. For example, if the auditor comes to know that the company has filed a fraudulent return of income to evade income tax, he may have to report this fraud under Section 143(12) irrespective of whether adequate provision has been made in the books of accounts or not. It may be noted that the proviso to Section 147(2) in the context of punishment to auditors for contravention with the provisions, inter alia, of Section 143 of the 2013 Act, states, “if an auditor has contravened such provisions knowingly or wilfully with the intention to deceive the company or its shareholders or creditors or tax authorities, he shall be punishable with imprisonment for a term which may extend to one year and with fine which shall not be less than one lakh rupees but which may extend to twenty-five lakh rupees.” 659 Handbook of Auditing Pronouncements-II X. Reporting on Fraud under Section 143(12) – Decision Tree/Flow Chart ≠ Reporting on fraud (Refer Section II of Part B) Does the auditor possess some information that an offence involving fraud is being or has been committed against the company by employees or officers of the company No requirement to report under Y Section 143(12) at this stage. Consider the information for Y evaluating the existence of fraud Is the information a mere speculation? risk factors and design (Refer Para 80.a) appropriate audit procedures N No requirement to report under N Section 143(12) at this stage. The information provides suspicion But the information will for the auditor to suspect potential fraud but not constitute a fraud risk factor supported by evidence (FRF). The auditor will be (Refer Para 80.b) responsible to design appropriate audit procedures to address this FRF Y No requirement to report under N Section 143(12) at this stage. The information provides the ”Reason to believe” would be the auditor reason to believe that there result of certain audit procedures is a possibility of fraud but no evidence performed by the auditor. The (Refer Para 80.c) auditor may be required to carry out certain additional audit Y procedures to either confirm or negate the indicators he has. Go to next Page (Refer Para 83 and 84) ≠ Pursuant to the proposed amendments to Section 143(12) of the 2013 Act, auditors may be required to report to the Central Government only those frauds where the amount involved is in excess of the threshold that may be specified by the Ministry of Corporate Affairs. Accordingly, the guidance given in paragraphs 101 to 104 of this Guidance Note with respect to reporting to the Central Government will become applicable only for those frauds that are in excess of the specified threshold. 660 Reporting on Fraud under Section 143(12) From previous Page The information provides the auditor sufficient reason to believe that a suspected offence involving fraud is being or has been committed (Refer Para 80.d) Y Reporting is triggered under Section 143(12) at this stage. The matter needs to be reported to the Board / Audit Committee immediately and Board / Audit Committee should respond within 45 days. (Refer Para 86 to 89) Board/Audit Board/Audit Committee Board / Audit Board/Audit Committee investigates and Committee is in Committee disagrees investigates and provides information on the process of with the auditor’s provides information steps taken – auditor carrying out its assessment that on steps taken – not satisfied or response investigation fraud exists (Refer auditor satisfied not received (Refer Para (Refer para 94, Para 94, 95, 99, (Refer Para 94 to 94, 98, 99, 102 & 104) 98) 100 & 104) 98) Report to the Central Government by disclosing the Persuasive evidence not Persuasive evidence facts within 15 days of receipt provided to support provided to support of response from the Board / Board / Audit Committee Board / Audit Committee Audit Committee contention (Refer Para contention (Refer Para (Refer para 101 & 103) 94, 95 & 104) 94 & 95) Auditor not satisfied Auditor satisfied with the evidence With the evidence and is convinced that fraud does (Refer Para 101 & 102) not exist (Refer Para 98 to 100) No requirement to report under Section 143(12) (Refer Para 100) 661 PART - B DETAILED GUIDANCE Reporting on Fraud under Section 143(12) SECTION I INTRODUCTION Introduction 1. Fraud has the capacity to undermine the confidence of stakeholders in an organisation and there is a strong nexus between prevention of fraud and good corporate governance. 2. Consideration of fraud in financial reporting and the auditor’s responsibility on reporting on fraud has always been an integral part of an audit of financial statements carried out in accordance with the Standards on Auditing. Misstatements in the financial statements can arise from either fraud or error and the distinguishing factor between the two is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. The auditor is required to consider fraud as a risk that could cause a material misstatement in the financial statements and plan and perform such procedures that mitigate the risk of material misstatement due to fraud. These requirements are specified in Standard on Auditing (SA) 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”. Requirements for Reporting on Fraud under the Companies Act, 2013 3. Section 143(12) of the Companies Act, 2013 (‘the 2013 Act’ or ‘the Act’) states that “Notwithstanding anything contained in this section, if an auditor of a company, in the course of the performance of his duties as auditor, has reason to believe that an offence involving fraud is being or has been committed against the company by officers or employees of the company, he shall immediately report the matter to the Central Government within such time and in such manner as may be prescribed.”1 1 The Companies (Amendments) Bill, 2014 that has been introduced and approved by the Lok Sabha to amend certain provisions of the Companies Act, 2013 includes an amendment to the provisions of Section 143(12) relating to auditor reporting on frauds. It may be noted that as on date of issuance of this Guidance Note, the above amendment is pending approval of the Rajya Sabha and Presidential assent. The proposed amendment reads as under: 663 Handbook of Auditing Pronouncements-II Rule 13 of the Companies (Audit and Auditors) Rules, 2014 specifies the manner in which the auditor is required to report on fraud to the Central Government and Form ADT 4 to these Rules (Refer Appendix 6) provides the format and information to be included in such report. 4. In terms of provisions of Section 143(14) of the 2013 Act, the reporting requirement under Section 143(12) is for auditors of the company and also equally applies to the cost accountant in practice conducting cost audit under Section 148 of the Act; as well as the company secretary in practice conducting secretarial audit under Section 204 of the Act. However, the provisions of Section 143(12) do not apply to other professionals who are rendering other services to the company. Further, Section 143(12) also does not apply to auditors appointed under other statutes for rendering services such as Tax Audit under the Income-tax Act, 1961; Sales Tax audit or VAT audit. It may be noted that internal auditors covered under Section 138 are not specified as persons who are required to report under Section 143(12.) 5. Section 143(12) includes only fraud by officers or employees of the company and does not include fraud by third parties such as vendors and customers. Suspected fraud by vendors, customers and other third parties should be dealt with in accordance with SA 240. Section 2(59) of the 2013 Act, defines the term “officer” to include any director, manager or key managerial personnel or any person in accordance with whose directions or instructions the Board of Directors or any one or more of the directors is or are accustomed to act. “(12) Notwithstanding anything contained in this section, if an auditor of a company in the course of the performance of his duties as auditor, has reason to believe that an offence of fraud involving such amount or amounts as may be prescribed, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government within such time and in such manner as may be prescribed: Provided that in case of a fraud involving lesser than the specified amount, the auditor shall report the matter to the audit committee constituted under section 177 or to the Board in other cases within such time and in such manner as may be prescribed: Provided further that the companies, whose auditors have reported frauds under this sub-section to the audit committee or the Board but not reported to the Central Government, shall disclose the details about such frauds in the Board's report in such manner as may be prescribed.”. 664 Reporting on Fraud under Section 143(12) The 2013 Act does not define the term “employees”. However, in common parlance, the term “employees” implies those persons who are on the payroll of the company. Employees would, therefore, not include those persons who are engaged on a contract basis e.g. security, house-keeping, canteen staff, who work in the company premises on behalf of a contractor who has been given the contract to provide such services to the company. In this instance, the contract workers will be considered as vendors and not employees. 6. This Guidance Note aims to provide guidance to the auditors on matters that may arise pursuant to the reporting requirements on fraud under Section 143(12) of the Act. Section 143(12) specifically states that the auditor should report to the Central Government if he has reason to believe that an offence involving fraud is being or has been committed against the company by its officers or employees if the auditor has noted it “in the course of the performance of his duties as auditor”.2 Accordingly, the Guidance Note should be read in conjunction with the Standards on Auditing (SAs), issued by the Institute of Chartered Accountants of India (ICAI) since Section 143(9) of the 2013 Act read with Section 143(10) casts a duty and responsibility on the auditor to comply with the SAs. 7. Reporting by the auditor on fraud is not a new concept in India. Such reporting exists under the SAs, the Companies Act, 1956, RBI Regulations, etc. The guidance provided by the ICAI in these contexts continues to be relevant and applicable even in the case of reporting by the auditor on fraud under Section 143(12) of the 2013 Act. 8. The requirements for reporting by auditors under Section 143(12) would apply even if the fraud is required to be/has been reported under any other statute or to any other Regulator. For example, in case of a fraud 2 The Companies (Amendments) Bill, 2014 that has been introduced and approved by the Lok Sabha to amend certain provisions of the Companies Act, 2013 includes an amendment to the provisions of Section 143(12) relating to auditor reporting on frauds. As per this amendment, in case of a fraud involving lesser than a specified amount, the auditor shall report the matter to the Audit Committee constituted under Section 177 or to the Board in other cases within such time and in such manner as may be prescribed. Accordingly, only those frauds, where the amount exceeds the specified amount, shall be reported to the Central Government. However, in the case of frauds that are reported by the auditors only to the Audit Committee or the Board of Directors, where the amounts involved are less than the threshold that may be specified by the Ministry of Corporate Affairs, the details of such fraud will need to be disclosed in the Board's report in such manner as may be prescribed. It may be noted that as on date of issuance of this Guidance Note, the above amendment is pending approval of the Rajya Sabha and Presidential assent. 665 Handbook of Auditing Pronouncements-II identified in a Bank, the auditor of the Bank should report the fraud to the RBI as per the requirements of the RBI Regulations on audit of Banks (Refer paragraph 11 below). If the Bank is a company and is governed by the provisions of the 2013 Act, in addition to the reporting to the RBI, the auditor may also be required to report the offence involving fraud to the Central Government if such instance is covered under Section 143(12) of the 2013 Act, as specified in this Guidance Note. 9. Consideration of Fraud in an Audit of Financial Statements as required by Standards on Auditing Various SAs state the requirements for the auditor to consider the risk of fraud in an audit of financial statements and the manner of dealing with the same: a. SA 240, inter alia, states the following: Paragraph 5 - ‘An auditor conducting an audit in accordance with SAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the SAs.’ Paragraph 40 - ‘If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities’. Paragraph 43 - ‘If the auditor has identified or suspects a fraud, the auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may preclude such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances’. Paragraph A66 - ‘In some clients, requirements for reporting fraud, whether or not discovered through the audit process, may be subject to 666 Reporting on Fraud under Section 143(12) specific provisions of the audit mandate or related legislation or regulation’. b. Paragraphs 22 and 23 of SA 250 – “Consideration of Laws and Regulations in an Audit of Financial Statements”, requires the auditor, inter alia, to communicate to those charged with governance (the Audit Committee/Board of Directors) when there is a non – compliance with laws and regulations, that come to the auditor’s attention during the course of the audit, which he/she believes is intentional and material, without delay. c. Paragraph 27 of SA 315 – “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment”, requires the auditor to consider the risk of fraud in determining which risks are significant risks. 10. Reporting on Fraud under Section 227 (4A) of the Companies Act, 1956 as per the Companies (Auditor’s Report) Order, 2003 (as amended) (‘CARO’) (Note: The following guidance is included here only to briefly explain the erstwhile reporting requirements of the statutory auditor relating to fraud for a better understanding of and comparison with the current reporting requirements). Clause 4(xxi) of CARO requires the auditor to report whether any fraud on or by the company has been noticed or reported during the year. If yes, the nature and the amount involved is to be indicated. The Statement on the Companies (Auditor’s Report) Order, 2003 (‘the Statement’) issued by the ICAI specified the responsibilities of the auditor when reporting under clause 4(xxi) of CARO. As per the Statement: a. Clause 4(xxi) does not require the auditor to discover the frauds on the company and by the company. The scope of auditor’s inquiry under this clause is restricted to frauds ‘noticed or reported’ during the year. The use of the words “noticed or reported” indicates that the management of the company should have the knowledge about the frauds on the company or by the company that have occurred during the period covered by the auditor’s report. It may be noted that this clause of the Order, by requiring the auditor to report whether any fraud on or by the company has been noticed or reported, does not relieve the auditor from his responsibility to consider fraud and error in an audit of financial statements. In other words, irrespective of the auditor’s comments under this clause, the auditor is also required to comply with the 667 Handbook of Auditing Pronouncements-II requirements of Standard on Auditing (SA) 240, “The Auditor’s Responsibility to Consider Fraud and Error in an Audit of Financial Statements”*. b. Although fraud is a broad legal concept, the auditor is concerned with fraudulent acts that cause a material misstatement in the financial statements. Misstatement of the financial statements may not be the objective of some frauds. Auditors do not make legal determinations of whether fraud has actually occurred. Fraud involving one or more members of management or those charged with governance is referred to as "management fraud"; fraud involving only employees of the entity is referred to as "employee fraud". In either case, there may be collusion with third parties outside the entity. In fact, generally speaking, the “management fraud” can be construed as “fraud by the company” while fraud committed by the employees or third parties may be termed as “fraud on the company”. c. Two types of intentional misstatements are relevant to the auditor's consideration of fraud—misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. d. Fraudulent financial reporting involves intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting may involve: − Deception such as manipulation, falsification, or alteration of accounting records or supporting documents from which the financial statements are prepared. − Misrepresentation in, or intentional omission from, the financial statements of events, transactions or other significant information. − Intentional misapplication of accounting principles relating to measurement, recognition, classification, presentation, or disclosure. e. Misappropriation of assets involves the theft of an entity's assets. Misappropriation of assets can be accomplished in a variety of ways (including embezzling receipts, stealing physical or intangible assets, or causing an entity to pay for goods and services not received); it is often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing. * Now known as SA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements” 668 Reporting on Fraud under Section 143(12) f. Fraudulent financial reporting may be committed by the company because management is under pressure, from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings target particularly when the consequences to management of failing to meet financial goals can be significant. The auditor must appreciate that a perceived opportunity for fraudulent financial reporting or misappropriation of assets may exist when an individual believes internal control could be circumvented, for example, because the individual is in a position of trust or has knowledge of specific weaknesses in the internal control system. g. While planning the audit, the auditor should discuss with other members of the audit team, the susceptibility of the company to material misstatements in the financial statements resulting from fraud. While planning, the auditor should also make inquiries of management to determine whether management is aware of any known fraud or suspected fraud that the company is investigating. h. The auditor should examine the reports of the internal auditor with a view to ascertain whether any fraud has been reported or noticed by the management. The auditor should examine the minutes of the audit committee, if available, to ascertain whether any instance of fraud pertaining to the company has been reported and actions taken thereon. The auditor should enquire of the management about any frauds on or by the company that it has noticed or that have been reported to it. The auditor should also discuss the matter with other employees of the company. The auditor should also examine the minutes book of the Board meeting of the company in this regard. i. The auditor should obtain written representations from the management, stating, inter alia, (i) it acknowledges its responsibility for the implementation and operation of accounting and internal control systems that are designed to prevent and detect fraud and error; (ii) it has disclosed to the auditor all significant facts relating to any frauds or suspected frauds known to management that may have affected the entity; and (iii) it has disclosed to the auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud. j. Because management is responsible for adjusting the financial statements to correct material misstatements, it is important that the auditor obtains written representation from management that any uncorrected misstatements resulting from fraud are, in management's opinion, immaterial, both individually and in the aggregate. 669 Handbook of Auditing Pronouncements-II 11. Reporting to RBI in case of Fraud noted in Audit of Banks The RBI issued Circular No. DBS.FGV.(F).No. BC/23.08.001/2001-02 dated May 3, 2002 relating to implementation of recommendations of the Committee on Legal Aspects of Bank Frauds (Mitra Committee) and the recommendations of the High Level Group set-up by the Central Vigilance Commission applicable to all scheduled commercial banks (excluding RRBs). Regarding responsibility and liability of accounting and auditing professionals, the said Circular provides as under: “If an accounting professional, whether in the course of internal or external audit or in the process of institutional audit finds anything susceptible to be fraud or fraudulent activity or act of excess power or smell any foul play in any transaction, he should refer the matter to the regulator. Any deliberate failure on the part of the auditor should render himself liable for action”. Paragraphs 2.30 to 2.36 of the Guidance Note on Audit of Banks 2015 edition provides guidance to the auditors with respect to fraud noted in an audit of Banks and, inter alia, states as follows. a. As per the above requirement, the member shall be required to report the kind of matters stated in the circular to the regulator, i.e., RBI. In this regard, attention of the members is also invited to Clause 1 of Part I of the Second Schedule to the Chartered Accountants Act, 1949, which states that “A chartered accountant in practice shall be deemed guilty of professional misconduct, if he discloses information acquired in the course of his professional engagement to any person other than his client, without the consent of his client or otherwise than as required by any law for the time being in force.” b. Under the said provision, if a member of the Institute suo moto discloses any information regarding any actual or possible fraud or foul play to the RBI, the member would be liable for disciplinary action by the Institute. However, a member is not held guilty under the said clause if the client explicitly permits the auditor to disclose the information to a third party. If the above-mentioned requirement of the Circular is included in the letter of appointment (which constitutes the terms of audit engagement) then it would amount to the explicit permission by the concerned bank (client) to disclose information to the third party, i.e., the RBI. c. Thus, auditors while reporting such a matter to CMD of the Bank should also report the matter simultaneously to the Department of Banking 670 Reporting on Fraud under Section 143(12) Supervision, RBI, provided the terms of the audit engagement require him to do so. d. Auditor should also consider the provisions of SA 250, “Consideration of Laws and Regulations in an Audit of Financial Statements”. Para A19 of the said Standard explains that the duty of confidentiality is over-ridden by statute, law or by courts (for example, the auditor is required to report certain matters of non-compliance to RBI as per the requirements of the Non-Banking Financial Companies Auditor’s Report (Reserve Bank) Directions, 1988, issued by the RBI). e. RBI has issued a Master Circular no. DBS.CO.CFMC.BC.No. 1/23.04.001/2014-15 dated July 1, 2014 on “Frauds–Classification and Reporting” on the matters relating to classification and reporting of frauds and laying down a suitable reporting system. As per the said circular, the primary responsibility for preventing frauds is that of the Bank management. Banks are required to report frauds to the Board of Directors and also to the RBI. f. In the aforesaid context, it may be emphasised that such a requirement does not extend the responsibilities of an auditor in any manner whatsoever as far as conducting the audit is concerned. The requirement has only extended the reporting responsibilities of the auditor. As far as conduct of audit is concerned, the auditor is expected to follow the SAs issued by the ICAI and perform his functions within that framework. SA 240 (Revised), "The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements" states that an auditor conducting an audit in accordance with SAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. g. The auditor should also refer to reports of internal auditors, concurrent auditors, inspectors, etc., which may point out significant weaknesses in the internal control system. Such an evaluation would also provide the auditor about the likelihood of occurrence of transactions involving exercise of powers much beyond those entrusted to an official. It must be noted that the auditor is not expected to look into each and every transaction but to evaluate the system as a whole. Therefore, if the auditor while performing his normal duties comes across any instance, he should report the matter to the RBI in addition to the Chairman/Managing Director/Chief Executive of the concerned Bank. 671 Handbook of Auditing Pronouncements-II Responsibility of Management 12. It may be noted that the primary responsibility to establish adequate internal control systems to prevent and detect frauds and errors is that of the management of the entity. In the case of a company, the Board of Directors, in terms of the provisions of Section 134(5) of the 2013 Act, are required to, inter alia, state as a part of the directors’ responsibility statement in the Board report to the shareholders, that they had taken proper and sufficient care for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. In the case of a listed company, clause (e) of Sub-section 5 of Section 134 to the Act requires the directors’ responsibility statement to also state that the directors, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively. This clause explains the meaning of internal financial controls as “the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.” 13. Audit Committee’s Responsibility on Vigil Mechanism Sections 177(9) and (10) of the 2013 Act requires every listed company and the specified class or classes of companies3, to establish a vigil mechanism for directors and employees to report genuine concerns in the manner as prescribed under the Companies (Meetings of Board and its Powers) Rules, 2014. The vigil mechanism needs to provide for adequate safeguards against victimisation of persons who use such mechanism and make provision for direct access to the chairperson of the Audit Committee in appropriate or exceptional cases. The details of establishment of such mechanism are required to be disclosed by the company on its website, if any, and in the Board’s report. 3 As per Rule 7(1) of the Companies (Meetings of Board and Its Powers) Rules, 2014, the following classes of companies are also required to establish a vigil mechanism: (i) companies which accept deposits from the public. (ii) companies which have borrowed money from banks and public financial institutions in excess of Rs. 50 crores. 672 Reporting on Fraud under Section 143(12) 14. Code of Conduct for Independent Directors Section 149(8) of the 2013 Act deals with appointment and qualification of directors and prescribes the code of conduct for independent directors (Schedule IV to the Act). The Code provides a broad framework for, among other things, role and responsibilities of the independent directors, including: a. paying sufficient attention and ensuring that adequate deliberations are held before approving related party transactions and assure themselves that the same are in the interest of the company; b. ascertaining and ensuring that the company has an adequate and functional vigil mechanism and to ensure that the interests of a person who uses such mechanism are not prejudicially affected on account of such use; c. reporting concerns about unethical behaviour, actual or suspected fraud or violation of the company’s code of conduct or ethics policy; d. satisfying themselves on the integrity of the financial information and that the financial controls and the systems of risk management are robust and defensible; e. safeguarding the interests of all the stakeholders, particularly, the minority shareholders; f. ensuring that their concern about the running of the company or a proposed action are addressed by the Board and to the extent they are not resolved, insist that their concerns are recorded in the minutes of the meeting of the Board Various Definitions of Fraud 15. In the 2013 Act, the meaning of fraud has been considered in two specific sections viz. Section 143(10), where the SAs specified by the ICAI are deemed to be the auditing standards for purposes of the Act, which, inter alia, define fraud, and in Section 447, where punishment for fraud has been prescribed. a. Fraud has been defined in paragraph 11(a) of SA 240 as ‘an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.’ b. In the context of stating the provisions for punishment for fraud, Section 447 of the Act has explained the term ‘fraud’ as “fraud in relation to affairs of a company or any body corporate, includes any act, 673 Handbook of Auditing Pronouncements-II omission, concealment of fact or abuse of position committed by any person or any other person with the connivance in any manner, with intent to deceive, to gain undue advantage from, or to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss.” This Section further explains the terms ‘wrongful gain’ and ‘wrongful loss’ to mean the gain by unlawful means of property to which the person gaining is not legally entitled; and the loss by unlawful means of property to which the person losing is legally entitled, respectively. 16. Fraud has also been defined by various other regulators/statutes. a. The Insurance Fraud Monitoring Framework of the IRDA defines fraud in insurance as ‘an act or omission intended to gain dishonest or unlawful advantage for a party committing the fraud or for other related parties.’ b. Reserve Bank of India, per se, has not defined the term ‘fraud’ in its guidelines on Frauds. A definition of fraud was, however, suggested in the context of electronic banking in the Report of RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which reads as, ‘a deliberate act of omission or commission by any person, carried out in the course of a banking transaction or in the books of accounts maintained manually or under computer system in banks, resulting into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank’. c. Fraud, under Section 17 of the Indian Contract Act, 1872, includes any of the following acts committed by a party to a contract, or with his connivance, or by his agents, with intent to deceive another party thereto or his agent, or to induce him to enter into the contract: • the suggestion as a fact, of that which is not true, by one who does not believe it to be true; • the active concealment of a fact by one having knowledge or belief of the fact; • a promise made without any intention of performing it; • any other act fitted to deceive; • any such act or omission as the law specially declares to be fraudulent. 674 SECTION II AUDITORS’ REPORTING ON FRAUD UNDER SECTION 143(12) Auditors’ Reporting on Fraud under Section 143(12) 17. Sections 143(12) to 143(15) of the 2013 Act states the provisions of the 2013 Act with regard to auditor’s reporting on fraud. Rule 13 of the Companies (Audit and Auditors) Rules, 2014 provides the timeline and manner in which the auditor should report on fraud. 18. As per Section 143(12), ‘Notwithstanding anything contained in this section, if an auditor of a company, in the course of the performance of his duties as auditor, has reason to believe that an offence involving fraud is being or has been committed against the company by officers or employees of the company, he shall immediately report the matter to the Central Government within such time and in such manner as may be prescribed.’ (Emphasis added) 19. As per Rule 134 of the Companies (Audit and Auditors) Rules, 2014, (1) For the purpose of Sub-section (12) of Section 143, in case the auditor has sufficient reason to believe that an offence involving fraud, is being or has been committed against the company by officers or employees of the company, he shall report the matter to the Central Government immediately but not later than sixty days of his knowledge and after following the procedure indicated herein below: (Emphasis added) (i) auditor shall forward his report to the Board or the Audit Committee, as the case may be, immediately after he comes to knowledge of the fraud, seeking their reply or observations within forty-five days; (ii) on receipt of such reply or observations the auditor shall forward his report and the reply or observations of the Board or 4 The draft Rules pursuant to the proposed amendment to Section 143(12) have not been issued as on date of issuance of this Guidance Note. Such Rules, when issued, should be considered by the auditors when reporting on frauds to the Audit Committee / Board of Directors or to the Central Government. Handbook of Auditing Pronouncements-II the Audit Committee along with his comments (on such reply or observations of the Board or the Audit Committee) to the Central Government within fifteen days of receipt of such reply or observations; (iii) in case the auditor fails to get any reply or observations from the Board or the Audit Committee within the stipulated period of forty-five days, he shall forward his report to the Central Government along with a note containing the details of his report that was earlier forwarded to the Board or the Audit Committee for which he failed to receive any reply or observations within the stipulated time. (2) The report shall be sent to the Secretary, Ministry of Corporate Affairs in a sealed cover by Registered Post with Acknowledgement Due or by Speed Post followed by an e-mail in confirmation of the same. (3) The report shall be on the letter-head of the auditor containing postal address, e-mail address and contact number and be signed by the auditor with his seal and shall indicate his Membership Number. (4) The report shall be in the form of a statement as specified in Form ADT- 4. 20. Section 143(13) states that ‘No duty to which an auditor of a company may be subject to shall be regarded as having been contravened by reason of his reporting the matter referred to in Sub-section (12) if it is done in good faith’. Accordingly, the auditor will not be subject to professional misconduct if he discloses information acquired in the course of his professional engagement with respect to compliance with Section 143(12), since it is as required by law. 21. Further, Section 456 of the Act also, inter alia, provides that no suit, prosecution or other legal proceeding shall lie against any person in respect of anything which is in good faith done or intended to be done in pursuance of this Act or of any rules or orders made thereunder. 22. As per Section 143(15), if any auditor does not comply with the provisions of Sub-section 143(12), he shall be punishable with fine of at least one lakh rupees, which may extend to twenty-five lakh rupees. 23. As per Sub-rule (3) of Rule 12 of the Companies (Audit and Auditors) Rules, 2014, the provisions of Sub-section (12) of Section 143 read with 676 Reporting on Fraud under Section 143(12) Rule 13 of the Companies (Audit and Auditors) Rules, 2014 regarding reporting of fraud by the auditor also extend to a branch auditor appointed under Section 139 to the extent it relates to the concerned branch. 24. While the reporting responsibility under Section 143(12) is to the Audit Committee or the Board of Directors of the Company and / or to the Central Government, the auditor would also need to consider whether such matter also needs to be disclosed in the auditor’s report under Section 143(3)(f) which requires the auditor to state his/her observations on financial transactions/matters, which have any adverse effect on the functioning of the company. 25. It is pertinent to note that an Order similar to CARO has not been issued under the 2013 Act and hence reporting by the auditor on fraud is covered only under Section 143(12) and under Section 143(3)(f) of the Act, where applicable. Issues for Consideration by Auditors for Reporting under Section 143(12) Auditors’ Responsibility for Consideration of Fraud in an Audit of Financial Statements 26. Paragraph 10 of SA 240 states that the objectives of the auditor are: (a) To identify and assess the risks of material misstatement in the financial statements due to fraud; (b) To obtain sufficient appropriate audit evidence about the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and (c) To respond appropriately to identified or suspected fraud. 27. Paragraph 4 of SA 240 also states and clarifies that the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. 28. In the context of the 2013 Act, this position is reiterated in Section 134(5) which states that the Board report shall include a responsibility statement, inter alia, that the directors had taken proper and sufficient care for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. 29. Section 143(9) read with Section 143(10), requires the auditor to comply with the SAs issued by ICAI. Further, Section 143(2) requires the auditor to make 677 Handbook of Auditing Pronouncements-II out his report after taking into account, inter alia, the auditing standards. Accordingly, the term “in the course of performance of his duties as an auditor” may be understood to mean in the course of performing an audit in accordance with the SAs. 30. Based on the above, it is reasonable to conclude that the objective of an auditor in the course of performance of duties as an auditor in accordance with the SAs, is to perform such procedures that provide sufficient appropriate audit evidence about the risks of material misstatement in the financial statements due to fraud that have been assessed by him through designing and implementing appropriate responses, and to respond appropriately to identified or suspected fraud. 31. The definition of fraud as per SA 240 and the explanation of fraud as per Section 447 of the 2013 Act are similar, except that under Section 447, fraud includes ‘acts with an intent to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss.’ However, an auditor may not be able to detect acts that have intent to injure the interests of the company or cause wrongful gain or wrongful loss, unless the financial effects of such acts are reflected in the books of account/financial statements of the company. For example, • an auditor may not be able to detect if an employee is receiving pay-offs for favoring a specific vendor, which is a fraudulent act, since such pay- offs would not be recorded in the books of account of the company; • if the password of a key managerial personnel is stolen and misused to access confidential/restricted information, the effect of the same may not be determinable by the management or by the auditor; • if an employee is alleged to be carrying on business parallel to the company’s business and has been diverting customer orders to his company, the auditor may not be able to detect the same since such sales transactions would not be recorded in the books of the company. 32. Therefore, for the purpose of Section 143(12) the auditor would need to consider the requirements of the SAs, insofar as they relate to the risk of fraud, including the definition of fraud as stated in SA 240, in planning and performing his audit procedures in an audit of financial statements to address the risk of material misstatement due to fraud. 678 Reporting on Fraud under Section 143(12) Reporting on Suspected Offence involving Frauds noted during Audit/Limited Review of Interim period Financial Statements/Results and Other Attest Services 33. Section 143 of the 2013 Act was notified and is effective from April 1, 2014. Whilst Section 143 deals with auditor’s duties and responsibilities under the Act with respect to financial statements prepared under the Act, the auditors, normally, also perform other attest services in their capacity as auditors of the company. For example, clause 41 of the Listing Agreement with Stock Exchanges requires the statutory auditor to perform limited review/audit of the quarterly financial results published by the listed companies. The auditor may also be engaged by the Board of Directors of the company to carry out the audit of interim financial statements prepared by the management and report on such interim financial statements to the Board of Directors. The auditor may also have been engaged to perform tax audit under the Income-tax Act, 1961. 34. In the case of the aforesaid attest services for financial years beginning on or after 1st April, 2014, the following needs to be considered: a. Such attest services may not be pursuant to any requirement of the 2013 Act. They may rather be prepared to meet the specific requirements of the company (such as complying with the equity listing agreement, to meet the requirements of the Board of Directors of the company, etc.). b. Wherever a statute or regulation requires such attest services to be performed by the auditor of the company, the auditor should consider the requirements and provisions of Section 143(12) since any such work carried out by the auditor during such attest services could be construed as being in the course of performing his duties as an auditor, albeit not under the Companies Act, 2013. c. The objective and scope of such attest services and the procedures performed by the auditor may not be of the same extent and level as in the case of the audit of the financial statements prepared under the 2013 Act. For example, the quarterly results under clause 41 of the equity listing agreement may be subject to a limited review performed in accordance with the Standards on Review Engagements and hence would not have been performed in accordance with the SAs. 35. If an offence involving fraud against the company by its officers or employees that is identified/noted by the auditor in the course of providing such attest services as referred above, is of such amount that may be considered to be material to the financial statements of the company 679 Handbook of Auditing Pronouncements-II 681prepared under the 2013 Act or if the auditor uses or intends to use the information that is obtained in the course of performing such attest services when performing the audit under the 2013 Act, then in such cases, the matter may become reportable under Section 143(12), read with the Rules thereunder, as specified in this Guidance Note. This would require exercise of professional judgement for the purpose of evaluating if the amount involved will be material to the financial statements to be prepared under the 2013 Act. (Refer paragraphs 49 to 55 below). If the auditor considers that the amount involved will be material to the financial statements to be prepared under the 2013 Act, the auditor should report the offence involving such fraud to the Central Government as per the requirements of Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014, and as per the provisions of this Guidance Note. Reporting Responsibility in case of Suspected Offence involving Fraud noted during Performance of Permitted Non-attest Services 36. Auditors could be engaged to provide non-attest services that are not prohibited under Section 144 of the Act. It is possible that the auditor, when providing such non-attest services may become aware of a fraud that is being or has been committed against the company by its officers or employees. A question that arises is – should the auditor report under Section 143(12) on frauds noted in the course of providing non-attest services? 37. It may be noted that reporting under Section 143(12) arises only if an auditor of a company, in the course of the performance of his duties as auditor, has reason to believe that an offence involving fraud is being or has been committed against the company by officers or employees of the company. 38. If an offence involving fraud against the company by its officers or employees that is identified/noted by the auditor in the course of providing such non-attest services as referred above, is of such amount that may be considered to be material to the financial statements of the company prepared under the 2013 Act or if the auditor uses or intends to use the information that is obtained in the course of performing such non-attest services when performing the audit under the 2013 Act, then in such cases, the matter may become reportable under Section 143(12), read with the Rules thereunder, as specified in this Guidance Note. This would require exercise of professional judgement for the purpose of evaluating if the amount involved will be material to the financial statements to be prepared under the 2013 Act. (Refer paragraphs 49 to 55 below). If the auditor considers that the amount involved will be material to the financial statements to be prepared under the 2013 Act, the auditor should report 680 Reporting on Fraud under Section 143(12) the offence involving such fraud to the Central Government as per the requirements of Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014, and as per the provisions of this Guidance Note. Reporting on Frauds detected by the Management or Other Persons and already Reported under Section 143(12) by Such Other Person 39. Paragraph 4 of SA 240 states and clarifies that the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. In the context of the 2013 Act, this position is reiterated in Section 134(5) which states that the Board report shall include a responsibility statement, inter alia, that the directors had taken proper and sufficient care for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. Based on the above, it may be considered that Section 143(12) envisages the auditor to report to the management and thereafter the Central Government an offence involving fraud/suspected fraud against the company by its officers or employees only if he is the first person to identify/note such instance in the course of performance of his duties as an auditor. The auditor, in the course of the performance of his duties as an auditor, is required to make inquiries with the management and the Board or Audit Committee about reported or identified/detected instances of fraud through any other internal or external sources and, consequently, the auditor may become aware of those frauds which have been/are being remediated/dealt with by them. Though the auditor becomes aware of such frauds when he/she is informed of the same by the management, he/she, per se, has not identified them on his/her own and is, therefore, not the first person to identify the fraud in those cases. For example, in the case of Banks and NBFCs there is a requirement of reporting frauds to the Audit Committee/Board and to the Reserve Bank of India and, hence, to the extent such cases have already been identified and reported by the management, the auditor cannot be considered as the person who first identified them. Further, many companies have or are required to have a vigil/whistle blower mechanism through which instances of fraud may have already been reported. Accordingly, in case a fraud has already been reported or has been identified/detected by the management or through the company’s vigil/whistle blower mechanism and has been/is being remediated/dealt with by them and such case is informed to the auditor, the latter will not be required to report the same under Section 143(12) since he has not per se identified the fraud. 681 Handbook of Auditing Pronouncements-II The auditor should apply professional skepticism to evaluate/verify that the fraud was indeed identified/detected in all aspects by the management or through the company’s vigil/whistle blower mechanism so that distinction can be clearly made with respect to frauds identified/detected due to matters raised by the auditor vis-à-vis those identified/detected by the company through its internal control mechanisms. For example, in a fraud involving vendor payments, if the company identified the fraud and its nature and cause through its internal control mechanism but did not identify all the vendor accounts involved in the fraud that were identified by the auditor, it may need to be considered that the fraud was not identified in all aspects by the management and the auditor may need to report the same under Section 143(12) of the 2013 Act. This would require the auditor to exercise professional judgement in evaluating if the amount involved will be material to the financial statements to be prepared under the 2013 Act (Refer paragraphs 49 to 55 below). If the auditor considers that the amount involved will be material to the financial statements to be prepared under the 2013 Act, the auditor should report the offence involving such fraud to the Central Government as per the requirements of Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014, and as per the provisions of this Guidance Note. 40. Since reporting on fraud under Section 143(12) is required even by the cost auditor and the secretarial auditor of the company, it is possible that a suspected offence involving fraud may have been reported by them even before the auditor became aware of the fraud. Here too, if a suspected offence involving fraud has already been reported under Section 143(12) by such other person, and the auditor becomes aware of such suspected offence involving fraud, he need not report the same to the Central Government under the section since he has not per se identified the suspected offence involving fraud. 41. However, the auditor should review the steps taken by the management/those charged with governance with respect to the reported instance of suspected offence involving fraud stated above, and if he is not satisfied with such steps, he should state the reasons for his dissatisfaction in writing and request the management/those charged with governance to perform additional procedures to enable the auditor to satisfy himself that the matter has been appropriately addressed (Refer paragraphs 96 to 100). If the management/those charged with governance fail to undertake appropriate additional procedures within 45 days of his request, the auditor would need to evaluate if he should report the matter to the Central Government in accordance with Rule 13 of the Companies (Audit and Auditors) Rules, 2014. 682 Reporting on Fraud under Section 143(12) Reporting on Suspected Offence Involving Fraud in case of Consolidated Financial Statements 42. As per Section 129(4) of the 2013 Act, the provisions relating to audit of the standalone financial statements of the holding company shall also apply to the audit of the consolidated financial statements. Since the audit of the consolidated financial statements has also been made one of the duties of the auditor, a question that arises is – should the auditor report on suspected offence involving frauds that may have taken place in any of the subsidiaries, joint ventures, associates of the company? 43. In the case of an audit of consolidated financial statements, as per paragraph 1 of SA 600 “Using the Work of Another Auditor” read with paragraph 9 of SA 200, when the principal auditor has to base his opinion on the financial information of the entity as a whole relying upon the statements and reports of the other auditors, his report should state clearly the division of responsibility for the financial information of the entity by indicating the extent to which the financial information of components audited by the other auditors have been included in the financial information of the entity, e.g., the number of divisions/branches/subsidiaries or other components audited by other auditors. It may be noted that the auditors of foreign components and those components that are not companies as defined under the 2013 Act are not covered under the requirements of Section 143(12), since it applies only to the auditor of the company under the Companies Act 2013. Accordingly, the auditor of the parent company is not required to report on frauds under Section 143(12) which are not being or have not been committed against the parent company by the officers or employees of the parent company and relate only to: a) A component that is an Indian company, since the auditor of that Indian company is required to report on suspected offence involving frauds under Section 143(12) in respect of such company; or b) A foreign corporate component since they are not covered by the Companies Act, 2013; or c) A component that is not a company since the component auditors’ of such components are not covered under Section 143(12). However, the auditor of the parent company in India will be required to report on suspected offence involving frauds in the components of the parent company, if (a) such fraud is being or 683 Handbook of Auditing Pronouncements-II has been committed by employees or officers of the parent company; (b) if such suspected offence involving fraud in the component is against the parent company; and (since the requirement for reporting under Section 143(12) arises only if the suspected offence involving fraud is being or has been committed against the company by officers or employees of the company), if: (i) the principal auditor identifies/detects such suspected offence involving fraud in the component “in the course of the performance of his duties as an auditor” of the consolidated financial statements; or (ii) the principal auditor is directly informed of such a suspected offence involving fraud in the component by the component auditor and the management had not identified/is not aware of such suspected offence involving fraud in the component. (Also refer paragraphs 36 to 38 above.) Reporting under Section 143(12) When the Suspected Offence Involving Fraud Relates to Periods prior to Coming into Effect of the 2013 Act 44. An auditor, in the current year, may identify a possible or committed fraud that relates to an earlier year covered under the 1956 Act. The question that arises is - whether such frauds should also be reported under Section 143(12). 45. Requirements similar to Section 143(12) of the 2013 Act were not prescribed in the 1956 Act. Even the reporting under CARO only required the auditors to report to the members on any fraud on or by the company that had been noticed or reported during the year. As such, auditors would not have reported on frauds as envisaged under Section 143(12) in those years. Accordingly, in case of fraud relating to earlier years to which the Companies Act, 1956 was applicable, reporting under Section 143(12) will arise only if the suspected offence involving fraud is identified by the auditor in the course of performance of his duties as an auditor during the financial years beginning on or after April 1, 2014 and to the extent that the same was not dealt with in the prior financial years either in the financial statements or in the audit report or in the Board’s report under the Companies Act, 1956. 684 Reporting on Fraud under Section 143(12) When does an Auditor Commence Reporting under Section 143(12) – Based on Suspicion - Reason to Believe – Knowledge – or on Determination of Offence? 46. Section 143(12) states that an auditor should report under the Section if he has “reasons to believe” that an offence involving fraud has or is being committed against the company by its officers or employees. Rule 13 of the Companies (Audit and Auditors) Rules, 2014 specifies the threshold for reporting as “sufficient reason to believe” and “knowledge”. The Form ADT – 4 in which the auditor is required to report to the Central Government uses the term “suspected offence involving fraud”. 47. It is important to understand the terms “reason to believe”, “sufficient reason to believe”, “knowledge” and “suspected offence involving fraud” to determine the point of time when the reporting requirement is triggered for an auditor under Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014. • ‘Suspicion’ is a state of mind more definite than speculation, but falls short of knowledge based on evidence. It must be based on some evidence, even if that evidence is tentative – simple speculation that a person may be engaged in fraud is not sufficient grounds to form a suspicion. Suspicion is a slight opinion but without sufficient evidence. • For 'reason to believe' to come into existence, it cannot be based on suspicion. There needs to be sufficient information or convincing evidence to advance beyond suspicion that it is possible someone is committing or has committed a fraud. For example, identification of fraud risk factors in itself cannot cause ‘reason to believe’ that a fraud exists. • The term 'reason to believe' creates an objective test. SA 240 specifies the requirements to be complied by the auditors in assessing and responding to the risk of fraud in an audit of financial statements. For example, when complying with the requirements of SA 240, an auditor might be considered to have reasons to believe that a fraud has been or is being committed if he had actual knowledge of, or possessed information which would indicate to a reasonable person, that another person was committing or had committed a fraud. • The term ‘reason to believe’ which has been used in the SAs indicate that it arises when − Evaluating audit evidence and information provided; or 685 Handbook of Auditing Pronouncements-II − Evaluating misstatements, including deviations noted on audit sampling and further audit procedures carried out; or − Exercising professional skepticism. • Rule 13 of the Companies (Audit and Auditors) Rules, 2014 has used the terms ‘sufficient reason to believe’ and ‘knowledge’ (of fraud). The condition of ‘sufficient reason to believe’ would be met if on evaluation of all the available information with the auditor and applying appropriate level of professional skepticism the auditor concludes that a fraud is being or has been committed on the company. • Having ‘knowledge’ means knowing ‘that’ something. In the case of reporting on fraud under Section 143(12), it occurs when the auditor has sufficient reason to believe that a fraud has been or is being committed on the company by its officers or employees. This implies that there exists a fraud. • Whilst Section 143(12) uses the term ‘offence involving fraud’ and the Form ADT–4 uses the term “suspected offence involving fraud”. As per paragraph 3 of SA 240, although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred. Determination of “offence” is legal determination and accordingly, the auditor will not be able to determine whether under legal parlance an “offence or suspected offence involving fraud” has been or is being committed against the company by its officers or employees, 48. Accordingly, based on a harmonious reading of Section 143(12), Rule 13 of the Companies (Audit and Auditors) Rules, 2014 and Form ADT - 4, reporting on fraud in the course of performance of duties as auditor, would be applicable only when the auditor has sufficient reason to believe and has knowledge that a fraud has occurred or is occurring i.e., when the auditor has evidence that a fraud exists. Can the Auditor apply the Concept of Materiality for Reporting on Fraud? 49. The Companies (Amendments) Bill, 2014 that has been introduced and approved by the Lok Sabha to amend certain provisions of the Companies Act, 2013 includes an amendment to the provisions relating to auditor reporting on frauds. As per this amendment, in case of a fraud involving lesser than a specified amount, the auditor shall report the matter to the Audit Committee constituted under Section 177 or to the Board in other cases within such time 686 Reporting on Fraud under Section 143(12) and in such manner as may be prescribed. Accordingly, only those frauds, where the amount exceeds the specified amount, shall be reported to the Central Government. However, frauds that are reported by the auditors only to the Audit Committee or the Board of Directors where the amounts involved are less than the threshold that may be specified by the Ministry of Corporate Affairs, the details of such fraud will need to be disclosed in the Board's report in such manner as may be prescribed. It may be noted that as on date of issuance of this Guidance Note, the above amendment is pending approval of the Rajya Sabha and Presidential assent. 50. The concept of materiality is fundamental for setting up an appropriate system of internal control, preparation of financial statements and its audit. Due to its inherent limitations, internal control systems cannot provide absolute assurance that no fraud or error has taken place. Since the auditor is required to comply with the SAs in performance of duties as an auditor, the audit will be performed applying the concept of materiality provided in the SAs. 51. It may be noted that even when reporting on fraud under CARO, the Statement on CARO issued by the ICAI referred to procedures that were required to be performed by the auditor, taking into account the concept of materiality, with respect to misstatements in the financial statements resulting from fraud. This concept of materiality is fundamental to the entire auditing process and was applied even when reporting under CARO. For example, paragraph 36 of the Statement on CARO stated, ‘Where a requirement of the Order is not complied with but the auditor decides not to make an adverse comment, he should record in his working papers the reasons for not doing so, for example, the immateriality of the item.’ 52. Section 143(9) requires the auditor to comply with the SAs, which, inter alia, includes consideration of materiality, applying materiality in evaluating misstatements and disposition of the same. 53. The auditor should continue to apply the concept of materiality in performing the audit in accordance with SA 320 “Materiality in Planning and Performing an Audit”. 54. Fraud results in misstatement of financial statements. The SAs outline the procedures to be performed by an auditor in case a misstatement due to fraud is identified by the auditor. For example, paragraph A52 of SA 240 states that in evaluating and disposing the misstatements identified, the auditor should consider the requirements of SA 450 “Evaluation of Misstatements Identified during the Audit”. 687 Handbook of Auditing Pronouncements-II SA 450 considers the concept of materiality in classifying the manner of disposition of misstatements, including those arising from fraud. Misstatements, including those arising from fraud, that are less than the threshold, as may be specified by the Ministry of Corporate Affairs, will need to be communicated to the management and/or those charged with governance as required under paragraphs A21 to A23 of SA 450 and the Rules specified under Section 143(12) in this regard.5 55. Materiality is applicable wherever the amount is quantifiable. Also aggregation is required for each fraud separately to compare with the threshold to be specified by the Ministry of Corporate Affairs6.Where the amount is not quantifiable, the auditor should apply professional judgement to estimate the likelihood of the amount exceeding the aforesaid threshold. For this purpose it can be based on management estimate or reasonable range of estimate made by the auditor. Subsequent reporting may be required if the amount initially estimated was lower than the aforesaid threshold but was eventually determined to be higher than such threshold. Under these circumstances, the timeline for reporting under Rule 13 of the Companies (Audit and Auditors) Rules, 2014 will commence when the amount involved is determined to be in excess of such threshold. Should the Auditor Report under Section 143(12) in case of Corruption, Bribery, Money Laundering and Non-compliance with Other Laws and Regulations 56. In case of corruption, bribery and money laundering, the direct effect of such act (benefit or penal consequence) is on the company. 57. The auditor should comply with the relevant SAs with regard to illegal acts (e.g. SA 240 and SA 250) when performing the audit. If the auditor, in the course of performance of his/her duties as the auditor, comes across instances of corruption, bribery and money laundering and other intentional non- compliances with laws and regulations, the auditor would need to evaluate the impact of the same in accordance with SA 250 to determine whether the same would have a material effect on the financial statements. 5 The draft Rules pursuant to the proposed amendment to Section 143(12) have not been issued as on date of issuance of this Guidance Note. Such Rules, when issued, should be considered by the auditors when reporting on frauds to the Audit Committee / Board of Directors or to the Central Government. 6 The threshold in respect of reporting under Section 143(12) that may be prescribed by the Ministry of Corporate Affairs would have to be considered by the auditors. Also refer to footnote 1 to paragraph 3 and footnote 2 to paragraph 6 of Section I of this Guidance Note. 688 Reporting on Fraud under Section 143(12) 58. With respect to reporting under Section 143(12), consequent to corruption, bribery, money laundering and other intentional non- compliance with other laws and regulations, the auditor should consider, for the purpose of reporting, whether such acts have been carried out by officers or employees of the company for the purpose of reporting and also take into account the requirements of SA 250, particularly paragraph 28 of SA 250 read with paragraphs A19 and A20 thereof. For example, if the auditor comes to know that the company has filed a fraudulent return of income to evade income tax, he may have to report this fraud under Section 143(12) irrespective of whether adequate provision has been made in the books of accounts or not. It may be noted that the proviso to Section 147(2) in the context of punishment to auditors for contravention with the provisions, inter alia, of Section 143 of the 2013 Act, states “if an auditor has contravened such provisions knowingly or wilfully with the intention to deceive the company or its shareholders or creditors or tax authorities, he shall be punishable with imprisonment for a term which may extend to one year and with fine which shall not be less than one lakh rupees but which may extend to twenty-five lakh rupees.” 689 SECTION III APPLICABILITY OF STANDARDS ON AUDITING 59. Since reporting on fraud arises only in the course of performing duties as an auditor, the auditor should, inter alia, take into consideration the requirements of the following provisions of the SAs (Refer paragraphs 60 to 73 below) for purposes of designing audit procedures which are effective in identifying and assessing the risks of material misstatement due to fraud. These are in addition to SA 240 and SA 250 which Standards are required to be mandatorily complied in entirety insofar as they relate to audit of the financial statements and also for reporting on fraud under Section 143(12) and Rule 13 of the Companies (Audit and Auditors) Rules, 2014. 60. Professional Skepticism (SA 200) Paragraph 13(l) – An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. Paragraph A18 - Professional skepticism includes being alert to, for example: − Audit evidence that contradicts other audit evidence obtained. − Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence. − Conditions that may indicate possible fraud. − Circumstances that suggest the need for audit procedures in addition to those required by the SAs. Paragraph A19 - Maintaining professional skepticism throughout the audit is necessary if the auditor is, for example, to reduce the risks of: − Overlooking unusual circumstances. − Over generalising when drawing conclusions from audit observations. − Using inappropriate assumptions in determining the nature, timing, and extent of the audit procedures and evaluating the results thereof. Reporting on Fraud under Section 143(12) Paragraph A20 - Professional skepticism is necessary to the critical assessment of audit evidence. This includes questioning contradictory audit evidence and the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance. It also includes consideration of the sufficiency and appropriateness of audit evidence obtained in the light of the circumstances, for example, in the case where fraud risk factors exist and a single document, of a nature that is susceptible to fraud, is the sole supporting evidence for a material financial statement amount. Paragraph A21 - The auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary. Nevertheless, the auditor is required to consider the reliability of information to be used as audit evidence. In cases of doubt about the reliability of information or indications of possible fraud (for example, if conditions identified during the audit cause the auditor to believe that a document may not be authentic or that terms in a document may have been falsified), the SAs require that the auditor investigate further and determine what modifications or additions to audit procedures are necessary to resolve the matter. Paragraph A22 - The auditor cannot be expected to disregard past experience of the honesty and integrity of the entity’s management and those charged with governance. Nevertheless, a belief that management and those charged with governance are honest and have integrity does not relieve the auditor of the need to maintain professional skepticism or allow the auditor to be satisfied with less-than persuasive audit evidence when obtaining reasonable assurance. 61. Audit Documentation As per paragraph 44 of SA 240 and paragraph 32 of SA 315, the auditor’s documentation of the understanding of the entity and its environment and the assessment of the risks of material misstatement required by SA 315 would include: a) The significant decisions reached during the discussion among the engagement team regarding the susceptibility of the entity’s financial statements to material misstatement due to fraud; (Refer Appendix 1) and b) The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level. As per paragraph 45 of SA 240 and paragraph 28 of SA 330, the auditor’s documentation of the responses to the assessed risks of material misstatement required by SA 330 shall include: 691 Handbook of Auditing Pronouncements-II a) The overall responses to the assessed risks of material misstatement due to fraud at the financial statement level and the nature, timing and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level; and b) The results of the audit procedures, including those designed to address the risk of management override of controls. The auditor should document communications about fraud made to management, those charged with governance, regulators and others. When the auditor has concluded that the presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor shall document the reasons for that conclusion. 62. Inquiries with those Charged with Governance Paragraph 20 of SA 240 states that unless all of those charged with governance are involved in managing the entity, the auditor shall obtain an understanding of how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks. Paragraph 21 of SA 240 requires that the auditor makes inquiries of those charged with governance to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. These inquiries are made in part to corroborate the responses to the inquiries of management. (Refer Appendix 2) Paragraph A20 of SA 240 states that an understanding of the oversight exercised by those charged with governance may provide insights regarding the susceptibility of the entity to management fraud, the adequacy of internal control over risks of fraud, and the competency and integrity of the management. 63. Communications with those Charged with Governance Paragraph 40 of SA 240 states that if the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. 692 Reporting on Fraud under Section 143(12) Paragraph 41 of SA 240 requires that unless all of those charged with governance are involved in managing the entity, if the auditor has identified or suspect’s fraud involving: a) Management; b) Employees who have significant roles in internal control; or c) Others where the fraud results in a material misstatement in the financial statements. The auditor should communicate these matters to those charged with governance on a timely basis. If the auditor suspects fraud involving management, the auditor should communicate these suspicions to those charged with governance and discuss with them the nature, timing and extent of audit procedures necessary to complete the audit. Paragraph 42 of SA 240 requires the auditor to communicate with those charged with governance any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities. 64. Risk Assessment Procedures and Related Activities Paragraphs 5 to 24 of SA 315 require the auditor to perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, the auditor is required to perform procedures to obtain information for use in identifying the risks of material misstatement due to fraud. 65. Inquiries with Management and Others within the Entity Paragraph 17 of SA 240 requires the auditor to make enquiries of management regarding: a) Management’s assessment of the risk that the financial statements may be materially misstated due to fraud, including the nature, extent and frequency of such assessments; b) Management’s process for identifying and responding to the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist; 693 Handbook of Auditing Pronouncements-II c) Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity; and d) Management’s communication, if any, to employees regarding its views on business practices and ethical behavior. Paragraph 18 of SA 240 requires the auditor to make inquiries of management, and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. (Refer Appendix 2) 66. Identification and Assessment of the Risks of Material Misstatement Due to Fraud In accordance with paragraph 25 of SA 315, the auditor needs to identify and assess the risks of material misstatement due to fraud at the financial statement level, and at the assertion level for classes of transactions, account balances and disclosures. When identifying and assessing the risks of material misstatement due to fraud, the auditor should, based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks. Paragraph 47 of SA 240 specifies the documentation required when the auditor concludes that the presumption is not applicable in the circumstances of the engagement and, accordingly, has not identified revenue recognition as a risk of material misstatement due to fraud. As per paragraph 27 of SA 240, the auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to the extent not already done so, the auditor shall obtain an understanding of the entity’s related controls, including control activities, relevant to such risks. 67. Responses to the Assessed Risks of Material Misstatement In accordance with paragraph 5 of SA 330, “The Auditor’s Responses to Assessed Risks”, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. Paragraph 29 of SA 240 requires that in determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor should: a) Assign and supervise personnel taking account of the knowledge, skill and ability of the individuals to be given significant engagement 694 Reporting on Fraud under Section 143(12) responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement; b) Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings; and c) Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures. Further, in accordance with Paragraph 6 of SA 330, the auditor is also required to design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement due to fraud at the assertion level. 68. Evaluation of Misstatements Identified during the Audit Paragraph A52 of SA 240 states - “SA 450, “Evaluation of Misstatements Identified during the Audit”, and SA 700, “Forming an Opinion and Reporting on Financial Statements”, establish requirements and provide guidance on the evaluation and disposition of misstatements and the effect on the auditor’s opinion in the auditor’s report.” Paragraph A50 of SA 240 states - Since fraud involves incentive or pressure to commit fraud, a perceived opportunity to do so or some rationalization of the act, an instance of fraud is unlikely to be an isolated occurrence. Accordingly, misstatements, such as numerous misstatements at a specific location even though the cumulative net effect is not material, may be indicative of a risk of material misstatement due to fraud. 69. Analytical Procedures The use of analytical procedures as risk assessment procedures is dealt with in SA 315. Use of analytical procedures as substantive procedures (substantive analytical procedures) and as procedures near the end of the audit that assist the auditor when forming an overall conclusion on the financial statements is dealt with in SA 520. Analytical procedures may help identify the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have audit implications. Unusual or unexpected relationships that are identified may assist the auditor in identifying risks of material misstatement especially risks of material misstatement due to fraud. The auditor should apply analytical procedures at the planning stage to assist in understanding the business and in identifying areas of potential risk. 695 Handbook of Auditing Pronouncements-II The auditor shall design and perform analytical procedures near the end of the audit that assist the auditor when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity.(Paragraph 6 of SA 520) If analytical procedures performed in accordance with this SA identify fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount, the auditor shall investigate such differences by: (a) Inquiring of management and obtaining appropriate audit evidence relevant to management’s responses; and (b) Performing other audit procedures as necessary in the circumstances. (Paragraph 7 of SA 520) The auditor should evaluate whether unusual or unexpected relationships that have been identified in performing analytical procedures, including those related to revenue accounts, may indicate risks of material misstatement due to fraud (Paragraph 22 of SA 240). 70. Review of Accounting Estimates Paragraph 6 of SA 540, “Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures” requires the auditor to obtain sufficient appropriate audit evidence whether in the context of the applicable financial reporting framework, the accounting estimates, including fair value accounting estimates, in the financial statements, whether recognised or disclosed, are reasonable, and related disclosures in the financial statements are adequate. The auditor should review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud (Paragraph 32(b) of SA 240). 71. Related Parties Related parties, by virtue of their ability to exert control or significant influence, may be in a position to exert dominant influence over the entity or its management. Consideration of such behavior is relevant when identifying and assessing the risk of material misstatement due to fraud (Paragraph A6 of SA 550) If the auditor identifies fraud risk factors (including circumstances relating to the existence of a related party with dominant influence) when performing the risk assessment procedures and related activities in connection with related parties, 696 Reporting on Fraud under Section 143(12) the auditor shall consider such information when identifying and assessing the risk of material misstatement due to fraud in accordance with SA 240 (Paragraph 19 of SA 550) If the auditor has assessed a significant risk of material misstatement due to fraud as a result of the presence of a related party with dominant influence, the auditor may, in addition to the general requirements of SA 240, perform certain audit procedures to obtain an understanding of the business relationships that such a related party may have established directly or indirectly with the entity and to determine the need for further appropriate substantive audit procedures (Paragraph A33 of SA 550). 72. Written Representations SA 580, “Written Representations”, establishes requirements and provides guidance on obtaining appropriate representations from management and, where appropriate, those charged with governance in the audit. As per paragraph A57 of SA 240, in addition to acknowledging that they have fulfilled their responsibility for the preparation of the financial statements, it is important that, irrespective of the size of the entity, management and, where appropriate, those charged with governance acknowledge their responsibility for internal control designed, implemented and maintained to prevent and detect fraud. 73. Inquiries with Internal Auditors SA 610, “Using the Work of Internal Auditors”, establishes requirements and provides guidance in audits of those entities that have an internal audit functions. For those entities that have an internal audit function, paragraph 19 of SA 240 states that the auditor shall make inquiries of internal audit to determine whether it has knowledge of any actual, suspected or alleged fraud affecting the entity, and to obtain its views about the risks of fraud. 697 SECTION IV TECHNICAL GUIDANCE ON REPORTING ON FRAUD UNDER SECTION 143(12) 74. The duty of auditor with respect to fraud in the course of his performance of duties as an auditor is to comply with the requirements of SA 240 “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”. 75. Therefore, the auditor is required to carry out the following procedures as specified in SA 240: a) To identify and assess the risks of material misstatement in the financial statements due to fraud; b) To obtain sufficient appropriate audit evidence about the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and c) To respond appropriately to identified or suspected fraud. 76. In addition to the above procedures, the auditor is required to report on fraud in accordance with Section 143(12) of the 2013 Act. For purposes of reporting under Section 143(12) to the Audit Committee/Board and the Central Government, the auditor is required to carry out certain specific procedures with respect to the identified offence involving fraud against the company by its officers or employees. The objective of this part of the Guidance Note is to provide supplementary guidance to the SAs for consideration by auditors when complying with the requirements of Section 143(12) of the 2013 Act. 77. Modifications to terms of Engagement with regard to Reporting on Fraud under Section 143(12) Reporting by the auditor on fraud is not a separate engagement and is a part of the performance of the duties as an auditor of the financial statements of the company under the 2013 Act. The terms of engagement between the auditor and the client as required under SA 210 will require certain modifications to incorporate the management’s Reporting on Fraud under Section 143(12) responsibility with regard to fraud and the auditor’s reporting responsibility for reporting under Section 143(12). The following clauses may be added to the auditor’s engagement letter with regard to reporting on fraud under Section 143(12): As part of auditor’s reporting responsibilities: In accordance with the provisions of Section 143(12) and 143(13) of the 2013 Act, if in the course of performance of my/our duties as auditor, I/we have reason to believe that an offence involving fraud is being or has been committed against the Company by officers or employees of the Company, I/we will be required to report to the Central Government, in accordance with the rules prescribed in this regard which, inter alia, requires me/us to forward my/our report to the Board or Audit Committee, as the case may be, seeking their reply or observations, to enable me/us to forward the same to the Central Government. Such reporting will be made in good faith and, therefore, cannot be considered as breach of maintenance of client confidentiality requirements or be subject to any suit, prosecution or other legal proceeding since it is done in pursuance of the 2013 Act or of any rules or orders made thereunder. Because of the inherent limitations of an audit, including the possibility of collusion or improper management override of controls, there is an unavoidable risk that material misstatements due to fraud or error may occur and not be detected, even though the audit is properly planned and performed in accordance with the SAs. As part of management’s responsibility: Management is responsible for taking proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of the 2013 Act for safeguarding the assets of the Company and for preventing and detecting fraud and other irregularities. Management is responsible to provide me/us access to reports, if any, relating to internal reporting on frauds (e.g., vigil mechanism reports etc.), including those submitted by cost accountant or company secretary in practice to the extent it relates to their reporting on frauds in accordance with the requirements of Section 143(12) of the Act. 78. Fraud Risk Factors – Assessed Risk of Material Misstatement due to Fraud SA 240 provides examples of fraud risk factors that may be faced by auditors in a broad range of situations, specifically relating to the two types of frauds 699 Handbook of Auditing Pronouncements-II relevant to the auditor’s consideration, i.e., fraudulent financial reporting and misappropriation of assets. Examples of fraud risk factors stated in SA 240 and additional examples of fraud risk factors are given in Appendix 3 for consideration by auditors during the course of their audit. Although the fraud risk factors cover a broad range of situations, they are only examples and, accordingly, the auditor may identify additional or different fraud risk factors. Not all of these examples are relevant in all circumstances, and some may be of greater or lesser significance in entities of different size or with different ownership characteristics or circumstances. Also, the order of the examples of fraud risk factors provided is not intended to reflect their relative importance or frequency of occurrence. 79. Audit Procedures to Address Assessed Risk of Material Misstatement due to Fraud Based on the nature, size and circumstances of the fraud risk factors, the auditor will have to design appropriate audit procedures to address the assessed risk of material misstatement due to fraud. SA 240 provides examples of possible audit procedures to address the assessed risk of material misstatement due to fraud. Additional examples of possible audit procedures to address the assessed risk of material misstatement due to fraud are given in Appendix 4 for consideration by auditors during the course of their audit. Although these procedures cover a broad range of situations, they are only examples and, accordingly they may not be the most appropriate nor necessary in each circumstance. 80. Stages of Identification of Fraud The information about possible offence involving fraud, obtained by the auditor during the course of his audit, can be classified into four stages: a) Speculation. b) Suspicion. c) Reason to Believe. d) Sufficient Reason to Believe or Knowledge. a) Speculation - “Speculation” refers to information from unrelated source which is a rumour, hearsay, gossip, assumption, guess, thought or supposition. Examples of information which could be classified as speculation are provided below: 700 Reporting on Fraud under Section 143(12) − Rumours about management accepting kick-backs from suppliers/service providers for awarding contracts, but no proof. − Based on specific industry risk, there is an assumption that there will be transactions involving cash and money laundering. − Media reports indicating that the company is planning to invest in totally unrelated, high-risk business. − Board of Directors consisting of some persons exposed to illegal acts. − Gossip that certain business groups/entities are front end for an undisclosed owner. − Rumour that promoters of certain companies have accounts in tax havens and are involved in circulating monies through such tax havens. At this stage, the auditor may have to perform engagement risk assessment procedures to determine if there is any merit in the speculation and whether or not to accept or continue with the engagement and the level of staffing that will be required to address any fraud risk factors identified from the above. b) Suspicion –‘Suspicion’ is a state of mind more definite than speculation, but falls short of knowledge based on evidence. It must be based on some evidence, even if that evidence is tentative. Suspicion is a slight opinion but without sufficient evidence. In other words, a “suspicion” will lead to identification of fraud risk factors during the course of audit. Examples of information which could be classified as suspicion are provided below: − Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth. − There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals. − Accounting and information systems those are not effective, including situations involving significant deficiencies in internal control. − Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or those charged with governance alleging fraud or violations of laws and regulations. 701 Handbook of Auditing Pronouncements-II − Use of business intermediaries for which there appears to be no clear business justification. − Domination of management by a single person or small group (in a non- owner managed business) without compensating controls. − Overly complex organisational structure involving unusual legal entities or managerial lines of authority. − The practice by management in maintaining or increasing the entity’s stock price or earnings trend. − Significant, unusual, or highly complex transactions, especially those close to period end that pose difficult “substance over form” questions. − Significant related party transactions which appear to be not in the ordinary course of business or with related entities not audited or over which the auditor does not have information. At this stage, the auditor will have to identify the information leading to “suspicion” as “fraud risk factor” and design appropriate audit procedures to address this assessed risk of misstatement due to fraud. c) Reason to Believe - ‘Reason to believe’ indicates that the matter should be more than just a suspicion. ‘Suspicion’ when corroborated with supporting evidence can provide ‘reason to believe’. Examples of information which could be classified as “reason to believe” are provided below: − Material misstatement identified during the course of audit. − Identification of any material weakness in the internal controls. − Significant related party transactions not at arm’s length and not supported by a proper business rationale. − Sudden resignation of an employee belonging to the senior management and when proper reason is not assigned for his leaving. − Resistance from the management with regard to certain disclosures in the financial statement. − Material discrepancies between book stock and physical stock. − Acquisition of significant assets which are unrelated to the business. 702 Reporting on Fraud under Section 143(12) − During the course of perusal of the bank statements, when the auditor observes frequent transfer in and transfer out of funds from a particular account balance belonging to the promoter or an employee. − Matters reported through the whistle blower mechanism on an incidence of fraud. − Notices from regulators and government authorities on violations of laws and regulations. − E-mail or written communication received directly by the auditor from a whistle blower. At this stage the auditor has performed planned procedures to address the assessed risk of misstatement due to fraud. Certain evidences, which he obtained and evaluated during this process, indicate that there is a “reason to believe” that an offence involving fraud has been or is being committed. The auditor would now be required to carry out procedures as referred to in paragraphs 83 and 84 with a higher level of professional skepticism with a view to obtain more persuasive evidence to enable him to conclude whether he has “sufficient reason to believe” or has “knowledge” of fraud. d) Sufficient reason to believe or knowledge – “Sufficient reason to believe” indicates “reason to believe” with more persuasive evidence based on further procedures performed by the auditor. Examples of information which could be classified as “Sufficient reason to believe” are provided below: − Material misstatement identified during the course of audit not supported by appropriate rationale/explanation from the management, indicating that the misstatement was intentional. − Identification of any material weakness in the internal controls which has resulted in material damage/huge loss for the company. − Significant related party transactions not at arm’s length and not supported by appropriate evidence. Management is not able to provide appropriate rationale/substantiation for undertaking such transactions and such transactions may be prejudicial to the interests of the shareholders, based on the materiality determined by the auditor. − Sudden resignation of an employee belonging to the senior management. On performing further procedures, it is noted that the employee had committed an offence involving fraud. − Resistance from the management with regard to certain disclosures in the financial statements. On further inquiry, it comes to light that 703 Handbook of Auditing Pronouncements-II management had concealed certain information from the bankers/regulators and hence the resistance to disclose. − Material discrepancies between book stock and physical stock. On examination, the auditor noted that the unit of measures were misstated for several items as against a one-off instance, which indicates that the misstatement could be intentional. − Acquisition of significant assets which are unrelated to the business. On further inquiry with the project department, it appears that the acquisition was made to accommodate a related party or boost the sales of a related party. − During the course of perusal of the bank statements, when the auditor observes frequent transfer in and transfer out of funds from a particular account balance belonging to the promoter or an employee. On further inquiry and procedures, the auditor notes that the employee involved was the person who is involved in preparing bank reconciliation statements (BRS) and there is no review of the work performed by this staff. − Matters reported through the whistle blower mechanism on an incidence of fraud and the procedures performed by the management to investigate the reported matter were biased to protect the interests of the persons against whom the allegations were made. At this stage, the auditor has sufficient reason to believe or has knowledge of fraud and therefore, the auditor’s responsibility to report on the suspected offence involving fraud to the Central Government is triggered. 81. Section 143(1) of the Act requires the auditor, inter-alia, to perform the following inquiries and determine if any specific reporting to the members of the company is required under the said section: (a) Whether loans and advances made by the company on the basis of security have been properly secured and whether the terms on which they have been made are prejudicial to the interests of the company or its members; (b) Whether transactions of the company which are represented merely by book entries are prejudicial to the interests of the company; (c) Where the company not being an investment company or a banking company, whether so much of the assets of the company as consist of shares, debentures and other securities have been sold at a price less than that at which they were purchased by the company; 704 Reporting on Fraud under Section 143(12) (d) Whether loans and advances made by the company have been shown as deposits; (e) Whether personal expenses have been charged to revenue account; (f) Where it is stated in the books and documents of the company that any shares have been allotted for cash, whether cash has actually been received in respect of such allotment, and if no cash has actually been so received, whether the position as stated in the account books and the balance sheet is correct, regular and not misleading. Any adverse comment on the above may also be considered as matters where the auditor has sufficient reason to believe that a suspected offence involving fraud is being or has been committed. 82. A decision tree summarising the action required to be carried out by an auditor at different stages of information/extent of evidence obtained is provided as part of the overview to this Guidance Note. 83. Audit Procedures If Auditor has reasons to Believe a Fraud has Occurred or is being Carried Out As discussed in the earlier sections of this Guidance Note, Section 143(12) of the 2013 Act requires the auditor to report to the Central Government if he has “reasons to believe” that an offence involving fraud is being or has been committed against the company by officers or employees of the company. Clearly, section 143(12) does not envisage reporting in Form ADT 4 by the statutory auditor during the “speculation” and “suspicion” stages. During these stages, the auditor’s procedures would be as provided under the SA 240. Having reached the stage of “reason to believe”, the auditor would be guided by the requirements of paragraphs 83 and 84 of this Guidance Note. Examples of audit procedures which the auditor can perform when he has “reason to believe” that an offence involving fraud is being or has been committed is given below: a. Evaluating the evidences obtained or misstatements identified with professional skepticism. b. Introducing elements of unpredictability/surprise in carrying out specific audit procedures (for example, visiting certain sales locations normally not visited at year end to evaluate if there are any “Billed but Not Delivered” sales transactions). c. If considered necessary, recommending to the Board or Audit Committee to involve experts such as information technology 705 Handbook of Auditing Pronouncements-II specialists, forensic experts or fair valuation experts, etc., to carry out data analytics and investigation (Refer paragraph 84 below). d. Seeking additional audit evidence from sources outside of the entity being audited. For example, external confirmations which could be tailored to specific circumstances such as confirming the terms and conditions relating to sale, confirming the occurrence of specific transactions, etc. e. Focussed testing on period-end and year-end journal entries by a senior member of the engagement team. f. Carrying out a more critical evaluation and retrospective testing of accounting estimates to evaluate the reasonableness of management’s judgement and existence of management bias. g. Consulting with experts to evaluate unusual and complex transactions. h. Performing certain procedures specific to account balance when such evidences particularly relate to any specific class of transaction or account balance. For example, in addition to sending written confirmations, major customers and suppliers could be directly contacted in order to seek more or different information. i. Where related party transactions are involved, critically evaluating the business rationale of the transactions and arm’s length nature of such transactions. j. Re-performing certain critical reconciliations carried out by the entity. 84. Working with the Board or the Audit Committee in case the Auditor has Reasons to Believe a Fraud may Exist There could be circumstances where the auditor identifies misstatements in account balance where a fraud or a significant risk factor was identified by him and therefore has reason to believe that a fraud may exist. However, the auditor may not have sufficient reason to believe that a fraud actually exists. As per the SAs, the auditor may communicate such misstatements to the management and request them to carry out additional reviews to ensure that there are no other undetected misstatements. The auditor may perform parallel procedures or work with the management to identify any other misstatement due to fraud within those account balances that may have remained undetected. 706 Reporting on Fraud under Section 143(12) The outcome of such audit procedures will help the auditor conclude whether he has sufficient reason to believe or not, that the suspected offence involving fraud has been or is being committed. 85. It may be noted that the above procedures (Refer paragraphs 83 and 84) represent enhanced audit procedures which the auditor carries out in the course of his audit with professional skepticism with the primary objective to ensure that the financial statements are not materially misstated due to fraud. The objective of the auditor is to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses. Further, although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determination of whether fraud has actually occurred. Therefore, an auditor cannot make an assertion that an ‘offence’ involving fraud has been or is being committed against the company. Accordingly, in Form ADT – 4 the terminology used is ‘suspected offence involving fraud’. 86. Reporting to the Board or Audit Committee on Auditor’s Sufficient Reason to Believe and Knowledge of Fraud against the Company by Officers or Employees of the Company Clause (i) of Sub-Rule 1 of Rule 13 of the Companies (Audit and Auditors) Rules, 2014 requires the auditor to forward his report to the Board or the Audit Committee, as the case may be, immediately after he comes to (have) knowledge of the suspected offence involving fraud, seeking their reply or observations within forty-five days. The Rule does not prescribe the form or format in which the auditor should communicate to the Board or the Audit Committee. 87. Therefore, the auditor may use the Form ADT – 4 itself to report to the Board or Audit Committee duly filling in the necessary details, other than those relating to items (11), (12) and (14) of the Form relating to date of receipt of response from the Board or Audit Committee; the auditor’s opinion if the reply of the Board or Audit Committee was satisfactory; and the details of steps taken by the company in this regard. Refer Appendix 5 for illustrative format of reporting to the Board or the Audit Committee. 88. The auditor may send additional details of the basis on which the fraud is suspected, the period to which it relates to and the basis of estimating the amounts involved, to enable the Board or Audit Committee to pursue the matter further. 707 Handbook of Auditing Pronouncements-II 89. It may be noted that the timeline for reporting under Section 143(12) starts immediately as soon as the auditor has sufficient reason to believe and knowledge of fraud. The auditor is not required to investigate the fraud so as to establish the entire magnitude, the period, the modus operandi and the persons involved since the requirement of Section 143(12) read with the Rule 13 of the Companies (Audit and Auditors) Rules, 2014 is not that the auditor has to perform a forensic audit. 90. Obtaining Response from the Board or Audit Committee When a fraud is reported by the auditor to the Board or Audit Committee, they are required to evaluate the matter, where applicable and take appropriate action on the matter, including, where required an investigation/forensic audit conducted either by appropriate internal specialists of the company or external specialists/experts, and respond to the auditor within 45 days of the date of the auditor’s communication. 91. It will be the responsibility of the Board or Audit Committee to have appropriate procedures performed, including, where required an investigation/forensic audit. The action taken by the Board or Audit Committee pursuant to receipt of communication from the auditor may involve investigation/forensic audit by their internal auditors, internal team of senior management or by an external agency. Based on the steps taken, including any investigation/forensic audit on the matter reported, they are required to reply to the auditors. 92. An investigation will include a planning stage, a period when evidence is gathered, a review process, and a report to the client. The purpose of the investigation, in the case of an alleged fraud, would be to discover if a fraud had actually taken place, to identify those involved, to quantify the monetary amount of the fraud (i.e., the financial loss suffered by the client), and to ultimately present findings to the client and potentially to court. It is normally not as in-depth as a forensic audit and in fact may not be performed by forensic auditors. 93. ‘Forensic audit’ refers to the specific procedures carried out in order to produce evidence. Specialised audit techniques are used to identify and to gather evidence to prove, for example, use of information technology and data retrieval tools, data analytics, interrogation (not interview), critical evaluation of evidence, motive, evaluating patterns of information, duration of the alleged fraud and how it was conducted and concealed by the perpetrators, etc.. Evidence may also be gathered to support other issues which would be relevant in the event of a court case. Such issues could include: • the suspect’s motive and opportunity to commit fraud; 708 Reporting on Fraud under Section 143(12) • whether the fraud involved collusion between several suspects; • any physical evidence at the scene of the crime or contained in documents; • comments made by the suspect during interviews and/or at the time of arrest; and • attempts to destroy evidence. Forensic audit is a very specialised engagement, which requires highly skilled team members who have experience not only of accounting and auditing techniques, but also, among other things, of the relevant legal framework. 94. Rule 13 of the Companies (Audit and Auditors) Rules, 2014 does not state what should be the contents of the reply of the Board or Audit Committee in case a report on a suspected offence involving fraud is received by them from the auditor. However, it would be reasonable to presume that the reply of the Board or Audit Committee will include the following: − An acknowledgement of having received the report on fraud from the auditor. − Brief description of the fraud or suspected fraud. − The steps taken by them pursuant to receipt of the report, including: a. The manner in which they have followed up on the matter reported to them; b. Involvement of specialists, internal and/or external, who have carried out investigation/forensic audit on their behalf; c. The period covered by such investigation/forensic audit; d. Their assessment of areas impacted by the fraud – company locations, account balances, categories of assets/liabilities/income/expenses, categories of customers/vendors, off-balance sheet items, etc. e. The conclusion drawn by them based on such investigation/forensic audit: If the Board or Audit Committee is in agreement with the auditor’s conclusion on fraud – the cause of the fraud, persons involved, estimate of amounts involved, the period to which the fraud relates to, steps taken by them to remediate the reasons which 709 Handbook of Auditing Pronouncements-II caused the occurrence of the fraud, including changes to the internal control systems or plans thereto, the action taken on the persons involved in the fraud (including filing of civil/criminal complaints with law enforcement agencies, disciplinary actions, etc.), the status of reporting the matter to any other regulator (e.g. RBI, Tax authorities, etc.). If the investigation/forensic audit ordered by them is in progress as on the date of the reply - the status of the investigation, the persons allegedly involved in the fraud, any preliminary amounts quantified on the fraud, steps taken in the interim including any action taken on the persons allegedly involved in the fraud (including filing of civil/criminal complaints with law enforcement agencies, disciplinary actions, etc.), the status of reporting the matter to any other regulator (e.g. RBI, Tax authorities, etc.), remediation plan to prevent further occurrences, etc. − A copy of the investigation report/report on the forensic audit (preliminary/draft/final) or the procedures performed/being performed by them to substantiate the items stated above. 95. There may be instances where the Board or the Audit Committee does not concur with the auditor’s belief that a suspected offence involving fraud is being or has been committed. If the Board or Audit Committee is not in agreement with the auditor’s belief that a suspected offence involving fraud has been or is being committed, the persuasive reasons therefor with supporting evidence should be provided in their reply to the auditor along with the other matters described in paragraph 94 above. 96. Evaluating Reply of the Board or Audit Committee The auditor should evaluate the reply of the Board or Audit Committee received by him in response to his report to them on the suspected offence involving fraud. Such evaluation is required to enable the auditor to state if he is satisfied or not satisfied with the reply of the Board or Audit Committee on the matter reported to them. 97. Whilst Sub-Rule (1)(ii) of Rule 13 of the Companies (Audit and Auditors) Rules, 2014 requires the auditor to forward his report along with his comments on the reply received from the Board or the Audit Committee, Form ADT–4 requires the auditor to only state if he is satisfied or not satisfied with the reply of 710 Reporting on Fraud under Section 143(12) the Board or the Audit Committee. Accordingly, the comments of the auditor as specified in the Sub-rule implies the statement of the auditor in Form ADT – 4 about his satisfaction or otherwise with the reply of the Board or the Audit Committee. For this purpose, the auditor should review the reply from the Board or the Audit Committee with the supporting evidence provided to determine the reasonability of the same. 98. Where the Board or the Audit Committee has provided its reply on the basis of an investigation/forensic audit, the auditor is not expected to re-perform or carry out an independent investigation/forensic audit to validate the same. The auditor should, however, review the process followed by the investigation/forensic audit to gain comfort on: − the scope of the investigation/forensic audit, − the period covered, − the persons covered, − information gathered/obtained, − specific scope exclusions or limitations, if any, in the investigation/forensic audit, − the reasonableness of the amounts identified as involved based on his professional judgement and his understanding of the suspected offence involving fraud, and − the competence, experience and seniority of the persons who conducted the investigation/forensic audit and their independence and objectivity. 99. If the Board or the Audit Committee disagrees with the belief of the auditor that a suspected offence involving fraud exists and provides evidence in this regard, the auditor would consider such evidence and perform such further procedures as may be necessary to determine if his initial belief was appropriate under the circumstances. In addition to reviewing the matters stated in paragraph 98 above with increased professional skepticism, the following additional factors should also be considered by the auditor: − Whether the evidence provided in the reply was available when the auditor initially concluded that there was a fraud or is it new evidence. If it was an evidence or information that was previously considered by the auditor, the reason why the company has considered the same evidence or information differently. 711 Handbook of Auditing Pronouncements-II − The reliability of the evidence now provided considering the risk of bias to overlook a fraud that is existing. − The persuasiveness of the company’s evidence or information that the suspected offence involving fraud does not exist, that is included in the company’s reply. 100. Based on the additional procedures carried out by the auditor after considering the factors stated in paragraph 99 above, pursuant to the reply of the company disagreeing with the initial belief of the auditor that a suspected offence involving fraud is being or has been committed, if the auditor is convinced that his initial suspicion was incorrect, the need for reporting the matter to the Central Government would not be applicable. This situation would arise only if the auditor did not have the evidence or information that is now provided as part of the reply or additional information has now been provided to the auditor and there is persuasive evidence now available to convince the auditor that the suspected offence involving fraud does not exist. Reporting to the Central Government in Form ADT-47 101. It may be noted that Sub-rule (1)(ii) of Rule 13 of the Companies (Audit and Auditors) Rules, 2014 requires the auditor to forward his report and the reply or observations of the Board or the Audit Committee along with his comments (on such reply or observations) to the Central Government within 15 days of receipt of such reply. Consequently, it is not necessary that the auditor will always have 60 days to submit the Form ADT–4 to the Central Government since if the Board or the Audit Committee replies prior to 45 days of the date of the auditor reporting to them on the suspected offence involving fraud, the Form ADT – 4 will need to be submitted within 15 days of the receipt of reply from the Board or the Audit Committee. For example, if the Board or the Audit Committee replies in 24 days, the auditor will need to report in Form ADT–4 within 39 days i.e., 15 days of receipt of reply from the company. 102. If the auditor does not receive a reply to his communication to the Board or Audit Committee within 45 days, he shall forward his report to the Central Government along with a note containing the details of his report that was earlier forwarded to the Board or the Audit Committee for which he failed to receive any 7 Pursuant to the proposed amendments to Section 143(12) of the 2013 Act, auditors may be required to report to the Central Government only those frauds where the amount involved is in excess of the threshold that may be specified by the Ministry of Corporate Affairs. Accordingly, the guidance given in paragraphs 101 to 104 with respect to reporting to the Central Government will become applicable only for those frauds that are in excess of the specified threshold. 712 Reporting on Fraud under Section 143(12) reply or observations within the stipulated time within 15 days of the expiry of the 45 days. 103. If the auditor receives a reply from the Board or Audit Committee within the stipulated time of 45 days of his communication to them, the auditor should within 15 days of receipt of the reply send his report in Form ADT–4 (Refer Appendix 6) to the Central Government stating the following: − the date on which he received the reply; − a gist of the reply or observations of the Board or the Audit Committee to his report; − whether he is satisfied or not satisfied with the reply of the Board or Audit Committee; − details of steps, if any, taken by the company in this regard (furnishing full details with references); and − any other relevant information. A copy of the reply received from the Board or Audit Committee should also be attached to the Form ADT–4 when submitted to the Central Government. 104. In case the auditor is not satisfied with the reply of the Board or the Audit Committee, he should state the reasons for the same in the Form ADT–4 as part of item 15 to the Form “Any other relevant information”. The reasons the auditor may not be satisfied with the reply of the Board or the Audit Committee may, inter alia, include any of the following: − He is not satisfied with the competence or seniority/experience of the person who has carried out the investigation/forensic audit on behalf of the Board or the Audit Committee. − If only an investigation was carried out but considering the nature, size, complexity, motive of the suspected offence involving fraud, it needed a forensic audit to be carried out, thereby impacting the comprehensiveness of the procedures performed by the Board or the Audit Committee. (Refer paragraphs 92 and 93) − Facts produced by the auditor in his report were overlooked by the Board or the Audit Committee resulting in differing conclusions with that of the auditor. − Based on further procedures performed and evaluation of the additional evidence or information provided, if the auditor not convinced with the 713 Handbook of Auditing Pronouncements-II Board or the Audit Committee reply that the suspected offence involving fraud does not exist. − Period of coverage, persons covered, and areas covered or scope of the investigation/forensic audit was not adequate or appropriate. − If the reply of the Board or the Audit Committee does not include any of the matters referred to in paragraph 94 above and the auditor considers such matter to be significant for the Board or the Audit Committee to have considered in their reply. 105. Management Representation SA 580 - “Written Representations”, establishes requirements and provides guidance on obtaining appropriate representations from management. Because of the nature of fraud and the difficulties encountered by auditors in detecting material misstatements in the financial statements resulting from fraud, it is important that the auditor obtains a written representation from management and, where appropriate, those charged with governance confirming that they have disclosed to the auditor: a) The results of management’s assessment of the risk that the financial statements may be materially misstated as a result of fraud; and b) Their knowledge of actual, suspected or alleged fraud affecting the entity. In addition to the management representations as discussed above, the auditor will be required to obtain certain specific representations with regard to the following: a) Steps taken on fraud committed or being committed against the company. b) Matters included in the reply to the report of the auditor on suspected fraud. Further when management is involved or suspected to be involved, the auditor should insist that the representations need to be provided by the Board or Audit Committee of the company. Illustrative Management Representation Letter for steps taken by the Board or the Audit Committee on fraud reported by the auditor is provided in Appendix 7. In the exceptional circumstances where the auditor has doubts about the integrity or honesty of those charged with governance, the auditor may consider it 714 Reporting on Fraud under Section 143(12) appropriate to obtain legal advice to assist in determining the appropriate course of action. 106. Audit Documentation and Quality Control The documentation of the audit procedures performed from identifying the fraud risk till the identification of existence of fraud is critical as this would form the basis for matters reported to the Board or the Audit Committee and thereafter to the Central Government in Form ADT-4. This would also enable the auditor to demonstrate reporting in good faith to ensure protection under Section 143(13) and Section 456. 107. Auditors should, taking into account the provisions of SA 230, inter alia, consider the following items for being maintained as part of the audit documentation in connection with reporting under Section 143(12): a) Minutes of inquiries conducted with those charged with governance, internal auditors, senior management and relevant employees during the course of planning and minutes of engagement team discussions on fraud risk factors. (Refer paragraphs 61 and 62) b) The fraud risk factor or suspicion which led to identification of evidences which provided the knowledge to the auditor that a suspected offence involving fraud is being or has been committed. (Refer paragraphs 80.a and 80.b) c) Specific and additional audit procedures carried out by the auditor to address the assessed risk of material misstatement due to fraud. (Refer paragraphs 80.c, 80.d, 83 and 84) d) Memo documenting the professional judgement exercised by the auditor at various stages of performing the planned procedures. e) Details of evidences obtained during the course of performing the planned procedures. (Refer paragraphs 80.c, 80.d, 83 and 84) f) Copies of correspondences with the Board or Audit Committee on the procedures/investigations carried out, to conclude on matters reported by the auditor.(Refer paragraph 84) g) Copy of the report to the Board or Audit Committee along with attachments thereto. (Refer paragraphs 86 to 89) h) Copy of response received from the Board or the Audit Committee along with the supporting documents provided by them in their response. (Refer paragraphs 90 to 95) 715 Handbook of Auditing Pronouncements-II i) If an investigation/forensic audit was carried out by the Board or Audit Committee, how the auditor evaluated the competency and independence of the person who carried out the investigation and adequacy of the scope of work provided to them. (Refer paragraphs 96 to 100) j) Details of other procedures carried out to evaluate the reasonableness of investigation/forensic audit/action taken by the Board or Audit Committee in respect of the matter reported. (Refer paragraphs 96 to 100) k) Conclusions on whether or not the auditor was satisfied with the procedures carried out by the Board or the Audit Committee along with the basis and reasons therefor. (Refer paragraphs 98 to 104) l) If the auditor is satisfied with the Board or the Audit Committee response that the suspected offence involving fraud does not exist, the details of additional procedures performed, supporting evidence and additional evidence received by the auditor in this regard.(Refer paragraphs 99 and 100) m) Copy of the report submitted to the Central Government. The matters included in this report needs to be appropriately cross-referenced to the source documents. (Refer paragraphs 102,104 and paragraph 109) n) Management representations.(Refer paragraph 105) o) Documentation on how the auditor evaluated the implications of the suspected offence involving fraud on other aspects of audit and on the financial statements– whether the impact is isolated occurrence or pervasive (Refer paragraphs 106 and 110). p) If experts and specialists were involved in carrying out these procedures, then their work papers should also form part of the auditor’s work papers. q) Any memo on consultations the auditor had during the course of carrying out the procedures with regard to fraud. r) Evidence of a quality control review having been performed on the audit procedures carried out and the report submitted to the Board or Audit Committee and the Central Government. (Refer paragraph 108) 108. Whilst reporting under Section 143(12) is not a separate engagement from an audit of financial statements, it arises from such an audit, since reporting under Section 143(12) is consequent to any fraud noted in the course of 716 Reporting on Fraud under Section 143(12) performance of duties as auditor. Further, since the auditor is required to report to the Central Government in case of fraud against the company, and given the exceptional nature of circumstances, the auditor should ensure that the reporting under Section 143(12) is subject to quality control considering the provisions of SA 220 – “Quality Control for an Audit of Financial Statements”. 109. Whilst the Act or the Rules do not specify that the auditor should send a copy of the Form ADT–4 sent to the Central Government to the Board or the Audit Committee, the Act or the Rules do not prohibit the same. Accordingly, the auditor may send a copy of the Form ADT–4 and the documents annexed thereto to the Board or the Audit Committee for their information and records. 110. Evaluation of Impact on the Financial Statements, Audit Opinion on the Financial Statements and Internal Financial Controls If a fraud has been noted and reported under Section 143(12), the auditor will have to evaluate the implications of the matter reported in the financial statements, on his audit opinion on the financial statements and on any other matter to be included in his report under Sections 143(1) to (3) including with regard to reporting on the adequacy and operating effectiveness of the internal financial controls. The following will need to be considered by the auditor in this regard: • When the auditor has reason to believe that the management is involved in the fraud, how the auditor re-evaluated the risks of material misstatement due to fraud and reliability of the evidences previously obtained. • When the auditor confirms that, or is unable to conclude whether the financial statements are materially misstated due to fraud, how the auditor evaluated the implications for the audit. 111. Consideration in Joint Audits In case of joint audits, where a suspected offence involving fraud against the company by its officers or employees is identified/noted by one of the joint auditors, such joint auditor should communicate the same to the other joint auditor(s) to enable them to consider and evaluate if the same could exist in the areas/account balances audited by them and each of the joint auditor should individually comply with the requirements of this Guidance Note. The reporting to those charged with governance and to the Central Government as required under Rule 13 to the Companies (Audit and Auditors) Rules, 2014 may be carried out by the joint auditor who identified/noted the suspected fraud or by any or all of the joint auditors together. 717 Handbook of Auditing Pronouncements-II When the reporting in Form ADT – 4 is carried out only by the joint auditor who identified/noted the suspected fraud, such joint auditor should provide a copy of the Form ADT – 4 to the other joint auditors. 112. Consideration of Disclosure of Frauds in the Board’s Report SA 720 – “The Auditor’s Responsibility in Relation to Other Information in Documents Containing Audited Financial Statements” requires the auditor to read the other information in documents that contain audited financial statements because the credibility of the audited financial statements may be undermined by material inconsistencies between the audited financial statements and other information. Pursuant to the proposed amendments to Section 143(12) of the Companies Act, 2013, the auditor may be required to report frauds only to the Audit Committee or the Board of Directors if the amounts involved are less than the thresholds that may be specified by the Ministry of Corporate Affairs. Such frauds may have been appropriately dealt with in the audited financial statements of the company. However, as per the proposed amendment, the company should disclose details of such fraud in its Board’s report. Since the Board’s report also includes audited financial statements, the auditor should read the disclosures relating to fraud in the Board’s report to determine if they are consistent with the matter reported by the auditor and dealt with in the audited financial statements. In case the auditor observes any material inconsistency in the disclosure in the Board’ report in this regard, the auditor should consider the requirements of SA 720 to determine the manner of dealing with the inconsistency observed. 718 SECTION V APPENDICES APPENDIX 1 (Refer paragraph 61) Illustrative Matters for Engagement Team Discussion on Fraud Discussion among the engagement team A discussion among the engagement team members and a determination by the engagement partner of matters which are to be communicated to those team members not involved in the discussion should place particular emphasis on how and where the entity’s financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur. The discussion should occur notwithstanding the engagement team members’ beliefs that management and those charged with governance are honest and have integrity. Discussing the susceptibility of the entity’s financial statements to material misstatement due to fraud with the engagement team: • Provides an opportunity for more experienced engagement team members to share their insights about how and where the financial statements may be susceptible to material misstatement due to fraud. • Enables the auditor to consider an appropriate response to such susceptibility and to determine which members of the engagement team will conduct certain audit procedures. • Permits the auditor to determine how the results of audit procedures will be shared among the engagement team and how to deal with any allegations of fraud that may come to the auditor’s attention. The discussion may include such matters as: • An exchange of ideas among engagement team members about how and where they believe the entity’s financial statements may be susceptible to material misstatement due to fraud, how management Handbook of Auditing Pronouncements-II could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated. • A consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting. • A consideration of the known external and internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalise committing fraud. • A consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation. • A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement team. • An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud. • A consideration of the types of circumstances that, if encountered, might indicate the possibility of fraud. • A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed. • A consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s financial statement to material misstatement due to fraud and whether certain types of audit procedures are more effective than others. • A consideration of any allegations of fraud that have come to the auditor’s attention. • A consideration of the risk of management override of controls. Illustrative matters for consideration during engagement team discussions on fraud risk factors • What are the business risks that the entity is subject to? • How might fraud, including fraudulent financial reporting, occur at the entity? How can it be concealed? 720 Reporting on Fraud under Section 143(12) • Have there been any frauds that have been reported in the same industry as the entity? If so, is it possible that the fraud identified is applicable to the entity and should be considered? • Where are the financial statements susceptible to material misstatement as a result of fraud or error? • How could assets at the entity be misappropriated? • Is there a high risk of management override of controls? • What is the susceptibility of financial statements to material misstatement due to fraud or error that could result from the entity’s related party relationships and transactions? • Are there circumstances that indicate earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting? • Are there known external or internal factors affecting the entity that may create an incentive or pressure for management and others to commit fraud, provide the opportunity for fraud to be perpetrated, indicate a culture or environment that enables management or others to rationalise committing fraud? • Is the financial stability or profitability of the entity threatened by economic, industry, or other operating conditions? • Does the nature of the entity’s operations provide opportunities to engage in fraudulent financial reporting? • Does the entity have a complex or unstable organisational structure? • Are there any unusual or unexplained changes in behavior or lifestyle of management and/or others? • Have there been any actual frauds uncovered at the entity? • If so, what was the circumstances surrounding the fraud and what was the outcome of the investigation? • Did management and others take the appropriate actions to address the fraud? • Have there been any allegations of fraud? In addition to assessing the susceptibility to fraud, engagement teams may consider the following matters in addressing the fraud risk factors: 721 Handbook of Auditing Pronouncements-II • What insights can be shared amongst engagement team members based on the knowledge of the entity? • Does each engagement team member understand the potential for material misstatements related to each audit area they have been assigned to? • What types of circumstances, if encountered, during the engagement could indicate a possibility of fraud? • What type of procedures might be selected to respond to possible fraud? • Are there certain types of procedures that are more effective than others? • Is the engagement team aware of the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud? • How will the element of unpredictability be incorporated into the nature, timing and extent of the audit procedures to be performed? • What happens if fraud is identified during the engagement? 722 Reporting on Fraud under Section 143(12) APPENDIX 2 (Refer paragraphs 62 and 65) Illustrative Checklist for Inquiries with Board/ Audit Committee, Management and Internal Auditor Inquiries of Management and Others regarding the risk of fraud: Document responses after each chart within the space provided. Questions Regarding the Identification of Fraud Risks and Other Risks of Material Misstatement The following questions are designed to identify fraud risks that are known to management. Questions may be directed to those individuals indicated: Audit Committee Internal Audit Others Board/ CEO CFO Questions What are your views regarding the risks of fraud? * * * * Do you have knowledge of any actual or suspected * * * * fraud affecting the entity? If so, describe each instance including: a. The individual’s position within or relationship to the entity. b. Identification of others involved or that may have been involved in the matter and their relationship to the entity or any of its employees. c. The scheme used or possibly used to misstate the financial statement amounts and/or disclosures. d. Whether the misstatement or potential misstatement was detected in a timely manner by the internal controls, especially the antifraud programs and controls, established by management. e. If the misstatement or potential misstatement was not detected in a timely manner, indicate whether it was because the programs and 723 Handbook of Auditing Pronouncements-II Audit Committee Internal Audit Others Board/ CEO CFO Questions controls were: i. Not in place ii. Improperly designed iii. Properly designed but not operating effectively. f. How management (or others, such as the Audit Committee) became aware of the scheme used or possibly used to misstate the financial statements. g. The actual or potential effect on the financial statement amounts and/or disclosures. h. The actions that management and/or those charged with governance (e.g., the Audit Committee) took in response to each instance described (e.g., investigation, restating the financial statements). If no action was taken, please explain the reasons for that decision. i. Any disciplinary actions that management and/or those charged with governance (e.g., the Audit Committee) took with respect to the individual(s) involved in the matters described. If there was no disciplinary action taken, please indicate such and explain why no action was considered necessary. j. How management plans to prevent, deter, and detect the risks relating to such schemes in the future. Provide copies of reports on suspected fraud received from the cost auditors, secretarial auditors and erstwhile statutory auditors in the last year in terms of Section 143(12) of the Companies Act, 2013 and the Rules thereunder, along with the responses of the company provided to such persons and copies of reporting on fraud to any other regulatory authority. * 724 Reporting on Fraud under Section 143(12) Audit Committee Internal Audit Others Board/ CEO CFO Questions Are you aware of allegations of fraud or suspected fraud affecting the entity (e.g., received in communications from employees, former employees, analysts, regulators, short sellers, or other investors)? If so, describe each instance, addressing items (a) through (j) from the above question as applicable. * * * * Is the entity in compliance with laws and regulations that may have a material effect on the financial statements? * * * Are you aware of tips or complaints regarding the entity's financial reporting (including those received through any internal whistleblower program, if such program exists) and, if so, what were your responses to such tips and complaints? * * * Have you reported to those charged with governance on how the entity's internal control serves to prevent and detect material misstatements due to fraud? * * Are you aware of instances of management override of controls and the nature and circumstances of such overrides? * [To the extent necessary, expand inquiries of the audit committee, or equivalent (or its chair), management, the internal audit function, and others within the entity who might reasonably be expected to have information that is important to the identification and assessment of risks of material misstatement;] * * * * * Other: _________________________________ Documentation 725 Handbook of Auditing Pronouncements-II Questions Regarding Processes to Prevent or Mitigate Fraud Risks The following questions are designed to identify the processes, including absence thereof or weaknesses therein, to prevent or mitigate fraud risks. Questions may be directed to those individuals indicated: Audit Committee Internal Audit Board or the Others CEO CFO Questions Does management perform an assessment of the risk that the financial statements may be materially misstated due to fraud (e.g., processes used to identify, analyse, and manage fraud faced by the entity)? If so, describe such processes, including the nature, extent, and frequency of such assessments. * * Describe your understanding about management’s process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist. * * * * Has the entity established programs and controls to mitigate specific fraud risks the entity has identified, or that otherwise help to prevent, deter, and detect fraud? If so, describe such programs and controls, including how management monitors them. * * Describe how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks. * * * 726 Reporting on Fraud under Section 143(12) Audit Committee Internal Audit Board or the Others CEO CFO Questions Has management communicated with those charged with governance (e.g., Audit Committee; others with equivalent authority and responsibility such as the Board of Directors, the board of trustees, or the owner-manager of the entity) regarding its processes for identifying and responding to the risks of fraud in the entity? Describe the frequency, nature, and extent of such communications. * * Has management communicated to employees its views on business practices and ethical behavior? If so, how? * * Does the entity have a compliance-monitoring process? If so, describe the process. * * Describe controls that the entity has established to address risks of fraud the entity has identified, or that otherwise help to prevent and detect fraud, including how management monitors those controls. * * For entities with multiple locations, describe (a) the nature and extent of monitoring of operating locations or business segments, and (b) whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist. * * Has the entity established policies and procedures regarding compliance with laws and regulations (including the prevention of non- compliance)? If so, describe those policies. If not, explain why. What do you do to check compliance with this policy? * * 727 Handbook of Auditing Pronouncements-II Audit Committee Internal Audit Board or the Others CEO CFO Questions Has the entity issued directives requiring periodic representations from management at appropriate levels of authority concerning compliance with laws and regulations? If not, why? * * Has the entity obtained periodic representations from management at appropriate levels of authority concerning compliance with laws and regulations? * * Has internal audit performed any procedures during the year to identify or detect fraud? If yes, has management satisfactorily responded to any findings resulting from those procedures performed? Note: Consider any significant risks identified when describing the role of those charged with governance (e.g., the Audit Committee) in addressing the risk that management may commit fraud through an override of existing controls. * Other: __________________________________ Documentation 728 Reporting on Fraud under Section 143(12) APPENDIX 3 (Refer paragraph 78) Illustrative Fraud Risk Factors (Refer Appendix I of SA 240) The fraud risk factors identified in this Appendix are examples of such factors that may be faced by auditors in a broad range of situations. Separately presented are examples relating to the two types of fraud relevant to the auditor’s consideration, i.e., fraudulent financial reporting and misappropriation of assets. For each of these types of fraud, the risk factors are further classified based on the three conditions generally present when material misstatements due to fraud occur: (a) incentives/pressures, (b) opportunities, and (c) attitudes/rationalizations. Although the risk factors cover a broad range of situations, they are only examples and, accordingly, the auditor may identify additional or different risk factors. Not all of these examples are relevant in all circumstances, and some may be of greater or lesser significance in entities of different size or with different ownership characteristics or circumstances. Also, the order of the examples of risk factors provided is not intended to reflect their relative importance or frequency of occurrence. Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting The following are examples of risk factors relating to misstatements arising from fraudulent financial reporting. Incentives/Pressures Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or as indicated by): • High degree of competition or market saturation, accompanied by declining margins. • High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates. • Significant declines in customer demand and increasing business failures in either the industry or overall economy. • Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent. 729 Handbook of Auditing Pronouncements-II • Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth. • Rapid growth or unusual profitability especially compared to that of other companies in the same industry. • New accounting, statutory, or regulatory requirements. Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following: • Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages. • Need to obtain additional debt or equity financing to stay competitive - including financing of major research and development or capital expenditures. • Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements. • Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards. Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance arising from the following: • Significant financial interests in the entity. • Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow. • Personal guarantees of debts of the entity. • There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals. Opportunities The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting that can arise from the following: 730 Reporting on Fraud under Section 143(12) • Significant related-party transactions not in the ordinary course of business or with related entities not audited or audited by another firm. • A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm’s-length transactions. • Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate. • Significant, unusual, or highly complex transactions, especially those close to period end that pose difficult “substance over form” questions. • Significant operations located or conducted across international borders in jurisdictions where differing business environments and cultures exist. • Use of business intermediaries for which there appears to be no clear business justification. • Significant bank accounts or subsidiary or branch operations in tax- haven jurisdictions for which there appears to be no clear business justification. The monitoring of management is not effective as a result of the following: • Domination of management by a single person or small group (in a non- owner managed business) without compensating controls. • Oversight by those charged with governance over the financial reporting process and internal control is not effective. There is a complex or unstable organizational structure, as evidenced by the following: • Difficulty in determining the organization or individuals that have controlling interest in the entity. • Overly complex organizational structure involving unusual legal entities or managerial lines of authority. • High turnover of senior management, legal counsel, or those charged with governance. Internal control components are deficient as a result of the following: 731 Handbook of Auditing Pronouncements-II • Inadequate monitoring of controls, including automated controls and controls over interim financial reporting (where external reporting is required). • High turnover rates or employment of accounting, internal audit, or information technology staff that are not effective. • Accounting and information systems that are not effective, including situations involving significant deficiencies in internal control. Attitudes/Rationalizations • Communication, implementation, support, or enforcement of the entity’s values or ethical standards by management, or the communication of inappropriate values or ethical standards, that are not effective. • Non-financial management’s excessive participation in or preoccupation with the selection of accounting policies or the determination of significant estimates. • Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or those charged with governance alleging fraud or violations of laws and regulations. • Excessive interest by management in maintaining or increasing the entity’s stock price or earnings trend. • The practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts. • Management failing to remedy known significant deficiencies in internal control on a timely basis. • An interest by management in employing inappropriate means to minimize reported earnings for tax-motivated reasons. • Low morale among senior management. • The owner-manager makes no distinction between personal and business transactions. • Dispute between shareholders in a closely held entity. • Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality. • The relationship between management and the current or predecessor auditor is strained, as exhibited by the following: 732 Reporting on Fraud under Section 143(12) − Frequent disputes with the current or predecessor auditor on accounting, auditing, or reporting matters. − Unreasonable demands on the auditor, such as unrealistic time constraints regarding the completion of the audit or the issuance of the auditor’s report. − Restrictions on the auditor that inappropriately limit access to people or information or the ability to communicate effectively with those charged with governance. − Domineering management behavior in dealing with the auditor, especially involving attempts to influence the scope of the auditor’s work or the selection or continuance of personnel assigned to or consulted on the audit engagement. Risk Factors Arising from Misstatements Arising from Misappropriation of Assets Risk factors that relate to misstatements arising from misappropriation of assets are also classified according to the three conditions generally present when fraud exists: incentives/pressures, opportunities, and attitudes/rationalization. Some of the risk factors related to misstatements arising from fraudulent financial reporting also may be present when misstatements arising from misappropriation of assets occur. For example, ineffective monitoring of management and other deficiencies in internal control may be present when misstatements due to either fraudulent financial reporting or misappropriation of assets exist. The following are examples of risk factors related to misstatements arising from misappropriation of assets. Incentives/Pressures • Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets. • Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets. For example, adverse relationships may be created by the following: − Known or anticipated future employee layoffs. − Recent or anticipated changes to employee compensation or benefit plans. 733 Handbook of Auditing Pronouncements-II − Promotions, compensation, or other rewards inconsistent with expectations. Opportunities Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation. For example, opportunities to misappropriate assets increase when there are the following: • Large amounts of cash on hand or processed. • Inventory items that are small in size, of high value, or in high demand. • Easily convertible assets, such as bearer bonds, diamonds, or computer chips. • Fixed assets which are small in size, marketable, or lacking observable identification of ownership. • Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, misappropriation of assets may occur because there is the following: − Inadequate segregation of duties or independent checks. − Inadequate oversight of senior management expenditures, such as travel and other reimbursements. − Inadequate management oversight of employees responsible for assets, for example, inadequate supervision or monitoring of remote locations. − Inadequate job applicant screening of employees with access to assets. − Inadequate record keeping with respect to assets. − Inadequate system of authorization and approval of transactions (for example, in purchasing). − Inadequate physical safeguards over cash, investments, inventory, or fixed assets. − Lack of complete and timely reconciliations of assets. − Lack of timely and appropriate documentation of transactions, for example, credits for merchandise returns. − Lack of mandatory vacations for employees performing key control functions. 734 Reporting on Fraud under Section 143(12) − Inadequate management understanding of information technology, which enables information technology employees to perpetrate a misappropriation. − Inadequate access controls over automated records, including controls over and review of computer systems event logs. Attitudes/Rationalizations • Disregard for the need for monitoring or reducing risks related to misappropriations of assets. • Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to take appropriate remedial action on known deficiencies in internal control. • Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employee. • Changes in behavior or lifestyle that may indicate assets have been misappropriated. • Tolerance of petty theft. The Fraud Triangle – Risk factors 735 Handbook of Auditing Pronouncements-II Additional Examples of Fraud Risk Factors for Consideration by Auditors (these are in addition to those stated in SA 240) Probable areas where fraud may occur: • Improper Disclosures. • Expenses. • Liabilities. • Reserves. • Bribery and kickbacks. • Cash and bank balances. • Inflating the purchase consideration for acquisition of business and thereby recording fictitious Goodwill. • Investments. • Asset misappropriation. • Trade Receivable. • Inventory. • Revenue Recognition. Adverse situations impacting the company: • Heavy rejections of stores, spares and equipment in a factory could be used as means for smuggling good stocks. • Situation of disorderliness. • Non-reconciliation of Bank Statements for a long period of time. • Disaster situations like floods or fire whereby assets are deliberately pilfered. • Sudden profits in otherwise loss making business not supported by any reasonable change in environment. • Consistent losses in otherwise thriving industry. • Situation of incomplete information like missing records. • Absence of rotation of duties or prolonged exposure in the same area. 736 Reporting on Fraud under Section 143(12) • Close nexus with vendors, clients or external parties whereby preference is given to one party over the other though the terms of trade may be unfavorable. • Domination of management by a single person. Favorable situations that could also be indicative of fraud: • One way errors – Where the store keeper always show excessive inventory and has never reported shortages. • Inefficient accountant suddenly turns very responsible and undertakes extraordinary work such as a reconciliation of long-outstanding/overdue receivable or payable balances, which bears fruits. • An accountant/employee pays up from his own pocket to make up for the lapse. • Employee does not take advances/cash float when he goes on outstation tours for company purposes. • Extreme behavior of being very obedient or friendly or compliant. • No significant over-dues/delinquencies not commensurate with industry norms. Common situations in computerised environments where frauds are likely to take place: • Migration from manual system to computerised system or migration from one application to a new one where migration is enforced on staff, the timeline for migration appears inadequate or parallel alternate records in the erstwhile system are not maintained. • Implementing computerised system without staff orientation. • Teething problems in implementation or customisation of computerised systems could be used as camouflaging or cloaking devices for frauds or hiding one’s own inefficiencies. • Frauds using excel spread sheets – cells with values hidden but included in totals; values directly input in cells which normally have formulas or values added in cells which have formulas, etc. Discrepancies/unusual transactions in the accounting records, including: • Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount, accounting period, classification, or entity policy. 737 Handbook of Auditing Pronouncements-II • Unsupported or unauthorised balances or transactions. • Inter-company funding arrangements not in a transparent manner. • Funding from unknown parties or at valuations that do not appear arm’s length. • Ownership changes in a dormant company or significant business activity in an otherwise dormant company. • Last-minute adjustments that significantly affect financial results. • Evidence of employees’ access to systems and records inconsistent with that necessary to perform their authorised duties. • Tips or complaints to the auditor about alleged fraud. Conflicting or missing evidence, including: • Missing documents. • Documents that appear to have been altered. • Unavailability of other than photocopied or electronically transmitted documents when documents in original form are expected to exist. • Significant unexplained items on reconciliations. • Unusual balance sheet changes or changes in trends or important financial statement ratios or relationships, for example, receivables growing faster than revenues. • Inconsistent, vague, or implausible responses from management or employees arising from inquiries or analytical procedures. • Unusual discrepancies between the entity's records and confirmation replies. • Large numbers of credit entries and other adjustments made to accounts receivable records. Common fraud schemes in revenue recognition: • Recording of fictitious revenues. • Recognition of revenue when products or services are not delivered, delivery is incomplete, or delivered without customer acceptance. • Recognition of revenue from sales transactions billed, but not shipped (“bill and hold”). 738 Reporting on Fraud under Section 143(12) • Recognition of revenue from excessive shipments to resellers beyond actual demand (“channel stuffing”). • Recognition of revenue from sales where collectability is not reasonably assured. • Recognition of revenue from sales improperly financed by the selling entity. • Recognition of revenue for goods on consignment. • Recognition of revenue when disputes or claims exist. • Recognition by a lessor of revenue from an operating lease as a sale. • Failure to establish appropriate provisions for sales discounts and other allowances. • Failure to establish appropriate provisions for rights to refunds or exchange, cancellation or refusal rights, or liberal unconditional rights of return granted through undisclosed verbal or written agreement (“side agreements”). • Recognizing inappropriate amount of revenue from swaps or barter arrangements. • Improper recognition of revenue from long-term contacts (including those accounted for using percentage of completion). • Recognition of revenue in the wrong period either by holding the books open after period-end or by closing the books prior to period-end. • Recognition of revenue where there are contingencies associated with the transactions that have not yet been resolved. • Recognition of revenue associated with undelivered elements of multiple-elements contracts (“bundled contracts”). 739 Handbook of Auditing Pronouncements-II APPENDIX 4 (Refer paragraph 79) Illustrative Possible Audit Procedures to Address the Assessed Risks of Material Misstatement due to Fraud (Refer Appendix 2 of SA 240) The following are examples of possible audit procedures to address the assessed risks of material misstatement due to fraud resulting from both fraudulent financial reporting and misappropriation of assets. Although these procedures cover a broad range of situations, they are only examples and, accordingly they may not be the most appropriate nor necessary in each circumstance. Also the order of the procedures provided is not intended to reflect their relative importance. Consideration at the Assertion Level Specific responses to the auditor’s assessment of the risks of material misstatement due to fraud will vary depending upon the types or combinations of fraud risk factors or conditions identified, and the classes of transactions, account balances, disclosures and assertions they may affect. The following are specific examples of responses: • Visiting locations or performing certain tests on a surprise or unannounced basis. For example, observing inventory at locations where auditor attendance has not been previously announced or counting cash at a particular date on a surprise basis. • Requesting that inventories be counted at the end of the reporting period or on a date closer to period end to minimize the risk of manipulation of balances in the period between the date of completion of the count and the end of the reporting period. • Altering the audit approach in the current year. For example, contacting major customers and suppliers orally in addition to sending written confirmation, sending confirmation requests to a specific party within an organization, or seeking more or different information. • Performing a detailed review of the entity’s quarter-end or year-end adjusting entries and investigating any that appear unusual as to nature or amount. • For significant and unusual transactions, particularly those occurring at or near year-end, investigating the possibility of related parties and the sources of financial resources supporting the transactions. 740 Reporting on Fraud under Section 143(12) • Performing substantive analytical procedures using disaggregated data. For example, comparing sales and cost of sales by location, line of business or month to expectations developed by the auditor. • Conducting interviews of personnel involved in areas where a risk of material misstatement due to fraud has been identified, to obtain their insights about the risk and whether, or how, controls address the risk. • When other independent auditors are auditing the financial statements of one or more subsidiaries, divisions or branches, discussing with them the extent of work necessary to be performed to address the assessed risk of material misstatement due to fraud resulting from transactions and activities among these components. • If the work of an expert becomes particularly significant with respect to a financial statement item for which the assessed risk of misstatement due to fraud is high, performing additional procedures relating to some or all of the expert’s assumptions, methods or findings to determine that the findings are not unreasonable, or engaging another expert for that purpose. • Performing audit procedures to analyse selected opening balance sheet accounts of previously audited financial statements to assess how certain issues involving accounting estimates and judgments, for example, an allowance for sales returns, were resolved with the benefit of hindsight. • Performing procedures on account or other reconciliations prepared by the entity, including considering reconciliations performed at interim periods. • Performing computer-assisted techniques, such as data mining to test for anomalies in a population. • Testing the integrity of computer-produced records and transactions. • Seeking additional audit evidence from sources outside of the entity being audited. Specific Responses—Misstatement Resulting from Fraudulent Financial Reporting Examples of responses to the auditor’s assessment of the risks of material misstatement due to fraudulent financial reporting are as follows: Revenue Recognition • Performing substantive analytical procedures relating to revenue using disaggregated data, for example, comparing revenue reported by month 741 Handbook of Auditing Pronouncements-II and by product line or business segment during the current reporting period with comparable prior periods. Computer-assisted audit techniques may be useful in identifying unusual or unexpected revenue relationships or transactions. • Confirming with customers certain relevant contract terms and the absence of side agreements, because the appropriate accounting often is influenced by such terms or agreements and basis for rebates or the period to which they relate are often poorly documented. For example, acceptance criteria, delivery and payment terms, the absence of future or continuing vendor obligations, the right to return the product, guaranteed resale amounts, and cancellation or refund provisions often are relevant in such circumstances. • Inquiring of the entity’s sales and marketing personnel or in-house legal counsel regarding sales or shipments near the end of the period and their knowledge of any unusual terms or conditions associated with these transactions. • Being physically present at one or more locations at period end to observe goods being shipped or being readied for shipment (or returns awaiting processing) and performing other appropriate sales and inventory cut-off procedures. • For those situations for which revenue transactions are electronically initiated, processed, and recorded, testing controls to determine whether they provide assurance that recorded revenue transactions occurred and are properly recorded. Inventory Quantities • Examining the entity's inventory records to identify locations or items that require specific attention during or after the physical inventory count. • Observing inventory counts at certain locations on an unannounced basis or conducting inventory counts at all locations on the same date. • Conducting inventory counts at or near the end of the reporting period to minimize the risk of inappropriate manipulation during the period between the count and the end of the reporting period. • Performing additional procedures during the observation of the count, for example, more rigorously examining the contents of boxed items, the manner in which the goods are stacked (for example, hollow squares) or labelled, and the quality (that is, purity, grade, or 742 Reporting on Fraud under Section 143(12) concentration) of liquid substances such as perfumes or specialty chemicals. Using the work of an expert may be helpful in this regard. • Comparing the quantities for the current period with prior periods by class or category of inventory, location or other criteria, or comparison of quantities counted with perpetual records. • Using computer-assisted audit techniques to further test the compilation of the physical inventory counts - for example, sorting by tag number to test tag controls or by item serial number to test the possibility of item omission or duplication. Management Estimates • Using an expert to develop an independent estimate for comparison to management’s estimate. • Extending inquiries to individuals outside of management and the accounting department to corroborate management’s ability and intent to carry out plans that are relevant to developing the estimate. Specific Responses - Misstatements Due to Misappropriation of Assets Differing circumstances would necessarily dictate different responses. Ordinarily, the audit response to an assessed risk of material misstatement due to fraud relating to misappropriation of assets will be directed toward certain account balances and classes of transactions. Although some of the audit responses noted in the two categories above may apply in such circumstances, the scope of the work is to be linked to the specific information about the misappropriation risk that has been identified. Examples of responses to the auditor’s assessment of the risk of material misstatements due to misappropriation of assets are as follows: • Counting cash or securities at or near year-end. • Confirming directly with customers the account activity (including credit memo and sales return activity as well as dates payments were made) for the period under audit. • Analysing recoveries of written-off accounts. • Analysing inventory shortages by location or product type. • Comparing key inventory ratios to industry norm. 743 Handbook of Auditing Pronouncements-II • Reviewing supporting documentation for reductions to the perpetual inventory records. • Performing a computerized match of the vendor list with a list of employees to identify matches of addresses or phone numbers. • Performing a computerized search of payroll records to identify duplicate addresses, employee identification or taxing authority numbers or bank accounts. • Reviewing personnel files for those that contain little or no evidence of activity, for example, lack of performance evaluations. • Analysing sales discounts and returns for unusual patterns or trends. • Confirming specific terms of contracts with third parties. • Obtaining evidence that contracts are being carried out in accordance with their terms. • Reviewing the propriety of large and unusual expenses. • Reviewing the authorization and carrying value of senior management and related party loans. • Reviewing the level and propriety of expense reports submitted by senior management. Possible other audit procedures for consideration by auditors A. Illustrative Q & A for Evaluating the Fraud Risk Assessment process of the company Fraud Risk Assessment 1. Does the company have formal and regularly scheduled procedures to perform fraud risk assessments? 2. Are appropriate personnel involved in the fraud risk assessments? 3. Are fraud risk assessments performed at all appropriate levels of the organization (such as the entity level, significant locations or business units, significant account balance or major process level)? 4. Does the fraud risk assessment include consideration of internal and external risk factors (including pressures or incentives, rationalizations or attitudes, and opportunities)? 744 Reporting on Fraud under Section 143(12) 5. Does the fraud risk assessment include the identification and evaluation of past occurrences and allegations of fraud within the entity and industry? Does it include the evaluations of unusual financial trends or relationships identified from analytical procedures or techniques? 6. Does the fraud risk assessment consider the risk of management’s override of controls? 7. Does management consider the type, likelihood, significance, and pervasiveness of identified fraud risks? 8. Are fraud risk assessments updated periodically to include considerations of changes in operations, new information systems, acquisitions, changes in job roles and responsibilities, employees in new positions, results from self-assessments of controls, monitoring activities, internal audit findings, new or evolving industry trends, and revisions to identified fraud risks within the organization? 9. Does management assess the design and operating effectiveness of the fraud risk assessments? 10. Does management adequately document its assessments and conclusions regarding the design and operating effectiveness of the fraud risk assessments? 11. Is the fraud risk assessment designed and operating effectively? Control Environment 1. Does the company maintain a proper tone at the top? Did management assess the tone of the organisation to determine if the culture encourages ethical behaviour, consultation, and open communication? (This assessment can be made through inquiries and interviews, or by internal audit review.) 2. Do the audit committee and the Board of Directors have sufficient oversight of management’s anti-fraud programs and controls? 3. Does the internal audit function have sufficient involvement in anti-fraud programs and controls, including monitoring of the effectiveness of anti- fraud programs and controls, given the size and complexity of the organization? Does the internal audit function reports directly to the audit committee? 4. Does the company have a published code of ethics/conduct (with provisions related to conflicts of interest, related-party transactions, illegal acts, and fraud) made available to all personnel and does 745 Handbook of Auditing Pronouncements-II management require employees to confirm that they accept and agree to follow it? Does the frequency of exceptions undermine the code’s effectiveness? Does the code comply with all applicable rules and regulations? 5. Does the company have an ethics/whistle blower hotline with adequate procedures to handle anonymous complaints (received from inside and outside the company), and to accept confidential submission of concerns about questionable accounting, internal accounting control, or auditing matters? Are tips and whistle blower complaints investigated and resolved in a timely manner? 6. Does the company have formal hiring and promotion policies, including background checks for those employees with influence over financial reporting or involved in the preparation of the financial statements? 7. Does the company have formal and effective training for employees and new hires on issues of fraud, ethics, and the code of ethics/conduct? 8. Does the company respond in a timely and appropriate manner to significant control deficiencies, allegations or concerns of fraud, and violations of the code of ethics/conduct? 9. Does management assess the design and operating effectiveness of the control environment? 10. Does management adequately document its assessments and conclusions regarding the design and operating effectiveness of the control environment? 11. Is the control environment designed and operating effectively? Anti-fraud Control Activities 1. Does the company adequately map or link identified fraud risks to control activities designed to mitigate the fraud risks? 2. Does management design and implement preventative and detective controls (preventative controls are designed to stop fraud from occurring and detective controls are designed to identify the fraud if it occurs)? 3. Does the company have controls that restrain the misappropriation of company assets that could result in a material misstatement of the financial statements? 4. Does the company have controls that address the risk of management’s override of controls (including controls over journal entries and adjustments, estimates, and unusual or non-routine transactions)? 746 Reporting on Fraud under Section 143(12) 5. Does the company consider security controls (including IT controls and limited access to accounting systems), and consider the adequacy of fraud detection and monitoring activities utilizing information systems? 6. Does management assess the design and operating effectiveness of anti-fraud control activities? 7. Does management adequately document its assessments and conclusions regarding the design and operating effectiveness of antifraud control activities? 8. Are anti-fraud control activities designed and operating effectively? Information & Communication 1. Is information on ethics and management’s commitment to anti-fraud programs and controls effectively communicated throughout the organisation to all employees? 2. Does management have procedures to disseminate and collect information regarding anti-fraud programs and controls, fraud risks, allegations of fraud, and concerns of improper accounting to and from all levels of the organization and external parties (where appropriate)? 3. Does management assess the design and operating effectiveness of information and communication? 4. Does management adequately document its assessments and conclusions regarding the design and operating effectiveness of information and communication? 5. Are procedures and activities for communicating information regarding anti-fraud programs and controls designed and operating effectively? Monitoring Activities 1. Are internal audit and others actively involved in monitoring and assessing anti-fraud programs and controls? 2. Is the internal audit activity adequate for the size and operations of the organization? 3. Are findings and weaknesses identified during monitoring activities incorporated back into the fraud risk assessment, the design of the control environment and anti-fraud control activities? 4. Does the audit committee have oversight of monitoring activities? 747 Handbook of Auditing Pronouncements-II 5. Does management assess the design and operating effectiveness of monitoring activities? 6. Does management adequately document its assessments and conclusions regarding the design and operating effectiveness of the monitoring activities? 7. Are monitoring and assessment activities designed and operating effectively? B. Additional examples of audit procedures to address fraud risk factors Incorporate “element of surprise” in the audit procedures and timeliness • Existence of assets is generally confirmed through physical verification. To re-verify the existence of assets at a later date to ensure that they were not borrowed or temporarily created. • Compliance tests of internal controls, disbursement of wages, procedures for obtaining quotations for sale and disposal of scrap, material weighments, etc. can be verified repeatedly. Such procedures may reveal inconsistencies, if any. • Element of unpredictability/surprise should be incorporated in physically verifying stocks with third parties. • Rotate the components between audit team members to overcome familiarity threat with regard to audit procedures. • Visiting locations or performing certain tests on a surprise or unannounced basis. Apply test of reasonableness and test of absurdity • Existence of vendor/customer website for all huge value bills and payments. Also check the date on which the website was hosted. A recently uploaded webpage is also suspicious. • Two or more employees arriving and departing at the same time consistently. • Are stocks ordered irrespective of large existing balances. • Whether value of property acquired is within the acceptable range of prevailing market value. • Check for inconsistent facts while reading the contracts and agreements. 748 Reporting on Fraud under Section 143(12) Search for mutually exclusive events • Production quantity cannot be greater than machine capacity; sales cannot be quantitatively greater than opening stocks plus purchases/production. • Production cannot be possible in periods of strike, downtime etc. • Fuel for diesel cars cannot be supported by petrol bills or vice versa. • Stocks cannot be physically greater than the volumetric capacity of storage place. • An employee who has left cannot approve any transactions after the date of departure or before the date of appointment. • Yield and rejection ratio for identical machines in different locations should theoretically be the same. • Sales returns and warranty claims for the same products across different sales locations should be more or less consistent. If they are grossly inconsistent, analyse reasons. Possible Other Audit Procedures – Cash and Bank Risks Audit Procedures Cheque signing mandate given to more Review the cheque signing number of persons which is not mandate for both crossed and commensurate with the nature, size of bearer cheque. the business. This may increase the risk Evaluate whether the authority of collusion between cheque signing levels set are strong and is authorities in remote locations commensurate with the nature and size of the business. Possibilities of cheques being forged and Obtain specimen signatures of all payment vouchers being approved by authorised signatories and share it unauthorised persons with the engagement team members during the planning stage. Snowballing of bank charges and forex Check all cash contras and inter- gains/losses back transfers – Ensure that cash withdrawals as per the bank statement is reflected as cash 749 Handbook of Auditing Pronouncements-II withdrawal in the bank book as well on the same date. Duplicates in cheque numbers could The “IF” function in Excel along with indicate double accounting of expense or its derivative usage with “And/or” payment. can be useful for detecting gaps, finding duplicates and locating multiple records. Gaps in cheque numbers may indicate The “IF” function in Excel along with that some cheques have been its derivative usage with “And/or” deliberately kept aside for some other can be useful for detecting gaps, motives which certainly is a concern finding duplicates and locating multiple records. Cash withdrawals or other transactions Obtain a list of bank accounts held as per bank statement accounted and ascertain the purpose for which differently in the bank book each bank account is used. On a sample basis, select one month each for each of the bank accounts, obtain bank statements directly from the bank and re- perform bank reconciliation statements. Possible Other Audit Procedures – Test of Details Tests Purpose Procedures Physical • Helps identify a) Is the paper voucher replacement or insertion relatively new or has consistency test of a new voucher. it yellowed less in in a series comparison with • Can be applied for cash other vouchers and bank payments, around the same supplier invoices from date. the same supplier, purchase vouchers, b) Are the routine ticks 750 Reporting on Fraud under Section 143(12) journal vouchers etc. missing. c) Is the paid stamp missing. Specimen Helps to identify simple To obtain specimen signatures forgeries or fictitious signatures of all comparison test transactions. signatories and keep them for comparison during vouching. Chronological Helps in identifying Check if the supporting test of fraudulent/fictitious bills when vouchers are dated supporting huge bunches of supporting subsequent to the vouchers vouchers are attached to a payment voucher date or single voucher. the date relates to earlier periods? Chronological Helps to identify if any If any of the authorised test of approvals vouchers were approved by signatories had resigned the resigned/newly joined or newly joined during the employee after the year, along with the resignation date or before the specimen signatures also joining date. obtain their date of resignation or joining. Possible Other Audit Procedures – Management Override of Controls • Performing a detailed review of the entity’s quarter-end or year-end adjusting entries and verifying any that appear unusual as to nature or amount. • For significant and unusual transactions, particularly those occurring at or near year-end, verifying the possibility of related parties and the sources of financial resources supporting the transactions. • Use of statistical tool for sample selection. • Reviewing large and unusual expenses. • Reviewing the authorisation and carrying value of senior management and related party loans. 751 Handbook of Auditing Pronouncements-II • Reviewing the level and propriety of expense reports submitted by senior management. Possible Other Audit Procedures – Revenue Recognition • Comparing revenue reported by month/product line/remote locations during the current reporting period with comparable prior periods. • Computer-assisted audit techniques may be useful in identifying unusual or unexpected revenue relationships or transactions. • Inquiring of the entity’s sales and marketing personnel or in-house legal counsel to corroborate information relating to sales returns, discounts, shipments near the end of the period etc. • Being physically present at one or more locations at period end to observe goods being shipped or being readied for shipment • Risk of understating/not accounting scrap sales. Possible Other Audit Procedures – Inventory • Examining the entity's inventory records to identify locations or items that require specific attention during or after the physical inventory count. • Observing inventory counts at certain locations on an unannounced basis or conducting inventory counts at all locations on the same date. • Analysing inventory shortages by location or product type. • Performing additional procedures during the observation of the count, for example: − more rigorously examining the contents of boxed items, − the manner in which the goods are stacked (for example, hollow squares) or labeled, − the quality (that is, purity, grade, or concentration) of liquid substances such as oil or specialty chemicals. − take the help of technical experts to weigh/measure inventory. Possible Other Audit Procedures – Vendor and Customer • Check for duplicate vendor IDs, contact number, bank account number. • Obtaining back dated cheques from customers and credit to customer based on instrument date and not the deposit date to reduce the outstanding debtors and also to reduce the penal interest. 752 Reporting on Fraud under Section 143(12) • Unidentified credit balances have possibility of being misused by way of wrong credits to suppliers, customers, accomplices and could also facilitate teeming and lading of collections. • Analysing recoveries of written-off accounts. • Receivables growing faster than revenues. Possible Other Audit Procedures – Employees • Reviewing personnel files for those that contain little or no evidence of activity, for example, lack of performance evaluations. 753 Handbook of Auditing Pronouncements-II Appendix 5 (Refer paragraph 87) Illustrative Format for Reporting to Board or the Audit Committee on Fraud (As required by Rule 13 of the Companies (Audit and Auditors) Rules, 2014 Date: Subject: Report under Sub-section (12) of Section 143 of the Companies Act, 2013 on suspected offence involving fraud being committed or having been committed against the company by its officers or employees. S.No Particulars Details 1(a) Name of the Company8 1(b) CIN 1(c) Address of the Registered Office 2(a) Name of the auditor or auditor’s Firm9 2(b) Membership number 2(c) Address 3 Date of the annual general meeting when the auditor was appointed or reappointed 4 SRN and date of filing 5 Address of the office or location where the suspected offence is believed to have been or is being committed 6 Full details of the suspected offence involving fraud (attach documents in support)10 (Refer Note 1) 8 Where the suspected offence relates to any component (subsidiary, associate, joint venture) forming part of the consolidated financial statements, to include and specify accordingly. 9 Where the period of offence dates back to an earlier time period, where the current auditor was different, to indicate the name of the predecessor auditor. 10 Supports would relate to the convincing evidence that supported the suspicion of the auditor. 754 Reporting on Fraud under Section 143(12) S.No Particulars Details 7 Particulars of the officers or employees who are suspected to be involved in the commission of the offence, if any: 7(a) Name (s) 7(b) Designation 7(c) If Director, his DIN 7(d) PAN 8 Basis on which fraud is suspected11 9 Period during which the suspected fraud has occurred 10 Date of sending report to the Board or Audit Committee as per rule 13(1) 11 Estimated amount involved in the suspected fraud (Refer Note 2) 12 Any other relevant information Notes: 1. The details of suspected offence involving fraud are those that have arisen during the course of performance of duties by the auditor and hence the auditors do not offer any assurance on completeness of the said matter or any other matter that may not be knowledgeable to the auditor. 2. The estimated amount indicated in Point No. 11 in the table above is based on the available information and evidence relating to the suspected fraud that supports the suspicion of the auditor. It is expected that based on this reporting by the auditors, Those Charged with Governance would initiate an investigation/forensic audit and provide complete details to the auditor to enable him to report to the Central Government and also to assess the impact of the same on the financial statements. 11 With respect to the suspected fraud, briefly state procedures performed, the audit evidence obtained and the conclusions on evaluation of the audit evidence. 755 Handbook of Auditing Pronouncements-II APPENDIX 6 (Refer paragraphs 3 and 103) Form No. ADT-4 REPORT TO THE CENTRAL GOVERNMENT (See rule 13(4) of the Companies (Audit and Auditors) Rules, 2014) Date: Subject: Report under sub- section (12) of section 143 of the Companies Act, 2013 on suspected offence involving fraud being committed or having been committed 1) (a) Name of the Company (b) CIN: (c) Address of the Registered Office: 2) (a) Name of the auditor or auditor’s Firm (b) Membership Number (c) Address 3) Date of the annual general meeting when the Auditor was appointed or reappointed 4) SRN and date of filing 5) Address of the office or location where the suspected offence is believed to have been or is being committed 6) Full details of the suspected offence involving fraud (attach documents in support) 7) Particulars of the officers or employees who are suspected to be involved in the commission of the offence, if any: a) Name(s) : b) Designation c) If Director, his DIN d) PAN 756 Reporting on Fraud under Section 143(12) 8) Basis on which fraud is suspected: 9) Period during which the suspected fraud has occurred 10) Date of sending report to the Board or Audit committee as per rule 13(1) 11) Date of reply received from Board or Audit committee, if any and if so received, attach copy thereof and give gist of the reply 12) Whether the auditor is satisfied with the reply of the Board or Audit committee. Yes _____ No _____. 13) Estimated amount involved in the suspected fraud; 14) Details of steps, if any, taken by the company in this regard; (Furnish full details with references) 15) Any other relevant information. VERIFICATION I, ....……, Proprietor/Partner of ……........., Chartered Accountants do hereby declare that the information furnished above is true, correct and complete in all respects including the attachments to this form. (Name, Signature and Seal of the Auditor) Attachments: 1. Optional attachments 757 Handbook of Auditing Pronouncements-II APPENDIX 7 (Refer paragraph 105) Illustrative Management Representation Letter (for the reply of the Board or the Audit Committee on fraud reported by the auditor under Rule 13(1) of Companies (Audit and Auditors) Rules, 2014) [Letterhead of the Entity] Messrs. Name of the Audit Firm Chartered Accountants Dear Sirs, This representation letter is provided in connection with our reply dated ___ to you pursuant to your letter dated ____ on fraud suspected by you and reported to us under Rule 13(1) of the Companies (Audit and Auditors) Rules, 2014. We understand that the fraud reported by you is as follows: (Details of fraud reported by the Auditors) We acknowledge that because of the inherent limitations of an audit, together with the inherent limitations of internal controls, there is an unavoidable risk that material misstatements due to fraud or error may occur and not be detected, even though the audit is properly planned and performed by the auditor in accordance with the Standards on Auditing and that the matter reported by you in your letter dated ____ is not exhaustive or complete list of frauds against the Company that may exist. We acknowledge our responsibility for the prevention and detection of fraud. Our responsibility also includes informing you about any fraud detected and remedied by the management, any incidence of fraud reported through the vigil mechanism or through any other internal or external sources. We acknowledge that we are also responsible to take appropriate action when a fraud is detected or reported though any of the sources. In particular we confirm that we are responsible for the following: a) Designing, implementing, and maintaining internal controls relevant to the preparation and fair presentation of the financial statements which are free from material misstatements, whether due to fraud or error. b) To set up a vigil mechanism for reporting suspected fraud and administer the mechanism effectively. 758 Reporting on Fraud under Section 143(12) c) Take appropriate action to detect the fraud and wrongful gain or loss, if any, incurred on account of the fraud. d) Take appropriate action against the fraudsters. e) Address the control weaknesses which were the root cause for fraud and strengthen the internal control system. We confirm the following representations in respect of fraud noted and reported during the year/period, other than for the matters reported by you: 1. There have been no communications from regulatory agencies concerning non-compliance with or deficiencies in financial reporting practices [except for (insert appropriate description)]. 2. We have disclosed to you all changes/deficiencies in the design or operation of internal controls over financial reporting identified as part of our assessment, including separately disclosing to you all such deficiencies that we believe to be significant deficiencies or material weaknesses in internal controls over financial reporting. 3. We acknowledge our responsibilities for the implementation and operation of accounting and internal control systems that are designed to prevent and detect fraud and error. We have disclosed to you the results of our assessment of the risk that the financial statements may be materially misstated as a result of fraud. 4. We are not aware of any/We have disclosed to you all significant facts relating to any frauds or suspected frauds known that may have involved (i) Management; (ii) Employees who have significant roles in accounting and internal control; or (iii) Others. 5. To the best of our knowledge and belief, the Company has not made any improper payments or payments which are illegal or against public policy. 6. The Company has complied with all aspects of contractual agreements which could have a material effect on the financial statements in the event of non-compliance. There has been no non-compliance with requirements of regulatory authorities that could have a material effect on the financial statements in the event of non-compliance. 7. We have no plans or intentions which may materially affect the carrying value or classification of assets and liabilities reflected in the financial statements. 8. We have made available to you all books of account, supporting documentation and minutes of all meetings of the shareholders and the Board of Directors and Committees of the Board and all other details 759 Handbook of Auditing Pronouncements-II with regard to action taken by the management to evaluate the fraud reported by you. 9. We have acted in good faith and in the best interests of the Company regarding the action taken by the management to evaluate the fraud reported by you. 10. We have not withheld from you any relevant information that we are aware of and would have an implication on the process of your responsibilities to report fraud under the statute. 11. The conclusions reached by us are based on the rationale of facts and data that were identified during the investigation/other action taken by us to evaluate the fraud reported by you. 12. We believe that appropriate action has been taken against employees/officers involved in the fraud and we confirm that appropriate controls have been put in place to ensure that such incidences are avoided in the future. With effect from 1st April 2014, the provisions of the Companies Act, 2013 (‘the Act’) have become applicable to the Company. We understand that Section 143(12) of the said Act read with Rule 13 of the Companies (Audit and Auditors) Rules, 2014 requires the auditors to report on fraud to the Board or the Audit Committee prior to reporting the same to the Central Government. We are aware that the Board or the Audit Committee is required to consider the report of the auditor and respond on the matter reported within 45 days of the date of the report of the auditor. Insofar as the matter reported by you in your letter dated ___ and our reply thereto dated ____, we confirm the following: 1. We have carried out an investigation into the matter reported by you towards which ____, an independent agency/the Company’s internal auditor/Senior Management of the Company were engaged to investigate the matter. 2. Status of the investigation commissioned by the Board or the Audit Committee. I. Investigation complete and Board or the Audit Committee concurs with the auditor on the suspected fraud 1. We concur with your assessment of suspected fraud based on the following: (State details and the reasons for occurrence). 760 Reporting on Fraud under Section 143(12) 2. The persons allegedly involved in the matter are: (list names and designations, DIN (if a Director is involved) and PAN of the person. 3. Based on the investigation carried out, we confirm that the period to which the fraud relates is _____. 4. The estimate of amounts involved in the fraud as determined by the investigation is Rs. ______. 5. We have initiated the following steps with immediate effect to mitigate the recurrence of such fraud. (State steps taken to mitigate such risk in future). 6. We have initiated the following actions on the persons involved in the fraud (List action taken on the concerned persons.) [or] Pending closure of the internal hearings of the Committee of Ethics of the Company, no action has been taken on the persons involved. II. Investigation complete and Board or the Audit Committee does not concur with the auditor on the suspected fraud 1. State reasons for not concurring with the auditor’s assessment of suspected fraud with persuasive evidence supporting the Board or the Audit Committee conclusion. 2. We believe that the investigation commissioned by us was independent, comprehensive, objective, unbiased and did not involve any scope limitations. Specifically, the investigation focused on the following areas that are impacted by the suspected fraud reported by you: (list areas) 3. We confirm that no fraud has been or is being committed against the Company by its officers or employees as reported by you. III. Investigation is in progress 1. As on date of this letter, the investigation commissioned by the Board or the Audit Committee is in progress. 2. Management to state items in I.3 to I.8 to the extent applicable. We acknowledge that your report on suspected fraud under Section 143(12) of the Act is made in good faith to comply with the requirements of the law and, therefore, cannot be considered as breach of maintenance of client confidentiality requirements or be subject to any suit, prosecution or other legal 761 Handbook of Auditing Pronouncements-II proceeding since it is done in pursuance of the Act or of any rules or orders made thereunder. Yours faithfully, Chairman of the Audit Committee/Board 762 32 GUIDANCE NOTE ON REPORTING UNDER SECTION 143(3)(f) AND (h) OF THE COMPANIES ACT, 2013@ Contents Paragraph(s) Introduction .................................................................................... 1 Scope of the Guidance Note ......................................................... 2 Reporting under Section 143(3)(f) of the Act ............................ 3-10 Reporting under Section 143(3)(h) of the Act ......................... 11-21 Appendix @ Issued in April 2015. Introduction 1. Section 143 of the Companies Act, 2013 (hereinafter referred to as the “Act”) deals with the powers and duties of the auditors of companies. Section 143(1) of the Act requires the auditor to make certain specific enquiries during the course of the audit. Section 143(2) of the Act requires the auditor to, inter alia, give his report to the members of company on the accounts examined by him, and on every financial statement which are laid before the company in a general meeting. Sub-section (3) of section 143 of the Act also lays down certain matters required to be reported upon by the auditor in his report. Sub-section (3) of section 143 of Act provides as follows: "(3) The auditor's report shall also state - (a) whether he has sought and obtained all the information and explanations which to the best of his knowledge and belief were necessary for the purpose of his audit and if not, the details thereof and the effect of such information on the financial statements; (b) whether, in his opinion, proper books of account as required by law have been kept by the company so far as appears from his examination of those books and proper returns adequate for the purposes of his audit have been received from branches not visited by him; (c) whether the report on the accounts of any branch office of the company audited under sub-section (8) by a person other than the company’s auditor has been sent to him under the proviso to that sub-section and the manner in which he has dealt with it in preparing his report; (d) whether the company’s balance sheet and profit and loss account dealt with in the report are in agreement with the books of account and returns; (e) whether, in his opinion, the financial statements comply with the accounting standards; (f) the observations or comments of the auditors on financial transactions or matters which have any adverse effect on the functioning of the company; (g) whether any director is disqualified from being appointed as a director under sub-section (2) of section 164; 764 Reporting under Section 143(3)(f) & (h) (h) any qualification, reservation or adverse remark relating to the maintenance of accounts and other matters connected therewith; (i) whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls; (j) such other matters as may be prescribed.1 Scope of the Guidance Note 2. This Guidance Note is intended to assist the auditors in discharging their duties in respect of clauses (f) and (h) of sub-section (3) of section 143 of the Act. Clause (f) of the said sub-section creates a requirement for the auditor to consider observations or comments of the auditor on financial transactions or matters which have an adverse effect on the functioning of the company. Such observations or comments would ordinarily lead to the modification of or an emphasis of matter in the auditor’s report on financial statements. It may be noted that the matters that lead to modification in the auditor’s report on financial statements are matters that give rise to a qualified opinion, adverse opinion or a disclaimer of opinion2. Further, matters that lead to an emphasis of matter paragraphs are matters appropriately presented or disclosed in the financial statements that, in the auditor’s judgement, are of such importance that they are fundamental to the users’ understanding of the financial statements3. If the matter leading to the modification of the auditor’s opinion or an emphasis of matter in the auditor’s report on financial statements is likely to have an adverse effect on the functioning of the company, the auditor is required to report such matter. Under clause (h) of sub-section (3) of section 143 of the Act, the auditor is required to state whether any matter leading to a qualification, reservation or adverse remark, that is, effectively the modification of the auditor’s report on financial statements, relates to the maintenance of accounts and other matters connected therewith. Reporting under Section 143(3)(f) of the Act 3. The relevant extracts of section 143(3)(f) of the Act are reproduced below: “(3). The auditor’s report shall also state – 1 Refer Rule 11 of Companies (Audit and Auditors) Rules, 2014. 2 Reference may be made to Standard on Auditing (SA) 705, “Modifications to the Opinion in the Independent Auditor’s Report.” 3 Reference may be made to paragraphs 6 and 7 of Standard on Auditing (SA) 706, “Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report.” 765 Handbook of Auditing Pronouncements-II ……………………………………. (f) the observations or comments of the auditors on financial transactions or matters which have any adverse effect on the functioning of the company;” 4. Clause (f) requires the auditor to report "the observations or comments of the auditors on financial transactions or matters which have any adverse effect on the functioning of the company". An auditor’s report may contain matters leading to modifications to the auditor’s opinion or emphasis of matter in the auditor’s report on the financial statements. Such matters may be related to issues which may have an adverse effect on the functioning of the company. The words “observations” or “comments” as appearing in clause (f) of section 143(3) are construed to have the same meaning as referring to “emphasis of matter paragraphs, situations leading to modification in the auditor’s report. Accordingly, the auditor should have made an “observation” or “comment” in the auditor’s report in order to determine the need to report under clause (f) of section 143(3). Therefore, only such "observations" or "comments" of the auditors on financial transactions or matters that have been made by the auditor in the auditor’s report which have an adverse effect on the functioning of the company are required to be reported under this clause. For the sake of clarity, it may be noted that neither the auditor’s observations nor the comments made by him have any adverse effect on the functioning of a company. These observations or comments made by the auditor might contain matters which might have an adverse effect on the functioning of a company. 5. The Act does not specify the meaning of the phrase 'adverse effect on the functioning of the company'. The expression should not be interpreted to mean that any event affecting the functioning of the company, observed by the auditor, should be reported upon even though it does not affect the financial statements, e.g., revocation of a license to manufacture one out of the many products during the year to which the financial statements relate, where such product that does not have any material contribution to the revenues of the company, etc. Such an interpretation would not only be beyond the scope of the audit of financial statements of the company but would also not be in accordance with the objective and concept of audit stipulated under the Act. A more logical and harmonious interpretation is that this reporting requirement does not intend to change the basic objective and the concept of audit of financial statements of a company, which is to examine the financial statements with a view to express an opinion thereon. 766 Reporting under Section 143(3)(f) & (h) 6. The scope of the audit and auditor’s role remains as contemplated under the Standards on Auditing (SAs) and other relevant pronouncements issued by the Institute of Chartered Accountants of India as well as laid down in the Act, i.e., to lend credibility to the financial statements by reporting whether they reflect a true and fair view. SA 200, Objective of the Independent Auditor and the Conduct of an Audit in Accordance with Standards of Auditing, specifies that the purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. An audit conducted in accordance with SAs and relevant ethical requirements enables the auditor to form the opinion of the true and fair view of the financial position and operating result of an enterprise. The auditor’s opinion, therefore, does not assure, for example, the future viability of the entity nor the efficiency or effectiveness with which management has conducted the affairs of the entity. SAs require auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (i.e., the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. However, reasonable assurance is not an absolute level of assurance because there are inherent limitations of an audit which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. At this juncture, it may also be noted that SA 200 also clearly states that the concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements. 7. There is no change in the objective and scope of an audit of financial statements because of inclusion of clause (f) in sub-section (3) of section 143 of the Act. The auditor expresses his opinion on the true and fair view presented by the financial statements through his report which may be modified in certain circumstances. However, the auditor would now have to evaluate the subject matters leading to modification of the audit report or emphasis of matter in the auditor’s report to make judgement as to which of them has an adverse effect on the functioning of the company within the overall context of audit of financial statements of the company. Only such matters which, in the opinion of the auditor, have an adverse effect on the 767 Handbook of Auditing Pronouncements-II functioning of the company should be reported under this clause. Conversely, such qualifications or adverse opinions or disclaimer of opinion or emphasis of matters of the auditor, which do not deal with matters that have adverse effect on the functioning of the company, need not be reported under this clause. 8. As far as inquiries under section 143(1) are concerned, the auditor is not required to report on these matters unless he has any comments to make on any of the items referred to therein. If the auditor has any comments or observations on any of the matters stated in section 143(1), the auditor should consider such comments or observations when reporting under this clause if they contain matters that may have any adverse effect on the functioning of the company. 9. Auditor’s will need to apply professional judgement in considering matters of emphasis that may have an adverse effect on the functioning of the company. Ordinarily matters that are pervasive in nature such as going concern or matters that will significantly impact the operations of the company due to its size and nature will need to be reported under clause (f) of sub- section (3) of section 143 of the Act. Examples of emphasis of matter which may have an adverse effect on the functioning of the company include situations where: • the going concern assumption is appropriate but there are several factors leading to a material uncertainty that may cast a significant doubt about the Company’s ability to continue as a going concern; or • a material uncertainty regarding the outcome of a litigation wherein an unfavourable decision could result in a significant outflow of resources for the company, etc. Examples of emphasis of matter which may not have an adverse effect on the functioning of the company include a situation where there is an emphasis of matter: • on managerial remuneration which is subject to the approval of the Central Government; • relating to accrual of a contractually receivable claim based on management estimate where the ultimate realisation could be different from the amount accrued; • on frauds that have been dealt with in the financial statements of the company and would not have any continuing effect on the financial statements. 768 Reporting under Section 143(3)(f) & (h) 10. Another issue which arises is whether any observations or comments made by the auditor under clause (i) of section 143(3) in respect of the company’s internal financial controls over financial reporting, which may have any adverse effect on the functioning of the company, should also be reported in terms of this clause. In this regard, it is noted that reporting under section 143(3)(i) is part of the auditor’s report though it may be reported in an annexure to the auditor’s report. Accordingly, if any observations or comments made by the auditor on the adequacy or operating effectiveness of internal financial controls over financial reporting contain such matters, which, in his opinion, may have any adverse effect on the functioning of the company, should also be reported under clause (f) of section 143(3) even if such observation did not result in a modification to the audit opinion on the financial statements of the company. An example in this regard may be where an auditor reports that the company did not have an appropriate internal control system for inventory with regard to receipts, issue for production and physical verification. Reporting under Section 143(3)(h) of the Act 11. The relevant extracts of section 143(3)(h) of the Act are reproduced below: “(3). The auditor’s report shall also state – ……………………………………. (h) any qualification, reservation or adverse remark relating to the maintenance of accounts and other matters connected therewith;” 12. Clause (h) requires the auditor to report "any qualification, reservation or adverse remark” relating to the maintenance of accounts and other matters connected therewith. An auditor’s report may contain matters leading to modifications in the auditor’s report on financial statements. The matters that cause such modification may have a consequential effects or possible effects on the books of account maintained by the company and other matters connected therewith. 13. Section 128 of the Act, inter alia, states that every company shall prepare and keep its books of account and other relevant books and papers and financial statements that give a true and fair view of the state of affairs of the company. Section 129(1) of the Act, inter alia, states that the financial statements shall comply with the accounting standards notified under section 133 of the Act. Section 2(13) of the Act defines “books of account” to include records maintained in respect of— 769 Handbook of Auditing Pronouncements-II (i) all sums of money received and expended by a company and matters in relation to which the receipts and expenditure take place; (ii) all sales and purchases of goods and services by the company; (iii) the assets and liabilities of the company; and (iv) the items of cost as may be prescribed under section 148 in the case of a company which belongs to any class of companies specified under that section; Clause (b) of section 143(3) requires the auditor to, inter alia, state whether, in his opinion, proper books of account as required by law have been kept by the company so far as appears from his examination of those books. 14. Matters to be reported under clause (h) of section 143(3) needs to be evaluated based on the financial statements prepared under the Act. This is also consistent with the other reporting responsibilities of the auditor on books of account and compliance with notified/specified accounting standards that are reported by him under section 143(3). Accordingly, reporting under this clause is determined based on the financial statements prepared i.e., as at the balance sheet date. 15. The words “qualification”, “adverse remark” and “reservation” used in clause (h) of section 143(3) should be considered to be similar to the terms “qualified opinion”, “adverse opinion” and “disclaimer of opinion”, respectively, referred to in SA 705 “Modifications to the Opinion in the Independent Auditor’s Report”. 16. Accordingly, the auditor would need to report under clause (h) of section 143(3) any matter that causes a qualification, adverse remark or disclaimer of opinion on the financial statements since such matters will or possibly will have an effect on the books of account maintained by the company. 17. Further, reporting under clause (h) of section 143(3) will be required if the auditor makes any observation under clause (b) of section 143(3) relating to whether proper books of account as required by law have been kept by the company. For example, the auditor may have made an observation on maintenance of cost records under clause (b) of section 143(3) and this may not have had an effect on the financial statements of the company or the auditor’s opinion on the financial statements. 18. As a corollary, reporting under clause (h) of section 143(3) will not be required if there are no modifications, i.e., no qualified, adverse or disclaimer of opinion, and there are no such observations under clause (b) of 770 Reporting under Section 143(3)(f) & (h) section 143(3) regarding books of account kept by the company. 19. Since clause (h) of section 143(3) requires the auditor to report under this clause only if the auditor has "any qualification, reservation or adverse remark”, it is appropriate to conclude that a matter reported under emphasis of matter paragraph in the audit report need not be considered for reporting under this clause as an emphasis of matter is not in the nature of a qualification, reservation (disclaimer) or adverse remark. 20. Any material weakness in internal financial controls that is reported by the auditor under clause (i) of section 143(3) may not have an impact on the maintenance of books of account if such material weakness did not result in a modification to the opinion on the financial statements of the company. However, if the material weakness in internal financial controls resulted in a modification to the audit opinion on the financial statements, then such modification may be covered for reporting under clause (h) of section 143(3) as stated in paragraph 17 above. 21. The Appendix to this Guidance Note contains illustrations on matters that may give rise to reporting under section 143(3)(f) and/or section 143(3)(h) of the Companies Act, 2013. 771 Handbook of Auditing Pronouncements-II APPENDIX Illustrative Matters Forming Basis For Modified Opinion Or Emphasis Of Matter Paragraph in the Auditor’s Report and Requiring Reporting Under Section 143(3)(f) and/or Section 143(3)(h) of the Companies Act, 2013 ILLUSTRATION 1 Basis for Qualified Opinion The Company’s inventories are carried in the Balance Sheet at Rs. XXX (As at 31st March 20YY: Rs. YYY). The Management has not stated the inventories at the lower of cost and net realisable value but has stated them solely at cost, which constitutes a departure from the Accounting Standard - 2 “Valuation of Inventories”. The Company’s records indicate that had the Management stated the inventories at the lower of cost and net realisable value, an amount of Rs. XXX (As at 31st March 20YY: Rs. YYY) would have been required to write the inventories down to their net realisable value. Accordingly, cost of sales would have been increased by Rs. XXX (Previous year ended 31st March, 20YY: Rs.YYY), and income tax, profit for the year and shareholders’ funds would have been reduced by Rs. X, Rs. XX and Rs. XXX, respectively (Previous year ended 31st March, 20YY: Rs.Y, Rs.YY and Rs.YYY, respectively). This matter was also qualified in our report/ the report of the predecessor auditors on the financial statements for the year ended 31st March 20YY.4 Qualified Opinion In our opinion and to the best of our information and according to the explanations given to us, except for the effects of the matter described in the Basis for Qualified Opinion paragraph above, the aforesaid standalone financial statements give the information required by the Act in the manner so required and give a true and fair view in conformity with the accounting principles generally accepted in India, of the state of affairs of the Company as at 31st March, 20XX, and its profit/loss and its cash flows for the year ended on that date. …………………….. ………………………. Report on Other Legal and Regulatory Requirements As required by Section 143 (3) of the Act, we report that: 4 Where applicable and only in such case, disclosure of previous year figures is required - Attention of the readers is drawn to the provisions of Standard on Auditing (SA) 710, Comparative Information—Corresponding Figures And Comparative Financial Statements . 772 Reporting under Section 143(3)(f) & (h) (a) We have sought and obtained all the information and explanations which to the best of our knowledge and belief were necessary for the purposes of our audit; .................................................... …………………………………………………. (f) The matter described in the Basis for Qualified Opinion paragraph above, in our opinion, may have an adverse effect on the functioning of the Company. …………………………… ……………………………. (h) The qualification relating to the maintenance of accounts and other matters connected therewith are as stated in the Basis for Qualified Opinion paragraph above.” ILLUSTRATION 2# Opinion In our opinion and to the best of our information and according to the explanations given to us, the aforesaid standalone financial statements give the information required by the Act in the manner so required and give a true and fair view in conformity with the accounting principles generally accepted in India, of the state of affairs of the Company as at 31st March, 20XX, and its profit/loss and its cash flows for the year ended on that date. Emphasis of Matters We draw attention to the following matters in the Notes to the financial statements: a) Note X to the financial statements which, describes the uncertainty related to the outcome of the lawsuit filed against the Company by XYZ Company. b) Note Y in the financial statements which indicates that the Company has accumulated losses and its net worth has been fully / substantially eroded, the Company has incurred a net loss/net cash loss during the current and previous year(s) and, the Company’s current liabilities exceeded its current assets as at the balance sheet date. These conditions, along with other matters set forth in Note Y, indicate the existence of a material uncertainty that may cast significant doubt about the Company’s ability to continue as a going concern. # In this case there is nothing reportable under sec 143(3)(h). 773 Handbook of Auditing Pronouncements-II However, the financial statements of the Company have been prepared on a going concern basis for the reasons stated in the said Note. Our opinion is not modified in respect of these matters. …………… Report on Other Legal and Regulatory Requirements As required by Section 143 (3) of the Act, we report that: ……… (f) The going concern matter described in sub-paragraph (b) under the Emphasis of Matters paragraph above, in our opinion, may have an adverse effect on the functioning of the Company. ILLUSTRATION 3 Basis for Qualified Opinion ABC Company Limited’s investment in XYZ Company, a foreign associate whose net worth has been fully/substantially eroded, is carried at Rs. XXX in the Balance Sheet as at March 31, 20XX. We were unable to obtain sufficient appropriate audit evidence about the carrying amount of ABC Company Limited’s investment in XYZ Company as at March 31, 20XX because we were denied access to the financial information, management, and the auditors of XYZ Company. Consequently, we were unable to determine whether any adjustments to these amounts were necessary. Qualified Opinion In our opinion and to the best of our information and according to the explanations given to us, except for the possible effects5 of the matter described in the Basis for Qualified Opinion paragraph, the aforesaid standalone financial statements give the information required by the Act in the manner so required and give a true and fair view in conformity with the accounting principles generally accepted in India of the state of affairs of the Company as at 31st March 20XX, and its profit/loss and its cash flows for the year ended on that date. Report on Other Legal and Regulatory Requirements As required by section 143 (3) of the Act, we report that: ………………………………. 5 Note the use of words “possible effects” as the auditor was unable to obtain sufficient appropriate audit evidence. 774 Reporting under Section 143(3)(f) & (h) ……………………………….. (f) The matter described in the Basis for Qualified Opinion paragraph above, in our opinion, may have an adverse effect on the functioning of the Company. …………………….. (h) The qualification relating to the maintenance of accounts and other matters connected therewith are as stated in the Basis for Qualified Opinion paragraph above. ILLUSTRATION 4 Basis for Adverse Opinion The Company’s financing arrangements expired and the amount outstanding was payable on March 31, 20XX. The Company has been unable to re-negotiate or obtain replacement financing and is considering filing for bankruptcy. These events indicate a material uncertainty that may cast significant doubt on the Company’s ability to continue as a going concern and, therefore, it may be unable to realise its assets and discharge its liabilities in the normal course of business. The financial statements (and notes thereto) do not disclose this fact. Adverse Opinion In our opinion, because of the omission of the information mentioned in the Basis for Adverse Opinion paragraph, the financial statements do not give the information required by the Companies Act, 2013 in the manner so required and also do not give a true and fair view in conformity with the accounting principles generally accepted in India of the state of affairs of the Company as at 31st March, 20XX, and its profit/loss and its cash flows for the year ended on that date. ………………………... Report on Other Legal and Regulatory Requirements As required by section 143 (3) of the Act, we report that: …………………. (f) The matter described in the Basis for Adverse Opinion paragraph above, in our opinion, may have an adverse effect on the functioning of the Company. ……………… (h) The adverse remarks relating to the maintenance of accounts and other matters connected therewith are as stated in the Basis for Adverse Opinion paragraph above. 775 Handbook of Auditing Pronouncements-II ILLUSTRATION 5 Basis for Disclaimer of Opinion We were appointed as auditors of the Company after March 31, 20X1 and thus could not observe the counting of physical inventories at the beginning and end of the year. Accordingly, we were unable to satisfy ourselves by alternative means concerning the inventory quantities held at March 31, 20X0 and March 31, 20X1 which are stated in the Balance Sheet at Rs. XXX and Rs. XXX, respectively. In addition, the introduction of a new computerised accounts receivable system in September 20X0 resulted in numerous errors in accounts receivable. As of the date of our audit report, Management was still in the process of rectifying the system deficiencies and correcting the errors. We were unable to confirm or verify by alternative means accounts receivable included in the Balance Sheet at a total amount of Rs. XXX as at March 31, 20X1. As a result of these matters, we were unable to determine whether any adjustments might have been found necessary in respect of recorded or unrecorded inventories and accounts receivable in the Balance Sheet, and the corresponding elements making up the Statement of Profit and Loss and Cash Flow Statement. Opinion Because of the significance of the matters described in the Basis for Disclaimer of Opinion paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we do not express an opinion on the financial statements. Report on Other Legal and Regulatory Requirements As required by section 143 (3) of the Act, we report that: …………………………. …………………………... (f) The matter described in the Basis for Disclaimer of Opinion paragraph above, in our opinion, may have an adverse effect on the functioning of the Company. ........................... (h) The reservation relating to the maintenance of accounts and other matters connected therewith are as stated in the Basis for Disclaimer of Opinion paragraph above. 776 33 GUIDANCE NOTE ON AUDIT OF INTERNAL FINANCIAL CONTROLS OVER FINANCIAL REPORTING* Brief Contents Paragraph(s) Part A: Overview Part B: Detailed Guidance Section I: Background ......................................................... 1-13 Section II: Reporting on Internal Financial Controls under the Companies Act, 2013 .................................. 14-47 Section III: Overview of Internal Controls as per SA 315 .............................................................. 48-66 Section IV: Technical Guidance on Audit of Internal Financial Controls Over Financial Reporting ... 67-167 Section V: Implementation Guidance .......................... IG.1-IG.21 Appendices * Issued in September 2015. Readers may note that the CD accompanying this Handbook contains some important contents of the Guidance Note, e.g., “Appendix IV: Illustrative Risks of Material Misstatement, Related Control Objectives and Control Activities” and “Illustrative Work Paper Templates for Testing Controls”. Readers are therefore requested to also refer the CD along with this Guidance Note. DETAILED CONTENTS Section Topic Paragraph reference PART A OVERVIEW I Scope of reporting on internal financial controls under clause (i) of Sub-section 3 of Section 143 of the Companies Act, 2013 II Applicability of reporting in the case of unlisted companies III Criteria for internal financial controls over financial reporting IV Specified date for reporting on the adequacy and operating effectiveness of internal financial controls over financial reporting and applicability in case of interim financial statements V Auditors’ responsibility for reporting on internal financial controls over financial reporting in case of consolidated financial statements VI Components of internal control and guidance provided VII Flowchart illustrating typical flow of audit of internal financial controls over financial reporting PART B DETAILED GUIDANCE Section I Background Introduction 1-3 Auditors’ responsibility for reporting on 4-5 Internal financial controls over financial reporting in India Reporting on internal financial controls over 6-13 financial reporting – global scenario Section II Reporting on Internal Financial Controls under the Companies Act, 2013 778 Section Topic Paragraph reference Criteria to be considered by companies for 14-25 developing, establishing and reporting on internal financial controls over financial reporting Objective in an audit of internal financial 26-35 controls over financial reporting and interpretation of the term ‘internal financial controls’ for auditor’s reporting under Section 143(3)(i) Applicability of standards on auditing for the 36-37 audit of internal financial controls over financial reporting Specified date for reporting on the 38-42 adequacy and operating effectiveness of internal financial controls over financial reporting Auditors’ responsibility for reporting on 43-45 internal financial controls over financial reporting in the case of unlisted companies Auditors’ responsibility for reporting on 46-47 internal financial controls over financial reporting in case of consolidated financial statements Section III Overview of Internal Controls as per SA 315 Components of internal control 48-60 Components of Internal Control and 61 Guidance provided Effective internal control 62-65 Limitations of internal control system 66 Section IV Technical Guidance on Audit of Internal Financial Controls Over Financial Reporting Introduction 67-71 Combining the audits 72-74 Planning the audit 75 Role of risk assessment 76-78 779 Section Topic Paragraph reference Customising the audit 79 Addressing the risk of fraud 80-81 Using the work of others 82-85 Materiality 86 Using a top-down approach 87 Identifying entity-level controls 88-93 Identifying significant accounts and 94-99 disclosures and their relevant assertions Understanding likely sources of 100-104 misstatement Selecting controls to test 105-107 Testing controls - testing design 108-109 effectiveness Testing controls - testing operating 110-111 effectiveness Relationship of risk to the evidence to be 112-122 obtained Special considerations for subsequent 123-127 years' audits Evaluating identified deficiencies 128-134 Indicators of material weakness 135-136 Communicating certain matters 137-143 Subsequent events 144-149 Obtaining written representations 150-152 Forming an opinion 153-156 Reporting on internal financial controls over 157 financial reporting Audit Report 158-160 Modified opinion 161-163 Report date 164 Audit documentation 165 Considerations for joint audits and branch 166 audits 780 Section Topic Paragraph reference Considerations for using this guidance for 167 internal financial control over financial reporting assessments on behalf of company’s management Section V Implementation Guidance (IG) IG 1 – IG 21 IG 1 Multiple Locations Scoping Decisions IG 2 Process Flow Diagrams Understanding process flows IG 2.1 Information system relevant to financial IG 2.2 reporting Process flow diagrams IG 2.3– IG 2.4 Audit-specific elements to be added to IG 2.5 process flow diagrams System overview diagrams IG 2.6 – IG 2.8 IPE diagrams IG 2.9 – IG 2.13 Automated control diagrams IG 2.14 Validate understanding IG 2.15 Illustrative example of process flow IG 2.16 documentation for revenue business cycle IG 3 Difference between Process and Control IG 4 Understanding IT Environment Understanding IT environment IG 4.1 – IG 4.6 Understanding general information IG 4.7 – technology controls (GITCs): IG 4.8 Access security IG 4.9 – IG 4.11 System change control IG 4.12 Data centre and network operations IG 4.13 781 Section Topic Paragraph reference IG 5 Entity-level Controls (ELCs) Entity-level controls IG 5.1 – IG 5.4 Direct and precise entity-level controls IG 5.5 – IG 5.8 IG 6 Segregation of Duties IG 7 Automated Controls Application controls defined IG 7.1 Automated control in a way is technology IG 7.2 – used to automate control activities IG 7.3 Assurance on automated controls IG 7.4 – IG 7.5 Benchmarking of automated controls IG 7.6 – IG 7.12 IG 8 Information Produced by the Entity (IPE) Understanding IPEs IG 8.4 – IG 8.8 Evaluating IPE IG 8.9 – IG 8.10 IPE in the context of internal financial IG 8.11– controls testing IG 8.13 Testing accuracy and completeness of IPE IG 8.14 that the entity’s controls are dependent upon IPE that the auditor uses in tests of IG 8.15 operating effectiveness of relevant controls Direct testing of IPE IG 8.16 - IG 8.19 IG 9 Use of Service Organisations Service organisations IG 9.1 Identifying relevant service organisations IG 9.2 Situation in which service organisations are IG 9.3 – relevant for internal financial controls IG 9.11 IG 10 Techniques of Control Testing 782 Section Topic Paragraph reference IG 11 Internal Financial Controls – Testing of Design Internal financial controls – testing of design IG 11.1 – IG 11.4 Factors to consider when determining IG 11.5 – whether control is appropriately designed IG 11.11 Testing design effectiveness IG 11.12 IG 12 Internal Financial Controls – Walk Through Performing walkthroughs IG 12.1 - IG 12.8 Extent of a walkthrough IG 12.9 - IG 12.11 IG 13 Internal Financial Controls – Testing of Operative Effectiveness Internal financial controls – testing of IG 13.1 – operative effectiveness IG 13.5 Process flow for testing operative IG 13.6 – effectiveness of controls IG 13.8 Factors considered when assessing the risk IG 13.9 associated with the control Factors related to the risks of material IG 13.10 - misstatement the control addresses IG 13.13 Factors related to the characteristics of the IG 13.14 - control activity IG 13.26 Nature of procedures IG 13.27 Timing of tests of controls IG 13.28 Extent of procedures IG 13.29 Dual-purpose tests IG 13.30 - IG 13.31 Testing review-type controls IG 13.32 - IG 13.34 IG 14 Sampling in Test of Controls Sampling IG 14.1 – 783 Section Topic Paragraph reference IG 14.10 Sample selection IG 14.11- IG 14.13 Determining whether a deviation exists IG 14.14 - IG 14.15 Determining the nature and cause of the IG 14.16 deviation Evaluate whether the deviation is a control IG 14.17 - deficiency IG 14.19 IG 15 Roll Forward Testing Roll forward testing IG 15.1 – 15.5 Key activities in the process for planning IG 15.6 - and performing procedures to roll forward IG 15.7 conclusions of design and operating effectiveness Plan roll forward procedures IG 15.8 - IG 15.15 Planning the approach to roll forward IG 15.16 - procedures IG 15.19 Perform roll forward procedures IG 15.20 Documentation considerations in roll IG 15.21 forward procedures IG 16 Rotation Plan for Testing Internal IG 16.1 – Financial Controls IG 16.3 IG 17 Remediation Testing IG 17.1 – IG 17.3 IG 18 Using the Work of Internal Auditors and IG 18.1 – an Auditor’s Expert IG 18.9 IG 19 Additional Considerations for Auditing Internal Financial Controls over Financial Reporting Additional considerations for auditing IG 19.1 - internal financial controls over financial IG 19.2 reporting 784 Section Topic Paragraph reference Customising the audit of internal financial IG 19.3 - controls IG 19.4 Test of controls in a combined audit of IG 19.5 - internal financial controls over financial IG 19.6 reporting and financial statements Evaluating entity- level controls IG 19.7 - IG 19.8 Identifying entity-level controls IG 19.9 Assessing the precision of entity-level IG 19.10 controls Effect of entity-level controls on testing of IG 19.11 other controls Example – Monitoring the effectiveness of IG 19.12 other controls Example – Entity-level controls related to IG 19.13 payroll processing Assessing the risk of management override IG 19.14 and evaluating mitigating action Assessing the risk of management override IG 19.15 Evaluating mitigating controls IG 19.16 Evaluating integrity and ethical values IG 19.17 Evaluating audit committee oversight IG 19.18 Evaluating whistle blower programs IG 19.19 Evaluating controls over journal entries IG 19.20 Considering the effects of other evidence IG 19.21 Example – Audit committee oversight IG 19.22 Evaluating segregation of duties and IG 19.23 alternative controls Smaller, less complex companies' approach IG 19.24 to segregation of duties Audit strategy considerations relating to IG 19.25 segregation of duties Use of external resources IG 19.26 785 Section Topic Paragraph reference Management oversight and review IG 19.27 Example – Alternative controls over IG 19.28 inventory Auditing information technology controls in IG 19.29 a less complex information technology environment Characteristics of less complex IT IG 19.30 environments Determining the scope of the evaluation of IG 19.31 IT controls IT-dependent controls IG 19.32 Other automated controls IG 19.33 Consideration of deficiencies in general IT IG 19.34 controls on tests of other controls Example – IT-dependent controls IG 19.35 Categories of IT controls IG 19.36 General IT controls IG 19.37 Considering financial reporting IG 19.38 competencies and their effects on internal control Understanding and evaluating a company's IG 19.39 financial reporting competencies Supplementing competencies with IG 19.40 assistance from outside professionals Example – Assistance from outside IG 19.41 professionals Obtaining sufficient competent evidence IG 19.42 when the company has less formal documentation Audit strategy considerations relating to IG 19.43 audit evidence Documentation of processes and controls IG 19.44 Documentation of operating effectiveness of IG 19.45 controls Other considerations IG 19.46 Example - Obtaining information about IG 19.47 786 Section Topic Paragraph reference processes and controls Example – Obtaining evidence about IG 19.48 operating effectiveness of controls Auditing smaller, less complex companies IG 19.49 with pervasive control deficiencies Pervasive deficiencies that result in IG 19.50 significant deficiencies Considering the effect of pervasive control IG 19.51 deficiencies on other controls Scope limitation due to lack of sufficient IG 19.52 audit evidence Example – Pervasive deficiencies and IG 19.53 testing of controls Example – Lack of sufficient audit evidence IG 19.54 IG 20 Reporting Considerations Reporting considerations IG 20.1 – IG 20.3 Modified opinion on internal financial IG 20.4 – controls over financial reporting IG 20.10 Effect of a modified report on internal IG 20.11 – financial controls over financial reporting on IG 20.16 the audit of financial statements Interpretation of an unmodified report on IG 20.17 – financial statements with a modified report IG 20.19 on internal financial controls over financial reporting Scope limitations IG 20.20 IG-20.22 Impact of modified opinion on internal IG 20.23– financial controls over financial reporting in IG 20.27 subsequent interim period financial reporting IG 21 Understanding and Evaluating Financial Reporting Process Understanding the financial reporting IG 21.4– process IG 21.6 Understanding the application systems and IG 21.7– 787 Section Topic Paragraph reference controls over financial reporting process IG 21.8 Understanding accounting policies IG 21.9 Understanding the process of recording IG 21.10 – journal entries IG 21.12 Understanding the process for disclosures IG 21.13 APPENDICES I Illustrative Engagement Letter II Illustrative Management Representation Letter for Matters Relating to Audit of Internal Financial Controls over Financial Reporting III Illustrative Reports on Internal Financial Controls Over Financial Reporting IV Illustrative Risks of Material Misstatement, Related Control Objectives and Control Activities V Examples of Control Deficiencies VI Standard on Internal Audit (SIA) 5 - Sampling Contents of Accompanying CD 1. Text of Guidance Note on Audit of Internal Financial Controls Over Financial Reporting 2. Appendix IV: Illustrative Risks of Material Misstatement, Related Control Objectives and Control Activities 3. Illustrative Work Paper Templates for Testing Controls 788 PART - A OVERVIEW 789 OVERVIEW I. Scope of reporting on internal financial controls under clause (i) of Sub-section 3 of Section 143 of the Companies Act, 2013 Clause (i) of Sub-section 3 of Section 143 of the Companies Act, 2013 (“the 2013 Act” or “the Act”) requires the auditors’ report to state whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls. The scope for reporting on internal financial controls is significantly larger and wider than the reporting on internal controls under the Companies (Auditor’s Report) Order, 2015 (“CARO”). Under CARO, the reporting on internal controls is limited to the adequacy of controls over purchase of inventory and fixed assets and sale of goods and services. As such, CARO does not require reporting on all controls relating to financial reporting and also does not require reporting on the “adequacy and operating effectiveness” of such controls. Management’s Responsibility The 2013 Act has significantly expanded the scope of internal controls to be considered by the management of companies to cover all aspects of the operations of the company. Clause (e) of Sub-section 5 of Section 134 to the Act requires the directors’ responsibility statement to state that the directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively. Clause (e) of Sub-section 5 of Section 134 explains the meaning of the term, “internal financial controls” as “the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.” Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the Board of Directors’ report of all companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements. The inclusion of the matters relating to internal financial controls in the directors’ responsibility statement is in addition to the requirement for the directors to state that they have taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of the 2013 Act, for 790 Audit of Internal Financial Controls safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. Auditors’ Responsibility The auditor's objective in an audit of internal financial controls over financial reporting is to express an opinion on the effectiveness of the company's internal financial controls over financial reporting and the procedures in respect thereof are carried out along with an audit of the financial statements. Because a company's internal controls cannot be considered effective if one or more material weakness exists, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain sufficient appropriate evidence to obtain reasonable assurance about whether material weakness exists as of the date specified in management's assessment. A material weakness in internal financial controls may exist even when the financial statements are not materially misstated. Paragraph A1 of Standard on Auditing (SA) 200 “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing” states, “The auditor’s opinion on the financial statements deals with whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. Such an opinion is common to all audits of financial statements. The auditor’s opinion therefore does not assure, for example, the future viability of the entity nor the efficiency or effectiveness with which management has conducted the affairs of the entity. (Emphasis added) Globally, auditor’s reporting on internal controls is together with the reporting on the financial statements and such internal controls reported upon relate to only internal controls over financial reporting. For example, in USA, Section 404 of the Sarbanes Oxley Act of 2002, prescribes that the registered public accounting firm (auditor) of the specified class of issuers (companies) shall, in addition to the attestation of the financial statements, also attest the internal controls over financial reporting. It may be noted that in India too, the Companies Act, 2013 specifies the auditor’s reporting on internal financial controls only in the context of audit of financial statements. Consistent with the practice prevailing internationally, the term ‘internal financial controls’ stated in Clause (i) of Sub-section 3 of Section 143 would relate to ‘internal financial controls over financial reporting’ in accordance with the objectives of an audit stated in SA 200 “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing” 791 Handbook of Auditing Pronouncements-II Further, Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the Board of Directors’ report of all the companies to state the details in respect of adequacy of internal financial controls with reference to the “financial statements” only. Considering the above, the auditor needs to obtain reasonable assurance to state whether an adequate internal financial controls system was maintained and whether such internal financial controls system operated effectively in the company in all material respects with respect to financial reporting only. Accordingly, the term ‘internal financial controls’ wherever used in this Guidance Note in the context of the responsibility of the auditor for reporting on such controls under Section 143(3)(i) of the Act, per se implies and relates to internal financial controls over financial reporting. For this purpose, “internal financial controls over financial reporting” shall mean “A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.”1 II. Applicability of reporting in the case of unlisted companies Clause (e) of Sub-section 5 of Section 134 of the 2013 Act has prescribed the Directors’ Statement of Responsibility over establishing adequate internal financial controls and asserting operating effectiveness of such controls of the company only in case of listed companies. It may however be noted that Rule 1 This definition of the term “Internal Controls Over Financial Reporting” has been reproduced from the Auditing Standard (AS) 5, An Audit of Internal Control Over Financial Reporting that Is Integrated with An Audit of Financial Statements issued by the Public Company Accounting Oversight Board (PCAOB), USA. The other text in this Guidance Note which has been reproduced from the aforesaid AS 5 of PCAOB has been identified in italics text in the relevant sections of the Guidance Note. The copyright of the so reproduced material rests with the PCAOB. 792 Audit of Internal Financial Controls 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the Board of Directors’ report of all companies to state the details in respect of adequacy of internal financial controls with reference to the “financial statements”. Also, section 143(3) applies to the statutory auditors of all the companies. Hence, it appears that the auditors of even unlisted companies are required to report on the adequacy and operating effectiveness of the internal financial controls over financial reporting. III. Criteria for Internal Financial Controls Over Financial Reporting To state whether a set of financial statements presents a true and fair view, it is essential to benchmark and check the financial statements for compliance with the financial reporting framework. The Accounting Standards specified under the Companies Act, 1956 (which are deemed to be applicable as per Section 133 of the 2013 Act, read with Rule 7 of Companies (Accounts) Rules, 2014) is one of the criteria constituting the financial reporting framework based on which companies prepare and present their financial statements and against which the auditors evaluate if the financial statements present a true and fair view of the state of affairs and operations of the company in an audit of the financial statements carried out under the 2013 Act. Similarly, a benchmark internal control system, based on suitable criteria, is essential to enable the management and auditors to assess and state adequacy of and compliance with the system of internal control. In the Indian context, for example, Appendix 1 “Internal Control Components” of SA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment”2 provides the necessary criteria for internal financial controls over financial reporting for companies. IV. Specified date for reporting on the adequacy and operating effectiveness of internal financial controls over financial reporting and applicability in case of interim financial statements The reporting by the auditor on internal financial controls under clause (i) of Sub- section 3 of Section 143 of the Act does not specify whether the auditor’s report should state if such internal financial controls existed and operated effectively during the period under reporting of the financial statements or as at the balance sheet date up to which the financial statements are prepared. Reporting on internal control systems is similar to reporting on the commercial operations of the company. Whilst the testing is carried out on the transactions recorded during the year, the reporting is as at the balance sheet date. For example, if the company’s revenue recognition was erroneous through the year under audit but was corrected, including for matters relating to internal control 2 Refer Section III of this Guidance Note. 793 Handbook of Auditing Pronouncements-II that caused the error, as at the balance sheet date, the auditor is not required to report on the errors in revenue recognition during the year. It should be noted that even when forming the opinion on internal controls, the auditor should test the internal controls during the financial year under audit and not just the internal controls as at the balance sheet date, though the extent of testing at or near the balance sheet date may be higher. Attention is invited to Clause (k) of paragraph 57 of the Statement on the Companies (Auditor’s Report) Order, 2003 issued by the ICAI on the auditor’s responsibility for reporting on internal control and continuing failure in the internal control under CARO. The said paragraph states that, “The auditor, while commenting on the clause, makes an assessment whether the major weakness noted by him has been corrected by the management as at the balance sheet date. If the auditor is of the opinion that the weakness has not been corrected, then the auditor should report the fact while commenting upon the clause.” Accordingly, the auditor should report if the company has adequate internal control systems in place and whether they were operating effectively as at the balance sheet date. It may also be noted that auditor’s reporting on internal financial controls over financial reporting is a requirement specified in the Companies Act, 2013 and therefore will apply only in case of reporting on financial statements prepared under the Act and reported under Section 143. Accordingly, reporting on internal financial controls over financial reporting will not be applicable with respect to interim financial statements, such as quarterly or half-yearly financial statements, unless such reporting is required under any other law or regulation. V. Auditors’ responsibility for reporting on internal financial controls over financial reporting in case of consolidated financial statements Section 129(4) of the 2013 Act states that the provisions of the 2013 Act applicable to the preparation, adoption and audit of the financial statements of a holding company shall, mutatis mutandis, apply to the consolidated financial statements. As such, on a strict reading of the aforesaid provision in the 2013 Act, it appears that the auditor will be required to report under Section 143(3)(i) of the 2013 Act on the adequacy and operating effectiveness of the internal financial controls over financial reporting, even in the case of consolidated financial statements. In the case of components included in the consolidated financial statements of the parent company, reporting on the adequacy and operating effectiveness of internal financial controls over financial reporting would apply for the respective 794 Audit of Internal Financial Controls components only if it is a company under the 2013 Act. Accordingly, in line with the approach adopted in case of reporting on the consolidated financial statements on the clauses of section 143(3) and reporting on the Companies (Auditor’s Report) Order, 2015 notified under section 143(11) of the 2013 Act, the reporting on adequacy of internal financial controls would also be on the basis on the reports on section 143(3)(i) as submitted by the statutory auditors of components that are Indian companies under the 2013 Act. The auditors of the parent company should apply the concept of materiality and professional judgment as provided in the Standards on Auditing and this Guidance Note while reporting under section 143(3)(i) on the matters relating to internal financial controls over financial reporting that are reported by the component auditors. VI. Components of Internal Control and Guidance Provided Internal Control Guidance reference* Component Control Paragraphs 88–93 – Identifying entity-level controls environment Paragraph 84 – Using the work of others Risk assessment Paragraph 76-78 – Role of risk assessment Paragraph 80-81 – Addressing the risk of fraud Paragraph 105-107 – Selecting controls to test Paragraphs 113, 119,122 – Relationship of risk to the evidenced obtained Paragraph 124 and 127 – Special considerations for subsequent years’ audit Paragraphs 144 and 145 – Subsequent events Control activities Paragraphs 100-104 – Understanding likely sources of misstatement Paragraphs 105 – 107 – Selecting controls to test IG 2.4 – Process flow diagrams IG 4 – Understanding IT Environment Information IG 2.4 – Process flow diagram system and IG 8 – Information Produced by the Entity (IPE) communication IG 2.9 to 2.13 – IPE Diagrams IG 9.3 and 9.4 - Situation in which service organisations are relevant for internal financial controls Monitoring Paragraphs 90, 91 and 93 – Identifying entity-level activities controls Paragraph 135 – Indicators of material weakness 795 Handbook of Auditing Pronouncements-II * These references are not exhaustive. The purpose of these references is to help the reader understand the requirements of the components of internal control system in a better manner. VII Flowchart Illustrating Typical Flow of Audit of Internal Financial Controls Over Financial Reporting Assess and Manage Risk Manage Audit Engagement Identify significant Identify & Identify controls Identify Identify risk of P L A N N IN G account balances/ understand which address risk applications, significant flows material of material associated IT Start disclosure Items misstatements of transactions misstatements environment, 1 2 3 4 ITGC 5 E F F E C T IV E N E S S IM P L E M E N T A T IO N Assess audit impact and plan Appropriate other suitable procedures 8 D E S IG N & Assess the design Assess the design & Implementation ` Implementation of controls 6 of controls 7 of controls? Plan operative effectiveness testing 9 O P E R A T IN G Plan nature, timing Perform Assess findings and Form opinion on and extent of testing operative conclude on IFC operative 10 effectiveness 11 operative 13 12 effectiveness testing effectiveness R E P O R T IN G Form audit Assess impact on opinion on audit opinion financial End 14 statements 15 Prepare and Control Audit Documentation Continuous Focus on Audit Quality 796 Audit of Internal Financial Controls Internal financial controls over financial reporting - Flowchart legends Legend Technical guidance / Implementation guidance reference 1 Paragraph 94-99 & IG 2 2 IG 2 3 Paragraph 100-104 & IG 2 4 Paragraph 105-107 & IG 2 5 IG 2 & IG 4 6 Paragraph 108-109, IG 10, IG 11 & IG 12 7 Paragraph 108-109, IG 10, IG 11 & IG 12 8 Paragraph 128-136 9 Paragraph 110-111 & IG 13 10 Paragraph 110-111, IG 13 11 Paragraph 128-136 12 IG 13 13 Paragraph 153 - 164 14 Paragraph 157 - 164 15 Paragraph 163 & IG 20 797 PART - B DETAILED GUIDANCE 798 SECTION I BACKGROUND Introduction 1. Internal control helps entities achieve important objectives and sustain and improve performance. Paragraph 4(c) of the Standard on Auditing (SA) 315 “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment” defines the term ‘internal control’ as “the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control.” SA 315 requires the auditor to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement and help the auditor to reduce the risks of material misstatement to an acceptably low level. 2. Section 217(2AA) of the Companies Act, 1956 required the Directors of a company to specifically state in the Directors’ responsibility statement that they have taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of the (1956) Act, for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. The Act, 2013 has significantly expanded the scope of internal controls to be considered by the management of companies to cover all aspects of the operations of the company. Clause (e) of Sub-section 5 of Section 134 to the Act requires the directors responsibility statement to state that the directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively. 799 Handbook of Auditing Pronouncements-II Clause (e) of Sub-section 5 of Section 134 explains the meaning of internal financial controls as “the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.” Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the board report of all companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements. The inclusion of the matters relating to internal financial controls in the directors responsibility statement is in addition to the requirement of the directors stating that they have taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of the 2013 Act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities. 3. The concept of internal financial controls is not new in India for listed companies. Clause 49 of the Equity Listing Agreement requires certification by the CEO / CFO stating that they accept responsibility for establishing and maintaining internal controls for financial reporting and that they have evaluated the effectiveness of internal control systems of the company pertaining to financial reporting and they have disclosed to the auditors and the audit committee, deficiencies in the design or operation of such internal controls, if any, of which they are aware and the steps they have taken or propose to take to rectify those deficiencies. Auditors’ Responsibility for Reporting on Internal Financial Controls over Financial Reporting in India 4. Clause (i) of Sub-section 3 of Section 143 of the Act requires the auditors’ report to state whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls. It may be noted that auditor’s reporting on internal financial controls is a requirement specified in the Act and, therefore, will apply only in case of reporting on financial statements prepared under the Act and reported under Section 143. Accordingly, reporting on internal financial controls will not be applicable with respect to interim financial statements, such as quarterly or half-yearly financial statements, unless such reporting is required under any other law or regulation. 800 Audit of Internal Financial Controls Reporting on internal financial controls over financial reporting under the 2013 Act vis-à-vis reporting on internal controls under the Companies (Auditor’s Report) Order, 2015 (CARO) 5. The scope for reporting on internal financial controls over financial reporting is significantly larger and wider than the reporting on internal controls under CARO. Under CARO the reporting on internal controls is limited to the “adequacy” of controls over purchase of inventory and fixed assets and sale of goods and services. As such, CARO does not require reporting on all controls relating to financial reporting and also does not require reporting on the “adequacy and operating effectiveness” of such controls. Reporting on internal financial controls over financial reporting – global scenario 6. In June 2003, the Securities and Exchange Commission (SEC) of the United States of America adopted Rules for the implementation of Sarbanes – Oxley Act, 2002 (SOX) that required certification of the Internal Controls over Financial Reporting (ICFR) by the management and by the auditors. The Public Company Accounting Oversight Board (PCAOB) has issued its Auditing Standard (AS) 5 on “An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements”. This Standard establishes requirements and provides direction that applies when an auditor is engaged to also perform an audit of the internal controls over financial reporting in addition to the audit of the financial statements. 7. In June 2006, the Financial Instruments and Exchange Act (J-SOX) was passed by the Diet, the National Legislature of Japan. The requirements of this legislation are similar to the requirements of internal controls over financial reporting under SOX. Reporting by the Auditors 8. Where auditors are required to express an opinion on the effectiveness of an entity’s internal controls over financial reporting, such opinion is in addition to and distinct from the opinion expressed by the auditor on the financial statements. Combined audit of internal financial controls over financial reporting and financial statements 9. In a combined audit of internal financial controls over financial reporting and financial statements, the auditor should design his or her testing of controls to accomplish the objectives of both audits simultaneously. In a combined audit 801 Handbook of Auditing Pronouncements-II of internal controls over financial reporting and financial statements, the auditor expresses opinion on the following aspects: a. Opinion on internal control over financial reporting, which requires: − Evaluating and opining on management’s assessment of the effectiveness of internal financial controls (In Japan based on the requirements of the Financial Instruments and Exchange Act). − Evaluating and opining on the effectiveness of internal controls over financial reporting (In USA based on the requirements of Section 404 of the Sarbanes – Oxley Act). b. Opinion on the financial statements. 10. While the objectives of the audit of internal controls over financial reporting and audit of financial statements are not identical, the auditor plans and performs the work to achieve the objectives of both the audits in an integrated manner. Therefore, in a combined audit of internal financial controls over financial reporting and financial statements, the auditor should design his or her testing of controls to accomplish the objectives of both audits simultaneously. 11. In such an audit, the auditor plans and conducts the audit: • To obtain sufficient evidence to support the auditor's opinion on the internal financial controls as of the year-end, and • To obtain sufficient evidence to support the auditor's control risk assessments for purposes of the audit of the financial statements. 12. Obtaining sufficient evidence to support control risk assessments of “Low” for purposes of the financial statements audit ordinarily allows the auditor to reduce the amount of audit work that otherwise would have been necessary to opine on the financial statements. 13. Unlike the requirements in Japan referred in paragraph 9 above, in India, auditors are not required to report on the management’s assertion of effectiveness on internal financial controls. Reporting under the Act will be an independent assessment and assertion by the auditor on the adequacy and effectiveness of the entity’s system of internal financial controls. 802 SECTION II REPORTING ON INTERNAL FINANCIAL CONTROLS UNDER THE COMPANIES ACT, 2013 Criteria to be considered by companies for developing, establishing and reporting on internal financial controls over financial reporting 14. Internal controls are a system consisting of specific policies and procedures designed to provide management with reasonable assurance that the goals and objectives it believes important to the entity will be met. "Internal Control System" means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. 15. To state whether a set of financial statements presents a true and fair view, it is essential to benchmark and check the financial statements for compliance with the framework. The Accounting Standards specified under the Companies Act, 1956 (which are deemed to be applicable as per Section 133 of the 2013 Act, read with Rule 7 of Companies (Accounts) Rules, 2014) is one of the criteria constituting the financial reporting framework on which companies prepare and present their financial statements under the Act and against which the auditors evaluate if the financial statements present a true and fair view of the state of affairs and the results of operations of the company in an audit of the financial statements carried out under the Act. 16. Similarly, a benchmark system of internal control, based on suitable criteria, is essential to enable the management and auditors to assess and state adequacy and compliance of the system of internal control. 17. In the Indian context, for example, the Appendix 1 “Internal Control Components” of SA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment”3, issued by ICAI, provides the necessary criteria for Internal financial controls over financial reporting for companies. 3 Refer Section III of this Guidance Note. 803 Handbook of Auditing Pronouncements-II 18. Internal control is a process/set of processes designed to facilitate and support the achievement of business objectives. Any system of internal control is based on a consideration of significant risks in operations, compliance and financial reporting. Objectives such as improving business effectiveness are included, as are compliance and reporting objectives. 19. The fundamental therefore is that effective internal control is a process effected by people that supports the organization in several ways, enabling it to provide reasonable assurance regarding risk and to assist in the achievement of objectives. 20. Fundamental to a system of internal control is that it is integral to the activities of the company, and not something practiced in isolation. 21. An internal control system: • Facilitates the effectiveness and efficiency of operations. • Helps ensure the reliability of internal and external financial reporting. • Assists compliance with laws and regulations. • Helps safeguarding the assets of the entity. 22. In general, a system of internal control to be considered adequate should include the following five components: • Control environment • Risk assessment • Control activities • Information system and communication • Monitoring. The components of internal control are discussed in more detail in Section III of this Guidance Note. 23. Internal financial controls system needs to be dynamic to address the changes in entity’s operating environment, including: • Business developments, including changes in information technology and business processes, changes in key management, and acquisitions, mergers and divestments. • Legal and regulatory developments such as changes in industry regulations and new regulatory reporting requirements. • Changes in the financial reporting framework, such as changes in accounting standards. 24. Internal financial controls should not be confused with Enterprise Risk Management (ERM). Internal control is an integral part of enterprise risk 804 Audit of Internal Financial Controls management. The following are some of the key differences between internal controls over financial reporting and ERM: • ERM is applied in strategy setting while internal financial controls operate more at the process level. • ERM is applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk while internal financial controls are applied for the processes which contribute to financial reporting. 25. It may be noted that Clause (n) of Sub-section 3 of Section 134 of the Act requires the board report to include a statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the board may threaten the existence of the company. The existence of an appropriate system of internal financial control does not by itself provide an assurance to the board of directors that the company has developed and implemented an appropriate risk management policy. Objective in an audit of internal financial controls over financial reporting and interpretation of the term ‘internal financial controls’ for auditor’s reporting under Section 143(3)(i) 26. Meaning of internal financial controls under the Act Clause (e) of Sub-section 5 of Section 134 which explains the meaning of internal financial controls specifically states that the meaning is for the purpose of that clause. The explanation provided in clause (e) of Sub-section 5 of Section 134, inter alia, states that the internal financial controls system includes policies and procedures for ensuring efficiency and effectiveness of business and ensuring accuracy of accounting records. 27. Meaning of internal control Standard on Auditing 315 “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment” defines Internal Control as follows: “The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control.” (Emphasis added) 805 Handbook of Auditing Pronouncements-II 28. Objectives of an auditor in an audit of internal financial controls over financial reporting The auditor's objective in an audit of internal financial controls over financial reporting is to express an opinion on the effectiveness of the company's internal financial controls over financial reporting. It is carried out along with an audit of the financial statements. Because a company's internal controls cannot be considered effective if one or more material weakness exists, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain sufficient appropriate evidence to obtain reasonable assurance about whether material weakness exists as of the balance sheet date. A material weakness in internal financial controls may exist even when the financial statements are not materially misstated. 29. Paragraph A1 of Standard on Auditing (SA) 200 “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing” states “The auditor’s opinion on the financial statements deals with whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. Such an opinion is common to all audits of financial statements. The auditor’s opinion therefore does not assure, for example, the future viability of the entity nor the efficiency or effectiveness with which management has conducted the affairs of the entity.” (Emphasis added) 30. Paragraph A1 of the SA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing further states that “in some cases, however, the applicable laws and regulations may require auditors to provide opinions on other specific matters, such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements. While the SAs include requirements and guidance in relation to such matters to the extent that they are relevant to forming an opinion on the financial statements, the auditor would be required to undertake further work if the auditor had additional responsibilities to provide such opinions.” Thus, it may be noted that even if the auditor performs his or her audit in accordance with the Standards on Auditing, the auditor will not be able to express an opinion on the adequacy or effectiveness with which management has conducted the affairs (business) of the entity. 31. Reporting under Section 143(3)(i) The reporting by the auditor is dependent on the underlying criteria for internal financial controls over financial reporting adopted by the management. However, any system of internal controls provides only a reasonable assurance on achievement of the objectives for which it has been established. Also, the auditor 806 Audit of Internal Financial Controls shall use the concept of materiality in determining the extent of testing such controls. As discussed above, establishing an appropriate criteria and system of internal financial controls over financial reporting to, inter alia, ensure efficiency and effectiveness of business and accuracy of accounting records is the responsibility of the company’s management. 32. Globally also, auditor’s reporting on internal controls is together with the reporting on the financial statements and such internal controls reported upon relate only to internal controls over financial reporting. For example, in USA, Section 404 of the Sarbanes Oxley Act of 2002, prescribes that the registered public accounting firm (auditor) of the specified class of issuers (companies) shall, in addition to the attestation of the financial statements, attest the internal controls over financial reporting. 33. It may be noted that in India too, the Act specifies the auditor’s reporting on internal financial controls only in the context of the audit of financial statements. Further, Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the board report of all companies to state the details in respect of adequacy of internal financial controls with reference to the “financial statements” only. 34. Consistent with the above requirements of the Act and the Rules thereunder as well as the practice prevalent globally, the term ‘internal financial controls’ wherever used in this Guidance Note in the context of the responsibility of the auditor for reporting on such controls under Section 143(3)(i) of the Act, per se implies and relates to “internal financial controls over financial reporting”. For this purpose, “internal financial controls over financial reporting” shall mean, “A process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of 807 Handbook of Auditing Pronouncements-II the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.”4 The process may also be designed by, or under the supervision of a committee or group of the aforesaid persons. 35. Considering the above, the auditor should obtain reasonable assurance to state whether an adequate internal financial controls system was maintained and whether such internal financial controls system operated effectively in the company in all material respects with respect to financial reporting only. Applicability of standards on auditing for the audit of internal financial controls over financial reporting 36. Paragraph A1 of SA 200, inter alia, states “In some cases, however, the applicable laws and regulations may require auditors to provide opinions on other specific matters, such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements. While the SAs include requirements and guidance in relation to such matters to the extent that they are relevant to forming an opinion on the financial statements, the auditor would be required to undertake further work if the auditor had additional responsibilities to provide such opinions.” Accordingly, the Standards on Auditing do not fully address the auditing requirements for reporting on the system of internal financial controls over financial reporting. However, relevant portions of the Standards on Auditing need to be considered by the auditor when performing an audit of internal financial controls over financial reporting. For example, the auditor should consider the requirements of SA 230, “Audit Documentation” when documenting the work performed on internal financial controls; the auditor should consider and apply the requirements of SA 315 when understating internal controls, etc. 37. This guidance aims to provide the supplementary procedures that would need to be considered by the auditor for planning, performing and reporting in an audit of internal financial controls over financial reporting under Clause (i) of Sub- section 3 of Section 143 of the 2013 Act. The applicable standards on auditing 4 This definition of the term “Internal Controls Over Financial Reporting” has been reproduced from the Auditing Standard (AS) 5, An Audit of Internal Control Over Financial Reporting that Is Integrated with An Audit of Financial Statements issued by the Public Company Accounting Oversight Board (PCAOB), USA. The other text in this Guidance Note which has been reproduced from the aforesaid AS 5 of PCAOB has been identified in italics text in the relevant sections of the Guidance Note. The copyright of the so reproduced material rests with the PCAOB. 808 Audit of Internal Financial Controls which, inter alia, need to be considered by the auditor when performing an audit of internal financial controls is given in the respective paragraphs of this guidance. Specified date for reporting on the adequacy and operating effectiveness of internal financial controls over financial reporting 38. The reporting by the auditor on internal financial controls under clause (i) of Sub-section 3 of Section 143 of the Act does not specify whether the auditor’s report should state if such internal financial controls existed and operated effectively during the period under reporting of the financial statements or as at the balance sheet date up to which the financial statements are prepared. 39. Reporting on internal financial controls system is similar to reporting on operations of the company. Whilst the testing is carried out on the transactions recorded during the year, the reporting is as at the balance sheet date. For example, if the company’s revenue recognition was erroneous through the year under audit but was corrected, including for matters relating to internal control that caused the error, as at the balance sheet date, the auditor is not required to report on the errors in revenue recognition during the year. 40. Attention is invited to paragraph (k) of Clause 57 of the Statement on the Companies (Auditor’s Report) Order, 2003 issued by the Institute of Chartered Accountants of India on the auditor’s responsibility for reporting on internal control and continuing failure in the internal control under CARO. The said paragraph states that “The auditor, while commenting on the clause, makes an assessment whether the major weakness noted by him has been corrected by the management as at the balance sheet date. If the auditor is of the opinion that the weakness has not been corrected, then the auditor should report the fact while commenting upon the clause.” 41. Accordingly, the auditor should report if the company has an adequate internal financial controls system in place and whether the same was operating effectively as at the balance sheet date. It should be noted that when forming the opinion on internal financial controls, the auditor should test the same during the financial year under audit and not just as at the balance sheet date, though the extent of testing at or near the balance sheet date may be higher. 42. It may also be noted that auditor’s reporting on internal financial controls is a requirement specified in the Act and, therefore, will apply only in case of reporting on financial statements prepared under the Act and reported under Section 143. 809 Handbook of Auditing Pronouncements-II Accordingly, reporting on internal financial controls will not be applicable with respect to interim financial statements, such as quarterly or half- yearly financial statements, unless such reporting is required under any other law or regulation. Auditors’ responsibility for reporting on internal financial controls over financial reporting in the case of unlisted companies 43. Under the Act, the directors statement of responsibility over establishing adequate internal financial controls and asserting operating effectiveness of such controls of the company is required only in case of listed companies. However, it appears that the auditor is required to report on adequacy and operating effectiveness of such internal financial controls even in the case of unlisted companies since Clause (i) of Sub-section 3 of Section 143 of the 2013 Act does not specifically state that it is applicable only in the case of listed companies. 44. It may be noted that the management has the primary responsibility for the design, implementation and maintenance of internal control relevant to the preparation and presentation of the financial statements that give a true and fair view and are free from material misstatement, whether due to fraud or error. Consequently, the responsibility of designing, implementing and maintaining appropriate internal financial controls also rests with the management. It may also be noted that Clause (vii) of Sub-section 4 of Section 177 of the Act states that every audit committee shall act in accordance with the terms of reference specified in writing by the board which shall, inter alia, include, “evaluation of internal financial controls and risk management systems”. Further, Sub-section 5 of Section 177 provides that the audit committee may call for the comments of the auditors about internal control systems including the observations of the auditors and may also discuss any related issues with the internal and auditors and the management of the company. In addition, Rule 8(5)viii) of the Companies (Accounts) Rules, 2014 requires the board report of all companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements. Consequently, even if a specific statement of responsibility of the directors over internal financial controls is not made in the board’s report to the members of unlisted companies, ensuring adequacy and operating effectiveness of the internal financial controls system still remains with the management and the persons charged with governance in the company. 45. Therefore, this guidance also applies for reporting on internal financial controls in respect of unlisted companies and small companies and one person 810 Audit of Internal Financial Controls companies as defined in the Companies Act, 2013. Further, a small or a one person company typically possesses qualitative characteristics such as: a) Concentration of ownership and management in a small number of individuals (often a single individual – either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and b) One or more of the following: i. Straightforward or uncomplicated transactions; ii. Simple record-keeping; iii. Few lines of business and few products within business lines; iv. Few internal controls; v. Few levels of management with responsibility for a broad range of controls; or vi. Few personnel, many having a wide range of duties. It may, however, also be noted that these qualitative characteristics are not exhaustive, nor are they exclusive to small or one person companies. Also, all small and one person companies need not necessarily display all of these characteristics.5 Auditors’ responsibility for reporting on internal financial controls over financial reporting in case of consolidated financial statements 46. Section 129(4) of the 2013 Act states that the provisions of the 2013 Act applicable to the preparation, adoption and audit of the financial statements of a holding company shall, mutatis mutandis, apply to the consolidated financial statements. As such, on a strict reading of the aforesaid provision in the 2013 Act, it appears that the auditor will be required to report under Section 143(3)(i) of the 2013 Act on the adequacy and operating effectiveness of the internal financial controls over financial reporting, even in the case of consolidated financial statements. 47. In the case of components included in the consolidated financial statements of the parent company, reporting on the adequacy and operating effectiveness of internal financial controls over financial reporting would apply for the respective components only if it is a company under the 2013 Act. Accordingly, in line with the approach adopted in case of reporting on the consolidated financial statements on the clauses of section 143(3) and reporting 5 Attention of the readers is also drawn to Section IG 19 of the Guidance Note. 811 Handbook of Auditing Pronouncements-II on the Companies (Auditor’s Report) Order, 2015 notified under section 143(11) of the 2013 Act, the reporting on adequacy and operating effectiveness of internal financial controls would also be on the basis on the reports on section 143(3)(i) as submitted by the statutory auditors of components that are Indian companies under the Act. The auditors of the parent company should apply the concept of materiality and professional judgment as provided in the Standards on Auditing and this Guidance Note while reporting under section 143(3)(i) on the matters relating to internal financial controls over financial reporting that are reported by the component auditors. 812 SECTION III OVERVIEW OF INTERNAL CONTROLS AS PER SA 315 48. Components of Internal Control Appendix I to SA 315 explains the five components of any internal control as they relate to a financial statement audit. The five components are: i. Control environment ii. Entity’s risk assessment process iii. Control activities iv. Information system and communication v. Monitoring of controls I. Control environment 49. The control environment encompasses the following elements: (a) Communication and enforcement of integrity and ethical values. The effectiveness of controls cannot rise above the integrity and ethical values of the people who create, administer, and monitor them. Integrity and ethical behavior are the product of the entity’s ethical and behavioral standards, how they are communicated, and how they are reinforced in practice. The enforcement of integrity and ethical values includes, for example, management actions to eliminate or mitigate incentives or temptations that might prompt personnel to engage in dishonest, illegal, or unethical acts. The communication of entity policies on integrity and ethical values may include the communication of behavioral standards to personnel through policy statements and codes of conduct and by example. (b) Commitment to competence. Competence is the knowledge and skills necessary to accomplish tasks that define the individual’s job. (c) Participation by those charged with governance. An entity’s control consciousness is influenced significantly by those charged with governance. The importance of the responsibilities of those charged with governance is recognised in codes of practice and other laws and regulations or guidance produced for the benefit of those charged with governance. Other responsibilities of those charged with governance include oversight of the design and effective operation of whistle blower 813 Handbook of Auditing Pronouncements-II procedures and the process for reviewing the effectiveness of the entity’s internal control. (d) Management’s philosophy and operating style. Management’s philosophy and operating style encompass a broad range of characteristics. For example, management’s attitudes and actions toward financial reporting may manifest themselves through conservative or aggressive selection from available alternative accounting principles, or conscientiousness and conservatism with which accounting estimates are developed. (e) Organisational structure. Establishing a relevant organizational structure includes considering key areas of authority and responsibility and appropriate lines of reporting. The appropriateness of an entity’s organisational structure depends, in part, on its size and the nature of its activities. (f) Assignment of authority and responsibility. The assignment of authority and responsibility may include policies relating to appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties. In addition, it may include policies and communications directed at ensuring that all personnel understand the entity’s objectives, know how their individual actions interrelate and contribute to those objectives, and recognize how and for what they will be held accountable. (g) Human resource policies and practices. Human resource policies and practices often demonstrate important matters in relation to the control consciousness of an entity. For example, standards for recruiting the most qualified individuals – with emphasis on educational background, prior work experience, past accomplishments, and evidence of integrity and ethical behavior – demonstrate an entity’s commitment to competent and trustworthy people. Training policies that communicate prospective roles and responsibilities and include practices such as training schools and seminars illustrate expected levels of performance and behavior. Promotions driven by periodic performance appraisals demonstrate the entity’s commitment to the advancement of qualified personnel to higher levels of responsibility. II. Entity’s risk assessment process 50. For financial reporting purposes, the entity’s risk assessment process includes how management identifies business risks relevant to the preparation of financial statements in accordance with the entity’s applicable financial reporting framework, estimates their significance, assesses the likelihood of their 814 Audit of Internal Financial Controls occurrence, and decides upon actions to respond to and manage them and the results thereof. For example, the entity’s risk assessment process may address how the entity considers the possibility of unrecorded transactions or identifies and analyses significant estimates recorded in the financial statements. 51. Risks relevant to reliable financial reporting include external and internal events, transactions or circumstances that may occur and adversely affect an entity’s ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements. Management may initiate plans, programs, or actions to address specific risks or it may decide to accept a risk because of cost or other considerations. Risks can arise or change due to circumstances such as the following: a) Changes in operating environment. Changes in the regulatory or operating environment can result in changes in competitive pressures and significantly different risks. b) New personnel. New personnel may have a different focus on or understanding of internal control. c) New or revamped information systems. Significant and rapid changes in information systems can change the risk relating to internal control. d) Rapid growth. Significant and rapid expansion of operations can strain controls and increase the risk of a breakdown in controls. e) New technology. Incorporating new technologies into production processes or information systems may change the risk associated with internal control. f) New business models, products, or activities. Entering into business areas or transactions with which an entity has little experience may introduce new risks associated with internal control. g) Corporate restructurings. Restructurings may be accompanied by staff reductions and changes in supervision and segregation of duties that may change the risk associated with internal control. h) Expanded foreign operations. The expansion or acquisition of foreign operations carries new and often unique risks that may affect internal control, for example, additional or changed risks from foreign currency transactions. i) New accounting pronouncements. Adoption of new accounting principles or changing accounting principles may affect risks in preparing financial statements. III. Control activities 52. Generally, control activities that may be relevant to an audit may be categorised as policies and procedures that pertain to the following: 815 Handbook of Auditing Pronouncements-II a) Performance reviews. These control activities include reviews and analyses of actual performance versus budgets, forecasts, and prior period performance; relating different sets of data – operating or financial – to one another, together with analyses of the relationships and investigative and corrective actions; comparing internal data with external sources of information; and review of functional or activity performance. b) Information processing. The two broad groupings of information systems control activities are application controls, which apply to the processing of individual applications, and general IT-controls, which are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. Examples of application controls include checking the arithmetical accuracy of records, maintaining and reviewing accounts and trial balances, automated controls such as edit checks of input data and numerical sequence checks, and manual follow-up of exception reports. Examples of general IT-controls are program change controls, controls that restrict access to programs or data, controls over the implementation of new releases of packaged software applications, and controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail. c) Physical controls. Controls that encompass: • The physical security of assets, including adequate safeguards such as secured facilities over access to assets and records. • The authorisation for access to computer programs and data files. • The periodic counting and comparison with amounts shown on control records (for example, comparing the results of cash, security and inventory counts with accounting records). The extent to which physical controls intended to prevent theft of assets are relevant to the reliability of financial statement preparation, and therefore the audit, depends on circumstances such as when assets are highly susceptible to misappropriation. d) Segregation of duties. Assigning different people the responsibilities of authorising transactions, recording transactions, and maintaining custody of assets. Segregation of duties is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person’s duties. 53. Certain control activities may depend on the existence of appropriate higher level policies established by management or those charged with 816 Audit of Internal Financial Controls governance. For example, authorisation controls may be delegated under established guidelines, such as, investment criteria set by those charged with governance; alternatively, non-routine transactions such as, major acquisitions or divestments may require specific high level approval, including in some cases that of shareholders. IV. Information system, including the related business processes, relevant to financial reporting, and communication 54. An information system consists of infrastructure (physical and hardware components), software, people, procedures, and data. Many information systems make extensive use of information technology (IT). 55. The information system relevant to financial reporting objectives, which includes the financial reporting system, encompasses methods and records that: a) Identify and record all valid transactions. b) Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting. c) Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements. d) Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period. e) Present properly the transactions and related disclosures in the financial statements. 56. The quality of system-generated information affects management’s ability to make appropriate decisions in managing and controlling the entity’s activities and to prepare reliable financial reports. 57. Communication, which involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting, may take such forms as policy manuals, accounting and financial reporting manuals, and memoranda. Communication also can be made electronically, orally, and through the actions of management. V. Monitoring of controls 58. An important management responsibility is to establish and maintain internal control on an ongoing basis. Management’s monitoring of controls includes considering whether they are operating as intended and that they are modified as appropriate for changes in conditions. Monitoring of controls may include activities such as, management’s review of whether bank reconciliations are being prepared on a timely basis, internal auditors’ evaluation of sales personnel’s compliance with the entity’s policies on terms of sales contracts, and a legal department’s oversight of compliance with the entity’s ethical or business 817 Handbook of Auditing Pronouncements-II practice policies. Monitoring is done also to ensure that controls continue to operate effectively over time. For example, if the timeliness and accuracy of bank reconciliations are not monitored, personnel are likely to stop preparing them. 59. Internal auditors or personnel performing similar functions may contribute to the monitoring of an entity’s controls through separate evaluations. Ordinarily, they regularly provide information about the functioning of internal control, focusing considerable attention on evaluating the effectiveness of internal control, and communicate information about strengths and deficiencies in internal control and recommendations for improving internal control. 60. Monitoring activities may include using information from communications from external parties that may indicate problems or highlight areas in need of improvement. Customers implicitly corroborate billing data by paying their invoices or complaining about their charges. In addition, regulators may communicate with the entity concerning matters that affect the functioning of internal control, for example, communications concerning examinations by bank regulatory agencies. Also, management may consider communications relating to internal control from external auditors in performing monitoring activities. 61. Components of internal control and guidance provided Refer Table below to see the mapping of internal control components with relevant references in this guidance: Internal Control Guidance reference* Component Control Paragraphs 88 – 93 – Identifying entity-level environment controls Paragraph 84 – Using the work of others Risk assessment Paragraph 76-78 – Role of risk assessment Paragraph 80-81 – Addressing the risk of fraud Paragraph 105-107 – Selecting controls to test Paragraphs 113, 119, 122 – Relationship of risk to the evidenced obtained Paragraph 124 and 127 – Special considerations for subsequent years’ audit Paragraphs 144 and 145 – Subsequent events Control activities Paragraphs 100-104 – Understanding likely sources of misstatement 818 Audit of Internal Financial Controls Internal Control Guidance reference* Component Paragraphs 105 – 107 – Selecting controls to test IG 2.4 – Process flow diagrams IG 4 – Understanding IT Environment Information IG 2.4 – Process flow diagram system and IG 8 – Information Produced by the Entity (IPE) communication IG 2.9 to 2.13 – IPE Diagrams IG 9.3 and 9.4 - Situation in which service organisations are relevant for internal financial controls Monitoring Paragraphs 90, 91 and 93 – Identifying entity-level activities controls Paragraph 135 – Indicators of material weakness * These references are not exhaustive. The purpose of these references is to help the reader understand the requirements of the components of internal control system in a better manner. Effective Internal Control 62. The control environment sets the tone of an organization, influencing the control consciousness of its people. The control environment includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. 63. Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. Implementation of a control means that the control exists and that the entity is using it. There is little point in assessing the implementation of a control that is not effective, and so the design of a control is considered first. An improperly designed control may represent a material weakness or significant deficiency in the entity’s internal control. 64. An entity’s system of internal control contains manual elements and often contains automated elements. The use of manual or automated elements in internal control also affects the manner in which transactions are initiated, recorded, processed, and reported. An entity’s mix of manual and automated 819 Handbook of Auditing Pronouncements-II elements in internal control varies with the nature and complexity of the entity’s use of information technology. Manual elements in internal control may be more suitable where judgment and discretion are required such as for the following circumstances: • Large, unusual or non-recurring transactions. • Circumstances where errors are difficult to define, anticipate or predict. • In changing circumstances that require a control response outside the scope of an existing automated control. • In monitoring the effectiveness of automated controls. 65. The extent and nature of the risks to internal control vary depending on the nature and characteristics of the entity’s information system. The entity responds to the risks arising from the use of IT or from use of manual elements in internal control by establishing effective controls in light of the characteristics of the entity’s information system. Limitations of internal control system 66. Internal control, no matter how effective, can provide an entity with only reasonable assurance and not absolute assurance about achieving the entity’s operational, financial reporting and compliance objectives. Internal control systems are subject to certain inherent limitations, such as: • Management's consideration that the cost of an internal control does not exceed the expected benefits to be derived. • The fact that most internal controls do not tend to be directed at transactions of unusual nature. The potential for human error, such as, due to carelessness, distraction, mistakes of judgement and misunderstanding of instructions. • The possibility of circumvention of internal controls through collusion with employees or with parties outside the entity. • The possibility that a person responsible for exercising an internal control could abuse that responsibility, for example, a member of management overriding an internal control. • Manipulations by management with respect to transactions or estimates and judgements required in the preparation of financial statements. 820 SECTION IV TECHNICAL GUIDANCE ON AUDIT OF INTERNAL FINANCIAL CONTROLS OVER FINANCIAL REPORTING6 Introduction 67. This guidance provides direction that applies when an auditor is required to report under Clause (i) of Sub-section 3 of Section 143 of the 2013 Act on whether the company has in place adequate internal financial controls over financial reporting and the operating effectiveness of such controls. 68. Effective internal financial controls over financial reporting provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. If one or more material weaknesses exist, the company's internal financial controls cannot be considered effective. 69. Because a company's internal financial controls over financial reporting cannot be considered effective if one or more material weaknesses exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain appropriate evidence that is sufficient to obtain reasonable assurance about whether the material weaknesses exist as of the balance sheet date. A significant deficiency or material weakness in internal financial controls over financial reporting may exist even when financial statements are not materially misstated. 70. This guidance establishes the fieldwork and reporting requirements applicable for expressing an audit opinion to internal financial controls over financial reporting. 71. The auditor should use the same system of internal financial controls over financial reporting to perform his or her audit of internal financial controls over financial reporting as management uses for its annual evaluation of the adequacy and effectiveness of the company's internal financial controls. Combining the audits 72. The audit of internal financial controls over financial reporting should be combined with the audit of the financial statements. The objectives of the audits 6 The text shown in italics in this Section of the Guidance Note has been reproduced from Auditing Standard (AS) 5, An Audit Of Internal Control Over Financial Reporting That Is Integrated With An Audit Of Financial Statements, issued by the Public Company Accounting Oversight Board (PCAOB), in June 2007. The copyright of the so reproduced material rests with the PCAOB. 821 Handbook of Auditing Pronouncements-II are not identical, however, and the auditor must plan and perform the work to achieve the objectives of both audits. 73. In a combined audit of internal financial controls over financial reporting and financial statements, the auditor should design his or her testing of controls to accomplish the objectives of both audits simultaneously: • To obtain sufficient evidence to support the auditor's opinion on internal financial controls over financial reporting as of year-end, and • To obtain sufficient evidence to support the auditor's control risk assessments for purposes of the audit of financial statements. 74. Obtaining sufficient evidence to support control risk assessments for purposes of the financial statement audit ordinarily allows the auditor to reduce the amount of audit work that otherwise would have been necessary to opine on the financial statements. Flowchart below Illustrates Typical Flow of Audit of Internal Financial Controls over Financial Reporting Assess and Manage Risk Manage Audit Engagement Identify significant Identify & Identify controls Identify P L A N N IN G understand Identify risk of which address risk applications, account balances/ significant flows material of material associated IT Start disclosure Items misstatements of transactions misstatements environment, 1 2 3 4 ITGC 5 E F F E C T IV E N E S S IM P L E M E N T A T IO N Assess audit impact and plan Appropriate other suitable procedures 8 D E S IG N & Assess the design Assess the design & Implementation ` Implementation of controls 6 of controls 7 of controls? Plan operative effectiveness testing 9 O P E R A T IN G Plan nature, timing Perform Assess findings and Form opinion on and extent of testing operative conclude on IFC operative 10 effectiveness 11 operative 13 12 effectiveness testing effectiveness R E P O R T IN G Form audit Assess impact on opinion on audit opinion financial End 14 statements 15 Prepare and Control Audit Documentation Continuous Focus on Audit Quality 822 Audit of Internal Financial Controls Internal Financial Controls over Financial Reporting - Flowchart legends Legend Technical guidance / Implementation guidance reference 1 Paragraph 94-99 & IG 2 2 IG 2 3 Paragraph 100-104 & IG 2 4 Paragraph 105-107 & IG 2 5 IG 2 & IG 4 6 Paragraph 108-109, IG 10, IG 11 & IG 12 7 Paragraph 108-109, IG 10, IG 11 & IG 12 8 Paragraph 128-136 9 Paragraph 110-111 & IG 13 10 Paragraph 110-111, IG 13 11 Paragraph 128-136 12 IG 13 13 Paragraph 153 - 164 14 Paragraph 157 - 164 15 Paragraph 163 & IG 20 Planning the Audit 75. The auditor should properly plan the audit of internal financial controls over financial reporting and properly supervise any assistants. The activities will include pre-engagement activities such as agreeing the terms of the engagement. (Refer Appendix I for illustrative format of the engagement letter). When planning a combined audit of internal financial controls over financial reporting and financial statements, the auditor should evaluate whether the following matters are important to the company's financial statements and internal financial controls over financial reporting and, if so, how they will affect the auditor's procedures: • Knowledge of the company's internal financial controls over financial reporting obtained during other engagements performed by the auditor; 823 Handbook of Auditing Pronouncements-II • Matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes; • Matters relating to the company's business, including its organisation, operating characteristics, and capital structure; • The extent of recent changes, if any, in the company, its operations, or its internal financial controls over financial reporting; • The auditor's preliminary judgements about materiality, risk, and other factors relating to the determination of material weaknesses; • Control deficiencies previously communicated to the audit committee or management by the auditor or the internal auditor; • Legal or regulatory matters of which the company is aware; • The type and extent of available evidence related to the effectiveness of the company's internal financial controls over financial reporting; • Preliminary judgements about the effectiveness of internal financial controls over financial reporting; • Public information about the company relevant to the evaluation of the likelihood of material financial statement misstatements and the effectiveness of the company's internal financial controls over financial reporting; • Knowledge about risks related to the company evaluated as part of the auditor's KYC guidelines; and • The relative complexity of the company's operations. Note: Many smaller companies have less complex operations. Additionally, some larger, complex companies may have less complex units or processes. Factors that might indicate less complex operations include: fewer business lines; less complex business processes and financial reporting systems; more centralised accounting functions; extensive involvement by senior management in the day-to-day activities of the business; and fewer levels of management, each with a wide span of control. Role of Risk Assessment 76. Risk assessment underlies the entire audit process described by this guidance, including the determination of significant accounts and disclosures and relevant assertions, the selection of controls to test, and the determination of the evidence necessary for a given control. 77. A direct relationship exists between the degree of risk that a significant deficiency or material weakness could exist in a particular area of the company's internal financial controls over financial reporting and the amount of audit attention that should be devoted to that area. In addition, the risk that a 824 Audit of Internal Financial Controls company's internal financial controls over financial reporting will fail to prevent or detect a misstatement caused by fraud usually is higher than the risk of failure to prevent or detect error. The auditor should focus more of his or her attention on the areas of highest risk. On the other hand, it is not necessary to test controls that, even if deficient, would not present a reasonable possibility of material misstatement to the financial statements. An illustrative list of risks of material misstatement, related control objectives and control activities is given in Appendix IV. 78. The complexity of the organisation, business unit, or process, will play an important role in the auditor's risk assessment and the determination of the necessary procedures. Further, the auditor needs to consider SA 315, for detailed procedures in connection with risk assessment. Customising the Audit 79. The size and complexity of the company, its business processes, and business units, may affect the way in which the company achieves many of its control objectives. The size and complexity of the company also might affect the risks of misstatement and the controls necessary to address those risks. Customising is most effective as a natural extension of the risk-based approach and applicable to the audits of all companies. Accordingly, a smaller, less complex company, or even a larger, less complex company might achieve its control objectives differently than a more complex company. Addressing the Risk of Fraud 80. When planning and performing the audit of internal financial controls, the auditor should take into account the results of his or her fraud risk assessment. As part of identifying and testing entity-level controls, as discussed beginning at paragraph 88 of this Section, and selecting other controls to test, as discussed beginning at paragraph 105 of this Section, the auditor should evaluate whether the company's controls sufficiently address identified risks of material misstatement due to fraud and controls intended to address the risk of management override of other controls. Controls that might address these risks include: • Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries; • Controls over journal entries and adjustments made in the period-end financial reporting process; • Controls over related party transactions; 825 Handbook of Auditing Pronouncements-II • Controls related to significant management estimates; and • Controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial results. 81. If the auditor identifies deficiencies in controls designed to prevent or detect fraud during the audit of internal financial controls over financial reporting, the auditor should take into account those deficiencies when developing his or her response to risks of material misstatement during the financial statement audit, as provided in SA 240 “The Auditor’s Responsibilities Relating to Fraud in An Audit of Financial Statements”. Further the auditor would also need to consider the requirements of other guidance issued by ICAI for the procedures to be performed in connection with fraud risk factors. Using the Work of Others (Refer IG 18) 82. The auditor should evaluate the extent to which he or she will use the work of others to reduce the work the auditor might otherwise perform himself or herself. SA 610 “Using the Work of Internal Auditors” and SA 620 “Using the Work of an Auditor’s Expert” apply in a combined audit of internal financial controls over financial reporting and financial statements. 83. Irrespective of the degree of autonomy and objectivity of the internal audit function, such function is not independent of the entity as is required of the auditor when expressing an opinion on financial statements and internal financial controls over financial reporting. The auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by the auditor’s use of the work of the internal auditors. 84. The auditor should assess the competence and objectivity of the persons whose work the auditor plans to use to determine the extent to which the auditor may use their work. The higher the degree of competence and objectivity, the greater use the auditor may make of the work. Note: For purposes of using the work of others, competence means the attainment and maintenance of a level of understanding and knowledge that enables that person to perform ably the tasks assigned to them, and objectivity means the ability to perform those tasks impartially and with intellectual honesty. To assess competence, the auditor should evaluate factors about the person's qualifications and ability to perform the work the auditor plans to use. To assess objectivity, the auditor should evaluate whether factors are present that either inhibit or promote a person's ability to perform with the necessary degree of objectivity the work the auditor plans to use. 826 Audit of Internal Financial Controls Note: The auditor should not use the work of persons who have a low degree of objectivity, regardless of their level of competence. Likewise, the auditor should not use the work of persons who have a low level of competence regardless of their degree of objectivity. Personnel whose core function is to serve as a testing or compliance authority at the company, such as internal auditors, normally are expected to have greater competence and objectivity in performing the type of work that will be useful to the auditor. 85. The extent to which the auditor may use the work of others in an audit of internal financial controls over financial reporting also depends on the risk associated with the control being tested. As the risk associated with a control increases, the need for the auditor to perform his or her own work on the control increases. Materiality 86. In planning the audit of internal financial controls over financial reporting, the auditor should use the same materiality considerations he or she would use in planning the audit of the company's annual financial statements as provided in SA 320 “Materiality in Planning and Performing an Audit”. Note: Since the audit of internal financial controls is in connection with the financial reporting, the concept of materiality will be applicable even in such audit. The auditor may consider materiality when he or she makes judgments about the size of misstatements that will be considered material. These judgments provide a basis for: (a) Determining the nature, timing and extent of risk assessment procedures; (b) Identifying and assessing the risks of material misstatement; (c) Identifying classes of transactions, account balances and disclosures that need to be considered for testing; and (d) Determining the nature, timing and extent of audit procedures. Using a Top-down Approach 87. The auditor should use a top-down approach to the audit of internal financial controls over financial reporting to select the controls to test. A top-down approach begins at the financial statement level and with the auditor's understanding of the overall risks to internal financial controls over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. This approach directs the auditor's attention to accounts, disclosures, and assertions that present a reasonable possibility of material misstatement to the financial statements and related disclosures. The auditor then verifies his or her 827 Handbook of Auditing Pronouncements-II understanding of the risks in the company's processes and selects for testing those controls that sufficiently address the assessed risk of misstatement to each relevant assertion. Note: The top-down approach describes the auditor's sequential thought process in identifying risks and the controls to test, not necessarily the order in which the auditor will perform the auditing procedures. Top-Down Approach to Internal Financial Controls Over Financial Reporting Identifying Entity-level Controls (Refer IG 5, IG 19.7, IG 19.8, 19.15 & 19.20) 88. The auditor must test those entity-level controls that are important to the auditor's conclusion about whether the company has effective internal financial controls over financial reporting. The auditor's evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise would have performed on other controls. 89. Entity-level controls vary in nature and precision: 828 Audit of Internal Financial Controls • Some entity-level controls, such as certain control environment controls, have an important, but indirect, effect on the likelihood that a misstatement will be detected or prevented on a timely basis. These controls might affect the other controls the auditor selects for testing and the nature, timing, and extent of procedures the auditor performs on other controls. • Some entity-level controls monitor the effectiveness of other controls. Such controls might be designed to identify possible breakdowns in lower-level controls, but not at a level of precision that would, by themselves, sufficiently address the assessed risk that misstatements to a relevant assertion will be prevented or detected on a timely basis. These controls when operating effectively, might allow the auditor to reduce the testing of other controls. • Some entity-level controls might be designed to operate at a level of precision that would adequately prevent or detect on a timely basis misstatements to one or more relevant assertions. If an entity-level control sufficiently addresses the assessed risk of misstatement, the auditor need not test additional controls relating to that risk. 90. Entity-level controls include: • Controls related to the control environment; • Controls over management override; Note: Controls over management override are important to effective internal financial controls over financial reporting for all companies, and may be particularly important at smaller companies because of the increased involvement of senior management in performing controls and in the period-end financial reporting process. For smaller companies, the controls that address the risk of management override might be different from those at a larger company. For example, a smaller company might rely on more detailed oversight by the audit committee that focuses on the risk of management override. Similarly, in case of a small company as defined in the 2013 Act, since there is no requirement for an Audit Committee, the Board of Directors could be providing such detailed oversight that focuses on the risk of management override. • The company's risk assessment process; • Centralised processing and controls, including shared service environments; (Refer IG 9) • Controls to monitor results of operations; • Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs; • Controls over the period-end financial reporting process; 829 Handbook of Auditing Pronouncements-II • Controls over recording of unusual transactions; and • Policies that address significant business control and risk management practices. 91. Control environment. Because of its importance to effective internal financial controls over financial reporting, the auditor must evaluate the control environment at the company. As part of evaluating the control environment, the auditor should assess: • Whether management's philosophy and operating style promote effective internal financial controls over financial reporting; • Whether sound integrity and ethical values, particularly of top management, are developed and understood; and • Whether the board or audit committee understands and exercises oversight responsibility over financial reporting and internal control. 92. Period-end financial reporting process. Because of its importance to the auditor's opinions on internal financial controls over financial reporting and the financial statements, the auditor must evaluate the period-end financial reporting process. The period-end financial reporting process includes the following: • Procedures used to enter transaction totals into the general ledger; • Procedures related to the selection and application of accounting policies; • Procedures used to initiate, authorise, record, and process journal entries in the general ledger; • Procedures used to record recurring and non-recurring adjustments to the annual and quarterly / interim financial statements / results, if any; • Procedures for preparing annual and quarterly financial statements and related disclosures. 93. As part of evaluating the period-end financial reporting process, the auditor should assess: • Inputs, procedures performed, and outputs of the processes the company uses to produce its annual and interim financial statements; • The extent of information technology ("IT") involvement in the period- end financial reporting process; • Who participates from management; • The locations involved in the period-end financial reporting process; • The types of adjusting and closing entries; and • The nature and extent of the oversight of the process by management, the board of directors, and the audit committee. 830 Audit of Internal Financial Controls Note: Because the annual period-end financial reporting process normally occurs after the balance sheet date, management's assessment of those controls usually cannot be tested until after the balance sheet date. Note: The auditor should obtain sufficient evidence of the effectiveness of those interim controls that are important to determining whether the company's controls sufficiently address the assessed risk of misstatement to each relevant assertion as of the interim balance sheet dates for the purpose of evaluating the annual period–end financial reporting process. However, the auditor is not required to obtain sufficient evidence for each interim period financial reporting process individually, since the auditor would be reporting on the adequacy and operating effectiveness of the internal financial controls over financial reporting as at the year-end balance sheet date. Identifying significant accounts and disclosures and their relevant assertions 94. The auditor should identify significant accounts and disclosures and their relevant assertions. Relevant assertions are those financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated. The financial statement assertions include: • Existence or occurrence; • Completeness; • Valuation or allocation; • Rights and obligations; • Assertions relating to presentation and disclosure 95. To identify significant accounts and disclosures and their relevant assertions, the auditor should evaluate the qualitative and quantitative risk factors related to the financial statement line items and disclosures. Risk factors relevant to the identification of significant accounts and disclosures and their relevant assertions include: • Size and composition of the account; • Susceptibility to misstatement due to errors or fraud; • Volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure; • Nature of the account or disclosure; • Accounting and reporting complexities associated with the account or disclosure; 831 Handbook of Auditing Pronouncements-II • Exposure to losses in the account; • Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure; • Existence of related party transactions in the account; and • Changes from the prior period in account or disclosure characteristics. 96. As part of identifying significant accounts and disclosures and their relevant assertions, the auditor should also determine the likely sources of potential misstatements that would cause the financial statements to be materially misstated. The auditor might determine the likely sources of potential misstatements by asking himself or herself "what could go wrong?" within a given significant account or disclosure. 97. The risk factors that the auditor should evaluate in the identification of significant accounts and disclosures and their relevant assertions are the same in the audit of internal financial controls over financial reporting as in the audit of the financial statements; accordingly, significant accounts and disclosures and their relevant assertions are the same for both audits. Note: In the financial statements audit, the auditor might perform substantive auditing procedures on financial statement accounts, disclosures and assertions that are determined not to be significant accounts, disclosures and relevant assertions. 98. The components of a potential significant account or disclosure might be subject to significantly differing risks. If so, different controls might be necessary to adequately address those risks. 99. When a company has multiple locations or business units, the auditor should identify significant accounts and disclosures and their relevant assertions based on the financial statements of the company as a whole. Having made those determinations, the auditor should then apply the guidance provided in paragraph IG 1 for multiple locations scoping decisions. Understanding likely sources of misstatement 100. To further understand the likely sources of potential misstatements, and as a part of selecting the controls to test, the auditor should achieve the following objectives: • Understand the flow of transactions related to the relevant assertions, including how these transactions are initiated, authorised, processed, and recorded; (Refer IG 2 and IG 3) • Verify that he/she has identified the points within the company's processes at which a misstatement – including a misstatement due to 832 Audit of Internal Financial Controls fraud – could arise that, individually or in combination with other misstatements, would be material; • Identify the controls that management has implemented to address these potential misstatements; and • Identify the controls that management has implemented over the prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could result in a material misstatement of the financial statements. An illustrative list of risks of material misstatement, related control objectives and control activities is given in Appendix IV. 101. Because of the degree of judgement required, the auditor should perform the procedures that achieve the objectives in paragraph 100 either by himself or herself or supervise the work of others who provide direct assistance to the auditor. 102. The auditor should also understand how Information Technology (IT) affects the company's flow of transactions. The auditor should apply the requirements of SA 315, which discuss the effect of information technology on internal financial controls and the risks to assess. (Refer IG 4) Note: The identification of risks and controls within IT is not a separate evaluation. Instead, it is an integral part of the top-down approach used to identify significant accounts and disclosures and their relevant assertions, and the controls to test, as well as to assess risk and allocate audit effort as described by this guidance. 103. Performing walkthroughs. Performing walkthroughs will frequently be the most effective way of achieving the objectives in paragraph 100. In performing a walkthrough, the auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records, using the same documents and information technology that company personnel use. Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and re-performance of controls. (Refer IG 12) 104. In performing a walkthrough, at the points at which important processing procedures occur, the auditor questions the company's personnel about their understanding of what is required by the company's prescribed procedures and controls. These probing questions, combined with the other walkthrough procedures, allow the auditor to gain a sufficient understanding of the process and to be able to identify important points at which a necessary control is missing or not designed effectively. Additionally, probing questions that go beyond a narrow focus on the single transaction used as the basis for the walkthrough 833 Handbook of Auditing Pronouncements-II allow the auditor to gain an understanding of the different types of significant transactions handled by the process. Selecting controls to test 105. The auditor should test those controls that are important to the auditor's conclusion about whether the company's controls sufficiently address the assessed risk of misstatement to each relevant assertion. 106. There might be more than one control that addresses the assessed risk of misstatement to a particular relevant assertion; conversely, one control might address the assessed risk of misstatement to more than one relevant assertion. It is neither necessary to test all controls related to a relevant assertion nor necessary to test redundant controls, unless redundancy is itself a control objective. 107. The decision as to whether a control should be selected for testing depends on which controls, individually or in combination, sufficiently address the assessed risk of misstatement to a given relevant assertion rather than on how the control is labeled (e.g., entity-level control, transaction-level control, control activity, monitoring control, preventive control, detective control). Testing controls-testing design effectiveness (Refer IG 11 and IG 12) 108. The auditor should test the design effectiveness of controls by determining whether the company's controls, if they are operated as prescribed by persons possessing the necessary authority and competence to perform the control effectively, satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements. This would also enable the auditor to conclude if the company has an adequate internal financial controls system over financial reporting in place. Note: A smaller, less complex company might achieve its control objectives in a different manner from a larger, more complex organisation. For example, a smaller, less complex company might have fewer employees in the accounting function, limiting opportunities to segregate duties and leading the company to implement alternative controls to achieve its control objectives. In such circumstances, the auditor should evaluate whether those alternative controls are effective. 109. Procedures the auditor performs to test design effectiveness include a mix of inquiry of appropriate personnel, observation of the company's operations, and inspection of relevant documentation. Walkthroughs that include these procedures ordinarily are sufficient to evaluate design effectiveness. 834 Audit of Internal Financial Controls Testing controls-testing operating effectiveness (Refer IG 13) 110. The auditor should test the operating effectiveness of a control by determining whether the control is operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively. Note: In some situations, particularly in smaller companies, a company might use a third party to provide assistance with certain financial reporting functions. When assessing the competence of personnel responsible for a company's financial reporting and associated controls, the auditor may take into account the combined competence of company personnel and other parties that assist with functions related to financial reporting. 111. Procedures the auditor performs to test operating effectiveness include a mix of inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and re-performance of the control. Relationship of risk to the evidence to be obtained 112. For each control selected for testing, the evidence necessary to persuade the auditor that the control is effective depends upon the risk associated with the control. The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a significant deficiency or material weakness would result. As the risk associated with the control being tested increases, the evidence that the auditor should obtain also increases. Note: Although the auditor must obtain evidence about the effectiveness of controls for each relevant assertion, the auditor is not responsible for obtaining sufficient evidence to support an opinion about the effectiveness of each individual control. Rather, the auditor's objective is to express an opinion on the company's overall internal financial controls over financial reporting. This allows the auditor to vary the evidence obtained regarding the effectiveness of individual controls selected for testing based on the risk associated with the individual control. 113. Factors that affect the risk associated with a control include: • The nature and materiality of misstatements that the control is intended to prevent or detect; • The inherent risk associated with the related account(s) and assertion(s); 835 Handbook of Auditing Pronouncements-II • Whether there have been changes in the volume or nature of transactions that might adversely affect control design or operating effectiveness; • Whether the account has a history of errors; • The effectiveness of entity-level controls, especially controls that monitor other controls; • The nature of the control and the frequency with which it operates; • The competence of the personnel who perform the control or monitor its performance and whether there have been changes in key personnel who perform the control or monitor its performance; (Refer IG 6) • The degree to which the control relies on the effectiveness of other controls (e.g., the control environment or information technology general controls); (Refer IG 7 and IG 8) • Whether the control relies on performance by an individual or is automated (i.e., an automated control would generally be expected to be lower risk if relevant information technology general controls are effective); and Note: A less complex company or business unit with simple business processes and centralised accounting operations might have relatively simple information systems that make greater use of off-the-shelf packaged software without modification. In the areas in which off-the-shelf software is used, the auditor's testing of information technology controls might focus on the application controls built into the pre-packaged software that management relies on to achieve its control objectives and the IT general controls that are important to the effective operation of those application controls. • The complexity of the control and the significance of the judgements that must be made in connection with its operation. Note: Generally, a conclusion that a control is not operating effectively can be supported by less evidence than is necessary to support a conclusion that a control is operating effectively. 114. When the auditor identifies deviations from the company's controls, he or she should determine the effect of the deviations on his or her assessment of the risk associated with the control being tested and the evidence to be obtained, as well as on the operating effectiveness of the control. Note: Because effective internal financial controls over financial reporting cannot, and does not, provide absolute assurance of achieving the company's control objectives over the period-end financial reporting process, an individual 836 Audit of Internal Financial Controls control does not necessarily have to operate without any deviation to be considered effective. 115. The evidence provided by the auditor's tests of the effectiveness of controls depends upon the mix of the nature, timing, and extent of the auditor's procedures. Further, for an individual control, different combinations of the nature, timing, and extent of testing may provide sufficient evidence in relation to the risk associated with the control. Note: Walkthroughs usually consist of a combination of inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and re-performance of the control and might provide sufficient evidence of operating effectiveness, depending on the risk associated with the control being tested, the specific procedures performed as part of the walkthrough and the results of those procedures. 116. Nature of tests of controls. Some types of tests, by their nature, produce greater evidence of the effectiveness of controls than other tests. The following tests that the auditor might perform are presented in order of the evidence that they ordinarily would produce, from least to most: inquiry, observation, inspection of relevant documentation, and re-performance of a control. (Refer IG 10) Note: Inquiry alone does not provide sufficient evidence to support a conclusion about the effectiveness of a control. 117. The nature of the tests of effectiveness that will provide competent evidence depends, to a large degree, on the nature of the control to be tested, including whether the operation of the control results in documentary evidence of its operation. Documentary evidence of the operation of some controls, such as management's philosophy and operating style, might not exist. Note: A smaller, less complex company or unit might have less formal documentation regarding the operation of its controls. In those situations, testing controls through inquiry combined with other procedures, such as observation of activities, inspection of less formal documentation, or re-performance of certain controls, might provide sufficient evidence about whether the control is effective. 118. Timing of tests of controls. Testing controls over a greater period of time provides more evidence of the effectiveness of controls than testing over a shorter period of time. Further, testing performed closer to the balance sheet date provides more evidence than testing performed earlier in the year. The auditor should balance performing the tests of controls closer to the balance sheet date with the need to test controls over a sufficient period of time to obtain sufficient evidence of operating effectiveness. (Refer IG 16) 837 Handbook of Auditing Pronouncements-II 119. Prior to the balance sheet date, management might implement changes to the company's controls to make them more effective or efficient or to address control deficiencies. If the auditor determines that the new controls achieve the related objectives of the control criteria and have been in effect for a sufficient period to permit the auditor to assess their design and operating effectiveness by performing tests of controls, he or she will not need to test the design and operating effectiveness of the superseded controls for purposes of expressing an opinion on internal financial controls over financial reporting. If the operating effectiveness of the superseded controls is important to the auditor's control risk assessment, the auditor should test the design and operating effectiveness of those superseded controls, as appropriate. (Refer IG 17) 120. Extent of tests of controls. The more extensively a control is tested, the greater the evidence obtained from that test. (Refer IG 14) 121. Roll forward procedures. When the auditor reports on the effectiveness of controls as of the balance sheet date and obtains evidence about the operating effectiveness of controls at an interim date, he or she should determine what additional evidence concerning the operation of the controls for the remaining period is necessary. (Refer IG 15) 122. The additional evidence that is necessary to update the results of testing from an interim date to the company's year-end depends on the following factors: • The specific control tested prior to the balance sheet date, including the risks associated with the control and the nature of the control, and the results of those tests; • The sufficiency of the evidence of effectiveness obtained at an interim date; • The length of the remaining period; and • The possibility that there have been any significant changes in internal financial controls subsequent to the interim date. Note: In some circumstances, such as when evaluation of the foregoing factors indicates a low risk that the controls are no longer effective during the roll- forward period, inquiry alone might be sufficient as a roll-forward procedure. Special considerations for subsequent years' audits (Refer IG 16 and IG 20) 123. In subsequent years' audits, the auditor should incorporate knowledge obtained during past audits he or she performed of the company's internal financial controls over financial reporting into the decision-making process for 838 Audit of Internal Financial Controls determining the nature, timing, and extent of testing necessary. This decision- making process is described in paragraphs 112 to 122. 124. Factors that affect the risk associated with a control in subsequent years' audits include those in paragraph 113 and the following: • The nature, timing, and extent of procedures performed in previous audits, • The results of the previous years' testing of the control, and • Whether there have been changes in the control or the process in which it operates since the previous audit. 125. After taking into account the risk factors identified in paragraphs 113 and 124, the additional information available in subsequent years' audits might permit the auditor to assess the risk as lower than in the initial year. This, in turn, might permit the auditor to reduce testing in subsequent years. When planning the nature, timing and extent of testing for reporting on internal financial controls over financial reporting in a subsequent year, the auditor is normally not expected to adopt a rotation / cyclical plan for testing controls i.e., the auditor cannot choose to defer testing of certain controls for the reason that they were tested in the immediate previous year. Rotation / cyclical plan for testing internal financial controls over financial reporting may be permitted in limited circumstances as more fully described in IG 16. 126. The auditor may also use a benchmarking strategy for automated application controls in subsequent years' audits. Benchmarking is described further beginning at paragraph IG 7.6. 127. In addition, the auditor should vary the nature, timing, and extent of testing of controls from year to year to introduce unpredictability into the testing and respond to changes in circumstances. For this reason, each year the auditor might test controls at a different interim period, increase or reduce the number and types of tests performed or change the combination of procedures used. Evaluating identified deficiencies 128. The auditor must evaluate the severity of each control deficiency that comes to his or her attention to determine whether the deficiencies, individually or in combination, are significant deficiencies or material weaknesses as of the balance sheet date. In planning and performing the audit, however, the auditor is not required to search for deficiencies that, individually or in combination, are less severe than a significant deficiency. Note: For purpose of this guidance, 839 Handbook of Auditing Pronouncements-II • A ‘deficiency’ in internal financial control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. • A ‘significant deficiency’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting that is important enough to merit attention of those charged with governance since there is a reasonable possibility that a misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. − A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met. − A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or competence to perform the control effectively. • A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. 129. The severity of a deficiency depends on: • Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure; and • The magnitude of the potential misstatement resulting from the deficiency or deficiencies. 130. The severity of a deficiency does not depend on whether a misstatement actually has occurred but rather on whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement. 131. Risk factors affect whether there is a reasonable possibility that a deficiency, or a combination of deficiencies, will result in a misstatement of an account balance or disclosure. The factors include, but are not limited to, the following: • The nature of the financial statement accounts, disclosures, and assertions involved; 840 Audit of Internal Financial Controls • The susceptibility of the related asset or liability to loss or fraud; • The subjectivity, complexity, or extent of judgement required to determine the amount involved; • The interaction or relationship of the control with other controls, including whether they are interdependent or redundant; • The interaction of the deficiencies; and • The possible future consequences of the deficiency. Note: The evaluation of whether a control deficiency presents a reasonable possibility of misstatement can be made without quantifying the probability of occurrence as a specific percentage or range. Note: Multiple control deficiencies that affect the same financial statement account balance or disclosure increase the likelihood of misstatement and may, in combination, constitute a material weakness, even though such deficiencies may individually be less severe. Therefore, the auditor should determine whether individual control deficiencies that affect the same significant account or disclosure, relevant assertion, or component of internal control collectively result in a material weakness. 132. Factors that affect the magnitude of the misstatement that might result from a deficiency or deficiencies in controls include, but are not limited to, the following: • The financial statement amounts or total of transactions exposed to the deficiency; and • The volume of activity in the account balance or class of transactions exposed to the deficiency that has occurred in the current period or that is expected in future periods. 133. In evaluating the magnitude of the potential misstatement, the maximum amount that an account balance or total of transactions can be overstated is generally the recorded amount, while understatements could be larger. Also, in many cases, the probability of a small misstatement will be greater than the probability of a large misstatement. 134. The auditor should evaluate the effect of compensating controls when determining whether a control deficiency or combination of deficiencies is a significant deficiency or material weakness. To have a mitigating effect, the compensating control should operate at a level of precision that would prevent or detect a misstatement that could be material. Indicators of Material Weakness 135. Indicators of material weaknesses in internal financial controls over financial reporting include: 841 Handbook of Auditing Pronouncements-II • Identification of fraud, whether or not material, on the part of senior management; • Errors observed in previously issued financial statements in the current financial year; • Identification by the auditor of a material misstatement of financial statements in the current period in circumstances that indicate that the misstatement would not have been detected by the company's internal financial controls over financial reporting; and • Ineffective oversight of the company's external financial reporting and internal financial controls over financial reporting by the company's audit committee. 136. When evaluating the severity of a deficiency, or combination of deficiencies, the auditor should also determine the level of detail and degree of assurance that would satisfy prudent officials in the conduct of their own affairs that they have reasonable assurance that transactions are recorded as necessary to permit the preparation of financial statements in conformity with generally accepted accounting principles. If the auditor determines that a deficiency, or combination of deficiencies, might prevent prudent officials in the conduct of their own affairs from concluding that they have reasonable assurance that transactions are recorded as necessary to permit the preparation of financial statements in conformity with generally accepted accounting principles, then the auditor should treat the deficiency, or combination of deficiencies, as an indicator of a material weaknesses. Communicating Certain Matters 137. The auditor must communicate, in writing, to management and those charged with governance all material weaknesses and any deficiencies, or combinations of deficiencies that are significant deficiencies identified during the audit. Where possible, the written communication should be made prior to the issuance of the auditor's report on internal financial controls over financial reporting to provide an opportunity for the company to remediate the material weakness. If such remediation is done before or as at the balance sheet date, the auditor could test the same before forming his/her final opinion. 138. Based on an evaluation of the implementation of the components of internal control which make up the system of internal financial controls over financial reporting established by the company, if the auditor concludes that the oversight of the company's external financial reporting and internal financial controls over financial reporting by the company's audit committee is ineffective, the auditor must communicate that conclusion in writing to the board of directors. 842 Audit of Internal Financial Controls 139. The auditor should also communicate to management, in writing, all deficiencies in internal financial controls over financial reporting (i.e., those deficiencies in internal financial controls over financial reporting that are of a lesser magnitude than significant deficiency) identified during the audit and inform the audit committee when such a communication has been made. When making this communication, it is not necessary for the auditor to repeat information about such deficiencies that has been included in previously issued written communications, whether those communications were made by the auditor, internal auditors, or others within the organisation. 140. The auditor is not required to perform procedures that are sufficient to identify all control deficiencies; rather, the auditor communicates deficiencies in internal financial controls over financial reporting of which he or she is aware. 141. Because the audit of internal financial controls over financial reporting does not provide the auditor with assurance that he or she has identified all deficiencies less severe than a significant deficiency, the auditor should not issue a report stating that no such deficiencies were noted during the audit. 142. With respect to communications relating to the audit of internal financial controls over financial reporting , the auditor should also consider and suitably adapt the requirements and principles of SA 260 “Communication with Those Charged with Governance” and SA 265 “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”. 143. When auditing internal financial controls over financial reporting, the auditor may become aware of fraud or possible illegal acts. In such circumstances, the auditor must determine his or her responsibilities under the Companies Act, 2013 and SA 240 and SA 250 “Consideration of Laws and Regulations in an Audit of Financial Statements”. Subsequent Events 144. Changes in internal financial controls over financial reporting or other factors that might significantly affect internal financial controls over financial reporting might occur subsequent to the date as of which internal financial controls over financial reporting is being audited but before the date of the auditor's report. The auditor should inquire of management whether there were any such changes or factors and obtain written representations from management relating to such matters, as described in paragraph 150. 145. To obtain additional information about whether changes have occurred that might affect the effectiveness of the company's internal financial controls over financial reporting and, therefore, the auditor's report, the auditor should inquire about and examine, for this subsequent period, the following: 843 Handbook of Auditing Pronouncements-II • Relevant internal audit (or similar functions, such as loan review in a financial institution) reports issued during the subsequent period, • Regulatory agency reports on the company's internal financial controls over financial reporting, and • Information about the effectiveness of the company's internal financial controls over financial reporting obtained through other engagements. 146. The auditor might inquire about and examine other documents for the subsequent period. SA 560 “Subsequent Events”, provides direction on subsequent events for a financial statement audit that may also be helpful to the auditor performing an audit of internal financial controls over financial reporting. 147. If the auditor obtains knowledge about subsequent events that materially and adversely affect the effectiveness of the company's internal financial controls over financial reporting as of the balance sheet date, the auditor should issue an adverse opinion on internal financial controls. If the auditor is unable to determine the effect of the subsequent event on the effectiveness of the company's internal financial controls over financial reporting, the auditor should disclaim an opinion. 148. The auditor may obtain knowledge about subsequent events with respect to conditions that did not exist at the date specified in the assessment but arose subsequent to that date and before issuance of the auditor's report. If a subsequent event of this type has a material effect on the company's internal financial controls reporting over financial reporting, the auditor should include in his or her report an explanatory paragraph describing the event and its effects. 149. After the issuance of the report on internal financial controls over financial reporting, the auditor may become aware of conditions that existed at the report date that might have affected the auditor's opinion had he or she been aware of them. The auditor's evaluation of such subsequent information is similar to the auditor's evaluation of information discovered subsequent to the date of the report on an audit of financial statements, as described in SA 560. Obtaining Written Representations 150. In an audit of internal financial controls over financial reporting, the auditor should obtain written representations from management: • Acknowledging management's responsibility for establishing and maintaining adequate internal financial controls over financial reporting that were operating effectively; • Stating that management has performed an evaluation and made an assessment of the adequacy and effectiveness of the company's 844 Audit of Internal Financial Controls internal financial controls over financial reporting and specifying the control criteria; • Stating that management did not use the auditor's procedures performed during the audits of internal financial controls over financial reporting or the financial statements as part of the basis for management's assessment of the adequacy and effectiveness of internal financial controls over financial reporting; • Stating management's conclusion, as set forth in its assessment, about the adequacy and effectiveness of the company's internal financial controls over financial reporting based on the control criteria as of the balance sheet date; • Stating that management has disclosed to the auditor all deficiencies in the design or operation of internal financial controls over financial reporting identified as part of management's evaluation, including separately disclosing to the auditor all such deficiencies that it believes to be significant deficiencies or material weaknesses in internal financial controls over financial reporting; • Describing any fraud resulting in a material misstatement to the company's financial statements and any other fraud that does not result in a material misstatement to the company's financial statements but involves senior management or management or other employees who have a significant role in the company's internal financial controls over financial reporting; • Stating whether control deficiencies identified and communicated to the audit committee during previous engagements pursuant to paragraphs 137 and 139 have been resolved, and specifically identifying any that have not; and • Stating whether there were, subsequent to the date being reported on, any changes in internal financial controls over financial reporting or other factors that might significantly affect internal financial controls over financial reporting, including any corrective actions taken by management with regard to significant deficiencies and material weaknesses. SA 580 “Written Representations” explains matters such as who should sign the letter, the period to be covered by the letter, and when to obtain an updated letter. (Refer Appendix II for illustrative format of the management representation letter) 151. Inability to obtain written representations from management, including management's refusal to furnish them, constitutes a limitation on the scope of the 845 Handbook of Auditing Pronouncements-II audit. When the scope of the audit is limited, the auditor should either disclaim the audit opinion or resign from the engagement. 152. Since the primary responsibility for establishing and maintaining an adequate internal financial controls system over financial reporting is that of the management and the board of directors of the company, the auditor should ensure that the board of directors approving the financial statements of the company also approve the management assertion and conclusion on the adequacy and operating effectiveness of internal financial controls over financial reporting and also take on record the deficiencies, significant deficiencies and material weaknesses identified by the management, internal auditors and the auditor. Note: Since the board report under Section 134 of the Act, which would include the directors responsibility statement, inter alia, on internal financial controls, may be prepared after the date of the audit report, it is essential that the auditor obtains the assertion of the board of directors on the internal financial controls over financial reporting prior to issuance of the audit report. Forming an Opinion (Refer IG 20) 153. The auditor should form an opinion on the adequacy and operating effectiveness of internal financial controls over financial reporting by evaluating evidence obtained from all sources, including the auditor's testing of controls, misstatements detected during the financial statement audit, and any identified control deficiencies. Note: As part of this evaluation, the auditor should review reports issued during the year by internal audit (or similar functions) that address controls related to internal financial controls over financial reporting and evaluate control deficiencies identified in those reports. 154. After forming an opinion on the adequacy and operating effectiveness of the company's internal financial controls over financial reporting, the auditor should evaluate the disclosures that the management and board of directors is required to make, under the Act on internal financial controls. In this connection, the auditor should apply the requirements of SA 720 “The Auditor’s Responsibility In Relation To Other Information In Documents Containing Audited Financial Statements” for matters relating to internal financial controls over financial reporting included in the documents of the Company. 155. If the auditor determines that any required elements of the board’s report on internal financial controls over financial reporting are incomplete or improperly presented, the auditor should follow the requirements of SA 720. 846 Audit of Internal Financial Controls 156. The auditor may form an opinion on the adequacy and operating effectiveness of internal financial controls over financial reporting only when there have been no restrictions on the scope of the auditor's work. A scope limitation requires the auditor to disclaim an opinion or withdraw from the engagement. Reporting on Internal Financial Controls over Financial Reporting 157. The auditor's report on the audit of internal financial controls over financial reporting must include the following elements: a. A title that includes the word independent; b. A statement that management is responsible for maintaining adequate and effective internal financial controls over financial reporting and for assessing the adequacy and effectiveness of internal financial controls over financial reporting as per the meaning of internal financial controls provided in the Act; c. An identification of the benchmark criteria used by the management for establishing internal financial controls over financial reporting; d. A statement that the auditor's responsibility is to express an opinion on the company's internal financial controls over financial reporting based on his or her audit; e. A statement that the audit was conducted in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting and the Standards on Auditing, to the extent applicable to an audit of internal financial controls over financial reporting, both issued by the Institute of Chartered Accountants of India; f. A statement that the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting and Standards on Auditing require that the auditor plan and perform the audit to obtain reasonable assurance about whether adequate and effective internal financial controls over financial reporting were maintained in all material respects; g. A statement that an audit includes obtaining an understanding of internal financial controls over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the adequacy and operating effectiveness of internal control over financial reporting based on the assessed risk, and performing such other procedures as the auditor considered necessary in the circumstances; h. A statement that the auditor believes the audit provides a reasonable basis for his or her opinion; 847 Handbook of Auditing Pronouncements-II i. A paragraph stating that, because of inherent limitations, internal financial controls over financial reporting may not prevent or detect misstatements and that projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate; Note: In an audit of financial statements, it is presumed that the going concern assumption for the company is appropriate and the auditor evaluates the appropriateness of such assumption. In case such assumption is not appropriate or a material uncertainty exists, the auditor is required to comply with the requirements of SA 570 “Going Concern”. Correspondingly, in an audit of internal financial controls over financial reporting, the auditor needs to make appropriate disclosures to state the inherent limitations on internal financial controls over financial reporting and the limitations in consideration of such controls operating as at the balance sheet date for the future operations of the company. j. The auditor's opinion on whether the company maintained, in all material respects, adequate internal financial controls over financial reporting and whether they were operating effectively as of the balance sheet date, based on the control criteria; k. The signature of the auditor with firm name, where applicable; l. The place and date of the audit report. Audit Report 158. The auditor may issue separate reports on the company's financial statements and on internal financial controls over financial reporting. 159. Examples of separate unmodified report on internal financial controls over financial reporting in the case of the standalone and consolidated financial statements are given in Appendix III – Example 1 and 5, respectively. 160. Examples of separate modified report on internal financial controls over financial reporting in the case of the standalone financial statements are given in Appendix III – Examples 2 to 4. Modified Opinion 161. Paragraphs 128 to 136 describe the evaluation of deficiencies. If there are deficiencies that, individually or in combination, result in one or more material weaknesses, the auditor must evaluate the need to express a modified opinion – qualified or adverse on the company's internal financial controls over financial reporting, unless there is a restriction on the scope of the engagement. 848 Audit of Internal Financial Controls 162. When expressing a modified opinion on internal financial controls because of material weakness, the auditor's report must include: • The definition of a material weakness as provided in this Guidance Note. • A statement that a material weakness has been identified. • A description of the material weakness, which should provide the users of the audit report with specific information about the nature of the material weakness and its actual and potential effect on the presentation of the company's financial statements issued during the existence of the weakness. 163. The auditor should determine the effect his or her modified opinion on internal financial controls over financial reporting has on his or her opinion on the financial statements. Additionally, the auditor should disclose whether his or her opinion on the financial statements was affected by the modified opinion on internal financial controls over financial reporting. (Refer IG 20) Note: When the auditor issues a separate report on internal financial controls over financial reporting in this circumstance, the disclosure required by this paragraph may be combined with the report language described in paragraphs 160 and 162. The auditor may present the combined language either as a separate paragraph or as part of the paragraph that identifies the material weakness. Report Date 164. The auditor should date the audit report no earlier than the date on which the auditor has obtained sufficient appropriate evidence to support the auditor's opinion. Because the auditor’s reporting on internal financial controls over financial reporting is specified in the same Section as that of the opinion on financial statements viz. Section 143(3) of the Act, the date of the audit report on internal financial controls over financial reporting should be the same as that of the date of the audit report on the financial statements. Audit Documentation 165. The auditor should document the work performed on internal financial controls over financial reporting such that it provides: (a) A sufficient and appropriate record of the basis for the auditor’s report; and (b) Evidence that the audit was planned and performed in accordance with this guidance, applicable Standards on Auditing and applicable legal and regulatory requirements. 849 Handbook of Auditing Pronouncements-II In this regard, the auditor should comply with the requirements of SA 230 “Audit Documentation” to the extent applicable. Considerations for Joint Audits and Branch Audits 166. Where applicable, the auditor should comply with the requirements of SA 299 “Responsibility of Joint Auditors” to the extent applicable when performing an audit of internal financial control over financial reporting. The following may be considered in case of both joint audits and branch audits, as applicable: (a) Division of work (b) Coordination (c) Relationship among joint auditor / branch auditor (d) Reporting responsibilities Considerations for using this Guidance for Internal Financial Controls Over Financial Reporting Assessments on behalf of Company’s Management 167. Any member or other professionals should consider this guidance to the extent applicable in carrying out internal financial control over financial reporting assessments on behalf of the company’s management. 850 SECTION V IMPLEMENTATION GUIDANCE7 IG 1 Multiple Locations Scoping Decisions (Refer Paragraph 99) IG 1.1 In determining the locations or business units at which to perform tests of controls, the auditor should assess the risk of material misstatement to the financial statements associated with the location or business unit and correlate the amount of audit attention devoted to the location or business unit with the degree of risk. Note: The auditor may eliminate from further consideration locations or business units that, individually or when aggregated with others, do not present a reasonable possibility of material misstatement to the company's financial statements. IG 1.2 In assessing and responding to risk, the auditor should test controls over specific risks that present a reasonable possibility of material misstatement to the company's financial statements. In lower-risk locations or business units, the auditor might first evaluate whether testing entity-level controls, including controls in place to provide assurance that appropriate controls exist throughout the organisation, provides the auditor with sufficient evidence. IG 1.3 In determining the locations or business units at which to perform tests of controls, the auditor may take into account work performed by others on behalf of management. For example, if the internal auditors' planned procedures include relevant audit work at various locations, the auditor may coordinate work with the internal auditors and plan the number of locations or business units at which the auditor would otherwise need to perform auditing procedures, subject to compliance with the requirements of SA 610 “Using the Work of Internal Auditors”. 7 The text shown in italics in this Section of the Guidance Note has been reproduced from the following documents issued by the Staff of the Public Company Accounting Oversight Board (PCAOB): Staff Views - An Audit Of Internal Control Over Financial Reporting That Is Integrated With An Audit Of Financial Statements: Guidance For Auditors Of Smaller Public Companies (January 2009) Staff Audit Practice Alert No. 11, Considerations for Audits of Internal Control Over Financial Reporting (October 2013) The copyright of the material so reproduced rests with the PCAOB. It may also be noted that the above cited documents are not “Rules” of the PCAOB per se and have not been approved by it. 851 Handbook of Auditing Pronouncements-II IG 1.4 The direction regarding special considerations for subsequent years' audits means that the auditor should vary the nature, timing, and extent of testing of controls at locations or business units from year to year. IG 1.5 Special Situations: The scope of the audit should include businesses that are acquired on or before the balance sheet date and operations that are accounted for as discontinued operations on the balance sheet date. IG 2 Process Flow Diagrams (Refer Paragraph 100) Understanding process flows IG 2.1 To enhance the understanding of the likely sources of potential misstatements, and as a part of selecting the controls to test, the auditor should achieve the following objectives: • Understand the flow of transactions related to the relevant assertions, including how these transactions are initiated, authorised, processed, and recorded; • Verify that he/she has identified the points within the company's processes at which a misstatement—including a misstatement due to fraud—could arise that, individually or in combination with other misstatements, would be material; • Identify the controls that management has implemented to address these potential misstatements; and • Identify the controls that management has implemented over the prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could result in a material misstatement of the financial statements. Information system relevant to financial reporting IG 2.2 The auditor should obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including: • The classes of transactions in the company's operations that are significant to the financial statements; • The procedures, within both automated and manual systems, by which those transactions are initiated, authorised, processed, recorded, and reported; • The related accounting records, supporting information, and specific accounts in the financial statements that are used to initiate, authorise, process, and record transactions; 852 Audit of Internal Financial Controls • How the information system captures events and conditions, other than transactions, that are significant to the financial statements; and • The period-end financial reporting process. Process flow diagrams IG 2.3 Process flow diagrams may be a helpful form of documentation for auditors to depict the process to initiate, authorise, process, record and report transactions; the points within the process at which misstatements could occur; and control activities that are designed to prevent or detect such misstatements, including providing greater transparency to segregation of duties. These diagrams also depict the relevant systems and Information Produced by the Entity (IPE). Refer figure below on sources and linkage of information for internal financial controls purposes: IG 2.4 When considering and reviewing the relevant information to developing process flow diagrams, the following questions may be helpful: • Who is involved in the process (e.g., departments, roles, and people)? • Are there segregations of duties that are relevant to the process? • What is the general objective of the processes and what are the related sub-processes? • When does the process occur? • Does the process involve, or impact, multiple locations? • What are the tasks within the process and in what sequence do they occur? 853 Handbook of Auditing Pronouncements-II • What are the points in the process at which a misstatement, including a misstatement due to fraud, could arise? • What control activities address the risks? • What IPE is involved? • How are application systems involved within the process? Audit-specific Elements to be Added to the Process Flow Diagram IG 2.5 Additional detail may be added to represent the audit-specific elements. The following are the general steps for consideration: 1. Insertion of risks of material misstatement a. The auditor may insert symbols for risk of material misstatement at the point(s) in the process flow where the risk is present. It is possible that, due to the nature of the risk of material misstatement, it may appear at multiple points in the process flow diagram. b. The auditor may use different symbols for significant and normal risk of material misstatement as necessary. 2. Attaching control activity symbols a. Symbols may be placed for control activity that address risks of material misstatement on the diagram. b. Automated and manual control symbols may be used as necessary 3. Identification of applications in the process flow diagram a. If a task relies on an application system when performing an action, the auditor may use a symbol for such applications on the diagram b. If formatting and space allows, the auditor may attach the application symbol directly on the task which it relates 4. Associating the IPE symbol where appropriate a. If IPE is used in the execution of a control activity or IPE that is produced as part of the process that is important to the audit (e.g., IPE that an auditor uses in his or her substantive procedures), the auditor may attach a separate symbol for the IPE as a document symbol. 854 Audit of Internal Financial Controls System Overview Diagrams IG 2.6 The information system relevant to financial reporting can be complex; a visual representation may assist the auditor in understanding how information flows between systems related to the financial transactions of the entity. IG 2.7 For complex entities, several system overview diagrams may be useful to depict the different systems relevant for a particular process (or across processes). A system overview diagram may also be useful when system complexities and interrelationships demand more visual space to depict the systems that are relevant to the process. IG 2.8 The following types of information may be useful in this process: • Applications relevant to the audit; • Service providers, or service provider systems, involved in entity processes that are determined to be relevant to the audit (e.g., a payroll service organisation and the outsourced systems relevant to the process). IPE diagrams IG 2.9 When a control activity is dependent upon IPE that is generated from systems or other sources, it is important that the auditor understands what could go wrong in the generation of the IPE. Illustrative diagrams that depict the auditor’s understanding of the report logic, parameters, and source data may be helpful when trying to understand and articulate the risks related to IPE. IG 2.10 It may be helpful to involve Information Technology (IT) specialists in the creation of IPE diagrams, especially if the IPE is system generated, as much of the information may be generated from the IT systems of the entity. It is important that IT specialists collaborate with the auditors who use the IPE for audit purposes so everyone gains an appropriate understanding of the purpose and intended use of the IPE. IG 2.11 IPE may be relevant to the audit due to its relationship with the auditor’s tests of controls or substantive procedures. The following are the general reasons that IPE is relevant to the audit: • IPE is used by entity personnel to perform a relevant control. • IPE is used by the auditor to test a relevant control. • IPE is used by the auditor to perform substantive procedures. IG 2.12 Regardless of the use of the IPE in the context of an audit, the auditor may consider creating IPE diagrams to document his or her understanding of the 855 Handbook of Auditing Pronouncements-II IPE and assist in determining appropriate procedures to test the accuracy and completeness of the information. IG 2.13 The following general steps to be performed by auditors to build an IPE diagram assume that the auditor has already identified relevant IPE to the audit: Step 1 — Identification of and Understanding Report Logic and Parameters The auditor should begin by obtaining an understanding of the business purposes of the IPE. Before gaining a detailed understanding of the parameters and report logic, it may be helpful to understand what specific information in the IPE is relevant to the audit. Auditors may then proceed to identify inputs that could impact the IPE and determine how the IPE is used during the performance of the control activity. IPE parameters — the criterion for selecting data, such as date ranges, company codes, or specified thresholds: • If the IPE can be modified by the user to produce a desired or different result, then parameters most likely are used in the generation of the IPE. • The auditor should determine what parameters are available and have a direct impact to the information that is produced. IPE report logic — the computer code that contains the algorithms for creating the report: • The auditor should have discussions with the business users and technical owners of the IPE. He should understand what information is generated and gain an understanding of how the logic was developed to create the output. • The auditor should gain an understanding if the IPE is generated through custom or standard reporting capabilities of the system. The auditor should identify if there are general IT controls that address the risks arising from IT relevant to the system that generates the IPE. Step 2 — Identification and Understanding Source Data After understanding the report logic associated with IPE, it is also necessary for the auditor to consider the accuracy and completeness of source data. As the engagement teams begin to understand the source data used in the generation of a report, it is important that they consider the accuracy of the data for their intended use. The overall goal of developing IPE diagrams is to help understand and evaluate how the IPE might be inaccurate or incomplete. If the source data is not appropriate for its intended use, indicate the same in the IPE diagram and describe further details in annotation to inform others as to the challenges that might exist. 856 Audit of Internal Financial Controls It is also important for the auditor to determine the origination of the IPE data source (e.g., tables), if applicable, and annotate such in the IPE diagram. For example, while IPE information may be extracted from a single reporting table in a system, the reporting table may have been created by consolidating information from several other system tables. Depicting the relationships between the tables that ultimately generate the IPE is important when understanding and evaluating the risks that the IPE might be inaccurate or incomplete because of issues related to source data. Such interrelationship of the source data in the IPE diagram should be depicted by the auditor. Step 3 — Building the IPE Diagrams After the IPE parameters, report logic and source data have been understood, the auditor can develop the IPE diagram. The following basic elements may be depicted in the diagram to represent the auditor’s understanding of the IPE: • IPE parameters - Identification of relevant parameters that impact the results of the IPE. - Common parameter combinations used to generate IPE (if there are recurring uses). • IPE logic - Identification of standard or custom IPE logic. - Location information on where the source logic is maintained in the system. - If a benchmarking strategy is used to test logic, identification of the date that logic was last changed. - Information that indicates whether general IT controls are relevant. • IPE source data - Relevant application systems. - Sources of information used to generate IPE (e.g., system tables). - Information that indicates whether general IT controls are relevant. - If general IT controls are not relevant, document alternative methods for validating the accuracy and completeness of the data. 857 Handbook of Auditing Pronouncements-II • Reference to IPE on process flow diagram, if applicable. Automated control diagrams IG 2.14 When automated control activities exist, it may be relatively easy to describe broadly how they function; however, it can be difficult to describe the detailed attributes of the control that are relevant to the audit and how they operate in sufficient detail to facilitate designing effective tests of such controls. Pictorial diagrams may enhance the auditor’s understanding of how automated control activities are designed to address risks of material misstatement, and may therefore better facilitate planning effective tests of such controls. The purpose of the automated control diagram is to demonstrate how the control operates logically to prevent or detect risks of material misstatement from occurring. The following general steps are helpful into building an automated control diagram: Step 1 — Understanding Relevant Automated Controls The auditor should begin by obtaining an understanding of the purposes of the automated control; he may consider performing the following: • Have discussions with the business process owners and technical owners who interact with the automated control. • Understand what the system is evaluating to prevent or detect errors from occurring. Identify if the automated control logic can be applied differently across the entity based on changing the configurations. • Identify if there are general IT controls that address the risks arising from IT relevant to the application system with automated controls. Step 2 — Building the Automated Control Diagram After the automated controls are understood, the automated control diagram can be developed. The following basic elements may be depicted on the diagram to represent the auditor’s understanding of the automated control: • Control activity reference - Depicting control activities in the form of task boxes with a description of the action enforced by the automated control. - Connecting the automated control symbol to the task box and use the same reference number that is depicted on the process flow diagram. • System references 858 Audit of Internal Financial Controls - Depicting systems on the diagram when associated with a control activity task. - If data sources are shown in the diagram, depicting the source system. • Automated control logic - The auditor should document what the automated control relies upon from a logic perspective to perform the desired action. - The auditor should illustrate what happens as a result of the automated control; decision boxes show what the possible paths might be based on the conditions that could be met. Validate understanding IG 2.15 A final step in developing the process flow diagrams, as well as any other supplemental diagrams, is to validate the auditor’s understanding and determine whether the diagrams are accurate and complete for their intended purpose. Because processes can be complex and multiple information sources may be used in the development of supporting diagrams, it is important to validate the consistency of the diagrams with other sources of information used during the audit to determine that the auditor’s understanding is consistent with respect to the identified risks of material misstatement, control activities, and IPE. Figure 859 Handbook of Auditing Pronouncements-II The auditor’s process flow diagrams may also be reviewed with the entity personnel to validate that they accurately represent the entity’s processes. Discussions with the entity using graphical representations of their process flows may lead to further enhancement of the auditor’s understanding of the entity, their flow of transactions, and the likely sources of misstatement (for a combined audit of internal financial controls over financial reporting and financial statements), and in some cases might necessitate revisions to the auditor’s first drafts of the process flow diagrams. As part of the risk assessment procedures, evaluate process flow diagrams, and other supplemental diagrams, on an on-going basis and update as necessary. As the entity evolves and changes its systems, controls, and business processes, the risks of material misstatement might change, thereby leading to an update of the auditor’s process flow diagrams. Illustrative example of process flow documentation for revenue business cycle IG 2.16 Below is the detailed illustrative example of process flow diagrams for the Revenue process (which assumes an automated application system (ERP) used by the entity). The Revenue process covers the following sub-processes: Order Processing, Shipping and Invoicing, and Sales Returns. This illustrative example consists of three process flow diagrams and related narratives: • Diagram 1 — Order Processing • Diagram 2 — Shipping and Invoicing • Diagram 3 — Sales Returns • Revenue Narrative 1 — Order Processing • Revenue Narrative 2 — Shipping and Invoicing • Revenue Narrative 3 — Sales Returns 860 Audit of Internal Financial Controls Diagram 1 — Order Processing Revenue Narrative 1 — Order Processing Orders can be received via fax, mail, email, or phone. Customer Service Associates are responsible for monitoring incoming orders that arrive at the Business Centre. All faxes and postal mail are electronically converted by Customer Service Associates. Phone-based orders are directed to a central call number which rings the next available Customer Service Associate to take order information. All orders must be created with reference to a customer that is established in the customer master file within SAP. If an order is received for a non-existent account, the new account procedure is followed, whereby a Credit Analyst reviews credit worthiness based on a Dun & Bradstreet credit report. In the event that a decision is taken to not extend credit, the processing of the order ends and the customer is contacted to inform them of the credit decision. If credit is extended to the customer, the Credit Analyst creates a new customer in the customer master file and notifies the Customer Service Associates to process the order. When entering an order, "Sold to" and "Ship to" fields must be populated with a valid customer number that matches an existing customer number established in the customer master file. Sales and payment terms are automatically populated 861 Handbook of Auditing Pronouncements-II through the information contained in the customer master file in SAP (R_REV_1). All line items on the sales order are systematically populated based on the information in the master pricing file (R_REV_1). Sales orders are configured with the following key mandatory fields: Sales Order Type (Rush Order or Stock Order), Order Source (fax, mail, email, phone), Sales Organisation, Sold to/Ship to account numbers, item quantities, material numbers, and purchase order number. The balance of the information is automatically extracted from the customer master or pricing master file records. Sales to customers with non-standard payment or shipping terms are automatically flagged in SAP; the flags are used in the shipping and invoicing process to generate exception reports for management to review. Pricing for each customer may be different based on negotiated contracts which are configured against the master pricing file with customer-specific discounts applied. For orders on hold due to an account or credit hold, the credit department is notified. A Credit Analyst will review the hold and make a determination if the hold can be resolved. If the hold cannot be resolved, the Credit Analyst will contact the customer and notify them of order cancellation, ending the order entry process. If the hold can be resolved after investigation, the Credit Analyst will release the hold and submit the order to the Customer Service Manager to review. All processed orders must be reviewed and approved by the Customer Service Manager prior to being submitted to the shipping and invoicing process. If any errors are noted, they are resolved by the Customer Service Associates and resubmitted through the process. After the order is approved, the sales order is released and updated in SAP (R_REV_1). The following is the IPE identified in the process flow: • Orders Shipped Log (REV-IPE1) 862 Audit of Internal Financial Controls Diagram 2 — Shipping and Invoicing Revenue narrative 2 — Shipping and Invoicing After the sales order is approved, the data is transferred automatically from the order entry system to the shipping and invoicing modules in SAP. Outgoing inventory lists are printed by the stockroom personnel. Outgoing inventory list quantities are populated systematically based on information defined in the approved sales orders. The product is pulled from the warehouse by shipping personnel based on the information defined on the outgoing inventory lists. Shipping personnel will verify the information, such as item and quantity, and then package the items in preparation of shipment. After the order is prepared for shipment, the bill of lading is printed with the carrier information recorded on the document; a carbon copy is forwarded on to shipping data entry personnel where the order is confirmed as shipped, completing the shipping process within the system (R_REV_1). Shipments of goods to customers are logged just prior to marking the orders as shipped in SAP; this is completed by taking carbon copies of the bill of lading documents 863 Handbook of Auditing Pronouncements-II and manually logging them in a spreadsheet that is maintained by the shipping clerks. The spreadsheet is referred to as the "Orders Shipped Log." Once marked as shipped, line items in the sales order will change automatically in the system, which will result in closing the shipped lines and staging of the line items to be invoiced (R_REV_4). Only the lines on the sales order that ship will be invoiced. Open lines are back-ordered and will remain open until those items are shipped. The only other way to close a line on an order is to reject the line(s), which requires approval by a Customer Service Manager. The SAP system compiles the staged invoices on a daily basis in a "Daily Open Invoice Report." The Orders Shipped Log and the Daily Open Invoice Report are both reviewed by the Warehouse Director on a daily basis to validate that all orders shipped have also been included in the invoicing batch. The Warehouse Director matches the shipments recorded in the Daily Open Invoice Report to the shipments logged in the manual Orders Shipped Log as being shipped to a customer (C_REV_3). If differences are noted, the Warehouse Director works with shipping personnel to ensure shipments are recorded in the system accurately. If no differences are noted, the batch is approved in SAP for invoice processing. Invoicing is performed nightly in SAP through a systematic batch process. The SAP system performs a 3-way match; invoices can only be processed when there is a systematic matching of the purchase order, bill of lading/shipped status, and completing a 3-way match to generate the invoice (C_REV_1 | R_REV_3). The invoice generation process updates the general ledger, records the sale (recognises the revenue) and the receivable, relieves the inventory, and records cost of goods sold. As part of the nightly batch process, the SAP system generates a report that lists every flagged transaction that contained non- standard sales or shipping terms. This report is called the "Non-standard Transaction Report" (R_REV_5). Revenue is recognised at the time of invoicing because the Company’s standard sales terms are defined as free on board (FOB) shipping point. At the end of the month, the Accounting Manager reviews all non-standard transaction reports on a daily basis that were generated during the month; any non-standard sales terms (e.g., FOB destination) are reviewed in detail to ensure sales are classified properly under GAAP (C_REV_2 | R_REV_1). If corrections are necessary, the Accounting Manager makes manual adjustments to reflect proper GAAP classification of the transaction. After non-standard terms are reviewed, the Accounting Manager samples 50 sales transactions to evaluate the coding, supporting documentation, and journal entries made to the general ledger for all sales that are booked; any non-standard coding is reviewed in detail and resolved to ensure sales are classified properly under GAAP (C_REV_4 | 864 Audit of Internal Financial Controls R_REV_1). If corrections are necessary, the Accounting Manager makes manual adjustments necessary to reflect proper GAAP classification of the transaction. On quarterly basis, once the financial statements have been compiled, the Controller performs a review of the financial statements, including all footnote disclosures. Included in this review are the sales-related disclosures in the footnotes of the financial statements. As part of this review, the Controller checks references to supporting documents (R_PDI_38 | R_PDI_39 | C_PDI_1). The following is the IPE identified in the process flow: • Daily Open Invoice Report (REV-IPE2) Diagram 3 — Sales Returns Revenue narrative 3 — Sales returns Customer Service Associates receive requests for return of product. Customer Service Associates enter information into SAP at the time of request and use the original invoice number as a unique lookup code to generate base information for the return. SAP generates the Return Merchandise Authorisation (RMA) with unique number and listing of material(s) requested to be returned, with pricing obtained from original invoice data. 865 Handbook of Auditing Pronouncements-II Upon receipt of the returned items, receiving personnel inspect the items and compare them to the RMA (R_REV_8). Receiving personnel enter goods receipts within SAP to record the quantity received for the sales return associated with the RMA (C_REV_6). If there are differences or damaged returns, the RMA is forwarded to the Claims Group for review and approval. All RMAs are submitted to the Customer Service Manager for final review and approval of the return based on review against goods receipt information in SAP (R_REV_6) (R_REV_9). Upon approval of the RMA in the SAP system, a credit memo is generated systematically based on pricing information obtained from the original invoice that was recorded on the RMA (R_REV_7 | C_REV_7). Based on the credit memo that is issued, SAP automatically adjusts the general ledger to reverse the sales transaction; accounts receivable, sales, inventory, and cost of goods sold are reversed for the returned goods. On a weekly basis, the Customer Service Director reviews the return details on the Goods Receipt information within SAP against the credit notes issued to determine that credits were issued in accordance with company policy. Any differences are resolved and corrective actions are taken (C_REV_5). On a monthly basis, the Accounting Clerk evaluates the end-of-month position on returns through discussions with Customer Service Associates. If any significant pending returns are known but not recorded, a specific reserve is created to cover the anticipated exposure. The Accounting Clerk creates the journal entries in SAP to book the monthly return reserve; the Accounting Manager must post/approve the journal entry to record the reserve (R_REV_10 | C_REC_4). On a monthly basis, the Accounting Manager obtains representations from the Customer Service Director who handles sales orders and credit notes. The representations are obtained to indicate that no verbal or unrecorded credit memos exist that have not been reported to finance management (R_REV_2, R_REV_7 | C_REC_3). After receiving the representations on unrecorded credit memos, the Accounting Clerk prepares a schedule of credit memos issued 3 days before and after the end of the month for analysis and review to make certain the sales and returns are recorded in the appropriate accounting period (R_REV_11). The Accounting Manager reviews and approves the schedule to ensure that sales returns are recorded in the correct period (C_REV_8) (C_REC_1). If any issues are noted regarding the cut-off or completeness of the sales returns, necessary adjustments are made by the Accounting department and support documentation is maintained. The following is the IPE identified in the process flow: • Non-standard Transaction Report (REV-IPE3) 866 Audit of Internal Financial Controls IG 3 Difference between Process and Control (Refer Paragraph 100) IG 3.1 Process and controls are two very different aspects. Often they are used interchangeably; hence it is important to understand the difference between them. A Process describes the action of taking a transaction or an event through an established and usually a routine set of procedures or steps. A Control is an action or activity taken to prevent or detect misstatements within the process. The following examples distinguish a process from a control: Example 1: Control description: Company engages an Actuary Firm to prepare the actuarial report. Pitfall: Hiring a specialist may add competency to management’s control and is a process, but it is not a control in itself. Improved control description: Management reviews and discusses the Actuarial Report, including key assumptions, with the specialist to assess the appropriateness of the assumptions and conclusions reached. Example 2: Control description: The Financial Controller prepares a memo documenting the basis for the entity’s conclusions regarding impairment. Pitfall: Preparing an analysis is typically a process step and not a control; the control is the activities performed to verify that the analysis is appropriate. Improved control description: The CFO reviews the Impairment Analysis Memo and supporting documentation prepared by the Controller to assess the appropriateness of the conclusions reached. Example 3: Control description: The billed revenue file is summarised at the month end and the total is recorded into revenue. Pitfall: Recording an event or transaction is a process step; the control is the activity that is performed to verify that the recording was appropriately performed. Improved control description: The Accounting Manager verifies that the billed revenue was properly recorded to revenue by comparing the billed revenue file to the revenue recorded in the general ledger. 867 Handbook of Auditing Pronouncements-II Example 4: Control description: When new contracts are entered into or existing contracts are modified, the accounting manager determines and documents in a memo, the applicable revenue recognition model to be used for the contract. Pitfall: Determining the revenue recognition model and documenting the same are process steps. They do not have any preventive or detective action steps. Improved control description: The controller reviews and approves the revenue recognition memo prepared by the accounting manager. As part of the review process, the controller reads all the relevant excerpts from the contract and applicable professional standards as well as reviews and challenges, as appropriate, the conclusions documented in the memo. IG 4 Understanding IT Environment (Refer Paragraph 102) IG 4.1 Based on the identification of the relevant flows of transactions or processes, the auditor also identifies the relevant IT environment related to those flows or processes to understand the effect of IT and the risks arising from IT. The term IT environment includes both the application systems and the IT infrastructure supporting those applications systems, including the database, operating system and network. IG 4.2 The auditor identifies the relevant applications and IT infrastructure to identify the relevant risks arising from IT (IT risks) that need to be addressed for purposes of opining on internal financial controls and for purposes of being able to use a control reliance strategy for those accounts that are impacted by the IT risks (i.e., those accounts where the risks of material misstatement are addressed by controls that are dependent upon the relevant application systems and IT infrastructure.) He or she then identifies and tests the relevant general IT controls that address those IT risks. The relationship between risks of material misstatement, IT risks and relevant GITCs is depicted in figure below. 868 Audit of Internal Financial Controls IG 4.3 The auditor’s procedures related to IT risks and controls are performed in the context of the relevant flows of transactions related to significant accounts and disclosures. In other words, the auditor is not required to obtain an understanding of all the entity’s IT systems; instead, he or she focuses on those aspects of the entity’s IT environment that may pose risks to the entity’s financial statements. Even when a control-reliance strategy is not planned, the auditor’s understanding of IT’s role in the entity’s processes is important to the identification and assessment of risks of material misstatement and to plan further substantive procedures. IG 4.4 The auditor should obtain an understanding of the information system, including the related business processes relevant to financial reporting, including the following areas: • The classes of transactions in the entity’s operations that are significant to the financial statements. • The procedures within both IT and manual systems by which those transactions are initiated, authorised, recorded, processed, corrected as necessary, transferred to the general ledger, and reported in the financial statements. • The related accounting records supporting information and specific accounts in the financial statements that are used to initiate, authorise, record, process, and report transactions. This includes the correction of incorrect information and how information is transferred to the general ledger. The records may be in either manual or electronic form. • How the information system captures events and conditions, other than transactions, that are significant to the financial statements. • The financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures. • Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions, or adjustments. IG 4.5 The diagram below depicts a typical IT environment, including the relationship between the significant accounts and disclosures, the related flow of transactions, the related application systems, the IT infrastructure supporting those applications, and the relevant GITCs, modified to align with the auditor’s terminology. Notably, the diagram illustrates that the identification of the relevant aspects of the IT environment follows the auditor’s identification of significant accounts and disclosures, further emphasising that the relevant aspects of the IT 869 Handbook of Auditing Pronouncements-II environment are identified based on the effect they may have on the entity’s internal control, and ultimately on the financial statements. IG 4.6 In understanding the entity’s control activities, the auditor should obtain an understanding of how the entity has responded to risks arising from IT. IT also poses specific risks to an entity’s internal control, including, for example: • Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both. • Unauthorised access to data that may result in destruction of data or improper changes to data, including the recording of unauthorised or non-existent transactions or inaccurate recording of transactions. Particular risks may arise when multiple users access a common database. • The possibility of IT personnel gaining access privileges beyond those necessary to perform their assigned duties, thereby breaking down segregation of duties. • Unauthorised changes to data in master files. • Unauthorised changes to systems or programs. • Failure to make necessary changes to systems or programs. • Inappropriate manual intervention. 870 Audit of Internal Financial Controls • Potential loss of data or inability to access data as required. Understanding general information technology controls (GITCs) IG 4.7 General IT controls are policies and procedures that relate to many applications and support the effective functioning of application controls. They apply to mainframe, miniframe, and end-user environments. General IT controls that maintain the integrity of information and security of data commonly include controls over the following: • Data centre and network operations. • System software acquisition, change, and maintenance. • Program change. • Access security. • Application system acquisition, development, and maintenance. IG 4.8 GITCs include controls in the three areas of access security, system change control, and data centre and network operations. GITCs also include controls over each of the relevant technology elements within the entity’s IT environment, including the application systems, databases, operating systems, and networks. As depicted in Figure below, GITCs are typically structured such that there are similar controls in place for each of the GITC areas across each of the technology elements. Access security IG 4.9 GITCs related to access security include logical access controls to prevent or detect unauthorised use of, and changes to, data, systems, or programs, including the establishment of system-based segregation of duties. IG 4.10 An entity will typically have numerous controls in place to address logical access security, such as implementing user authentication to its systems 871 Handbook of Auditing Pronouncements-II through the use of unique user IDs and passwords; controlling the process for assigning, modifying, and terminating user access; monitoring the use of privileged-level access; and periodically reviewing user access privileges for appropriateness. IG 4.11 Entities also control access to their systems through establishing segregation of duties controls. From an IT perspective, the auditor typically considers segregation of duties as it relates to each of the following types of users: • End user system access — End users may be defined as entity personnel outside of the IT department who use the entity’s application system (e.g., to process transactions or perform controls related to significant accounts and disclosures). For example, a control over end-user access that prevents a single user from having access to both enter and approve journal entries may address risks of material misstatement related to the recording of fictitious or fraudulent journal entries for various significant accounts and disclosures. • IT personnel system access — IT personnel may be defined as entity personnel responsible for administering the entity’s IT systems (e.g., system administrators, security administrators). Segregation of duties controls over IT personnel system access are typically controls that address IT risks. It is typically appropriate for the auditor to test segregation of duties whenever testing user access to the entity’s IT systems. For example, a control over IT personnel system access that prevents a single IT system administrator from having access to both make changes to systems and promote those changes to the production environment may address an IT risk related to the promotion of unauthorised changes into the production environment, resulting in inappropriate modifications to systems or data. System change control IG 4.12 GITCs related to system change control include controls within the following categories: • Program change: Controls to provide assurance that changes to the application systems and database management systems are implemented in a controlled manner. • System software acquisition, change and maintenance: Controls to provide that network and communication software, systems software, and hardware are effectively acquired, changed, and maintained. 872 Audit of Internal Financial Controls • Application system acquisition, development, and maintenance: Controls to provide that application systems and database management systems are effectively acquired, developed, implemented, and maintained. System change controls address implementation and integration of programs or systems within the IT environment to verify the integrity of processing, performance, and controls over the computerised application systems that it supports. Data centre and network operations IG 4.13 GITCs related to data centre and network operations include controls to provide for the integrity of information as it is processed, stored, or communicated by the relevant aspects of the IT infrastructure. IG 5 Entity-level Controls (ELCs) (Refer Paragraph 88-93) IG 5.1 ELCs may be categorised into three “buckets”. These “buckets” align with the distinction of direct controls and indirect controls and are described as follows: • Indirect entity-level controls — Those ELCs that do not themselves directly address risks of material misstatement at the account/assertion level but are important to effective internal control and therefore relevant in an audit of internal financial controls. These include controls that typically fall within the control environment, risk assessment, monitoring, and information and communication components of internal control system, including the general IT controls. • Direct entity-level controls that are not precise enough — Those ELCs that directly address a risk of material misstatement but are not precise enough on their own to fully address a risk of material misstatement at the account/assertion level. While the auditor may identify these as relevant controls and test them, the auditor should also identify and test the effectiveness of other controls that in combination with the entity-level control address the risk of material misstatement. • Direct entity-level controls that are precise enough — Those ELCs that directly address a risk of material misstatement at the account/assertion level and are precise enough on their own to fully address the risks of material misstatements. IG 5.2 Entity-level controls vary in nature and precision: • Some entity-level controls, such as certain control environment controls, have an important, but indirect, effect on the likelihood that a misstatement will be detected or prevented on a timely basis. These controls might affect the other controls the auditor selects for 873 Handbook of Auditing Pronouncements-II testing and the nature, timing, and extent of procedures the auditor performs on other controls. • Some entity-level controls monitor the effectiveness of other controls. Such controls might be designed to identify possible breakdowns in lower level controls, but not at a level of precision that would, by themselves, sufficiently address the assessed risk that misstatements to a relevant assertion will be prevented or detected on a timely basis. These controls, when operating effectively, might allow the auditor to reduce the testing of other controls. • Some entity-level controls might be designed to operate at a level of precision that would adequately prevent or detect on a timely basis misstatements to one or more relevant assertions. If an entity-level control sufficiently addresses the assessed risk of misstatement, the auditor need not test additional controls relating to that risk. IG 5.3 An auditor makes inquiries and applies his or her knowledge of the business and organisational structure to understand and identify ELCs across all three “buckets,” as the nature and effectiveness of ELCs affects the audit plan in three important respects, as follows: • In terms of their impact on the scope of testing in case of multi- location or multi-business entities. For example, the effectiveness (or ineffectiveness) of the ELCs is a relevant factor for determining the audit plan for an entity as a whole for both the audit of the financial statements and the audit of internal financial controls. • In terms of their impact on the scope of testing of other controls. For example, the effectiveness (or ineffectiveness) of the ELCs is a relevant factor for assessing risk associated with the control and the auditor’s determination of the nature, timing and extent of testing of the operating effectiveness of such controls, including roll forward procedures to the balance- sheet date. IG 5.4 The auditor must test those entity-level controls that are important to the auditor’s conclusion about whether the company has effective internal financial controls. The auditor’s evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise would have performed on other controls. • In terms of whether the ELCs are sufficiently direct and precise to address one or more assessed risks of material misstatement. Direct and precise entity-level controls (D&P ELCs) IG 5.5 D&P ELCs are typically review-type (detective) controls that can exist at any level in an organisation (and often exist in multiple layers). To identify those 874 Audit of Internal Financial Controls D&P ELCs that may be relevant, the auditor should make inquiries, beginning at the top of the organisation (e.g., Corporate Financial Reporting Department), regarding how the entity determines that its financial statements are prepared in accordance with the applicable financial reporting framework and are free of material misstatement and then work down through the various layers in the organisation. In larger organisations, ELCs that operate at the segment/division or location level are generally more direct and precise than those that operate at the group level. D&P ELCs at multiple levels within an entity often have different purposes or focus, and therefore may be relevant in addressing different risks of material misstatement. For example, in an entity with more than 300 components, the balance sheet and income statement of each component are reviewed in detail at the segment level by segment controllers, while the monthly financial reporting package, which includes key performance indicators and trend lines, is analysed at the group level by a financial analysis team. Since the focus of the reviews is different, both ELCs may be relevant controls in the context of an audit. IG 5.6 The form of an ELC may be very narrow in scope such as the review of a specific analysis related to a specific account/assertion (e.g., an analysis supporting a material accounting estimate) or may be broad in scope such as the review of a financial reporting package that may depict actual trends lines, actual to budget/forecast, and key performance measures for the balance sheet and income statement (including analyses of certain accounts and commentary about unusual transactions or variances). When a review is broader in scope, it may not be precise enough to address all the risks of material misstatement related to the accounts subject to the review but may be precise enough to address the risks of material misstatement related to some accounts. For example, a direct and precise ELC that consists of a monthly review of the monthly financial reporting package may be sufficiently precise for some of the accounts where more detailed analyses are performed but may not be precise enough for others where the review activities are more high-level. IG 5.7 Examples of “direct but not precise enough” ELCs may include: • Variance analysis of actual to budget, where budget is a “target” established at the beginning of the year but not a valid expectation against which to measure actual results in order to conclude positively that there is no material misstatements in the actual balance or amounts recorded. Budget versus actual analyses are often intended to be used for the primary purpose of explaining 875 Handbook of Auditing Pronouncements-II variances from budget for operational purposes, not to detect misstatements; therefore, these analyses are generally not effective in detecting misstatements when actual approximates budget. For a budget versus actual analysis to be an effective D&P ELC, the budget needs to represent a sufficiently precise expectation of the actual balance or amount. • Trend-line analyses (e.g., current-year to prior-year comparisons) of an account balance, as this kind of analysis typically would not identify misstatements if there were no significant fluctuations between amounts recorded in the current and prior year. IG 5.8 Examples of direct and precise ELCs may include: • A variance analysis of rent expense to budget where budget is a valid expectation (e.g., based on the actual lease provisions) that is not expected to materially change during the applicable reporting period. • Detailed analysis of prepaid expenses such that the reviewer, with sufficient knowledge of the accounts and related transactions and therefore a basis for an independent expectation, would reasonably be expected to identify a material misstatement in the recorded amount. IG 6 Segregation of Duties (Refer Paragraph 113) IG 6.1 Segregation of duties means assigning different people the responsibilities of authorising transactions, recording transactions, and maintaining custody of assets. Segregation of duties is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person’s duties. IG 6.2 Business case of implementing segregation of duties: • Mitigating fraud risks. • Compliance with regulatory requirements. • Implementation of meaningful control strategies. • Pivotal for adequate access controls in an ERP scenario. • Integral in case of outsourced operations. IG 6.3 The following are the typical set of tasks / activities that need to be segregated from a generic perspective: • Initiating a transaction (including developing appropriate documentation). • Authorising the transaction. • Recording the transaction. 876 Audit of Internal Financial Controls • Monitoring custody of the physical asset. • Reconciling subsidiary ledgers with the general ledger. • Processing master file transactions. • Authorising master file transactions. • Following up on issues or discrepancies. • Controlling systems development and daily operations in computer- based accounting systems. IG 7 Automated Controls (Refer Paragraph 113) Application controls defined IG 7.1 Application controls are a subset of internal controls that relate to an application system and the information managed by that application. Timely, accurate and reliable information is critical to enable informed decision making. The timeliness, accuracy and reliability of the information are dependent on the underlying application systems that are used to generate, process, store and report the information. Application controls are those controls that achieve the business objectives of timely, accurate and reliable information. They consist of the manual and automated activities that ensure that information conforms to certain criteria that is referred to as business requirements for information. Those criteria are effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability. Automated control in a way is technology used to automate control activities IG 7.2 Many control activities in an entity are partially or wholly automated using technology. These procedures are also known as automated control activities or automated controls. Automated controls include financial process- related automated transaction controls, such as a three-way match performed within an ERP system supporting the procurement and payables sub-processes, and computerised controls in operational or compliance processes, such as checking the proper functioning of a power plant. Sometimes the control activity is purely automated, such as when a system detects an error in the transmission of data, rejects the transmission, and automatically requests a new transmission. Other times there is a combination of automated and manual procedures. For example, the system automatically detects the error in transmission, but someone has to manually initiate the re-transmission. In other cases, a manual control depends on information from a system, such as computer-generated reports supporting a budget-to-actual analysis. IG 7.3 Most business processes have a mix of manual and automated controls, depending on the availability of technology in the entity. Automated 877 Handbook of Auditing Pronouncements-II controls tend to be more reliable, subject to whether technology general controls, discussed later in this Section, are implemented and operating, since they are less susceptible to human judgement and error, and are typically more efficient. Assurance on automated controls IG 7.4 Application controls relate to the transactions and master file, or standing data pertaining to each automated application system, and are specific to each application. They ensure the accuracy, integrity, reliability and confidentiality of the information and the validity of the entries made in the transactions and standing data resulting from both manual and automated processing. IG 7.5 The objectives relevant for application controls generally involve ensuring that: • Data prepared for entry are authorised, complete, valid and reliable. • Data are converted to an automated form and entered into the application accurately, completely and on time. • Data are processed by the application accurately, completely and on time, and in accordance with established requirements. • Data are protected throughout processing to maintain integrity and validity. • Output is protected from unauthorised modification or damage and distributed in accordance with prescribed policies. Benchmarking of automated controls IG 7.6 Entirely automated application controls are generally not subject to breakdowns due to human failure. This feature allows the auditor to use a "benchmarking" strategy. IG 7.7 If general controls over program changes, access to programs, and computer operations are effective and continue to be tested, and if the auditor verifies that the automated application control has not changed since the auditor established a baseline (i.e., last tested the application control), the auditor may conclude that the automated application control continues to be effective without repeating the prior year's specific tests of the operation of the automated application control. The nature and extent of the evidence that the auditor should obtain to verify that the control has not changed may vary depending on the circumstances, including depending on the strength of the company's program change controls. IG 7.8 The consistent and effective functioning of the automated application controls may be dependent upon the related files, tables, data, and parameters. For example, an automated application for calculating interest income might be 878 Audit of Internal Financial Controls dependent on the continued integrity of a rate table used by the automated calculation. IG 7.9 To determine whether to use a benchmarking strategy, the auditor should assess the following risk factors. As these factors indicate lower risk, the control being evaluated might be well-suited for benchmarking. As these factors indicate increased risk, the control being evaluated is less suited for benchmarking. These factors are – • The extent to which the application control can be matched to a defined program within an application. • The extent to which the application is stable (i.e., there are few changes from period to period). • The availability and reliability of a report of the compilation dates of the programs placed in production. (This information may be used as evidence that controls within the program have not changed.) IG 7.10 Benchmarking automated application controls can be especially effective for companies using purchased software when the possibility of program changes is remote – e.g., when the vendor does not allow access or modification to the source code. IG 7.11 After a period of time, the length of which depends upon the circumstances, the baseline of the operation of an automated application control should be re-established. IG 7.12 To determine when to re-establish a baseline, the auditor should evaluate the following factors – • The effectiveness of the IT control environment, including controls over application and system software acquisition and maintenance, access controls and computer operations. • The auditor's understanding of the nature of changes, if any, on the specific programs that contain the controls. • The nature and timing of other related tests. • The consequences of errors associated with the application control that was benchmarked. • Whether the control is sensitive to other business factors that may have changed. For example, an automated control may have been designed with the assumption that only positive amounts will exist in a file. Such a control would no longer be effective if negative amounts (credits) begin to be posted to the account. 879 Handbook of Auditing Pronouncements-II IG 8 Information Produced by the Entity (Refer Paragraph 113) IG 8.1 The auditing standards do not provide a definition of information produced by the entity (IPE) or describe what constitutes IPE. IPE is typically in the form of a "report" which may be either system-generated, manually-prepared, or a combination of both (e.g., a download of system accumulated data that is then manipulated in an Excel spreadsheet). Examples of different forms of reports include: • Standard "out of the box" or default reports or templates that either: - May not be modified and therefore don’t allow for customisation of inputs/outputs (e.g., a system generated standard Debtors aging report with no configurable settings or user optionality, that in today’s IT environment of ERP systems is fairly rare), or - May be configurable upon installation (e.g., by adding custom fields to a report design or removing fields on a report that are not required to be displayed) and can be modified thereafter through established program change processes (e.g., a system generated standard Debtors aging report with configurable settings such as user defined aging categories and user options for specifying the logic, such as the manner in which the aging is computed, that is more typical in today’s IT environments). • Custom-developed reports that are not standard to the application and that are defined and generated by user-operated tools such as scripts, report writers, programming language and query tools (e.g., a monthly user-initiated extract of inventory sales by SKU). • Output from end-user applications such as automated spreadsheets or other similar applications that house and extract relevant information (i.e., data). • Entity-prepared analyses, schedules and spreadsheets that are manually prepared by entity personnel either from information generated from the entity’s system or from other internal or external sources. IG 8.2 As there may be a large amount of information that is generated by an entity for use in managing the business and to analyse and prepare financial information, the auditor is only required to test the accuracy and completeness of IPE that is relevant to the audit and used as audit evidence, not all information that is produced by the entity. 880 Audit of Internal Financial Controls IG 8.3 IPE that is relevant to the audit and used as audit evidence generally falls into one of three “buckets" as depicted in below: IPE that the entity uses When performing relevant controls IPE that the auditor uses as an audit When performing tests of operative evidence effectiveness of relevant controls IPE that the auditor uses as an audit When performing substantive evidence procedures Understanding IPEs IG 8.4 In order to design appropriate procedures to test the accuracy and completeness of IPE, it is important to first obtain an appropriately detailed understanding of the IPE. The auditor begins with a thorough understanding of what the IPE is, how the IPE is generated, and how the auditor intends to use it as audit evidence. This allows the auditor to design the most appropriate testing approach to determine whether the IPE is sufficient and appropriate for purposes of the audit. IG 8.5 IPE typically consists of three elements: (1) source data, (2) report logic, and (3) parameters. Accordingly, it is important that the auditor obtains an understanding of each of these three elements to determine the testing strategy for IPE. These three elements are further described as follows: Element Description Source Data The information from which the IPE is created. This may include data maintained in the IT system (e.g., within an application system or database) or external to the system (e.g., data maintained in an Excel spreadsheet or manually maintained), which may or may not be subject to general IT controls. For example, for a report of all sales greater than Rs. 1,000,000, the source data is the database of all sales transactions. Report Logic The computer code, algorithms, or formulas for transforming, extracting or loading the relevant source data and creating the report. Report logic may include standardised report programs, user-operated tools (e.g., query tools and report writers) or Excel spreadsheets, which may or may not be subject to the general IT controls. 881 Handbook of Auditing Pronouncements-II Element Description For example, for the Debtors Aging report, the report logic is typically a program in the Debtors application that contains the code and algorithms for creating the Debtors Aging (report) from the Debtors sub-ledger detail (source data). Report Report parameters allow the user to look at only the information Parameters that is of interest to them. Common uses of report parameters including defining the report structure, specifying or filtering data used in a report or connecting related reports (data or output) together. Depending on the report structure, report parameters may be created manually by the user (user-entered parameters) or they may be pre-set (there is significant flexibility in the configuration of parameters, depending on the application system), and they may or may not be subject to the general IT controls. For example, for a monthly report of slow moving inventory by warehouse location, the user enters the month and location code parameters to generate the reports. IG 8.6 Figure below portrays the process and the three elements of IPE to generate a typical Debtors aging report: (1) the user-entered parameters (i.e., date ranges), (2) the source data (i.e., the Debtors sub-ledger), and (3) the report logic that generates the Debtors aging report (which includes both the extraction of the source data from the Debtors sub-ledger and the aging of the items). Figure 882 Audit of Internal Financial Controls IG 8.7 The auditor’s objective when performing procedures on IPE is to determine if these three elements, when applicable, produce IPE that is accurate and complete. As IPE is generated in many different forms and through many different methods, the testing strategy may vary depending on the intended purpose of the IPE, the nature of the IPE (e.g., a standard pre-coded report versus a custom ad-hoc report) and how it is created (e.g., the degree of automation which typically increases reliability when subject to effective general IT controls). For example, Entity A and Entity B both use the same ERP system; however, Entity A uses an Debtors aging report from the system to determine its allowance for doubtful accounts, and Entity B takes the same Debtors aging report, downloads it into Excel, and then manually manipulates the report. The downloading and manipulation of Entity B’s report likely introduces additional possibilities that the IPE may be inaccurate or incomplete compared to the Debtors aging report used by Entity A and therefore, it would likely be necessary to perform additional procedures on Entity B’s report to determine its accuracy and completeness as compared to Entity A’s report. IG 8.8 The following considerations related to accuracy and completeness of IPE may assist the auditor in obtaining an appropriate understanding to plan the testing approach to IPE: • Not all data is captured. - For example, if all revenue transactions are not captured in the system, a report of revenue data that is derived from the system would likely be incomplete. • The data is input incorrectly. - For example, data entry errors (e.g., a number that is transposed or entered incorrectly) into an Excel spreadsheet may result in incorrect totals in the spreadsheet. - For example, SAP maintains a central exchange rate table which is used to translate foreign currency transactions into the local reporting currency. The table is manually updated and therefore subject to human error (e.g., incorrect exchange rates may be input). Therefore, the system-generated report identifying the exchange rates may be incorrect. • The report logic is incorrect. - For example, a report is designed to include sales transactions for which the variation between the actual selling price of an item and the price of that same item in the entity’s standard 883 Handbook of Auditing Pronouncements-II price list is in excess of 15 percent; however, the report was incorrectly configured to only include transactions for which the variance is in excess of 20 percent. - For example, the system performs a consolidation of the various reporting entities based on company codes. If a new entity is not initially coded correctly, the manner in which it is consolidated into the overall results of all the reporting entities may not be correct. - For example, the entity relies on a report of average selling prices to monitor compliance with its pricing policies; however, the algorithm that calculates the average selling prices was inadvertently applied to sales occurring at only certain business units (i.e., the calculation was not applied to the entire population). • The report logic or source data could be changed inappropriately or without authorisation. - For example, IT management runs a report of all changes to the entity’s ERP application as part of a control to determine whether all changes were properly tested and approved prior to implementation. In order to conceal an error that he had made, an employee in the IT department, who had administrator access to the system, manipulated the report to exclude an unauthorised change he made. - For example, the report is an Excel spreadsheet that is not subject to general IT controls or otherwise protected and, therefore, may be subject to unauthorised changes. • The user-entered parameters entered are incorrect. - For example, user-entered parameters related to the date range are required when generating a Debtors aging report. If the user-entered parameters are not entered correctly, the data on the report will not likely be correct (e.g., the report may not contain the expected or intended data). - For example, consider the circumstance in which a query tool is utilised by a user to extract receivables account detail related only to a particular customer. If the user-entered parameters are not set up to specifically and properly extract all the detail for the specified customer and only the specified customer, then the IPE may not be accurate and complete. 884 Audit of Internal Financial Controls Evaluating IPE IG 8.9 The auditor is required to "evaluate whether the IPE is sufficiently precise and detailed for purposes of the audit." This involves evaluating whether the IPE is appropriate for its intended purpose (e.g., the objectives of the specific control or substantive procedures for which it is being used). IG 8.10 If the IPE is not sufficiently precise or detailed for the purpose, it is likely that the auditor cannot use it as audit evidence; however, the auditor may work with the entity to determine if the original IPE can be modified by the entity to meet his or her needs or identify other audit evidence to achieve the intended purpose. Typically, the auditor evaluates whether IPE is sufficiently precise and detailed for the stated purposes based on his or her understanding of IPE and the results of the procedures the auditor performs to address accuracy and completeness of the IPE. For example, when the auditor is testing program change controls and the client provides a listing of application system changes in a Word document that does not provide sufficient information to identify the related changes made in the source code library for the application system (i.e., the listing is not sufficiently precise), the auditor may require management to either modify the report or to identify an alternative source or form of the information (e.g., a program change listing from the source code library management tool) that will be sufficiently precise and detailed for testing purposes. IPE in the context of internal financial controls testing IG 8.11 IPE in the context of internal control testing is IPE that the auditor uses as audit evidence to perform his or her tests of controls and, therefore, the auditor needs to perform procedures to determine that the IPE is accurate and complete. For example, when testing the effectiveness of an entity’s program change controls, the auditor may request the entity to provide a system-generated report that identifies the modifications made to a specific application during a specified time period and use such a report to identify and select items for testing of the entity’s program change controls. The testing of change controls relies on the report being accurate and complete; therefore, the auditor needs to perform procedures to address the accuracy and completeness of the report. IG 8.12 When the auditor uses a report (IPE) to identify the population of items of interest from which to draw the sample for testing, the tests of the items selected from the report typically address the accuracy of the report; however, such procedures often do not address the completeness of the report. 885 Handbook of Auditing Pronouncements-II For example, when testing the effectiveness of an entity’s program change controls, the auditor obtains a report listing the changes logged during the period of audit interest. When the auditor makes selections from that report and tests them to determine if the entity’s controls over program changes are effective, the auditor is also obtaining evidence of the accuracy of the report. The auditor should design and perform other procedures to address the completeness of the report (e.g., the auditor may select program changes that the auditor identified from an independent population and trace them to the report of program changes or the auditor could test the effectiveness of the controls over the completeness of the report of program changes). IG 8.13 The auditor may test IPE that he proposes to use to perform tests of controls by either: • Performing "direct testing" procedures to address the accuracy and completeness of IPE. In a combined audit of internal financial controls over financial reporting and financial statements, the auditor may directly test IPE that the auditor uses to perform tests of controls only when management is not using the IPE in the performance of its controls. • Perform procedures to test controls that address the accuracy and completeness of the IPE. • A combination of these approaches (i.e., performing direct testing and tests of controls to address the accuracy and completeness of IPE). Testing accuracy and completeness of IPE that the entity’s controls are dependent upon IG 8.14 The auditor obtains evidence that such IPE is sufficiently reliable throughout the period of intended reliance. For a combined audit of internal financial controls over financial reporting and financial statements, the auditor is required to identify and test the effectiveness of controls addressing the accuracy and completeness of the information the controls are dependent upon. IPE that the auditor uses in tests of operating effectiveness of relevant controls IG 8.15 The auditor may obtain information to use in performing tests of certain controls, such as reports on system settings (e.g., access, profiles, passwords) or reports used to define the population of interest (e.g., a list of program changes). The auditor also performs procedures to test the accuracy and completeness of such IPE since the integrity of the tests of operating effectiveness of the relevant controls depends on the accuracy and completeness of that information. 886 Audit of Internal Financial Controls Direct testing of IPE IG 8.16 The appropriate procedures and sample size for directly testing IPE is a matter of professional judgement based on the nature of the IPE and may vary depending upon the specific facts and circumstances. IG 8.17 In order to determine whether "directly" testing IPE is the most effective and efficient testing method, the auditor considers whether and to what extent his tests of controls or substantive procedures address the accuracy or completeness of the IPE. For example: 1. Consider if the IPE is the starting point of the substantive procedures, and therefore, whether the substantive procedures for testing the relevant assertions for the class of transactions, account balance, or disclosure also address the accuracy and completeness of the three elements of the IPE. In such cases, additional procedures may not be necessary. For example, the auditor may use a property roll forward schedule prepared by the entity as the starting point to perform the substantive testing of the property account balance. The substantive procedures of the property account balance (either tests of details or substantive analytical procedures) would likely include procedures that would address the accuracy and completeness of the information on the roll forward schedule, such as agreeing totals from the schedule to the beginning and ending general ledger balances, footing the schedule, and making selections from the various totals reflected on the schedule (e.g., additions, disposals, depreciation) to test by agreeing back to source documents or by recalculation. In this case, additional procedures to address the completeness and accuracy of the elements of the IPE are not likely necessary. 2. Consider if the IPE is extracted from data related to classes of transactions, account balances, or disclosures that is already being tested as part of the audit — either by testing the relevant controls or through substantive procedures. If so, the auditor may need to only plan additional testing of the remaining IPE elements (i.e., the report logic and, if applicable, the user-entered parameters). For example, the auditor tests the relevant controls over sales, billing, and cash receipts, including the relevant general IT controls, for control reliance purposes and substantive procedures validate that the transaction data in the Debtors sub- ledger is accurate and complete and protected from unauthorised access or changes. Accordingly, when testing the Debtors aging report which is derived from the Debtors sub-ledger detail, the auditor does not need to trace selections back to source documents as the auditor has already determined through tests of relevant controls that the Debtors sub-ledger detail is accurate and complete. 887 Handbook of Auditing Pronouncements-II IG 8.18 However, even when the auditor may have tested the controls related to the underlying source data or substantively tested the source data; he may still need to perform procedures to address the appropriateness of the report logic and user-entered parameters used in producing the IPE. In some cases, the auditor may be able to use the same items tested (or a subset thereof) for control tests or substantive procedures to perform procedures specifically directed at the accuracy and completeness of the process to extract the relevant data into the report. For example, although the auditor has already determined through tests of relevant controls that the Debtors sub-ledger detail is complete and accurate, he still needs to perform procedures to address the appropriateness of the report logic. Therefore, to validate that the data in the Debtors aging report was properly extracted, the auditor may reconcile the Debtors aging report to the Debtors sub-ledger in the aggregate and then trace into the Debtors aging report the relevant information for the items (or subset thereof) that were selected for Debtors confirmations. IG 8.19 Consider if the IPE consists of source data that may be tested for accuracy and completeness in conjunction with other tests of controls or substantive procedures for the relevant flows of transactions. For example, when performing substantive test of sales transactions the auditor may also include testing that the product codes/SKUs were properly coded and input into the system in order to validate that the data at the sales by product code/SKU level is accurate and complete. For example, when performing tests of controls, the auditor may also assess whether the identified controls specifically address the recording and reporting of revenue and expenses by location. Example of IPE testing Data/ Report Terminated Employee Listing Description Background The Terminated Employee Listing is a standard parameter- driven report generated directly from the HR application and provided to auditors. The report pulls the names of employees terminated during a particular date range (i.e., the period under audit), as well as other pertinent information about the employees, such as their employee IDs and the effective dates of their separations from the entity. This report will be used by the auditor to determine whether there are active user accounts in the system for any of the terminated employees in order to 888 Audit of Internal Financial Controls test GITCs related to timely deactivation and/or removal of user accounts when employees terminate employment with the entity. Example The auditor compares the Terminated Employee Listing on a Testing sample basis to relevant information in the system, and vice Approach 1 versa, to determine that: 1. The report was created from the appropriate production system during the period under audit. 2. The appropriate user-entered parameters were used to generate the report (e.g., date range). 3. The employee information in the system is consistent with that in the report. Additional audit evidence is obtained that the report accurately includes a complete population of terminations that occurred during the period under audit: • For example, inquiry is made of entity personnel to obtain the names of X individuals who were terminated in the period under audit and the timeframe during which these individuals were terminated (e.g., if the auditor knows the entity did layoffs at a certain time during the year). The Terminated Employee Listing is inspected to determine that the individuals identified during the auditor’s inquiries appear on the list and the termination dates on the listing are consistent with those communicated to the auditor during his or her inquiries. • For example, a selection is made of terminated employees from the source where termination status is maintained and it is validated that the terminated employees appear on the Terminated Employee Listing. Example The auditor should test the relevant controls that provide audit Testing evidence of the timely and accurate processing of terminations Approach 2 in the HR application, including the employment status of employees (e.g., active, terminated) and termination dates. As the report logic had been tested in the prior year, the auditor may apply a benchmarking strategy (e.g., carry forward a summary of direct testing of the report logic and user-entered parameters performed upon initial installation of the system, 889 Handbook of Auditing Pronouncements-II including describing the Terminated Employee Listing, how it was tested, and the conclusions reached. The auditor should also obtain evidence in the change management system that validates that the source code underlying the report has not been changed since it was originally tested in the prior year IG 9 Use of Service Organisations (Refer Paragraph 90) Service organisations IG 9.1 The auditor’s understanding of the flows of transactions includes an understanding of the entity’s use of service organisations to perform processes relevant to financial reporting (e.g., payroll processing, processing of insurance or medical claims) and, from an IT perspective, the systems that are being used by the service organisations to perform those processes. In addition to outsourcing certain business processes to a service organisation, an entity may also outsource administration of one or more of its systems to a service organisation or use a service organisation to “host” its systems. Identifying relevant service organisations IG 9.2 Regardless of whether a service organisation is being used to perform business processes or IT functions, to the extent that these processes are relevant to the audit, the systems used by or administered by the service organisation (and the related general IT controls) may also be relevant to the audit. In determining whether these systems are relevant, the auditor considers the controls the user entity (i.e., an entity that uses a service organisation) and the service organisation have in place to address the related risks of material misstatement or IT risks. These may include controls at the service organisation when the service organisation is performing processes relevant to financial reporting or when a service organisation is hosting systems for the user entity. However, to the extent that the entity has controls in place that are sufficiently precise to address the relevant risks and these controls do not rely on automated controls, data, or reports from the systems used by or administered by the service organisation, the auditor may determine that the service organisation controls are not relevant to the audit. For example, an entity outsources the processing of its payroll transactions to a service organisation; however, the entity has the following controls in place that are sufficiently precise to address the relevant risks of material misstatement related to payroll and the entity does not rely on reports or other information it receives from the service organisation to perform these controls: 890 Audit of Internal Financial Controls • Comparing the payroll data submitted to the service organisation with reports of information received from the service organisation after the data has been processed. • Re-computing a sample of the payroll amounts for clerical accuracy and reviewing the total amount of the payroll for reasonableness. Situation in which service organisations are relevant for internal financial controls IG 9.3 If the service organisation's services are part of a company's information system, then they are part of the information and communication component of the company's internal financial controls. When the service organisation's services are part of the company's internal financial controls, the auditor should include the activities of the service organisation when determining the evidence required to support his or her opinion. IG 9.4 The following are the procedures that the auditor should perform with respect to the activities performed by the service organisation – • Obtaining an understanding of the controls at the service organisation that are relevant to the entity's internal control and the controls at the user organisation over the activities of the service organisation, and • Obtaining evidence that the controls that are relevant to the auditor's opinion are operating effectively. IG 9.5 Evidence that the controls that are relevant to the auditor's opinion are operating effectively may be obtained by following: • Obtaining a service auditor's report on controls placed in operation and tests of operating effectiveness, or a report on the application of agreed upon procedures that describes relevant tests of controls. Note: The service auditor's report referred to above means a report with the service auditor's opinion on the service organisation's description of the design of its controls, the tests of controls, and results of those tests performed by the service auditor, and the service auditor's opinion on whether the controls tested were operating effectively during the specified period. A service auditor's report that does not include tests of controls, results of the tests, and the service auditor's opinion on operating effectiveness does not provide evidence of operating effectiveness. Furthermore, if the evidence regarding operating effectiveness of controls comes from an agreed-upon procedures report rather than a service auditor's report, the auditor should evaluate whether the agreed- upon procedures report provides sufficient evidence in the same manner described in the following paragraph. 891 Handbook of Auditing Pronouncements-II • Performing tests of the user organisation's controls over the activities of the service organisation (e.g., testing the user organisation's independent re-performance of selected items processed by the service organisation or testing the user organisation's reconciliation of output reports with source documents). • Performing tests of controls at the service organisation. IG 9.6 If a service auditor's report on controls placed in operation and tests of operating effectiveness is available, the auditor may evaluate whether this report provides sufficient evidence to support his or her opinion. In evaluating whether such a service auditor's report provides sufficient evidence, the auditor should assess the following factors – • The time period covered by the tests of controls and its relation to the as of date of management's assessment, • The scope of the examination and applications covered, the controls tested, and the way in which tested controls relate to the company's controls, and • The results of those tests of controls and the service auditor's opinion on the operating effectiveness of the controls. Note: If the service auditor's report on controls placed in operation and tests of operating effectiveness contains a qualification that the stated control objectives might be achieved only if the company applies controls contemplated in the design of the system by the service organisation, the auditor should evaluate whether the company is applying the necessary procedures. IG 9.7 In determining whether the service auditor's report provides sufficient evidence to support the auditor's opinion, the auditor should make inquiries concerning the service auditor's reputation, competence, and independence. IG 9.8 When a significant period of time has elapsed between the time period covered by the tests of controls in the service auditor's report and the date specified in management's assessment, additional procedures should be performed. The auditor should inquire of management to determine whether management has identified any changes in the service organisation's controls subsequent to the period covered by the service auditor's report (such as changes communicated to management from the service organisation, changes in personnel at the service organisation with whom management interacts, changes in reports or other data received from the service organisation, changes in contracts or service level agreements with the service organisation, or errors identified in the service organisation's processing). If management has identified such changes, the auditor should evaluate the effect of such changes on the effectiveness of the company's internal financial controls. The auditor should also 892 Audit of Internal Financial Controls evaluate whether the results of other procedures performed indicate that there have been changes in the controls at the service organisation. IG 9.9 The auditor should determine whether to obtain additional evidence about the operating effectiveness of controls at the service organisation based on the procedures performed by management or the auditor and the results of those procedures and on an evaluation of the following risk factors. As risk increases, the need for the auditor to obtain additional evidence increases. • The elapsed time between the time period covered by the tests of controls in the service auditor's report and the date specified in management's assessment, • The significance of the activities of the service organisation, • Whether there are errors that have been identified in the service organisation's processing, and • The nature and significance of any changes in the service organisation's controls identified by management or the auditor. IG 9.10 If the auditor concludes that additional evidence about the operating effectiveness of controls at the service organisation is required, the auditor's additional procedures might include – • Evaluating procedures performed by management and the results of those procedures. • Contacting the service organisation, through the user organisation, to obtain specific information. • Requesting that a service auditor be engaged to perform procedures that will supply the necessary information. • Visiting the service organisation and performing such procedures. IG 9.11 The auditor should not refer to the service auditor's report when expressing an opinion on internal financial controls. IG 10 Techniques of Control Testing (Refer Paragraph 116) IG 10.1 Tests of controls are usually performed using the following techniques, often in combination: Corroborative enquiry: This procedure, consisting of detailed interviews to obtain evidence about the effectiveness of controls, is performed in tandem with other procedures (e.g., examination of documentary evidence) to corroborate the information derived from the inquiry. Observation: Observing the performance of a control activity often provides substantial evidence of its effectiveness. For example, the auditor may test 893 Handbook of Auditing Pronouncements-II controls over inventory by observing that employees who perform and record the counts follow management's written instructions. But observation of a control activity in action ordinarily does not, in itself, provide sufficient evidence of the effectiveness of the control activity, mainly because observations may not be representative of the usual performance of a control activity because management and staff may perform their tasks more diligently if they know they are being observed. Examination of Documentation: If performance of a control activity is documented, the auditor can obtain evidence of its performance by examining the documentation, both electronic and written. Re-performance: Re-performance may be effective for testing application controls, because the computer processes transactions systematically. IG 11 Internal Financial Controls – Testing of Design (Refer Paragraph 108 -109) IG 11.1 The objective of testing the design of a control is to determine if a deficiency in design exists. A deficiency in design exists when: • A control necessary to meet the control objective (i.e., a control that mitigates the risk of material misstatement) is missing. • An existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met (i.e., the risk of material misstatement would not be mitigated). IG 11.2 Therefore, it is important to consider and to specifically conclude with respect to both aspects based on the auditor’s procedures and evaluation. Professional judgement is necessary to evaluate the design of relevant controls IG 11.3 The auditor should test the design effectiveness of controls by determining whether the company’s controls, if they are operated as prescribed by persons possessing the necessary authority and competence to perform the control effectively, satisfy the company’s control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements. Note: A smaller, less complex company might achieve its control objectives in a different manner from a larger, more complex organisation. For example, a smaller, less complex company might have fewer employees in the accounting function, limiting opportunities to segregate duties and leading the company to implement alternative controls to achieve its control objectives. In such circumstances, the auditor should evaluate whether those alternative controls are effective. 894 Audit of Internal Financial Controls IG 11.4 To appropriately evaluate the design of relevant controls, the auditor considers the following elements: • The nature and significance of the risks of material misstatement addressed by the control. • The characteristics or details of the control. • Factors to determine whether the control is appropriately designed (i.e., the precision of a control) to address the identified risk. Factors to consider when determining whether control is appropriately designed The following factors will likely be a good starting point for evaluating the effectiveness of the design of many controls. (Note: these are not intended to be a complete list of considerations, nor is it intended that each of these is always relevant or needs to be considered for each control.) IG 11.5 Appropriateness of the purpose of the control and its correlation to the risk/assertion A procedure that functions to prevent or detect misstatements generally is more precise than a procedure that merely identifies and explains differences. Additionally, a control that is indirectly related to an assertion normally is less likely to prevent or detect misstatements in the assertion than a control that is directly related to an assertion. A control that identifies and explains differences may identify an unusual fluctuation but would not identify misstatements if there were no fluctuations. For example, the purpose of a budget to actual revenue review is to typically identify and explain variances for operating purposes, not necessarily for the purpose of identifying misstatements. It is important that this assessment be applied for each risk/assertion that a control addresses. For example, if a control addresses six risks of material misstatement, then the purpose of the control and correlation to the risk/assertion is considered separately for each risk of material misstatement. IG 11.6 Appropriateness of the control considering the nature and significance of the risk The greater the inherent risk, the more precise the controls are expected to be. For example, a higher-level D&P ELC may be appropriately precise for payroll expense, which is typically a normal risk of misstatement, but would likely not be sufficient by itself for a significant risk of material misstatement, such as a significant accounting estimate. 895 Handbook of Auditing Pronouncements-II IG 11.7 Competence and authority of the person(s) performing the control The experience level of the person performing the control and their organisational position affects the effectiveness of a control. For example, if the assistant controller performs a review of a document prepared by the controller, the assistant controller’s authority in performing such a review might be questioned, given the direct reporting relationship of the assistant controller to the controller. For example, a junior clerk may not have the requisite knowledge of the business or stature within the organisation to perform an effective review control that requires an in-depth understanding of the business and the ability to raise challenges with superiors and others within the organisation. For example, SAP security is administered by a Senior Analyst. The Senior Analyst is a Certified Information Systems Security Professional (CISSP), has ten years of IT experience and has been in his current position for two years. The auditor interacted with the Senior Analyst as he or she executed audit tests and found him to be knowledgeable of SAP security and controls. Based on these factors, it appears he has the competence and authority to operate SAP security controls. For example, a control related to the review of user access privileges in a relevant application system is performed by a Manager, in the Information Compliance and Risk Management department of the entity. The auditor interacted with the Manager throughout the audit and noted she demonstrated sufficient knowledge of control processes related to the application system. The Manager has been responsible for overseeing the review of access and monitoring of the relevant application for the past three years. The auditor noted she appears to be competent to perform the controls for the relevant application system and has proper authority based upon her role, which was also confirmed by the auditor by reviewing an organisational chart. Note: In some situations, particularly in smaller companies, a company might use a third party to provide assistance with certain financial reporting functions. When assessing the competence of personnel responsible for a company's financial reporting and associated controls, the auditor may take into account the combined competence of company personnel and other parties that assist with functions related to financial reporting. IG 11.8 Frequency and consistency with which the control is performed A control that is performed routinely and consistently is generally more precise than one performed sporadically. 896 Audit of Internal Financial Controls For example, a review control that has clearly defined procedures and which is designed to be performed each quarter would be more precise than a review control that has undefined process steps and which is performed infrequently or on an ad-hoc basis. Similarly, when general IT controls are effective, an automated control is expected to operate more consistently than a manual control. IG 11.9 Level of aggregation and predictability A control that is performed at a more detailed level generally is more precise than one performed at a higher level. The precision of those controls also depends on the predictability (i.e., the more predictable the expected result, the greater the precision to identify potential material misstatements). For example, an analysis of revenue by location or product line is likely to be more precise than an analysis of total entity revenue. IG 11.10 Criteria for investigation and process for follow-up For review-type controls (unless the review is performed with regard to each transaction), the threshold for investigating deviations or differences and its relationship to materiality is an important but subjective determination of a control’s precision. It is equally important that there is an appropriate process to follow-up on any exceptions or unusual items noted from the review, including tracking open items for timely resolution and determining that responses are appropriate and supported as necessary. For example, a control that investigates items that are near the selected materiality has less precision and a greater risk of failing to prevent or detect misstatements that could be material than a control that investigates items that are smaller relative to materiality. Review-type controls require the reviewer to make significant judgements when determining what requires further investigation. Accordingly, when evaluating the design of a review-type control the auditor considers the risk of implicit or explicit bias in the reviewer’s judgements in identifying a deviation or difference for investigation and follow-up. The auditor may also need to consider whether there are other controls that operate in conjunction with the review-type control that specifically address or mitigate the potential for bias (e.g., further review and challenge by others). IG 11.11 Dependency on other controls or information If the control is dependent upon other controls (e.g., the effective operation of general IT controls) or IPE, the design of the control cannot be concluded upon without also considering the effectiveness of the other control(s) or the accuracy and completeness of the IPE. When evaluating the design of a control that is 897 Handbook of Auditing Pronouncements-II dependent on IPE, the auditor should identify and test the effectiveness of relevant controls that address the accuracy and completeness of the IPE that the controls is dependent upon. Testing design effectiveness IG 11.12 The purpose of a test of design of a relevant control is to obtain a sufficient understanding of each control (and the related risk that the control addresses) to: • Conclude on the effectiveness of its design to address the risk. • Plan the nature, timing, and extent of the tests of operating effectiveness of the control. A “test of design” of a relevant control includes inquiry of personnel involved in the performance of the control, supplemented by a mix of observation of how the control is performed (e.g., demonstration by entity personnel to the auditor what they do) and inspection of the relevant documentation related to the performance of the control (which may include either IPE used in the performance of the control or documentation resulting from the performance of the control).The test of design of a relevant control confirms the auditor’s understanding of the controls (e.g., the detailed control description) and provides the basis to evaluate whether the controls are designed effectively (i.e., the auditor determines whether each risk is appropriately mitigated by the controls as designed). IG 12 Internal Financial Controls–Walk Through(Refer Paragraph 103, 104, 108, 109) Performing walkthroughs IG 12.1 Walkthroughs are not required by the auditing standards; however, they are often an efficient means to: • Obtain or update understanding of the entity’s flow of transactions. • Identify controls that are relevant to the audit and gain an understanding (evaluate design and implementation) of those controls. IG 12.2 In some instances, when the auditor is testing controls, the walkthrough procedures may be used to obtain evidence about the operating effectiveness of a control. IG 12.3 The term “walkthrough,” while not specifically defined, refers to (1) the following of a transaction through the entity’s process and (2) the procedures the auditor might perform to validate the points in the process at which a material misstatement could occur and identify controls that may be relevant to the audit. 898 Audit of Internal Financial Controls IG 12.4 In performing a walkthrough, the auditor generally follows a single transaction from its origination through the procedures or steps in the process to the transaction’s ultimate recording in the general ledger. Following the transaction through the procedures or steps in the process helps validate the auditor’s understanding of how transactions are initiated, authorised, recorded, processed, and recorded. The procedures or steps addressed in the walkthrough would correspond to those in the process narratives or the narratives combined with process flow diagrams. IG 12.5 It is important to differentiate between a step in the process and a control. A process describes the action of taking a transaction or event through an established and usually routine set of procedures or steps. A control is an action or activity taken to prevent or detect misstatements within the process. The following is the description and examples of control activities: IG 12.6 Control activities are the policies and procedures that help ensure that management directives are carried out. Control activities, whether within IT or manual systems, have various objectives and are applied at various organisational and functional levels. Examples of specific control activities include those relating to the following: • Authorisation; • Performance reviews; • Information processing; • Physical controls; • Segregation of duties. IG 12.7 To perform a walkthrough, the auditor would generally: • Select a single transaction and trace it through the procedures or steps in the process, and the relevant control activities, from initiation to recording in the general ledger. The walkthrough would generally begin with the original source document for a selected transaction (e.g., a revenue walkthrough might begin with a sales order, rather than the sales invoice). • Make inquiries of the individuals who perform the procedures or steps in the process. IG 12.8 As a result, for the relevant controls within the process, the auditor would corroborate his or her inquiries of individuals who perform the controls with additional procedures, such as inspection of relevant documents or accounting records used by entity personnel in performing the control and/or observation of individuals performing the control. 899 Handbook of Auditing Pronouncements-II Extent of a walkthrough IG 12.9 Just as the extent of the auditor’s understanding of the entity’s processes is a matter of professional judgement, so too is the extent of the walkthroughs. IG 12.10 In a first year audit, the auditor might perform walkthroughs of all of the entity’s processes related to significant accounts and disclosures. In subsequent years, the extent of walkthroughs may be again evaluated, especially for non- complex processes. However, in those situations, the auditor’s understanding of the process still needs to be accurate and complete and reflect any significant changes since the prior audit, because those changes might result in changes to his or her identification and assessment of risks of material misstatement and identification of relevant controls. For example, when performing a walkthrough in a continuing audit, rather than walk through every step in the process, the auditor may instead focus inquiries on identifying any significant changes in the process or on validating that no significant changes have occurred. For example, the auditor might inquire as to whether there have been any changes to the information and reports used in the process, changes to IT applications, or changes in the way entity personnel perform the steps in the process. [Note that inquiries are often used to obtain or update understanding of the steps in a process; however, for purposes of evaluating design and implementation of relevant controls in the process, inquiry alone is not appropriate and the auditor would corroborate his or her inquiries with other risk assessment procedures, such as inspection and observation.] IG 12.11 Regardless of the approach the auditor takes to update his or her understanding of the process and relevant controls, he or she should evaluate the design and implementation of relevant controls in every audit by performing procedures in addition to inquiry. Note: Walkthroughs usually consist of a combination of inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and re-performance of the control and might provide sufficient evidence of operating effectiveness, depending on the risk associated with the control being tested, the specific procedures performed as part of the walkthrough and the results of those procedures. IG 13 Internal Financial Controls – Testing of Operative Effectiveness (Refer Paragraph 110 - 111) IG 13.1 This Section provides an overview of testing the operating effectiveness of relevant controls. When testing the operating effectiveness of a control, the auditor obtains evidence about whether it is operating as designed. 900 Audit of Internal Financial Controls IG 13.2 If a control is not designed properly, it cannot operate effectively; therefore, there is no need to test the operating effectiveness of controls that are improperly designed. IG 13.3 The auditor should test the operating effectiveness of a control by determining whether the control is operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively. IG 13.4 If the control does not operate effectively (e.g., the auditor is unable to obtain sufficiently persuasive evidence that the control is operating as designed), then it is a “deficiency in operating effectiveness.” IG 13.5 A deficiency in internal financial controls exists when the operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A deficiency in operation exists when a properly designed control does not operate as designed, or the person performing the control does not possess the necessary authority or competence to perform the control effectively. Process flow for testing operative effectiveness of controls IG 13.6 This process flow illustrates the steps applicable to testing the operating effectiveness of a control. It is applied for each relevant control for which the auditor is required, or for which the auditor elects, to test operating effectiveness. Applying each of these steps requires professional judgement. Assess the risks associated with the controls IG 13.7 When the auditor has determined that it is necessary to test the operating effectiveness of a control, both for purposes of reporting on internal financial controls and when relying on the operating effectiveness of the control to reduce the extent of substantive procedures for purposes of the financial statement audit, he or she considers the risk associated with the control. The risk associated with the control is the risk that the control might not be effective. The assessment of risk associated with the control determines the persuasiveness of 901 Handbook of Auditing Pronouncements-II the evidence to be obtained about the effectiveness of the control. The auditor should assess the risk associated with the control as either “higher” or “not higher” and use this assessment to plan the nature, timing, and extent of the testing of each control. IG 13.8 For each control selected for testing, the evidence necessary to persuade the auditor that the control is effective depends upon the risk associated with the control. The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a significant deficiency or material weakness would result. As the risk associated with the control being tested increases, the evidence that the auditor should obtain also increases. Factors considered when assessing the risk associated with the control IG 13.9 Factors that affect the risk associated with a control include: • The nature and materiality of misstatements that the control is intended to prevent or detect; • The inherent risk associated with the related account(s) and assertion(s); • Whether there have been changes in the volume or nature of transactions that might adversely affect control design or operating effectiveness; • Whether the account has a history of errors; • The effectiveness of entity-level controls, especially controls that monitor other controls; • The nature of the control and the frequency with which it operates; • The degree to which the control relies on the effectiveness of other controls (e.g., the control environment or information technology general controls); • The competence of the personnel who perform the control or monitor its performance and whether there have been changes in key personnel who perform the control or monitor its performance; • Whether the control relies on performance by an individual or is automated (i.e., an automated control would generally be expected to be lower risk if relevant information technology general controls are effective); and Note: A less complex company or business unit with simple business processes and centralised accounting operations might have relatively simple information systems that make greater use of off-the-shelf packaged software without modification. In the areas in which off-the-shelf software is used, the auditor's 902 Audit of Internal Financial Controls testing of information technology controls might focus on the application controls built into the pre-packaged software that management relies on to achieve its control objectives and the IT general controls that are important to the effective operation of those application controls. • The complexity of the control and the significance of the judgements that must be made in connection with its operation. Note: Generally, a conclusion that a control is not operating effectively can be supported by less evidence than is necessary to support a conclusion that a control is operating effectively. Some of these factors relate to the risks of material misstatement that the control addresses, while others relate directly to the characteristics of the control itself. Therefore, it may be helpful to consider the factors in those two groups. Factors related to the risks of material misstatement the control addresses IG 13.10 The inherent risk associated with the risk of material misstatement For example, controls that address risks of material misstatement that the auditor classifies as a significant risk have a higher risk associated with them, because determining the effective operation of such controls is more important due to the significance of the risks of material misstatement they address. IG 13.11 The nature and materiality of misstatements that the control is intended to prevent or detect For example, controls that address risks of material misstatement for accounts with smaller rupee values and routine transactions would typically have a lower risk associated with them than controls that address accounts with large transactions that occur on a non-routine basis. IG 13.12 Whether there have been changes in the volume or nature of transactions that might adversely affect the controls design or operating effectiveness For example, a significant increase in sales volume may stress the capacity of the manual controls that address the sales account, which likely increases the risk associated with such manual controls. IG 13.13 Whether the account has a history of errors For example, errors in an account are indicators that relevant controls that address the risks of material misstatement relating to such an account may not be operating effectively, which likely increases the risk associated with such controls. 903 Handbook of Auditing Pronouncements-II Factors related to the characteristics of the control activity IG 13.14 The complexity of the control and the significance of the judgements that must be made in connection with its operation For example, controls that operate routinely, with little subjectivity, at the transaction level typically have lower risk associated with them as contrasted to highly subjective review-type controls that are complex because of the subject matter they address and the significant judgements involved (including the possibility for implicit or explicit bias in the reviewer’s judgements in identifying deviations or differences for investigation and follow-up.) IG 13.15 The effectiveness of entity-level controls, especially controls that monitor other controls For example, if an entity effectively monitors the periodic preparation of account reconciliations throughout the year, the risk associated with the control may be lower. IG 13.16 The nature of the control and the frequency with which it operates For example, the auditor may assess the risk associated with controls that operate more frequently as lower than those that operate only on an ad hoc basis (e.g., controls related to accounting for an acquisition or a divesture, when the entity enters into such transactions on an infrequent basis, may have a higher risk associated with them than other controls that operate more frequently and on a routine basis). IG 13.17 The degree to which the control relies on the effectiveness of other controls (e.g., the control environment or GITCs) For example, automated controls depend upon the effectiveness of general IT Controls, and if such general IT controls are determined to be ineffective, the risk associated with the automated controls is likely to be higher. IG 13.18 The competence of the personnel who perform the control or monitor its performance and whether there have been changes in key personnel who perform the control or monitor its performance For example, if a new assistant controller is performing a control for the first time or if the person performing the control has not been trained either in how to perform the control or in the subject matter to which it pertains, there may be a higher risk associated with the control, as there is greater likelihood the control might not be performed appropriately, particularly as the complexity of the subject matter of the control increases (e.g., financial instruments). 904 Audit of Internal Financial Controls IG 13.19 Whether the control relies on performance by an individual or is automated For example, an automated control generally would be expected to have a lower risk associated with it when general IT controls (e.g., program change controls and security access controls) are effective. IG 13.20 Although all of the factors listed above are potentially relevant when assessing the risk associated with a particular control, the auditor’s consideration could begin with the inherent risk (i.e., whether or not the control addresses a significant risk of material misstatement) and the consideration of the complexity of the control and the significance of the judgements that must be made in connection with its operation will, in most cases, provide a sound foundation for consideration of the other factors. For example, a control that comprises a three-way match (i.e., a control whereby invoices are matched to a valid purchase order and an approved packing slip or receiver) generally is not complex and requires minimal judgement in its operation, even if it is performed manually. Alternatively, a review-type control related to an asset impairment analysis performed by an impairment committee will be much more likely to have a higher risk associated with it, because much more can go wrong with the review of an asset impairment due to the complexity and significant judgements that are likely to be involved in the operation of the review. Accordingly the nature, timing, and extent of operating effectiveness tests for the three-way match and the review-type control will likely be different in order to respond to each of these controls’ assessment of the risk that the control might not be effective. Plan the nature, timing, and extent of tests of operating effectiveness of controls IG 13.21 When the auditor plans the nature, timing, and extent of substantive tests, he or she designs substantive tests that address the risks of material misstatement. When the auditor plans the nature, timing and extent of tests of operating effectiveness of a relevant control that addresses one or more risks of material misstatement, he or she should design tests to address the risk associated with the control. IG 13.22 As the risk associated with the control increases, the auditor may do one or more of the following: 905 Handbook of Auditing Pronouncements-II • Increase the persuasiveness of the nature of the audit evidence that will be obtained from the tests (e.g., utilise a combination of procedure types or perform more persuasive procedures), • Increase the extent of testing, • Perform procedures closer to the balance sheet or obtain more persuasive evidence of the operation of the control during the roll forward period, • Identify and test other redundant controls, and • Perform the procedures themselves rather than using the work of others. IG 13.23 The planning for tests of operating effectiveness begins with the detailed description of the control procedure [i.e., the details of how the control is performed (e.g., who, what, and when)] to determine which characteristics of each control need to be tested. IG 13.24 When the auditor tests the design effectiveness of the control, he or she concludes whether the control procedure as documented is designed effectively. Testing operating effectiveness simply means testing to determine whether the control procedure was performed properly (i.e., whether all of the important steps or characteristics identified in the detailed control description, in fact, operated as designed or intended, and for the period of intended reliance). IG 13.25 The characteristics of the control that the auditor considers when planning and performing tests of operating effectiveness also include IPE. In the case of tests of operating effectiveness of controls, IPE may include: • IPE that a control is dependent upon: The auditor obtains evidence that such IPE is sufficiently reliable throughout the period of intended reliance. • IPE that the auditor uses in tests of operating effectiveness of relevant controls: The auditor may obtain information to use in performing tests of certain controls, such as reports on system settings (e.g., access, profiles, passwords) or reports used to define the population of interest (e.g., a list of program changes). The auditor also performs procedures to test the accuracy and completeness of such IPE since the integrity of the tests of operating effectiveness of the relevant controls depends on the accuracy and completeness of that information. IG 13.26 In addition to considering the risk associated with the control when planning the nature, timing, and extent of the operating effectiveness testing, the 906 Audit of Internal Financial Controls auditor also considers the requirement to introduce an element of unpredictability into the testing each year. Nature of procedures IG 13.27 Planning the nature of the operating effectiveness tests that the auditor is going to perform depends on two considerations: (1) The risk associated with the control The assessment of risk associated with the control influences the persuasiveness of the evidence that the auditor needs to obtain to support a conclusion that the control is operating effectively. Certain procedures will, by their nature, provide more persuasive evidence than other procedures. Inquiry alone will not provide sufficient appropriate audit evidence to conclude that a control is operating effectively. Depending on the auditor’s assessment of the risk associated with the control and the nature of the control, auditor therefore performs other audit procedures in combination with inquiry, including observation, inspection of documentation, or re-performance of the control. (2) The availability of evidence When determining the nature of the procedures the auditor plans to perform, it is important to select procedures that will provide evidence that the control procedure operated as designed (i.e., address each of the important steps or characteristics of the control identified in the detailed control description). Obtaining evidence for only a portion of the control procedure (e.g., limiting tests of operating effectiveness to one step of the procedure, such as evidence of a sign-off) will often be insufficient evidence that the control operated as designed. Obtaining evidence of one step of the procedure (e.g., the sign-off) does not, in most cases, provide evidence of other relevant characteristics, including who performed the control and how it was performed (e.g., what the person performing the control analysed, reviewed, or did in support of his or her sign-off evidencing the completion of the control). The reliability of evidence depends on the nature and source of the evidence and the circumstances under which it is obtained. For example, in general: • Evidence obtained from a knowledgeable source that is independent of the company is more reliable than evidence obtained only from internal company sources. • The reliability of information generated internally by the company is increased when the company's controls over that information are effective. 907 Handbook of Auditing Pronouncements-II • Evidence obtained directly by the auditor is more reliable than evidence obtained indirectly. • Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles, or documents that have been filmed, digitised, or otherwise converted into electronic form, the reliability of which depends on the controls over the conversion and maintenance of those documents. Because evidence of operating effectiveness may be obtained from various activities (e.g., performing walkthroughs, testing design, using the work of others, and the auditor’s own operating effectiveness testing), it is also important to clearly identify the nature of the evidence that the auditor plans to obtain and the location of that evidence, or the description thereof, in the working papers on risk of material misstatement or other working papers. Timing of tests of controls IG 13.28 The timing of tests of controls is typically influenced by the following considerations: (1) The period that is to be covered by the tests This consideration includes balancing the need to obtain evidence throughout the period for control-reliance purposes with obtaining sufficiently persuasive evidence nearer to or at the balance-sheet date in support of the opinion on internal financial controls. These objectives may be summarised as follows. • Evidence obtained to support the opinion on internal financial controls: The auditor obtains audit evidence of the operating effectiveness of relevant controls at the balance-sheet date. Testing performed closer to the balance sheet date provides more evidence than testing performed earlier in the year and testing controls over a greater period of time provides more evidence of the effectiveness of controls than would be provided by testing the controls over a shorter period of time. • Evidence obtained to support a control reliance strategy: When relying on operating effectiveness of controls to reduce extent of substantive testing, the auditor obtains audit evidence of the operating effectiveness of the control for the period of intended reliance. Prior to the period end, the entity might implement changes to their controls to make them more effective or efficient or to address control deficiencies. In that case, the auditor may consider how such changes affect reliance on controls for specific relevant assertions and the period of time in which the control was 908 Audit of Internal Financial Controls operating effectively. The auditor need not test the design and implementation and operating effectiveness of the superseded control for purposes of expressing an opinion on internal financial controls, however, he or she may decide to test the superseded control for purposes of relying on that control for specific relevant assertions over the period of time in which the control was effective. (2) The risk associated with the control The assessment of the risk associated with the control influences the timing of when the auditor obtains evidence. As the risk associated with the control increases, it may be more likely that the auditor will plan to test operating effectiveness without using roll forward procedures. Alternatively, if the auditor plans to use roll forward procedures, such procedures need to provide more persuasive evidence as the risk associated with the control increases. (3) When the auditor chooses to perform the tests The testing of the operating effectiveness of controls generally is performed after the control has operated. However, for some controls, it may be necessary to obtain the evidence when the control operates (or soon thereafter) as the evidence the auditor needs to perform the testing may not be accessible at a later date. For example, the evidence of certain IT controls may exist only in the system. If the system is updated on a daily basis, the evidence may not be accessible after the control has operated. Similarly, a relevant control may comprise a meeting; if the auditor plans to obtain evidence of the operation of the control by attending the meeting, the auditor will not be able to obtain such evidence after the meeting has occurred. The timing of the tests may also be affected by the frequency with which specific controls operate and specific policies are applied. Some controls operate continuously or many times a day (e.g., controls over sales transactions), while others operate only at certain times or at periodic intervals (e.g., controls over the preparation of monthly or quarterly financial statements and controls over physical inventory counts) or even only after the balance-sheet date (e.g., controls over the preparation of certain notes to financial statements disclosures). Evidence of the operation of a control that relates to a period subsequent to the balance-sheet or period-end date cannot be considered evidence of its operating effectiveness at the balance-sheet or period-end date unless the control is designed to operate only after the balance-sheet date or period-end. For example, as controls over the March 31, 20X5 year-end financial close and reporting process only operate in April 20X5, the auditor may use the evidence of 909 Handbook of Auditing Pronouncements-II the controls operating in April 20X5 to conclude on operating effectiveness of such controls "as of" March 31, 20X5. When the auditor chooses to test the operating effectiveness of controls as of an interim date, there are typically two alternative approaches he or she may consider: • Apportion the control test over the year (i.e., spread the total number of selections throughout the year). Under this approach, the operating effectiveness result is determined only upon completion of the test at year-end. Performing testing in this manner provides the basis to support conclusions as to the effectiveness of the controls throughout the period of intended reliance and as of the balance- sheet date. As the testing is apportioned over the entire year, roll forward procedures are not necessary. For example, for a test of a relevant control using a sample size of 25, the auditor may choose to perform a portion of the test at interim date by selecting 20 items over the first nine months and then selecting the 5 remaining items in the fourth quarter. The auditor cannot reach a conclusion on the operating effectiveness of the control at the interim date (September 30) since he or she did not test all 25 items; the auditor can only reach a conclusion on the operating effectiveness of the control when the testing of all sample selections is complete at year-end. Since the sample covered the entire period, the auditor is not required to perform separate roll forward procedures. • Perform a complete test of the control (i.e., test all selections) at an interim date. This approach requires the auditor to perform sufficient testing to enable him or her to reach a preliminary conclusion regarding the operating effectiveness of the control tested at the interim date. Under this approach, additional procedures are required to be performed to assess the operating effectiveness of the control during the roll forward period or the balance-sheet date. The earlier in the year the interim tests are performed, the more persuasive the roll forward procedures will likely need to be, particularly when the risk associated with the control is higher. For example, for a test of a relevant control using a sample size of 25, the auditor may choose to perform the entire test at interim date by selecting 25 items over the first nine months. Therefore, the auditor can reach a conclusion on the operating effectiveness of the control at the interim date (September 30) since the auditor tested all 25 items; however, the auditor needs to perform separate roll forward 910 Audit of Internal Financial Controls procedures to determine whether the control continues to be effective through the fourth quarter and near to or at the balance sheet date. Extent of procedures IG 13.29 Matters that may affect the necessary extent of testing of a control in relation to the degree of reliance on a control, in addition to the risk associated with the control, include the following factors: • The frequency of the performance of the control by the entity during the audit period. • The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. • The expected rate of deviation from a control: Typically, for testing efficiency purposes, the auditor does not plan for deviations when designing the tests. • The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control: When the evidence the auditor plans to obtain is less persuasive (e.g., observing a control operate), the auditor may consider increasing the sample size. • The extent to which audit evidence is obtained from tests of other controls related to the assertion: This may relate to the evidence the auditor has about the effectiveness of other controls that monitor the control the auditor is testing, which may in turn provide a basis for lowering the assessment of risk associated with the control such that a lower extent of testing may be appropriate. • The nature of the control, including, in particular, whether it is a manual control or an automated control: Automated controls are by nature more reliable than a manual control; however, their reliability depends on effective general IT controls — see next factor. • For an automated control, the effectiveness of relevant general IT controls: A reduced level of testing of an automated control is appropriate when effective general IT controls operate throughout the period of reliance. General IT controls help ensure the continued proper operation of information systems and support the effective functioning of application controls, including the automated controls. If general IT controls are not effective, then it is generally necessary to test the automated control at or near the balance-sheet date in support of the opinion on internal financial controls. However, even when effective general IT controls exist, automated controls are retested when changes are made to the control during the period in 911 Handbook of Auditing Pronouncements-II order to validate that the change was made appropriately and to test the control’s effectiveness. Testing and relying solely on program change controls generally would not constitute direct evidence of the effectiveness of an automated control that had been changed. • Higher risk associated with the control (including any control that addresses a significant risk). • When one or more exceptions are identified that clearly indicate that the control is not operating effectively, it is generally not necessary to complete the test. Dual-purpose tests IG 13.30 In some situations, the auditor might perform a substantive test of a transaction concurrently with a test of a control relevant to that transaction (a "dual purpose test"). Typically, dual-purpose testing means that two tests, with different purposes and objectives, are planned to be performed concurrently and there may or may not be some level of “overlap.” For example, a substantive test of fixed-asset additions has the primary purpose of assessing whether the transaction selected for testing has been properly recorded in accordance with GAAP to validate occurrence, accuracy, and cut-off. The operating effectiveness test of relevant controls over fixed asset additions has the primary purpose of assessing whether the control(s) operated as designed which may include testing procedures or characteristics such as: i) Evidence of authorisation. ii) Review of the proper recording for occurrence, accuracy, and cut-off. iii) Process for follow up on exceptions. Performing the substantive test may also include reperforming the review control (ii) but would likely not address control characteristics (i) or (iii). There are two main objectives when using dual-purpose tests for control purposes: Objective 1: The test directly provides evidence that the control procedure operated (i.e., it addresses the important steps and characteristics identified in the detailed control description). Objective 2: The test is contemplated and documented as a dual-purpose test when the work was planned and performed, not after the fact, such that the documentation clearly demonstrates how the combined test addresses both the substantive test and internal control test objectives. 912 Audit of Internal Financial Controls Auditor’s planning to use dual-purpose testing are advised to carefully consider whether a single test results in obtaining sufficient appropriate audit evidence for both the intended substantive test and the control test or whether it would be more appropriate to design and apply separate procedures to the same sample selections that more specifically meet the applicable objectives of the substantive test and the control test. Also, the performance of substantive tests that results in no misstatements being identified does not provide sufficient evidence of the effectiveness of related controls. However, the identification of misstatements during the performance of substantive tests may indicate that related controls are not effective. In certain situations, the auditor should design the dual-purpose test to achieve the objectives of both the test of the control and the substantive test. Also, when performing a dual-purpose test, the auditor should evaluate the results of the test in forming conclusions about both the assertion and the effectiveness of the control being tested. Perform tests of operating effectiveness of controls IG 13.31 Considerations when performing tests of operating effectiveness include: • Clearly defining the test objective, including establishing a clear understanding of what constitutes a deviation. • Identifying the population to be sampled. • Selecting the sample such that all items in the population have a chance of selection. • Obtaining sufficient and appropriate audit evidence, including related to IPE upon which the control is dependent. • Applying professional scepticism when evaluating the persuasiveness of the evidence obtained, including what constitutes a deviation or exception. As estimates are based on subjective as well as objective factors, it may be difficult for management to establish controls over them. Even when management’s estimation process involves competent personnel using relevant and reliable data, there is potential for bias in the subjective factors. Accordingly, when planning and performing procedures to evaluate accounting estimates the 913 Handbook of Auditing Pronouncements-II auditor should consider, with an attitude of professional scepticism, both the subjective and objective factors. The auditor considers the risk associated with the control when assigning personnel to perform testing (e.g., generally more experienced personnel may be assigned to test the more complex controls with significant judgements, while less experienced personnel may assist with performance of tests of less complex controls). Review of tests of controls (i.e., detailed, primary, overriding) is performed by team members who have sufficient knowledge of the entity’s controls and risks to properly assess the planning and performance of the tests of controls, as well as the sufficiency of audit evidence to support the conclusions reached. Testing review-type controls IG 13.32 The auditor should assess the risk associated with review-type controls, whether performed by individuals or groups, as higher due to the subjectivity and complexity of such controls. Usually, the level of aggregation and the criteria for investigation are important characteristics of these types of controls. In addition, these controls are often dependent upon other controls or IPE. Accordingly, the testing for review-type controls would typically include a combination of procedures, such as: • Inquiry of the persons involved in the performance of the control, including persons to whom questions are directed. • Inspection of the reports and documents used in performing the control. • Inspection of documentary evidence of conclusions reached and follow-up actions taken. • Observation of meetings in which the control is performed. • Re-performance of the review. IG 13.33 Documentation associated with these controls often includes items such as meeting preparation materials, invitations sent to attendees, correspondence about issues discussed, and documentation of follow-up actions. However, such documentation commonly does not include descriptions of the discussions that are sufficient for the auditor to obtain evidence about the substance and completeness of the discussions and thought processes that led to the conclusions reached in the meeting (e.g., inquiry of participants and examination of calendars indicating that a meeting was held will not be sufficient evidence about the nature and effectiveness of the activities performed in the meeting). Accordingly, observation of these meetings may be an important means of testing the effectiveness of the actual activities undertaken in the meeting. When 914 Audit of Internal Financial Controls observation is not possible (e.g., a meeting involving management’s discussion with counsel regarding the reserve for legal matters), inspection of documentation evidencing that the important characteristics of the control were performed, if available, or re-performance of the control often are necessary to obtain sufficient persuasive evidence. For example, a review-type control whereby the monthly financial results are discussed and differences are investigated has been identified as a relevant control for certain accounts that are stable and predictable. Inspecting evidence that the meeting occurred is generally not sufficient evidence to determine to what extent the other important characteristics of the control operated at the meeting, such as evidence of (1) the purpose of the control (operationally focused versus financial-reporting focused), (2) the depth of the discussion at an appropriate level of disaggregation, and (3) the criteria for investigation and the nature of items questioned, including the follow-up process. IG 13.34 Evidence of matters identified for follow-up and their resolution often provides additional evidence of the performance of the review control. Inquiry of the persons performing the control in addition to documentation of such findings and follow-up will increase the reliability of the audit evidence, while incomplete or altogether lacking documentation will diminish the reliability of audit evidence. Accordingly, it may be useful to encourage management to retain documentation of reviews (e.g., notes, drafts, e-mails), including establishing a process for tracking matters identified for follow-up. In situations where there were no matters for follow-up, other procedures, such as observation, may be necessary to obtain sufficient evidence of effectiveness. It may be necessary to reconsider the effectiveness of a review-type control that seldom, if ever, identifies matters for follow-up, as this may be an indication that the control is not operating effectively or is not suitably designed to prevent or detect material misstatements. IG 14 Sampling in Tests of Controls (Refer Paragraph 120) IG 14.1 The auditor should test the operating effectiveness of a control by determining whether the control is operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively. Note: In some situations, particularly in smaller companies, a company might use a third party to provide assistance with certain financial reporting functions. When assessing the competence of personnel responsible for a company's financial reporting and associated controls, the auditor may take into account the 915 Handbook of Auditing Pronouncements-II combined competence of company personnel and other parties that assist with functions related to financial reporting. IG 14.2 Procedures the auditor performs to test operating effectiveness include a mix of inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and re-performance of the control. IG 14.3 When planning a particular audit sample for a test of controls, the auditor should consider: • The relationship of the sample to the objective of the test of controls. • The maximum rate of deviations from prescribed controls that would support the planned assessed level of control risk. • The auditor's allowable risk of assessing control risk too low. • Characteristics of the population, that is, the items comprising the account balance or class of transactions of interest. IG 14.4 For many tests of controls, sampling does not apply. Procedures performed to obtain an understanding of internal control sufficient to plan an audit do not involve sampling. Sampling generally is not applicable to tests of controls that depend primarily on appropriate segregation of duties or that otherwise provide no documentary evidence of performance. In addition, sampling may not apply to tests of certain documented controls. Sampling may not apply to tests directed toward obtaining evidence about the design or operation of the control environment or the accounting system. For example, inquiry or observation of explanation of variances from budgets when the auditor does not desire to estimate the rate of deviation from the prescribed control. IG 14.5 When designing samples for tests of controls the auditor ordinarily should plan to evaluate operating effectiveness in terms of deviations from prescribed controls, as to either the rate of such deviations or the monetary amount of the related transactions. In this context, pertinent controls are ones that, had they not been included in the design of internal control would have adversely affected the auditor's planned assessed level of control risk. The auditor's overall assessment of control risk for a particular assertion involves combining judgements about the prescribed controls, the deviations from prescribed controls, and the degree of assurance provided by the sample and other tests of controls. IG 14.6 The auditor should determine the maximum rate of deviations from the prescribed control that he or she would be willing to accept without altering his planned assessed level of control risk. This is the tolerable rate. In determining the tolerable rate, the auditor should consider (a) the planned assessed level of 916 Audit of Internal Financial Controls control risk, and (b) the degree of assurance desired by the evidential matter in the sample. For example, if the auditor plans to assess control risk at a low level, and desires a high degree of assurance from the evidential matter provided by the sample for tests of controls (i.e., not perform other tests of controls for the assertion), he or she might decide that a tolerable rate of 5 percent or possibly less would be reasonable. If the auditor either plans to assess control risk at a higher level, or desires assurance from other tests of controls along with that provided by the sample (such as inquiries of appropriate entity personnel or observation of the application of the policy or procedure), the auditor might decide that a tolerable rate of 10 percent or more is reasonable. IG 14.7 In assessing the tolerable rate of deviations, the auditor should consider that, while deviations from pertinent controls increase the risk of material misstatements in the accounting records, such deviations do not necessarily result in misstatements. For example, a recorded disbursement that does not show evidence of required approval may nevertheless be a transaction that is properly authorised and recorded. Deviations would result in misstatements in the accounting records only if the deviations and the misstatements occurred on the same transactions. Deviations from pertinent controls at a given rate ordinarily would be expected to result in misstatements at a lower rate. IG 14.8 In some situations, the risk of material misstatement for an assertion may be related to a combination of controls. If a combination of two or more controls is necessary to affect the risk of material misstatement for an assertion, those controls should be regarded as a single procedure, and deviations from any controls in combination should be evaluated on that basis. IG 14.9 Samples taken to test the operating effectiveness of controls are intended to provide a basis for the auditor to conclude whether the controls are being applied as prescribed. When the degree of assurance desired by the evidential matter in the sample is high, the auditor should allow for a low level of sampling risk (that is, the risk of assessing control risk too low). IG 14.10 To determine the number of items to be selected for a particular sample for a test of controls, the auditor should consider the tolerable rate of deviation from the controls being tested, the likely rate of deviations, and the allowable risk of assessing control risk too low. When circumstances are similar, the effect on sample size of those factors should be similar regardless of whether a statistical or non-statistical approach is used. Thus, when a non-statistical sampling approach is applied properly, the resulting sample size ordinarily will be comparable to, or larger than, the sample size resulting from an efficient and effectively designed statistical sample. 917 Handbook of Auditing Pronouncements-II The auditor may also apply the provisions of Standard on Internal Audit (SIA) 5 on “Sampling” and the sample sizes indicated in Appendix 4 of the above Standard. Refer the full text of SIA 5 in Appendix VI to this Guidance Note. Sample selection IG 14.11 Sample items should be selected from the appropriate population that is representative of the risk being tested. For example, a risk that sales may not be recorded for all goods despatched (relevant to the assertion ‘completeness’) should be tested based on the population of despatch documents and not from the population of recorded sales. Similarly for testing the risk of sales being recorded without corresponding despatch of goods (relevant to the assertions ‘existence’ and ’cut off’), the sample should be selected from the recorded population of sales. Sample items should be selected in such a way that the sample can be expected to be representative of the population. Therefore, all items in the population should have an opportunity to be selected. Random- based selection of items represents one means of obtaining such samples. Ideally, the auditor should use a selection method that has the potential for selecting items from the entire period under audit. Assess findings and conclude on the operating effectiveness of controls IG 14.12 Considerations when assessing findings and concluding on the operating effectiveness of controls include: • Determining whether a deviation is identified. • Determining the nature and cause of the deviation(s). • Evaluating whether the deviation is a control deficiency. IG 14.13 When the auditor identifies a deviation (or exception), he or she should consider the circumstances and reasons for the deviation and evaluate the effect of the deviation to determine whether: • The tests of controls that have been performed provide an appropriate basis for reliance on the controls (e.g., the deviation is not a deficiency); • To obtain additional evidence to obtain a better estimate of the projected deviation rate to determine if the deviation is a deficiency (e.g., the auditor may consider increasing sample sizes which, since a deviation was identified, would include considering whether to increase the risk associated with the control); or 918 Audit of Internal Financial Controls • The deviation is a deficiency and in the absence of other redundant or compensating controls, the potential risks of misstatement need to be addressed using substantive procedures (e.g. the control is not effective and thus control reliance is not appropriate). Determining whether a deviation exists IG 14.14 In designing an audit sample to test controls, the auditor defines the objective of the audit procedure (i.e., the test objective) and the characteristics of the population from which the sample will be drawn. The determination of the objective of a test of a control includes a clear understanding of what constitutes a deviation so that all, and only, those deviations that are relevant to the purpose of the test are included in the evaluation of deviations. IG 14.15 Generally, any failure in the operation of a control from (1) established policy and procedure, (2) a regulatory requirement or (3) the expectation of the operation based on peer or industry comparison is likely a deviation (which is then further evaluated as described below). Examples of instances in which a failure in the operation of a control may not be a deviation may include the following circumstances: • When the control operates effectively in mitigating the risk, even though the control does not operate completely in accordance with the prescribed procedure (e.g., an authorisation form was not properly completed and signed off, but there is other evidence that clearly reflects the transaction was authorised). • When the departure from policy or procedure is authorised by the appropriate level of management based on particular circumstances (e.g., in an employee’s absence, the normal control process was not followed; however, management is aware of this and has compensated for it). • If a document is selected that has been validly cancelled prior to operation of the control (i.e., the document does not constitute a deviation), it may be excluded from the sample and an appropriately chosen replacement may be examined. However, if the deviation relates to a document that cannot be located, the auditor makes every possible effort to locate it or to ascertain, using suitable alternative procedures that the control in this specific instance was operating properly. If evidence supporting operation of the control for the selected sampling unit is not available, another sampling unit cannot be substituted for the missing unit and it is generally necessary to treat this item as a deviation from the prescribed control. 919 Handbook of Auditing Pronouncements-II Determining the nature and cause of the deviation IG 14.16 When investigating the nature and cause of a deviation, the auditor may consider the following questions: • Is the nature of the deviation limited to certain types of transactions (e.g., infrequent exceptions as opposed to the norm)? The auditor should consider the nature and volume of the exceptions that may be subject to other deviations. • Has a change in roles or responsibilities of the person performing or monitoring the control contributed to the deviation? The auditor should consider the significance and breadth of the role and responsibility of the new person and the likelihood that other deviations in other controls operated by the new person could exist. • Has a lack of competency of the person performing the control contributed to the deviation? The auditor should consider the significance and breadth of the role and responsibility of the person for which other deviations could exist. • Was management aware of the circumstances causing the deviation? A deviation that management is not aware of and not monitoring may result in an increased likelihood that other deviations will occur. • Have changes in volume of activity or transactions (e.g., significant seasonal fluctuations) contributed to the deviation? A deviation during a limited period of heavy volume may not be indicative of what might more typically occur during normal volume periods. Evaluate whether the deviation is a control deficiency IG 14.17 The concept of effectiveness of the operation of controls recognises that some deviations in the way controls are applied by the entity may occur. Deviations from prescribed controls may be caused by factors such as changes in key personnel, significant seasonal fluctuations in volume of transactions, and human error. Accordingly, it is acknowledged that a control could still be concluded to be effective, even when some level of deviation may exist. Because effective internal financial controls cannot, and does not, provide absolute assurance of achieving the company’s control objectives, an individual control does not necessarily have to operate without any deviation to be considered effective. IG 14.18 The following considerations are relevant when considering the level of “acceptable” deviations (i.e., such that a control deficiency does not exist): • Risk associated with the control: The higher the risk, the more reliable the control needs to be. 920 Audit of Internal Financial Controls • Extent of reliance on the control: When a risk of material misstatement is addressed solely by one control, the control generally needs to be more reliable, particularly when the risk being addressed is a significant risk. • Testing approach: When the auditor tests the operating effectiveness of a control by sampling, the sample sizes are based on an acceptable tolerable deviation rate; therefore, when the auditor discovers more deviations than planned for, the test objective is generally not met. At this point the auditor cannot conclude the control is effective and therefore, the existence of deviations beyond what was planned for would generally represent a deficiency, in absence of performing additional testing. The auditor may then consider whether additional testing is necessary or appropriate. For controls that operate less frequently, given the small sample sizes, the auditor typically would not expand the sample size. For example, if a test of a control that operates many times a day is designed to not allow for any deviations and the actual number of deviations is one or more, the test objective is generally not met. The auditor may either conclude that the control is not effective or may decide to increase the sample sizes to obtain a better estimate of the projected deviation rate, in which case, the auditor should also reconsider whether to increase the risk associated with the control. • If the auditor is able to test the entire population, he or she uses professional judgement to determine whether the actual deviation rate is indicative of a deficiency based on the risk associated with the control (e.g., an actual deviation rate up to 5 percent may be concluded to be acceptable). For example, the auditor assessed the appropriateness of access privileges for all 300 system users and noted 3 exceptions. The auditor evaluated the exceptions qualitatively and noted no significant concerns as the 3 users' inappropriate access was limited to one application. As it is not expected that the control would operate without deviation, and as the actual rate of deviation in the entire population is quantified or known (3 out of 300, or 1percent), the auditor may conclude that the deviation rate is acceptable and not indicative of a deficiency. • Nature of the control: Relevant points when considering the nature of the control include: − The relative importance of the deviations to the overall performance of the control (i.e., the deviation is related to only 921 Handbook of Auditing Pronouncements-II one of many characteristics or attributes tested when assessing the related control). For example, review controls typically have multiple characteristics that need to be tested; therefore, testing of such controls may result in deviations related to certain characteristics and not others. Determining whether such controls are nevertheless effective, even if some level of deviation has been identified, requires significant professional judgement. − Whether misstatements have actually occurred. − Whether the deviation has a potential effect on the effectiveness of other controls. IG 14.19 Based on the above considerations, deviations are evaluated and concluded upon to be either: • Only a deviation and not a deficiency: In this case, no further consideration is necessary (this is expected to be rare, particularly when the auditor is using a sampling approach); or • A deficiency: In this case, the deficiency is further evaluated to assess its severity and implications on the financial statements audit (i.e., risk assessment and control reliance strategy). IG 15 Roll Forward Testing (Refer Paragraph 121) IG 15.1 This Section highlights considerations when the auditor rolls-forward the conclusions of the effectiveness of those relevant controls which were tested and concluded to be effectiveness as at an interim date. The roll forward procedures to be performed and evidence to be obtained are based on the auditor’s assessment of certain factors related to the risk that controls that have been tested as of an interim date will not continue to operate effectively during the roll forward period. The roll forward period (also sometimes referred to as the “remaining” period) is the period from the date of the interim conclusion about the effectiveness of a control up to, and including, the balance sheet date for the report on internal financial controls. IG 15.2 The auditor typically performs procedures to understand the likely sources of misstatements and conclude on design effectiveness at an interim date for many of the relevant controls. The roll forward procedures the auditor performs are focused on changes to the business or the entity’s financial reporting that may give rise to a new risk or may affect an existing risk of material misstatement, which, in turn, would necessitate the entity’s implementing new controls or modifying the design of existing controls. 922 Audit of Internal Financial Controls IG 15.3 The auditor may also decide to perform tests of operating effectiveness of relevant controls at an interim date. Timing of tests of controls and the necessity of performing roll forward procedures to update conclusions about operating effectiveness of relevant controls depends on which testing approach the auditor applies: • Apportion the test of operating effectiveness of a relevant control over the year, or • Perform a complete test of the operating effectiveness of a relevant control (i.e., test all selections) at an interim date and conclude as to the effectiveness of the control as of the interim date. IG 15.4 When the auditor apportions the control test over the year, he or she does not need to plan roll forward procedures because the testing plan will include selections up to or near the balance sheet date. However, when the auditor performs a complete test at an interim date, he or she has to perform procedures to roll forward those conclusions to the balance sheet date to support the opinion on the effectiveness of internal financial controls and to support reliance on controls for substantive purposes (i.e., to reduce the evidence the auditor needs to obtain from the substantive procedures). IG 15.5 There are factors to be considered when making such determination. Because controls have different characteristics and operate with differing levels of reliability, these factors are considered for each relevant control to determine the persuasiveness of the evidence the auditor needs to obtain to conclude that a control continues to operate effectively through the balance sheet date (i.e., to support the opinion on the effectiveness of internal financial controls and to support the reliance on controls for substantive purposes). The auditor plans the nature, timing, and extent of the roll forward procedures for each relevant control (or groups of controls that possess similar characteristics) tested as of an interim date based on the consideration of the factors. Key activities in the process for planning and performing procedures to roll forward conclusions of design and operating effectiveness IG 15.6 Key activities for planning procedures to roll forward interim conclusions of design and operating effectiveness: • Identify relevant controls which were tested (i.e., both design and operating effectiveness were tested) and concluded at interim date and therefore subject to roll forward procedures. • Consider management’s ongoing monitoring processes and activities to identify changes that may give rise to new risks of material misstatement or modifications to existing risks, as well as new controls, or modifications to existing controls. 923 Handbook of Auditing Pronouncements-II • Consider the evidence obtained by management during the roll forward period related to the controls that were tested at an interim date. • Plan the nature, timing, and extent of the roll forward procedures. IG 15.7 Key activities for performing procedures to roll forward interim conclusions of design and operating effectiveness: • Perform procedures to determine whether there have been any significant changes to the business or the entity’s financial reporting that would give rise to new or affect existing risks of material misstatement, which would necessitate the entity’s implementing new controls or modifying the design of existing controls. • Test the design and operating effectiveness of new or modified relevant controls. • Obtain appropriate evidence of operating effectiveness that the controls tested at interim date continue to operate effectively for the roll forward period. • Document the roll forward procedures performed, basis for professional judgements, and conclusions for each of the relevant controls. • Log any deficiencies for classification as to severity and further evaluation of their impact on the risk assessment and audit of the financial statements. Plan roll forward procedures IG 15.8 Factors to consider when planning roll forward procedures: The additional evidence that is necessary to roll forward the interim conclusion about the operating effectiveness of each relevant control tested as of an interim date is based on consideration of the factors as explained in more detail in the discussion that follows. IG 15.9 The specific control tested prior to the balance sheet date, including the risk associated with the control and the nature of the control, and the results of the tests. IG 15.10 The higher the risk associated with the control (which includes considerations related to the nature of the control and the results of tests of such control in prior years and the current year to date), the more persuasive the evidence the auditor needs to obtain from the roll forward procedures. For example, the auditor would design more persuasive roll forward procedures for a control where he or she has assessed the risk associated with the control as “higher.” 924 Audit of Internal Financial Controls IG 15.11 The auditor may also need to obtain more persuasive evidence from the roll forward procedures when the risk associated with a control is assessed as “not higher.” For example, if the risk associated with a control related to a review-type control (or a more subjective control) in the revenue process has been assessed as “not higher,” the auditor may nonetheless conclude that more persuasive evidence is needed during the roll forward period due to the subjectivity of the operation of the control. In contrast, the auditor may decide that he or she needs less persuasive evidence for a routine control in the payroll process where the risk associated with the control is assessed as “not higher,” and the control has operated effectively in the past with no changes identified during the roll forward period that may affect the operation of the control. IG 15.12 The sufficiency of the evidence of effectiveness obtained at an interim date This factor means that the more persuasive the evidence that has been obtained to support conclusions reached at an interim date, the less persuasive the evidence that may be needed for the roll forward period. For example, performing procedures such as inspection of documentation or re- performance may produce more persuasive evidence of the operating effectiveness of a relevant control at an interim date, and accordingly, the auditor may decide that procedures that produce less persuasive evidence (such as inquiry or observation) are appropriate for the roll forward period. However in certain circumstances (e.g., for controls where the risk associated with the control is higher), the auditor may decide that notwithstanding that more persuasive evidence was obtained as of the interim date, he or she would also need to obtain more persuasive evidence for the roll forward period. IG 15.13 The length of the remaining period As the length of the remaining period increases, the more persuasive the evidence that may be needed from the roll forward procedures (e.g., when the roll forward period exceeds three to four months) and the less likely that the auditor will be able to conclude that roll forward procedures that are comprised of inquiry alone are sufficient. Additionally, for certain controls (e.g., controls where the risk associated with the control is higher) for which the interim testing was completed within three to four months prior to the balance sheet date, performing additional roll forward procedures (i.e., beyond inquiries) may, nonetheless, be necessary. IG 15.14 The possibility that there have been any significant changes in internal financial controls subsequent to the interim date 925 Handbook of Auditing Pronouncements-II This factor is in the context of whether there are significant changes in the business during the roll forward period that could impact the operating effectiveness of the relevant controls that the auditor tested as of an interim date (e.g., changes in the person performing the control); in this case, more persuasive evidence may be necessary to determine that the controls continued to operate effectively during the roll forward period. For example, subsequent to the interim testing, a new Controller is hired who had no previous experience with the entity or its processes and controls; however, given the nature of the role and the related responsibilities, this new person is responsible for the operation of certain relevant controls. The auditor would consider the nature of each of the controls for which the Controller is responsible, and determine whether more persuasive evidence of continued operating effectiveness during the roll forward period is necessary, given the Controller’s inexperience relative to the entity’s business and the controls (which may require retesting the controls), as they are equivalent to the implementation of “new controls.” IG 15.15 The planned degree of reliance on the control This factor means that more persuasive evidence may be necessary from the roll forward procedures when (1) a relevant control is the only control mitigating a risk of material misstatement (i.e., as opposed to one of a combination of controls that might collectively address the risk) or (2) the auditor is relying on the control to reduce the extent of the substantive procedures (i.e., take a control reliance approach). Planning the approach to roll forward procedures IG 15.16 The auditor should assess each of the factors identified in paragraphs IG 15.8 to IG 15.15 above for each relevant control tested as of an interim date (or groups of controls that possess similar characteristics) to determine: • Whether inquiry alone is sufficient evidence of the continuing operating effectiveness; or • Whether additional procedures beyond inquiry alone are necessary and, if so, the auditor considers the nature, extent, and timing of those procedures. IG 15.17 After determining whether inquiry alone is sufficient or whether additional procedures need to be performed, the auditor should then plan the nature, extent, and timing of the roll forward procedures. The following two examples of approaches to planning roll forward procedures are discussed below: • When inquiry alone is sufficient evidence of the continuing operating effectiveness of relevant controls tested as of an interim date. 926 Audit of Internal Financial Controls • When additional procedures beyond inquiry are necessary. IG 15.18 When inquiry alone is sufficient evidence of the continuing operating effectiveness of relevant controls tested as of an interim date There may be a portion of the controls tested as of interim dates (and for which the auditor needs to update the interim conclusions) where (1) the risk associated with the controls is assessed as “not higher” (e.g., the controls are routine in nature, typically operating many times a day and with a history of operating effectively) and (2) the roll forward period is sufficiently short (e.g., typically no more than three to four months). In this case, the auditor may determine that there is a sufficiently low risk that these controls will be ineffective during the roll forward period such that inquiry alone may provide sufficiently persuasive evidence. For example, the auditor tested within three months before the balance sheet date certain payroll controls that operate routinely many times a day (risk associated with the controls is “not higher”). The auditor concluded that inquiry alone will be sufficiently persuasive to update the interim conclusions through the remaining period. However, as the length of the roll forward period increases (e.g., extending beyond three to four months prior to the balance sheet date), the more likely it will be necessary for the roll forward procedures to include additional procedures beyond inquiry. IG 15.19 When additional procedures beyond inquiry are necessary For those controls tested as of an interim date where the auditor has concluded that additional procedures beyond inquiry are necessary to roll forward the interim conclusions, he or she may consider segregating the controls as follows: a. For controls where the auditor has assessed risk associated with the control as “higher” (including controls that address significant risks), the auditor typically plans to perform more extensive additional procedures for each of these controls, given the higher risk associated with the control. For example, a manual control related to complex revenue transactions, where the risk associated with the control has been assessed as “higher”, (due to the complexity and subjectivity of the judgements involved), was tested through the third quarter and found to be effective. The roll forward procedures consist of performing inquiries combined with appropriately extensive additional procedures (e.g., observation, inspection of documentation or re-performance). b. For controls where the auditor has assessed risk associated with the control as “not higher”, the auditor typically plans to perform less extensive additional procedures for each of these controls. It is 927 Handbook of Auditing Pronouncements-II generally not appropriate to only select a sample of these controls to test in the roll forward period and then extrapolate the results of that testing to the remaining population of controls not tested. For example, 30 relevant controls for which the risk associated with the control has been assessed as not higher are tested six months prior to the balance sheet date. Given the length of the remaining period, inquiry alone was determined to provide insufficient evidence. Accordingly, the auditor plans to perform additional procedures, in addition to inquiry, to obtain evidence that each of the 30 controls continue to operate effectively during the roll forward period. Alternatively, when management has effective ongoing monitoring activities that directly monitor the controls for which the auditor is seeking to obtain evidence during the roll forward period, the auditor may test the design and operating effectiveness of the monitoring controls, which may include selecting and testing a sample of the controls that he or she is rolling forward in order to provide evidence of the effectiveness of the monitoring controls. Perform roll forward procedures IG 15.20 The objective of the roll forward procedures is to identify whether (1) any changes to the business occurred that could give rise to new, or affect existing risks of material misstatement, which would necessitate implementing new controls or modifying the design of existing controls and (2) existing controls continue to operate effectively during the roll forward period. Accordingly, the procedures the auditor typically performs at this phase include a mix of inquiry, observation, inspection of documentation, and re-performance to obtain sufficient evidence to determine whether changes have occurred. The evidence the auditor seeks to gather generally consists of: • Evidence from management’s ongoing monitoring and risk assessment processes to identify and manage change. If there have been changes that affect the design or operating effectiveness of a control, either manual or automated controls, during the roll forward period, the auditor is required to obtain audit evidence about the effectiveness of the new or modified control without giving consideration to the evidence the auditor had obtained before the change occurred. • Evidence from the planned roll forward tests of operating effectiveness. • The determination of sample sizes for roll forward procedures is a matter of judgement considering the factors mentioned above. The 928 Audit of Internal Financial Controls auditor may also consider using the work of others, when applicable and appropriate. • Evidence from the other auditing procedures. Documentation considerations in roll forward procedures IG 15.21 The purpose of this Section is to provide auditors with documentation considerations relative to planning and performing roll forward procedures. Considerations include: i) A description of the planned procedures that clearly describes the (a) nature, (b) timing, and (c) extent of roll forward procedures for each control, including procedures to test relevant IPE. ii) Assessment of monitoring controls that the auditor intends to test and rely upon, including the rationale for how the controls selected to corroborate the operating effectiveness of the monitoring controls were chosen, giving consideration to the different business processes and controls within the business process and how that sample is representative of the population. iii) The roll forward procedures performed and the evidence obtained, including: − A description of the procedures performed, including whether they were inquiry, observation, examination of documents, re- performance, or some combination. The documentation of inquiries includes (1) to whom the auditor made inquiries, (2) the specific inquiries made, and (3) the results of those inquiries. − When the interim testing of the controls was performed (e.g., the month or quarter). − Identification of and reference to testing of any IPE. − A statement that there were no exceptions or a clear description of any deviations noted. iv) The procedures, findings, and conclusions related to assessing findings and concluding on design and operating effectiveness, including: − A clear statement about whether the control is effectively designed and operated. − If auditor’s conclusion is that the control is ineffective, consideration of the effect of the conclusion on tests of other 929 Handbook of Auditing Pronouncements-II controls that may depend on the control tested and the design of the substantive tests. − The basis for the conclusions reached. IG 16 Rotation Plan for Testing Internal Financial Controls (Refer Paragraph 118 and 125) IG 16.1 Rotation plan for testing of internal controls may be relevant to efficiently perform an audit of internal financial controls. One of the important consideration in this regard is that control environment within a company is somewhat enduring in nature and hence in case there are no changes in the underlying controls the auditors may be able to leverage on the work carried out in the previous periods. The internal control testing work can broadly be categorised into following: • Understanding the process flows. • Testing design and implementation of controls. • Testing operative effectiveness of controls. IG 16.2 From the perspective of adopting a rotation plan for testing of internal controls, understanding the process flows and testing design and implementation of controls are required to be covered in every audit period. However, a rotation plan may be considered for testing operating effectiveness of controls subject to the criteria specified in paragraph IG 16.3 below. IG 16.3 The following is the broad criteria to be met for adopting a rotation plan for testing operating effectiveness of controls: • The auditor may be able to utilise the tests of controls performed in prior audits in the current audit. In determining the strategy for testing the operating effectiveness of controls upon which the auditor intends to rely, the auditor may plan an approach whereby he or she will use audit evidence about operating effectiveness of certain controls obtained in previous audits in combination with the evidence obtained from the understanding of controls in the current audit and tests of operating effectiveness of other controls performed in the current audit. • In these circumstances, the auditor is required to establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have occurred subsequent to the previous audit. 930 Audit of Internal Financial Controls • The auditor is required to obtain this evidence by performing inquiry combined with observation or inspection, to confirm the understanding of those specific controls. • If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor is required to test the controls in the current audit. • If there have not been such changes, it is recommended that the auditor tests the controls at least once in every third audit and need to test some controls each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods. IG 17 Remediation Testing (Refer Paragraph 119) IG 17.1 Auditors are required to express an opinion on the effectiveness of the entity’s internal financial controls as of the balance sheet date. IG 17.2 Accordingly, any issues or deficiencies either relating to design or operative effectiveness of controls if they are remediated before the period under consideration, then the auditor can still express an unqualified opinion. It would be important to note that the remediation has to happen within the financial period which is under consideration. IG 17.3 Sufficient time should be allowed to evaluate and test controls. If deficiencies are discovered, management may have the opportunity to correct and address these deficiencies prior to the reporting date. However, once a new control is in place, management should allow enough time for its operations to validate the control’s operating effectiveness. The amount of time that a control should be in place and operating effectively depends on the nature of the control and how frequently it operates. The amount of time a remediation control should be in existence for placing reliance on the control by the auditor is a matter of professional judgement. Under ordinary circumstances, control remediation that occurs after year-end will not mitigate an identified deficiency for reporting purposes. Auditor should not express an opinion on management’s disclosure about corrective actions taken by the company after the balance sheet date. IG 18 Using the Work of Internal Auditors and an Auditor’s Expert (Refer Paragraph 82 - 85) IG 18.1 The role and objectives of the internal audit function are determined by management and, where applicable, those charged with governance. While the objectives of the internal audit function and the auditor are different insofar as it relates to financial statements, the ways in which the internal audit function and 931 Handbook of Auditing Pronouncements-II the auditor achieve their respective objectives in an audit of internal financial controls may be similar. IG 18.2 The auditor's consideration of the internal audit function in an audit of internal financial controls, applies in a combined audit of internal financial controls over financial reporting and financial statements. IG 18.3 The objectives of the auditor, where the entity has an internal audit function that the auditor has determined is likely to be relevant to the audit, are to determine: (a) Whether, and to what extent, to use specific work of the internal auditors; and (b) If so, whether such work is adequate for the purposes of the audit. IG 18.4 In determining whether and to what extent to use the work of the internal auditors, the auditor shall determine: (a) Whether the work of the internal auditors is likely to be adequate for purposes of the audit; and (b) If so, the planned effect of the work of the internal auditors on the nature, timing or extent of the auditor’s procedures. IG 18.5 The auditor should apply the requirements of paragraphs 8, 9 and A4 of SA 610 “Using the Work of Internal Auditors” to assess the competence and objectivity of internal auditors. The auditor should apply the principles underlying those paragraphs to assess the competence and objectivity of persons other than internal auditors whose work the auditor plans to use. IG 18.6 The auditor may also use the work of an auditor’s expert in an audit of internal financial controls. In this regard the auditor should apply the requirements of SA 620 “Using the Work of an Auditor’s Expert”. IG 18.7 Auditor’s expert is an individual or organisation possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence. An auditor’s expert may be either an auditor’s internal expert (who is a partner or staff, including temporary staff, of the auditor’s firm or a network firm), or an auditor’s external expert. IG 18.8 The key considerations for an auditor in using the work of an auditor’s expert are: • Determining the need for the expert. • Nature, timing and extent of audit procedures to be performed by the expert and the auditor. 932 Audit of Internal Financial Controls • The competence, capability and objectivity of the auditor’s expert. • Obtaining an understanding of the field of expertise of the auditor’s expert. • Agreement with the auditor’s expert. • Evaluating the adequacy of the auditor’s expert’s work. IG 18.9 The extent to which the auditor may use the work of others in an audit of internal control also depends on the risk associated with the control being tested. As the risk associated with a control increases, the need for the auditor to perform his or her own work on the control increases. IG 19 Additional Considerations for Auditing Internal Financial Controls Over Financial Reporting IG 19.1 The complexity of a company is an important factor in the auditor's risk assessment and determination of the necessary audit procedures. Customising the audit is important for audits of internal control of all companies, especially smaller, less complex companies. IG 19.2 The audit of internal financial controls should be integrated with the audit of the financial statements, so the auditor must plan and perform the work to achieve the objectives of both audits. This direction applies to all aspects of the audit, and it is particularly relevant to tests of controls. Customising the audit of internal financial controls IG 19.3 Customising the audit of internal financial controls involves tailoring the audit approach to fit the individual facts and circumstances of the company. Many smaller companies have less complex operations, and they typically share many of the following attributes: • Fewer business lines. • Less complex business processes and financial reporting systems. • More centralised accounting functions. • Extensive involvement by the owners and senior management in the day-to-day activities of the business. • Fewer levels of management, each with a wide span of control. IG 19.4 The attributes of a smaller, less complex company can affect the particular risks that could result in material misstatement of the company's financial statements and the controls that a company might establish to address those risks. Consequently, these attributes have a pervasive effect on the audit of internal financial control, including assessing risk, determining significant accounts and disclosures and relevant assertions, selecting controls to test, and testing the design and operating effectiveness of controls. The following are 933 Handbook of Auditing Pronouncements-II examples of internal control-related matters that might be particularly affected by the attributes of a smaller, less complex company – • Use of entity-level controls to achieve control objectives. In smaller, less complex companies, owners and / or senior management are often involved in many day-to-day business activities and perform duties that are important to effective internal financial controls. Consequently, the auditor's evaluation of entity-level controls can provide a substantial amount of evidence about the effectiveness of internal financial controls. • Risk of management override. The extensive involvement of owners and/or senior management in day-to-day activities and fewer levels of management can provide additional opportunities for management to override controls or intentionally misstate the financial statements in smaller, less complex companies. In a combined audit of internal financial controls over financial reporting and financial statements, the auditor should consider the risk of management override and company actions to address that risk in connection with assessing the risk of material misstatement due to fraud and evaluating entity- level controls. • Implementation of segregation of duties and alternative controls. By their nature, smaller, less complex companies have fewer employees, which limit the opportunity to segregate incompatible duties. Smaller, less complex companies might use alternative approaches to achieve the objectives of segregation of duties, and the auditor should evaluate whether those alternative controls achieve the control objectives. • Use of Information Technology (IT). A smaller, less complex company with less complex business processes and centralised accounting operations might have less complex information systems that make greater use of off the shelf packaged software without modification. In the areas in which off-the-shelf software is used, the auditor's testing of information technology controls might focus on the application controls built into the pre-packaged software that management relies on to achieve its control objectives and the testing of IT general controls might focus on those controls that are important to the effective operation of the selected application controls. • Maintenance of financial reporting competencies. Smaller, less complex companies might address their needs for financial reporting competencies through means other than internal staffing, such as engaging outside professionals. The auditor may take into 934 Audit of Internal Financial Controls consideration the use of those third parties when assessing financial reporting competencies of the company. • Nature and extent of documentation. A smaller, less complex company typically needs less formal documentation to run the business, including maintaining effective internal financial controls. The auditor may take that into account when selecting controls to test and planning tests of controls. • In some audits of internal control, auditors might encounter companies with numerous or pervasive control deficiencies. Smaller, less complex companies can be particularly affected by ineffective entity-level controls, as these companies typically have fewer employees and fewer process-level controls. The auditor's strategy can be influenced by the nature of the control deficiencies and factors such as the availability of audit evidence and the effect of the deficiencies on other controls. Test of controls in a combined audit of internal financial controls over financial reporting and financial statements IG 19.5 Selection of controls to test Appropriate selection of controls helps focus the auditor's testing on those controls that are important to the auditor's conclusion about whether the company's internal financial controls are effective. The decision about whether to select a control for testing depends on which controls, individually or in combination, sufficiently address the assessed risk of misstatement in a given relevant assertion rather than on how the control is labelled (e.g., entity-level control, transaction-level control, control activity, monitoring control, preventive control, or detective control). A practical starting point for identifying these controls, is to consider the controls that management relies on to achieve its objectives for reliable financial reporting. Besides the overriding consideration of whether a control addresses the risk of misstatement, as a practical matter, the auditor might also consider the following factors when selecting controls to test: • Is the control likely to be effective? • What evidence exists regarding operation of the control? When selecting controls to test, the auditor could seek to select controls that are more likely to be effective in addressing the risk of misstatement in one or more relevant assertions. If none of the controls that are intended to address a risk for a relevant assertion is likely to be effective, the auditor can take that into account in determining the evidence needed to support a conclusion about the effectiveness of controls for this assertion. 935 Handbook of Auditing Pronouncements-II The auditor needs to be able to obtain enough evidence about a control's operation to conclude on its effectiveness. The auditor could take into account the nature and availability of audit evidence when selecting controls to test and determining the nature, timing, and extent of tests of controls. For example, if two or more controls adequately address the risk of misstatement for a relevant assertion, the auditor may select the control for which evidence of operating effectiveness can be obtained more readily. IG 19.6 Tests of operating effectiveness of controls Historically, the approach for financial statement audits of smaller, less complex companies has been to focus primarily on testing accounts and disclosures, with little or no testing of controls. Auditors have the latitude to determine an appropriate testing strategy to – (a) Obtain sufficient evidence to support the auditor's opinion on internal financial controls as of year-end, and (b) Obtain sufficient evidence to support the auditor's control risk assessments in the audit of the financial statements. To express an opinion on internal financial controls taken as a whole, the auditor must obtain evidence about the effectiveness of selected controls over all relevant financial statement assertions. Because the auditor's opinion on internal financial controls is as of a point in time, he or she should obtain evidence that internal financial controls has operated effectively for a sufficient period of time, which may be less than the entire period (ordinarily one year) covered by the company's financial statements. In an audit of financial statements, the objective of tests of controls is to assess control risk. To assess control risk at less than the maximum, the auditing standards require the auditor to obtain evidence that the relevant controls operated effectively during the entire period upon which the auditor plans to place reliance on those controls. However, the auditor is not required to assess control risk at less than the maximum for all relevant assertions, and, for a variety of reasons, the auditor may choose not to do so. The auditor's assessment of control risk at the maximum for one or more relevant assertions in an audit of financial statements does not necessarily preclude the auditor from issuing an unqualified opinion in an audit of internal control. The objectives of the two audits are not identical. The auditor could obtain sufficient evidence to support his or her opinion on internal financial controls, even if the auditor decides not to test controls over the entire period of reliance to support a control risk assessment below the maximum. However, if the auditor assesses control risk at the maximum because of identified control deficiencies, the auditor should evaluate the severity of the deficiencies, 936 Audit of Internal Financial Controls individually or in combination, to determine whether a significant deficiency or material weakness exists. The auditor's decision about relying on controls in an audit of financial statements may depend on the particular facts and circumstances. In some areas, the auditor might decide to rely on certain controls to reduce the substantive testing of accounts and disclosures. For other areas, the auditor might perform primarily substantive tests of the assertions without relying on controls. For example, the auditor might test a company's controls over billings and cash receipts processing to cover the entire period of reliance in order to reduce the extent of confirmation of accounts receivable balances but might perform primarily substantive tests of the allowance for doubtful accounts. In this case, the auditor might perform the tests of controls over the allowance for doubtful accounts only as necessary for the audit of internal financial controls. For some significant accounts, the auditor might decide that a relevant assertion can be tested effectively and efficiently through substantive procedures without relying on controls. For example, the auditor might decide to confirm an outstanding loan payable with the lender rather than rely on controls. In that situation, the auditor may test controls of the relevant assertions only as necessary to support his or her opinion on the company's internal financial controls at year-end. To obtain evidence about whether a selected control is effective, the control must be tested; the effectiveness of a control cannot be inferred from the absence of misstatements detected by substantive procedures. The absence of misstatements detected by substantive procedures, however, is one of a number of factors that inform the auditor's risk assessments in determining the testing necessary to conclude on the effectiveness of a control. Evaluating entity-level controls IG 19.7 An important aspect of performing an audit of internal financial control is the process of identifying and evaluating entity-level controls. This Section discusses entity-level controls and explains how they can affect the nature, timing, and extent of the auditor's procedures in an audit of internal financial control for a smaller, less complex company. IG 19.8 For the purposes of this discussion, entity-level controls are controls that have a pervasive effect on a company's internal control. These controls include: • Controls related to the control environment; • Controls over management override; • The company's risk assessment process; 937 Handbook of Auditing Pronouncements-II • Centralised processing and controls, including shared service environments; • Controls to monitor results of operations; • Controls to monitor other controls, including activities of the audit committee and self-assessment programs; • Controls over the period-end financial reporting process; and • Policies that address significant business control and risk management practices. In smaller, less complex companies, owner and/or senior management often is involved in many day-to-day business activities and performs many controls – including entity-level controls – that are important to effective internal financial controls. When this is the case, the auditor's evaluation of entity-level controls can be an important source of evidence about the effectiveness of internal financial controls. Effective controls related to the control environment and controls that address the risk of management override are particularly important to the effective functioning of controls performed by senior management. Auditors might find that limited formal documentation is available regarding the operation of some entity-level controls. Identifying entity-level controls IG 19.9 The process of identifying relevant entity-level controls could begin with discussions between the auditor and appropriate management personnel for the purpose of obtaining a preliminary understanding of each component of internal financial controls (e.g., control environment, risk assessment, control activities, monitoring, and information and communication). While evaluating entity-level controls, auditors might identify controls that are capable of preventing or detecting misstatements in the financial statements. The period-end financial reporting process and management's monitoring of the results of operations are potential sources of such controls. Assessing the precision of entity-level controls IG 19.10 The key consideration in assessing the level of precision is whether the control is designed in a manner to prevent or detect on a timely basis misstatements in one or more assertions that could cause the financial statements to be materially misstated and whether such control is operating effectively. Factors that auditors might consider when judging the level of precision of an entity-level control include the following: 938 Audit of Internal Financial Controls • Purpose of the control. A procedure that functions to prevent or detect misstatements generally is more precise than a procedure that merely identifies and explains differences. • Level of aggregation. A control that is performed at a more granular level generally is more precise than one performed at a higher level. For example, an analysis of revenue by location or product line normally is more precise than an analysis of total company revenue. • Consistency of performance. A control that is performed routinely and consistently generally is more precise than one performed sporadically. • Correlation to relevant assertions. A control that is indirectly related to an assertion normally is less likely to prevent or detect misstatements in the assertion than a control that is directly related to an assertion. • Criteria for investigation. For detective controls, the threshold for investigating deviations or differences from expectations relative to materiality is an indication of a control's precision. For example, a control that investigates items that are near the threshold for financial statement materiality has less precision and a greater risk of failing to prevent or detect misstatements that could be material than a control with a lower threshold for investigation. • Predictability of expectations. Some entity-level controls are designed to detect misstatements by using key performance indicators or other information to develop expectations about reported amounts. The precision of those controls depends on the ability to develop sufficiently precise expectations to highlight potentially material misstatements. When forming an opinion on the effectiveness of a company's internal financial controls, the auditor should evaluate evidence obtained from all sources, including misstatements detected during the financial statement audit. Evidence regarding detected misstatements also might be relevant in assessing the level of precision of entity-level controls. Effect of entity-level controls on testing of other controls IG 19.11 The auditor's evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise might have performed on other controls. For example, if the auditor has designed an audit approach with an expectation that certain entity-level controls (e.g., controls in the control environment) will be effective and those controls are not effective, the auditor might re-evaluate the planned audit approach and decide to expand his or her audit procedures. 939 Handbook of Auditing Pronouncements-II On the other hand, the auditor's evaluation of some entity-level controls can result in a reduction of his or her testing of other controls, such as controls over corresponding relevant assertions. The degree to which the auditor might be able to reduce testing of controls over relevant assertions in such cases depends on the precision of the entity-level controls. Example – Monitoring the effectiveness of other controls IG 19.12 Scenario: A small niche software developer conducts business in India and other countries, requiring the company to maintain many bank accounts. An Accounts Officer is charged with performing bank reconciliations for the accounts according to a predetermined schedule (some of the accounts have a different closing date). Through inquiries of management, the auditor learns that the company's chief financial officer ("CFO"), who is an experienced accountant, reviews on a monthly basis, the bank reconciliations prepared by the Accounts Officer as a means to determine: • whether reconciliations are being prepared on a timely basis, • the nature of reconciling items identified through the process, and • whether reconciling items are investigated and resolved on a timely basis. Audit Approach: In this example, the purpose of the control is one of the factors that the auditor considers in assessing precision of the CFO's review. The auditor has noted that the purpose of the CFO's review is to check that the staff has performed the reconciliations as described above. Therefore, the auditor does not expect the CFO's review of the reconciliations to be sufficiently precise to detect misstatements by itself. However, the CFO's review could still influence the auditor's assessment of risk because it provides additional information about the nature and consistency of the reconciliation procedures. The auditor obtains evidence about the CFO's review through inquiry and document inspection, evaluates the review's effectiveness, and determines the amount of direct testing of the reconciliation controls that is needed based on the assessed level of risk. If the auditor concludes that the CFO's review is effective, he or she could reduce the direct testing of the reconciliation controls, absent other indications of risk. Example – Entity-level controls related to payroll processing IG 19.13 Scenario: A manufacturer of spares and parts for the transportation market has union labor, supervisors, managers, and executives. All plants run two shifts six days a week, with each having approximately the same number of employees. The CFO has been with the company for 10 years and thoroughly understands its business processes, including the payroll process, and reviews monthly payroll summary reports prepared by the centralised accounting function. With 940 Audit of Internal Financial Controls the company's flat organisational design and smaller size, the CFO's background with the company and his understanding of the seasons, cycles, and workflows, and close familiarity with the budget and reporting processes, the CFO quickly identifies any sign of improprieties with payroll and their underlying cause whether related to a particular project, overtime, hiring, layoffs, and so forth. The CFO investigates as needed to determine whether misstatements have occurred and whether any internal control has not operated effectively, and takes corrective action. Based on the results of audit procedures relating to the control environment and controls over management override, the auditor observes that the CFO demonstrates integrity and a commitment to effective internal financial controls. Audit Approach: The auditor evaluates the effectiveness of the CFO's reviews, including the precision of those reviews. He or she inquires about the CFO's review process and obtains other evidence of the review. He or she notes that the CFO's threshold for investigating significant differences from expectations is adequate to detect misstatements that could cause the financial statements to be materially misstated. He or she selects some significant differences from expectations that were flagged by the CFO and determines that the CFO appropriately investigated the differences to determine whether the differences were caused by misstatements. Also, in considering evidence obtained throughout the audit, the auditor observes that the results of the financial statement audit procedures did not identify likely misstatements in payroll expense. The auditor decides that the reviews could detect misstatements related to payroll processing because the CFO's threshold for investigating significant differences from expectations is adequate. However, he or she determines that the control depends on reports produced by the company's IT system, so the CFO's review can be effective only if controls over the completeness and accuracy of those reports are effective. After performing the tests of the relevant computer controls, the auditor concludes that the review performed by the CFO, when coupled with relevant controls over the reports, meets the control objectives for the relevant aspects of payroll processing described above. Assessing the risk of management override and evaluating mitigating actions IG 19.14 The risk of management override of controls exists in all organisations, but the extensive involvement of owners and/or senior management in day-to- day activities and fewer levels of management can provide additional opportunities for management to override controls in smaller, less complex 941 Handbook of Auditing Pronouncements-II companies. Company actions to mitigate the risk of management override are important to the consideration of the effectiveness of internal financial controls. In a combined audit of internal financial controls over financial reporting and financial statements, the auditor should consider the risk of management override in connection with assessing the risk of material misstatement due to fraud, as he or she evaluates mitigating actions in connection with the evaluation of entity-level controls and selecting other controls to test. Assessing the risk of management override IG 19.15 SA 240 requires the auditor to assess the risk of material misstatement due to fraud ("fraud risk"). As part of that assessment, the auditor is directed to perform the following procedures to obtain information to be used in identifying fraud risks, which includes procedures to assess the risk of management override: • Conducting an engagement team discussion regarding fraud risks. This discussion includes brainstorming about how and where management could override controls to engage in or conceal fraudulent financial reporting. • Making inquiries of management, the audit committee, if any, and others in the company to obtain their views about the risks of fraud and how those risks are addressed. These inquiries can provide information about the possibility of management override of controls. • Considering fraud risk factors. Fraud risk factors include events or conditions that indicate incentives and pressures for management to override controls, opportunities for management override, and attitudes or rationalisations that enable management to justify override of controls. After identifying fraud risks, the auditor should assess those risks, taking into account an evaluation of the company's programs and controls that are intended to address those risks. Because of the characteristics of fraud, the auditor's exercise of professional skepticism is particularly important when considering the risk of material misstatement due to fraud, including the risk of management override of controls. Evaluating mitigating controls IG 19.16 Smaller, less complex companies can take a number of actions to address the risk of management override. The following are examples of some of the controls that might address the risk of management override: • Maintaining integrity and ethical values; • Active oversight by the audit committee; 942 Audit of Internal Financial Controls • Maintaining a whistleblower program; and • Controls over certain journal entries. When assessing a company's anti-fraud programs and controls, the auditor should evaluate whether the company has appropriately addressed the risk of management override. Often, a combination of actions might be implemented to address the risk of management override. Evaluating integrity and ethical values IG 19.17 An important part of an effective control environment is sound integrity and ethical values, particularly of top management, which are communicated and practiced throughout the company. A code of conduct or ethics policy is one way that a company can communicate its policies with respect to ethical behavior. This type of control can be effective if employees are aware of the company's policies and observe the policies in practice. Auditors should evaluate integrity and ethical values as part of the assessment of the control environment component of internal control. One approach for testing the effectiveness of the company's communications regarding integrity and ethical values is to gain an understanding of what the company believes it is communicating to employees and interview employees to determine if they are aware of the existence of the company's policies for ethical behavior and what they understand those policies to be. A discussion with employees regarding observed behaviors can assist the auditor further in understanding management's past actions and determining whether management's behavior demonstrates and enforces the principles in its code of conduct. The auditor's experience with the company can also be an important source of information about whether management demonstrates integrity and ethical values in its business practices and supports the achievement of effective internal control in its day to day activities. Evaluating audit committee oversight IG 19.18 An active and independent audit committee evaluates the risk of management override, including identifying areas in which management override of internal control could occur, and assesses whether those risks are appropriately addressed within the company. As part of their oversight duties, the audit committee might perform duties such as meeting with management to discuss significant accounting estimates and reviewing the reasonableness of significant assumptions and judgements. The consideration of the effectiveness of the audit committee's oversight is part of the evaluation of the control environment. In connection with the auditor's inquiries of the audit committee, the auditor may interview audit committee members to determine their level of involvement and 943 Handbook of Auditing Pronouncements-II their activities regarding the risk of management override. For example, the auditor might read minutes of audit committee discussions on matters related to the committee's oversight or might observe some of those discussions if the auditor attends the meetings in connection with the audit. In addition, the auditor can examine evidence of the board of directors or audit committee's activities that address the risk of management override, such as monitoring of certain transactions. Evaluating whistleblower programs IG 19.19 A whistleblower program provides an outlet for employees or others to report behaviors that might have violated company policies and procedures, including management override of controls. A key aspect of an effective whistleblower program is the appropriateness of responses to concerns expressed by employees through the program. The audit committee may review reports of significant matters and consider the need for corrective actions. Audit procedures relating to a whistleblower program are intended to assess whether the program is appropriately designed, implemented, monitored, and maintained. Such procedures might include inquiry of employees, inspection of communications to employees about the program, and, if tips or complaints have been received, follow-up procedures to evaluate whether remedial actions were taken as necessary. Evaluating controls over journal entries IG 19.20 Controls that prevent or detect unauthorised journal entries can reduce the opportunity for the quarterly and annual financial statements to be intentionally misstated. Such controls might include, among other things, restricting access to the general ledger system, requiring dual authorisations for manual entries, or performing periodic reviews of journal entries to identify unauthorised entries. As part of obtaining an understanding of the financial reporting process, the auditor should consider how journal entries are recorded in the general ledger and whether the company has controls that would either prevent unauthorised journal entries from being made to the general ledger or directly to the financial statements or detect unauthorised entries. Considering the effects of other evidence IG 19.21 The auditor might identify indications of management override in other phases of the combined audit of internal financial controls over financial reporting and financial statements. For example, the auditor is required to perform procedures in response to the risk of management override, including examining journal entries for evidence of fraud, reviewing accounting estimates for bias, and 944 Audit of Internal Financial Controls evaluating the business rationale for significant, unusual transactions. Also, if the auditor performs walkthroughs during the audit of internal control, he or she could obtain information about potential management override by asking employees about their knowledge of override. Also, the auditor might identify indications of management override when evaluating the results of tests of controls or other audit procedures. If the auditor identifies indications of management override of controls, he or she should take such indications into account when evaluating the risk of override and the effectiveness of mitigating actions. Example – Audit committee oversight IG 19.22 Scenario: The audit committee of a small IT services company discusses in executive session at least annually its assessment of the risks of management override of internal control, including motivations for management override and how those activities could be concealed. The audit committee performs the following procedures to address the risk of management override: (a) reviews the reasonableness of management's assumptions and judgements used to develop significant estimates; and (b) reviews the functioning of the company's whistleblower process and related reports, and from time to time, inquires of managers not directly responsible for financial reporting (including personnel in sales, procurement, and human resources, among others), obtaining information regarding concerns about ethics or indications of management override of internal controls. Audit approach: In this situation, the auditor can draw upon several sources of evidence to evaluate the audit committee's oversight. The auditor might attend selected meetings of the audit committee where the risks of override and whistleblower programs are discussed or review minutes of meetings where those matters are discussed. In connection with its inquiries of the audit committee about the risk of fraud, the auditor can discuss matters relating to the risk of override, including how the audit committee assesses the risk of management override, what information, if any, the audit committee has obtained about possible management override, and how the audit committee's concerns about the risk of management override have been addressed. This information can inform the auditor's consideration of the risk of management override and the testing of mitigating controls. Evaluating segregation of duties and alternative controls IG 19.23 Segregation of duties refers to dividing incompatible functions among different people to reduce the risk that a potential material misstatement of the financial statements would occur without being prevented or detected. Assigning different people responsibility for authorising transactions, recording transactions, reconciling information, and maintaining custody of assets reduces the 945 Handbook of Auditing Pronouncements-II opportunity for any one employee to conceal errors or perpetrate fraud in the normal course of his or her duties. When a person performs two or more incompatible duties, the effectiveness of some controls might be impaired. For example, reconciliation procedures may not effectively meet the control objectives if they are performed by someone who also has responsibilities for transaction recording or asset custody. Smaller, less complex companies' approach to segregation of duties IG 19.24 By their nature, smaller, less complex companies have fewer employees, which limit their opportunities to implement segregation of duties. Due to these personnel restrictions, smaller, less complex companies might approach the control objectives relevant to segregation of duties in a different manner from larger, more complex companies. Despite personnel limitations, some smaller, less complex companies might still divide incompatible functions by using the services of external parties. Other smaller, less complex companies might implement alternative controls intended to achieve the same objectives as segregation of duties for certain processes. Audit strategy considerations related to segregation of duties IG 19.25 It is generally beneficial for the auditor and the company to identify concerns related to segregation of duties early in the audit process to allow the auditor to design procedures that effectively respond to those concerns. Also, management might have already identified, as part of its risk assessment, risks relating to inadequate segregation of duties and alternative controls that respond to those risks. Where walkthroughs are performed, those procedures can help identify matters related to segregation of duties. When management implements an alternative control or combination of controls that address the same objectives as segregation of duties, the auditor should evaluate whether the alternative control or controls effectively meet the related control objectives. The auditor's approach to evaluating those alternative control or controls depends on the control objectives, the nature of the controls, and the associated risks. Use of external resources IG 19.26 Some small companies use external parties to assist with some of their financial reporting-related functions. Use of external parties can also help achieve segregation of certain incompatible duties without investing in additional full-time resources. A company might use one or more types of external-party arrangements in meeting its control objectives. Consultants, other professionals, or temporary employees can assist companies in performing some controls or other duties. 946 Audit of Internal Financial Controls For more complex or specialised portions of internal control, such as cash receipts handling, payroll processing, or securities recordkeeping, the company might use an external party to perform an entire function. When controls over a relevant assertion depend on the use of an external party to perform a particular function, the auditor could evaluate that function in relation to the company's other relevant controls and procedures. The audit approach used with respect to the externally performed function depends on the circumstances. For those controls that are documented or are observable by the auditor (e.g., controls performed by external professionals at the company's premises), the auditor's evaluation may be similar to what he or she could perform for the company's other controls. For some externally performed functions, the direction relating to use of service organisations may be relevant. Management oversight and review IG 19.27 A smaller, less complex company might address some segregation of duties matters through alternative controls involving management oversight and review activities, e.g., reviewing transactions, checking reconciliations, reviewing transaction reports, or taking periodic asset counts. Many of those types of management activities could be entity-level controls. When the auditor applies a top-down approach to select the controls to test, starting at the financial statement level and evaluating entity-level controls, the auditor might identify entity-level controls that are designed to operate at a level of precision to effectively address the risk of misstatement for one or more relevant assertions. In those cases, the auditor could select and test those entity- level controls rather than test the process controls that could be affected by inadequate segregation of duties. Example – Alternative controls over inventory IG 19.28 Scenario: A provider of office furnishings and equipment uses a locked storeroom to store certain key components. The person responsible for the components has access to both the storeroom and the related accounting records. To address the risks related to undetected loss of components, the manager responsible for purchasing performs periodic spot-checks of the components and reconciles them to the general ledger in addition to the inventory ledger. The components are also included in the company's year-end inventory count. IT access controls are implemented to prevent the person responsible for the components from entering transactions or modifying related account balances in the general ledger. Audit approach: The auditor observes the company's year-end inventory counting process. He or she inspects documentation for some of the periodic spot-checks and the related reconciliations. For discrepancies in the counts or 947 Handbook of Auditing Pronouncements-II reconciliations inspected, he or she performs inquiries and inspects the accounting records to determine whether those items were appropriately resolved. Relevant IT access controls are evaluated in connection with the evaluation of IT general controls. Auditing information technology controls in a less complex information technology environment IG 19.29 A company's use of information technology (IT) can have a significant effect on the audit of internal financial control. The IT environment is a consideration in the auditor's risk assessments, selection of controls to test, tests of controls, and other audit procedures. This Section discusses the auditor's evaluation of IT controls in a smaller company with a less complex IT environment. It explains how the auditor could decide which IT controls to evaluate and how the auditor could evaluate those controls. In addition, it provides an overview of the major categories of IT controls and related testing considerations for a smaller, less complex IT environment. Characteristics of less complex IT environments IG 19.30 In smaller companies, less complex IT environments tend to have the following characteristics: • Transaction processing. Data inputs can be readily compared or reconciled to system outputs. Management tends to rely primarily on manual controls over transaction processing. • Software. The company typically uses off-the-shelf packaged software without programming modification. The packaged software requires relatively little user configuration to implement. • Systems configurations and security administration. Computer systems tend to be centralised in a single location, and there are a limited number of interfaces between systems. Access to systems is typically managed by a limited number of personnel. • End-user computing. The company is relatively more dependent on spreadsheets and other user-developed applications, which are used to initiate, authorise, record, process, and report the results of business operations, and, in many instances, perform straightforward calculations using relatively simple formulas. The complexity of the IT environment has a significant effect on the risks of misstatement and the controls implemented to address those risks. The auditor's approach in an environment with the preceding characteristics may be different from the approach in a more complex IT environment. 948 Audit of Internal Financial Controls Determining the scope of the evaluation of IT controls IG 19.31 The following matters affect the scope of the auditor's evaluation of IT controls in a smaller company with a less complex IT environment – • The risks, i.e., likely sources of misstatement, in the company's IT processes or systems relevant to financial reporting, and the controls that address those risks. • The reports produced by IT systems that are used by the company for performing important controls over financial reporting. • The automated controls that the company relies on to maintain effective internal financial controls. The IT controls that are important to effective internal financial controls generally relate to at least one of the preceding matters, which are discussed in more detail in the following paragraphs. IT control categories and testing procedures are discussed later in this Section. The following types of IT-related risks that could affect the reliability of financial reporting – • Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both; • Unauthorised access to data that may result in destruction of data or improper changes to data, including the recording of unauthorised or non-existent transactions or inaccurate recording of transactions; • Unauthorised changes to data in master files; • Unauthorised changes to systems or programs; • Failure to make necessary changes to systems or programs; • Inappropriate manual intervention; • Potential loss of data. The IT-related risks that are reasonably possible to result in material misstatement of the financial statements depend on the nature of the IT environment. In a less complex environment, the auditor could identify many of the risks by understanding the software being used and how it is installed and used by the company. After understanding the relevant IT-related risks, the auditor should identify the controls that address those risks. These controls could include automated controls and IT-dependent controls and the IT general controls that are important to the effective operation of the selected controls. For example, even the simplest IT environments generally rely on controls that are designed to make sure that necessary software updates are appropriately installed, access controls that are designed to prevent unauthorised changes to 949 Handbook of Auditing Pronouncements-II financial data, and other controls that address potential loss of data necessary for financial statement preparation. As the complexity of the software or environment increases, the type and number of potential IT risks increase, which could lead the auditor to devote more attention to IT controls. IT-dependent controls IG 19.32 Many controls that smaller, less complex companies rely on are manual controls. Some of those controls are designed to use information in reports generated by IT systems, and the effectiveness of those controls depends on the accuracy and completeness of the information in the reports. When those IT-dependent controls are selected for testing, it may also be necessary to select controls over the completeness and accuracy of the information in the reports in order to address the risk of misstatement. Other automated controls IG 19.33 Although smaller, less complex companies tend to rely primarily on manual controls, they could rely on certain automated controls built into the packaged software to achieve some control objectives. For example, software controls can be used to maintain segregation of duties, prevent certain data input errors, or to help make sure that certain types of transactions are properly recorded. The auditor might focus some of his or her testing on these automated controls and the IT general controls that are important to the effective operation of the automated controls. Consideration of deficiencies in general IT controls on tests of other controls IG 19.34 IT general controls support operation of the application controls by ensuring the proper access to, and functioning of, the company's IT systems. Deficiencies in the IT general controls may result in deficiencies in the operation of the automated or IT dependent controls. One of the factors in the auditor's evaluation of the identified deficiencies in the IT general controls is the interaction of an IT general control and the related automated or IT-dependent controls. In some situations, an automated or IT-dependent control might be effective even if deficiencies exist in IT general controls. For example, despite the presence of deficient program change controls, the auditor might directly test the related automated or IT-dependent manual control, giving consideration to the risk associated with the deficient change controls in his or her risk assessment and audit strategy. If the testing results were satisfactory, the auditor could conclude that the automated or IT-dependent manual controls operated 950 Audit of Internal Financial Controls effectively at that point in time e.g., as of the issuer's fiscal year end. On the other hand, deficient program change controls might result in unauthorised changes to application controls, in which case the auditor could conclude that the application controls are ineffective. Example – IT-dependent controls IG 19.35 Scenario: A company has a small finance department. For the accounting processes that have a higher risk of misstatement, senior management performs a number of business process reviews and analyses to detect misstatements in transaction processing. The company has a small IT department that supports a packaged financial reporting system whose software code cannot be altered by the user. Since the company uses packaged software, and there have been no changes to the system or processes in the past year, the IT general controls relevant to the audit of the internal financial controls are limited to certain access controls and certain computer operation controls related to identification and correction of processing errors. Management uses several system-generated reports in the business performance reviews, but these reports are embedded in the application and programmed by the vendor and cannot be altered. Audit Approach: The auditor determines that senior management personnel performing the business process reviews and analyses are not involved with incompatible functions or duties that impair their ability to detect misstatements. Based on the auditor's knowledge of the financial reporting system and understanding of the transaction flows affecting the relevant assertions, the auditor selects for testing certain process reviews and analysis and certain controls over the completeness and accuracy of the information in the reports used in management's reviews. The tests of controls could include, for example – • Evaluating management's review procedures including assessing whether those controls operate at an appropriate level of precision. • Evaluating how the company assures itself regarding the completeness and accuracy of the information in the reports used by management in the reviews. Matters that might be relevant to this evaluation include how the company determines that – - The data included in the report are accurate and complete. This evaluation might be accomplished through testing controls over the initiation, authorisation, processing, and recording of the respective transactions that feed into the report. - The relevant computer settings established by the software user are consistent with the objectives of management's 951 Handbook of Auditing Pronouncements-II review. For example, if management's review is based on items in an exception report, the reliability of the report depends on whether the settings for reporting exceptions are appropriate. The auditor verifies that the code in the packaged software cannot be changed by the user. The auditor also evaluates the IT general controls that are important to the effective operation of the IT-dependent controls (such as the access controls and operations controls previously described). Categories of IT controls IG 19.36 The remaining paragraphs of this Section discuss major categories of IT controls and considerations for testing them in a smaller, less complex IT environment. General IT controls IG 19.37 IT general controls are broad controls over general IT activities, such as security and access, computer operations, and systems development and system changes. Security and access Security and access controls are controls over operating systems, critical applications, supporting databases, and networks that help ensure that access to applications and data is restricted to authorised personnel. In a small, less complex IT environment, security administration is likely to be centralised, and policies and procedures might be documented informally. A small number of people or a single individual typically supports security administration and monitoring on a part-time basis. Controls for mitigating the risk caused by a lack of segregation of duties over operating systems, data, and applications tend to be detective controls rather than preventive. Access controls tend to be monitored informally. Tests of security and access controls could include evaluating the general system security settings and password parameters; evaluating the process for adding, deleting, and changing security access; and evaluating the access capabilities of various types of users. Computer operations Computer operations controls relate to day-to-day operations and help ensure that computer operational activities are performed as intended, processing errors are identified and corrected in a timely manner, and continuity of financial reporting data is maintained through effective data backup and recovery procedures. 952 Audit of Internal Financial Controls A smaller, less complex IT environment might not have a formal operations function. There might not be formal policies regarding problem management or data storage and retention, and backup procedures tend to be initiated manually. Tests of controls over computer operations could include evaluating the backup and recovery processes, reviewing the process of identifying and handling operational problems, and, if applicable, assessing control over job scheduling. Systems development and system changes Systems development and system change controls are controls over systems selection, design, implementation, and configuration changes that help ensure that new systems are appropriately developed, configured, approved, and migrated into production, and controls over changes – whether to applications, supporting databases, or operating systems – that help to ensure that those changes are properly authorised and approved, tested, and implemented. Although they might be viewed as separate categories, in less complex environments, systems development and system change procedures often are combined for ease of implementation, training, and ongoing maintenance. A smaller, less complex IT environment typically includes a single or small number of off-the-shelf packaged applications that do not allow for modification of source code. Modifications to software are prepared by and, in some cases, implemented by, the software vendor in the form of updates or patches or via a network connection between the vendor and the organisation. Typically, a small number of individuals or a single individual (employees or consultants) support all development and production activities. Examples of possible tests of controls over systems development and system changes include examining the processes for selecting, acquiring, and installing new software; evaluating the process for implementing software upgrades or patches; determining whether upgrades and patches are authorised and implemented on a timely basis; and assessing the process for testing new applications and updates. Application controls Application controls are automated or IT-dependent controls intended to help ensure that transactions are properly initiated, authorised, recorded, processed, and reported. For example, in a three-way match process, received vendor invoices are entered into the system, which matches them automatically to the purchase order and goods receipt based on the document reference numbers, price, and quantity. The system's simultaneous matching of the information within the three documents upon their entry to authorise a payment to the vendor is an automated application control. 953 Handbook of Auditing Pronouncements-II Management's review and reconciliation of an exception report generated by the system is an example of an IT-dependent manual control. The general nature of application controls tends to be similar in most IT environments, although in less complex environments, the controls tend to be manual and detective rather than automated and preventive. The testing procedures could also be similar. In most IT environments, the auditor could focus on error correction procedures over inputting, authorising, recording, processing, and reporting of transactions when evaluating application controls. However, in less complex IT environments there might be fewer financial applications affecting relevant assertions and fewer application controls within those applications. Regardless of the complexity of the IT environment, the audit plan for testing application controls could include a combination of inquiry, observation, document inspection, and re-performance of the controls. Efficiencies can be achieved through altering the nature, timing, and extent of testing procedures performed related to automated and IT-dependent application controls if IT general controls are designed and operating effectively. In some situations, benchmarking of certain automated controls might be an appropriate audit strategy. End-user computing controls End-user computing refers to a variety of user-based computer applications, including spreadsheets, databases, ad-hoc queries, stand-alone desktop applications, and other user-based applications. These applications might be used as the basis for making journal entries or preparing other financial statement information. End-user computing is especially prevalent in smaller, less complex companies. End-user computing controls are controls over spreadsheets and other user developed applications that help ensure that such applications are adequately documented, secured, backed up, and reviewed regularly for process integrity. End user computing controls include general and application controls over user- developed spreadsheets and applications. Tests of controls over end-user computing could include assessing access controls to prevent unauthorised access: testing of controls over spreadsheet formulas or logic of queries and scripts; testing of controls over the completeness and accuracy of information reported by the end-user computing applications; and reviewing the procedures for backing up the applications and data. Considering financial reporting competencies and their effects on internal financial controls IG 19.38 To maintain effective internal financial controls, a company needs to retain individuals who are competent in financial reporting and related oversight 954 Audit of Internal Financial Controls roles. Smaller, less complex companies can face challenges in recruiting and retaining individuals with sufficient experience and skill in accounting and financial reporting. Also, resource limitations might prevent a smaller, less complex company from employing personnel who are familiar with the accounting required for unique, complex, or non-routine transactions or relevant changes in rules, regulations, and accounting practices. Smaller, less complex companies might address their needs for financial reporting competencies through means other than internal staffing, such as engaging outside professionals. The following Section discusses the auditor's consideration of financial reporting competencies at a smaller, less complex company, including situations in which a smaller, less complex company enlists outside assistance in financial reporting matters. Understanding and evaluating a company's financial reporting competencies IG 19.39 The evaluation of competence is one aspect of evaluating the control environment and the operating effectiveness of certain controls. For example, when evaluating entity-level controls, such as risk assessment and the period- end financial reporting process, the auditor could obtain information about whether – • Management identifies the relevant financial reporting issues on a timely basis (e.g., issues arising from new transactions or lines of business or changes to accounting standards); and • Management has the competence to ensure that events and transactions are properly accounted for and that financial statements and related disclosures are presented in conformity with generally accepted accounting principles ("GAAP"). For recurring clients, the auditor's experience in prior audit engagements can be a source of information regarding management's financial reporting competencies. The auditor could be aware of specific accounts or disclosures that have caused problems in prior engagements, or of management's response to past changes in accounting pronouncements. These experiences can inform the auditor about management's financial reporting competencies, including whether and how management identifies and responds to financial reporting risks. The procedures performed to evaluate the period-end financial reporting process could also be valuable to the evaluation of financial reporting competency. 955 Handbook of Auditing Pronouncements-II The auditor's inquiries and observations pertaining to the company's overall commitment to competence, which is part of the evaluation of the control environment, can also inform the auditor's assessment of financial competency. The auditor can consider whether and how the company and management – • Establish and agree on the knowledge, skills and abilities needed to carry out the required responsibilities prior to hiring individuals for key financial reporting positions, • Train employees involved in financial reporting processes and provide them with the appropriate tools and resources to perform their responsibilities, and • Periodically review and evaluate employees relative to their assigned roles, including whether the audit committee (or board of directors) evaluates the competencies of individuals in key financial reporting roles, such as the chief executive and financial reporting officers. Auditors may keep in mind that company financial reporting personnel do not need to be experts in all areas of accounting and financial reporting but need to be sufficiently competent with respect to the accounting for current and anticipated transactions and changes in accounting standards to identify and address the risks of misstatement. Supplementing competencies with assistance from outside professionals IG 19.40 Some smaller, less complex companies might not have personnel on staff with experience in certain complex accounting matters that are encountered. In these circumstances, a company might engage outside professionals to provide the necessary expertise (i.e., an individual or firm possessing special skill or knowledge in the particular accounting and financial reporting matter). When assessing the competence of the personnel responsible for the company's financial reporting and associated controls, the auditor may consider the combined competence of company personnel and other parties that assist with functions related to financial reporting. When an outside professional provides accounting assistance related to relevant assertions or the period-end financial reporting process, the auditor might begin by considering how the company assures itself that events and transactions are properly accounted for and that financial statements and the related disclosures are free of material misstatement. The company might have differing levels of involvement with outside professionals, depending upon the nature of the services provided. The auditor could evaluate management's oversight to determine whether the company, with the assistance of the professional, is 956 Audit of Internal Financial Controls adequately identifying and responding to risks. In performing this evaluation, the auditor can consider – • Whether management recognises situations for which additional expertise is needed to adequately identify and address risks of misstatement. • How management determines that the outside professionals possess the necessary qualifications. For example, management might obtain information from the professional about his or her skills and competence. • Whom management designates to oversee the services and whether they possess the suitable skill, knowledge, or experience to sufficiently oversee the outside professionals. (Note: Management is not required to possess the expertise to perform or re-perform the services.) • Whether management has established controls over the work of the outside accounting professional and over the completeness and accuracy of the information provided to the outside professional. For example, in addition to reviewing the work of the outside professional, management might inquire about the professional's monitoring and review procedures related to the work performed by the professional for the company. • How management participates in matters involving judgement, for example, whether management understands and makes significant assumptions and judgements underlying accounting calculations prepared by an outside professional. • How management evaluates the adequacy and the results of the services performed, including the form and content of the outside accounting professional's findings, and accepts responsibility for the results of the services. In gathering evidence to support this evaluation, the auditor could hold discussions with both management and the outside professional, perhaps while obtaining an understanding of the period-end financial reporting process. The auditor could also inspect documentation that provides support for management's oversight of the outside professional. Example – Assistance from outside professionals IG 19.41 Scenario: A small developer of analytical software products does not have an individual with strong tax accounting expertise on staff. The company retains a third party accounting firm (not its auditor) to prepare the income tax provision, including deferred tax. Management obtains information from the third- party accounting firm about the training and experience of the staff assigned to 957 Handbook of Auditing Pronouncements-II do this work. The company's CFO, who has basic knowledge of tax accounting, reviews and discusses the tax provision with the accounting firm that prepared it, and compares the provision to CFO's expectations based on past periods, budgets, and knowledge of business operations. Audit Approach: The auditor observes that management identifies risks to financial reporting related to accounting for income taxes and engages an outside professional to provide technical assistance. Further, the auditor evaluates management's oversight to determine whether the company, with the assistance of the professional, is adequately identifying and responding to risks of material misstatement regarding the income tax provision. As part of this evaluation, the auditor inspects the engagement letter, other correspondence between the company and the third-party firm, and the tax schedules and other information produced by the third-party firm. The auditor also evaluates the controls over the completeness and accuracy of the information furnished by the company to the third-party firm. The auditor also assesses whether the third- party accounting firm has the proper skills and staff assigned to do this work. Obtaining sufficient appropriate evidence when the company has less formal documentation IG 19.42 Implementing and assessing effective internal financial controls by a company's management generally involves some level of documentation. A smaller, less complex company often has different needs for documentation, and the nature of that documentation might differ from that of a larger or more complex organisation. Differences in the form and extent of control documentation of smaller, less complex companies generally relate to their operating characteristics, particularly to fewer resources and more direct interaction of senior management with controls. The nature and extent of a company's documentation of internal financial controls can have a significant effect on the auditor's strategy regarding the audit of internal financial control. This Section discusses how the auditor could adapt his or her audit strategy to obtain sufficient appropriate evidence in an environment with less formal documentation. Audit strategy considerations relating to audit evidence IG 19.43 The auditor must plan and perform the audit to obtain evidence that is sufficient to obtain reasonable assurance about whether significant deficiencies or material weaknesses exist as of the date specified in management's assessment. The auditor can obtain this evidence through direct testing or using the work of others, as appropriate. Procedures the auditor could perform to test operating effectiveness include a mix of inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, 958 Audit of Internal Financial Controls and re-performance of the control. The nature, timing, and extent of tests of controls depend on the risk associated with the controls. As the risk associated with the control being tested increases, the evidence that the auditor should obtain also increases. Documentation of processes and controls IG 19.44 Larger companies with complex operations are more likely to have formal documentation of their processes and controls, such as in-depth policy manuals and systems flowcharts of processes. In a smaller, less complex company, documentation of processes and controls might take a variety of forms. For example, information about processes and controls might be found in other documentation, such as memoranda, questionnaires, software manuals, source documents, or job descriptions. This documentation might not cover every process and might not be in a consistent form across all processes. Where walkthroughs are performed, auditors could use those procedures to obtain an understanding of the flow of transactions affecting relevant assertions and to assess the design effectiveness of certain controls, even when documentation is limited. Documentation of operating effectiveness of controls IG 19.45 In a smaller, less complex business, the nature and extent of documentation of the operating effectiveness of controls may vary. Also, evidence of a control's operation might exist only for a limited period. The type and availability of evidence regarding controls to be tested can affect the auditor's testing strategy. In particular, company documentation can influence the nature and timing of audit procedures performed. For example, the nature of some audit procedures e.g., document inspection, requires documentation. Also, the timing of some tests of controls might be determined, in part, based on when the evidence of the controls' operation is available. Obtaining sufficient evidence about the operating effectiveness of controls can be challenging when there is limited documentation of their operation. In those situations, inquiry combined with other procedures, such as observation of activities, inspection of documentation produced or used by the controls, and re- performance of certain controls, might provide sufficient evidence about whether a control is effective. As a practical matter, the auditor also needs to obtain documentation of the work of others to use that work to reduce the auditor's own testing. Other considerations IG 19.46 When auditing a smaller, less complex company with limited documentation, generally it is helpful to obtain an understanding of the nature 959 Handbook of Auditing Pronouncements-II and availability of audit evidence relating to internal financial controls as early in the audit process as practical. This understanding ordinarily includes consideration of existing documentation regarding – • Company processes and procedures, particularly for transactions affecting relevant assertions and controls that the auditor is likely to select for testing. • Monitoring of other controls performed by management or others. The auditor can then identify gaps in important documentation so alternatives can be explored. For example, if the CFO prepares contemporaneous documentation of certain controls and retains it for a limited period, the auditor might arrange to obtain access to that documentation for testing purposes. Early conversations with management about these matters can help provide auditors with the most flexibility in developing efficient and effective audit strategies. If the company does not have formal documentation of its processes and controls, the auditor may consider whether other documentation is available before drafting formal descriptions of processes and controls for the audit documentation. A practical way to identify such other documentation is to look at the information that the company uses to run the business. One of the practical considerations when selecting controls to test and determining the nature, timing, and extent of testing is the nature and availability of evidence of operating effectiveness. For example, if two or more controls adequately address the risk of misstatement for a relevant assertion, the auditor could select the control for which evidence of operating effectiveness can be obtained more readily. Example - Obtaining information about processes and controls IG 19.47 Scenario: A small manufacturer in the electronics industry periodically makes large purchases of specialty components. The company has established procedures covering the initiation, authorisation, and recording of these purchases, although the company has not developed in-depth policies and procedures manual. The company's procedures provide for completion of a form that describes the product requirements and payment terms and indicates how to record the purchase. The forms are reviewed and approved by the CEO and CFO before the purchase is executed. When the goods are received, they are matched with the purchase form and accounted for as indicated on the form. Audit Approach: The auditor inspects a copy of a completed purchase form and related documentation to obtain an initial understanding of the flow of the 960 Audit of Internal Financial Controls purchase transactions. He or she follows up with inquiries of personnel involved in the process of authorising, sending, and accounting for the purchases and traces the recording of the transactions through the accounting system. He or she summarises understanding of the transaction flow in a memo and includes a copy of a purchase form in the work papers. The auditor uses his or her understanding of the purchase process to plan and perform tests of selected controls over the purchases. Example – Obtaining evidence about operating effectiveness of controls IG 19.48 Scenario: One control that management relies on with respect to the period-end financial reporting process is the CFO's review of the quarterly financial statements prepared by the controller. The CFO does not create separate documentation of the review but does retain copies of the financial statements with handwritten notes and other markings for reference purposes. The review comments are sent to the controller via email, and the company's email system retains the email messages. If errors are identified, the controller prepares adjusting entries, which are approved by the CFO. Each quarter, the CFO and controller prepare and present to the audit committee a financial package, explaining significant trends in the company's financial condition, operating results, and cash flows, as well as comparisons to budgeted amounts and comparable prior periods. Audit Approach: The auditor can draw upon multiple sources of audit evidence to evaluate whether the control is in place and operating effectively to detect errors in the period-end financial reporting process. The auditor can make inquiries of the CFO to obtain an understanding of the frequency, nature, timing, and level of precision of the CFO's review. He or she can corroborate this understanding and evaluate the operating effectiveness of the review by, for selected items, inspecting copies of the reviewed drafts of the financial statements, reviewing comments sent to the controller, and reviewing adjusting entries and supporting information. He or she can also talk to other employees to find out if the CFO contacts them to ask questions, what types of questions are asked, and how those questions are resolved. In addition, he or she can read the information in the financial package delivered to the audit committee and might observe the CFO's financial review with the audit committee, if the auditor attends the meetings in connection with the audit. Auditing smaller, less complex companies with pervasive control deficiencies IG 19.49 In some audits of internal financial control, auditors might encounter companies with numerous or pervasive deficiencies in internal financial controls. 961 Handbook of Auditing Pronouncements-II Smaller, less complex companies can be particularly affected by ineffective entity-level controls, as these companies typically have fewer employees and fewer process-level controls. Auditing internal financial controls in companies with pervasive deficiencies can be challenging. The auditor's strategy is influenced by the nature of the control deficiencies and factors such as the effect of the deficiencies on other controls and the availability of audit evidence. Although the facts and circumstances can vary significantly, the auditor might not be able to express an unqualified opinion on the effectiveness of internal financial controls in some of these situations. Pervasive deficiencies that result in material weaknesses IG 19.50 The auditor's objective in an audit of internal financial control is to express an opinion on the adequacy and operating effectiveness of the company's internal financial controls over financial reporting. Because a company's internal financial controls cannot be considered effective if one or more material weaknesses exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain competent evidence that is sufficient to obtain reasonable assurance about whether material weaknesses exist as of the date specified in management's assessment. Ordinarily, the auditor's strategy should include tests of controls as necessary to support a conclusion that internal financial controls are adequate and effective. However, the auditor's existing knowledge of the company or information obtained early in the audit process might lead an auditor to a preliminary judgement that internal financial controls is likely to be ineffective because of the presence of pervasive control deficiencies that result in one or more material weaknesses. In those situations, the auditor's strategy for testing selected controls may depend on the effect of the pervasive deficiencies on other controls, as discussed in the following paragraphs. Considering the effect of pervasive control deficiencies on other controls IG 19.51 When the auditor encounters pervasive control deficiencies, he or she might decide that those deficiencies also impair the effectiveness of other controls by rendering their design ineffective or by keeping them from operating effectively. For example, certain deficient entity-level controls, such as the following, might impair the effectiveness of other controls over relevant assertions: • Ineffective control environment (considering the risk profile of the company). An ineffective control environment can increase the risk associated with a control by rendering its design ineffective or preventing it from operating effectively. Also, certain controls in the 962 Audit of Internal Financial Controls control environment, such as maintaining financial reporting competencies, might be necessary for the effective functioning of other controls. • Ineffective IT controls or information systems. Ineffective information systems could impair the effectiveness of certain IT-dependent controls (e.g., monitoring controls that rely on the reports produced by an ineffective information system). • Pervasive lack of segregation of duties without appropriate alternative controls. When a person performs two or more incompatible duties, the design of some controls might be ineffective without appropriate alternative controls. • Frequent management override of controls. A control that is frequently overridden is less likely to operate effectively. The effectiveness of controls that depend on an overridden control also might be impaired. The top-down audit approach can help the auditor identify pervasive control deficiencies earlier in the audit process and take them into account in determining the audit approach for testing other controls. The auditor's preliminary judgements regarding the effect of the pervasive control deficiencies can help determine the approach to gathering audit evidence. When the pervasive control deficiencies adversely affect other controls, the auditor may modify the planned testing of the other controls because less evidence generally is needed to support a conclusion that controls are not effective than a conclusion that controls are effective. For example, if a control is likely to be impaired because of another control's deficiency, the inquiries and observations during walkthroughs might provide enough evidence to conclude that the design of a control is deficient and thus could not prevent or detect misstatements. In some cases, limited testing of a control might be necessary (e.g., if a walkthrough has not been performed) to conclude that a control is not operating effectively. Also, detected misstatements from the audit of the financial statements could indicate that a control is not effective. Some companies might have pervasive control deficiencies and still have effective controls over some relevant assertions. For the selected controls that are likely to be effective, the auditor should test those controls to obtain the evidence necessary to support a conclusion about their operating effectiveness. The pervasive control deficiencies may affect the risk associated with the controls selected for testing, and, in turn, the amount of audit evidence needed. Scope limitation due to lack of sufficient audit evidence IG 19.52 Pervasive deficiencies in a company's internal financial controls do not necessarily prevent an auditor from obtaining sufficient audit evidence to express 963 Handbook of Auditing Pronouncements-II an opinion on internal financial controls. If the auditor determines that sufficient evidence is available to express an opinion, the auditor should perform tests of those controls that are important to the auditor's conclusion about the effectiveness of the company's internal financial controls and evaluate the severity of the identified control deficiencies. In some audits of companies with pervasive control deficiencies, the auditor could become aware that there is minimal available evidence about the design and operation of internal financial controls. Such situations could lead the auditor to conclude that the lack of available evidence constitutes a scope limitation that will prevent him or her from obtaining reasonable assurance necessary to express an opinion on internal financial controls, including identification of existing material weaknesses. The auditor may issue a report disclaiming an opinion on internal financial controls as soon as the auditor concludes that a scope limitation will prevent the auditor from obtaining the reasonable assurance necessary to express an opinion. The auditor is not required to perform any additional work before issuing a disclaimer when the auditor concludes that he or she will not be able to obtain sufficient evidence to express an opinion. The auditor's report should disclaim an opinion on internal control and disclose the substantive reasons for the disclaimer. The report should also disclose the material weaknesses of which the auditor is aware. Even if the auditor lacks sufficient evidence to express an opinion on internal financial control, the auditor might still be able to obtain sufficient evidence to perform an audit of the financial statements. The auditor should, however, take into account the control deficiencies and issues encountered in the audit of internal financial control in assessing control risk and determining the nature, timing, and extent of tests of accounts and disclosures in the audit of the financial statements. Example – Pervasive deficiencies and testing of controls IG 19.53 Scenario: A small company has a two-person staff that handles all of the accounting and financial reporting duties. The staff is competent in routine financial reporting matters but has difficulty with more complex accounting matters, such as valuation of stock-based compensation and income tax calculations and disclosures. The lack of competencies in these areas has resulted in adjustments based on the auditor's identification of material misstatements. 964 Audit of Internal Financial Controls Audit Approach: Based on the auditor's experience with the company, he or she expects that controls over the valuation/allocation and disclosures related to stock based compensation and income taxes will not be effective. For those assertions, the auditor obtains evidence about the respective controls during a walkthrough of the related process. Also, misstatements in those assertions were detected in the financial statement audit, and he or she observes that the controls failed to prevent or detect those misstatements. Based on this evidence, auditor concludes that the controls over those assertions are not effective. With respect to routine financial reporting processes, such as cash receipts and disbursements, the auditor plans to perform tests of the selected controls to obtain enough evidence to support a conclusion that the respective controls are effective. Example – Lack of sufficient audit evidence IG 19.54 Scenario: A development stage company is devoted exclusively to research and development for a new product and currently generates no revenue. The financial staff consists of a CFO and accounting clerk. The company's principal accounting records consist of a bank book and payroll records, and the company has no documentation of policies and procedures. Most of its controls are undocumented supervisory checks by the CFO. Late in the fourth quarter, a management dispute results in the resignation of the CFO and termination of the accounting clerk. Management hires an accountant on a temporary contract basis to prepare financial statements from the company's existing records and to help the company establish appropriate controls over its financial reporting functions. However, most of these controls were implemented near or shortly after year-end. Audit Approach: As the auditor begins trying to obtain an understanding of the company's internal financial controls and evaluate entity-level controls, he or she notes that there is minimal information available about the controls that existed at year-end. Because of the turnover in financial reporting personnel, the auditor is unable to perform inquiries, observations, or other procedures to understand the flow of transactions and related controls in significant processes. The auditor identifies some material weaknesses, but he or she determines that the lack of evidence results in a scope limitation because he or she cannot obtain reasonable assurance that all of the existing material weaknesses are identified. Accordingly, the auditor ceases further audit procedures in the audit of internal financial control. The auditor's report on internal financial controls contains a disclaimer of opinion and disclosure of the substantive reasons for the disclaimer and the material weaknesses that he or she identified. 965 Handbook of Auditing Pronouncements-II IG 20 Reporting Considerations (Refer Paragraph 153– 156 and 163) IG 20.1 The auditor should modify the audit report on internal financial controls if any of the following conditions exist: a. The auditor has identified deficiencies in the design or operation of internal controls, which individually or in combination has been assessed as material weakness. b. There is a restriction on the scope of the engagement. IG 20.2 A deficiency in internal control exits if a control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or the control is missing. Such a misstatement may occur on an annual basis (either before or after an audit), or through interim financial reporting (e.g., quarterly results, which are un-audited). IG 20.3 In evaluating the severity of a deficiency in internal financial controls, the auditor should primarily consider two factors: the likelihood that the deficiency will result in a financial misstatement, and the magnitude of such an outcome. Thus, this process is, in essence, an exercise of risk analysis. Like the generally accepted accounting principles (GAAP) that govern the preparation of financial statements, there are no clear bright-line tests based solely on quantitative measures for assessing a deficiency or combination of deficiencies as a significant deficiency or material weakness; qualitative measures must also be considered, and professional judgement is required. Figure: Evaluation of Deficiencies 966 Audit of Internal Financial Controls Refer Appendix V for additional factors for evaluating deficiencies and examples of different categories of deficiencies. Modified opinion on internal financial controls over financial reporting IG 20.4 For purposes of this Guidance Note, the following terms have the meanings attributed below: (a) Pervasive – A term used, in the context of control deficiencies, to describe the effects on the financial statements of misstatements or the possible effects on the financial statements of misstatements, if any, that are undetected due to the internal controls not being adequate and / or not operating effectively. Pervasive effects on the internal financial controls over financial reporting are those that, in the auditor’s judgment: (i) are not confined to internal controls over specific elements, accounts or items of the financial statements; (ii) if so confined, represent or could represent a substantial proportion of the financial statements or impacts the audit opinion on the financial statements of the company; or (iii) in relation to disclosures, are fundamental to users’ understanding of the financial statements. (b) Modified opinion – A qualified opinion, an adverse opinion or a disclaimer of opinion. Circumstances When a Modification to the Auditor’s Opinion on Internal Financial Controls Over Financial Reporting Is Required IG 20.5 The auditor shall modify the opinion in the auditor’s report on internal financial controls over financial reporting when: (a) The auditor concludes that, based on the audit evidence obtained, the internal financial controls over financial reporting is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct material misstatements in the financial statements on a timely basis; or the control is missing; or (b) The auditor is unable to obtain sufficient appropriate audit evidence to conclude that the internal financial controls over financial reporting is adequate and / or operating effectively to provide reasonable assurance that it is designed, implemented or operated in such a way that it is able to prevent, or detect and correct material misstatements in the financial statements on a timely basis. 967 Handbook of Auditing Pronouncements-II Determining the Type of Modification to the Auditor’s Opinion on Internal Financial Controls Over Financial Reporting Qualified Opinion IG 20.6 The auditor shall express a qualified opinion on Internal Financial Controls Over Financial Reporting when the auditor, having obtained sufficient appropriate audit evidence, concludes that such controls are designed, implemented or operated in such a way that it is unable to prevent, or detect and correct material misstatements in the financial statements on a timely basis; or the control is missing, but the effects/possible effects of the material weakness in such internal controls are material but is not pervasive to the financial statements. (Refer Scenario 1 and 3 in Example 2 of Appendix III) Adverse Opinion IG 20.7 The auditor shall express an adverse opinion on Internal Financial Controls Over Financial Reporting when the auditor, having obtained sufficient appropriate audit evidence, concludes that: (a) such controls are designed, implemented or operated in such a way that it is unable to prevent, or detect and correct material misstatements in the financial statements on a timely basis; or the control is missing, and the effects/possible effects of the material weakness in such internal controls are both material and pervasive to the financial statements, even if the audit opinion on the financial statements is unmodified; (Refer Scenario 2 and 4 in Example 2 of Appendix III) (b) the system of internal financial controls over financial reporting adopted by the Company does not consider / adequately consider the essential components of internal control as stated in Section III of Part B of this Guidance Note (Refer Scenario 5 in Example 2 of Appendix III); or (c) the audit opinion on the financial statements is required to be modified and such modification is also consequent to the material weakness in the company’s internal financial controls over financial reporting. (Refer Example 4 of Appendix III) . IG 20.8 The qualified or adverse opinion on internal financial controls over financial reporting may relate only to the operating effectiveness of such controls or may relate to both the adequacy and operating effectiveness of such controls, based on the audit evidence obtained. Disclaimer of Opinion IG 20.9 The auditor shall disclaim an opinion on the company’s internal financial controls over financial reporting: 968 Audit of Internal Financial Controls (a) if the company has not established its system of internal financial control over financial reporting considering the essential components of internal control stated in this Guidance Note (Refer Scenario 1 in Example 3 of Appendix III); or (b) the auditor is unable to obtain sufficient appropriate audit evidence to express an opinion on the internal financial controls over financial reporting but is able to perform appropriate substantive procedures to express an opinion on the financial statements (Refer Scenario 2 in Example 3 of Appendix III); or (c) when the auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion on the company’s internal financial controls over financial reporting, and / or the auditor concludes that consequent to the material weakness in such internal controls the possible effects on the financial statements of undetected misstatements, if any, could be both material and pervasive. (Refer Scenario 3 in Example 3 of Appendix III) IG 20.10 When the auditor plans to issue a modified opinion and the limited procedures performed by the auditor caused the auditor to conclude that a material weakness exists, the auditor's report should also include – • The definition of a material weakness as stated in this Guidance Note. • The description of the material weakness identified in the company's internal financial controls over financial reporting. This description should provide the users of the audit report with specific information about the nature of the material weakness and its actual and potential effect on the preparation and presentation of the company's financial statements issued during the existence of the deficiency. This description should also address the requirements in paragraph 157. • The consideration of the effect of the modified opinion on internal financial controls over financial reporting on the audit opinion on the financial statements of the company. Effect of a modified report on internal financial controls over financial reporting on the audit of financial statements IG 20.11 A modified report on internal financial controls over financial reporting does not in effect imply that the audit report on financial statements should also be qualified. In an audit of financial statements, the assurance obtained by the auditor is through both internal controls and substantive procedures. 969 Handbook of Auditing Pronouncements-II IG 20.12 Effect of Tests of Controls on Substantive Procedures: If, during the audit of internal financial controls, the auditor identifies a deficiency, he or she should determine the effect of the deficiency, if any, on the nature, timing, and extent of substantive procedures to be performed to reduce audit risk in the audit of the financial statements to an appropriately low level. IG 20.13 Regardless of the assessed level of control risk or the assessed risk of material misstatement in connection with the audit of the financial statements, the auditor should perform substantive procedures for all relevant assertions. Performing procedures to express an opinion on internal financial controls does not diminish this requirement. IG 20.14 If, as a result of the substantive procedures, the auditor is of the opinion that sufficient reliable audit evidence has been obtained to address the risk identified or gain assurance on the account balance being tested, the auditor should not qualify the audit opinion on the financial statements. For example, if a material weakness is identified with respect to customer acceptance, credit evaluation and establishing credit limits for customers resulting in a risk of revenue recognition where potential uncertainty exists for ultimate realisation of the sale proceeds, the auditor may modify the opinion on internal financial controls in that respect. However, in an audit of financial statements, the auditor when performing substantive procedures obtains evidence of confirmation of customer balances and also observes that all debtors as at the balance sheet date have been subsequently realised by the date of the audit, the audit opinion on the financial statements should not be qualified, though the internal control deficiency exists. Effect of Substantive Procedures on the Auditor's Conclusions About the Operating Effectiveness of Controls: IG 20.15 In an audit of internal financial controls, the auditor should evaluate the effect of the findings of the substantive auditing procedures performed in the audit of financial statements on the effectiveness of internal financial controls. This evaluation should include, at a minimum: • The auditor's risk assessments in connection with the selection and application of substantive procedures, especially those related to fraud. • Findings with respect to illegal acts and related party transactions. • Indications of management bias in making accounting estimates and in selecting accounting principles. • Misstatements detected by substantive procedures - The extent of such misstatements might alter the auditor's judgement about the effectiveness of controls. 970 Audit of Internal Financial Controls IG 20.16 To obtain evidence about whether a selected control is effective, the control must be tested directly; the effectiveness of a control cannot be inferred from the absence of misstatements detected by substantive procedures. The absence of misstatements detected by substantive procedures, however, should guide the auditor's risk assessments, and in determining the testing necessary to conclude on the effectiveness of a control. Interpretation of an unmodified report on financial statements with a modified report on internal financial controls over financial reporting IG 20.17 When an auditor issues an unmodified opinion on the company’s financial statements, this is a representation to the users of financial statements that the auditor has followed applicable auditing and related professional standards so as to allow the auditor to conclude with reasonable assurance that the financial statements are in conformity with the generally accepted accounting principles in all material respects. An unmodified audit opinion is not a guarantee of error-free financials, but is rather the conclusion by an auditor – using audit procedures and professional judgement that are reasonable to the circumstances – that the statements are fairly presented. IG 20.18 Neither the auditor nor the company is required to disclose whether the audit process itself revealed financial statement errors that were corrected before the statements were approved. The degree to which the auditor is involved in requiring management to correct financial statements prior to their issuance is an indication of whether the company – using only its own personnel (either employees or third party consultants) – will produce financial information that is materially accurate. IG 20.19 Whilst the auditors apply both test of controls and substantive testing to gain assurance on the financial statements, the management relies solely on its internal financial controls when preparing financial statements. The ability of a company to accurately describe its own financial condition is particularly relevant when the company discloses un-audited financial information, as in quarterly result filed with the Stock Exchanges. Thus, while the audit report of a company’s financial statements may be unmodified, this provides little information to those outside the company as to whether other financial information (such as interim financial information) is of similar reliability. Scope limitations IG 20.20 The auditor can express an opinion on the company's internal financial controls only if the auditor has been able to apply the procedures necessary in the circumstances. If there are restrictions on the scope of the engagement, the auditor should withdraw from the engagement or disclaim an opinion. A 971 Handbook of Auditing Pronouncements-II disclaimer of opinion states that the auditor does not express an opinion on the adequacy or effectiveness of internal financial controls. IG 20.21 When disclaiming an opinion because of a scope limitation, the auditor should state that the scope of the audit was not sufficient to warrant the expression of an opinion and, in a separate paragraph or paragraphs, the substantive reasons for the disclaimer. The auditor should not identify the procedures that were performed nor include the statements describing the characteristics of an audit of internal financial controls (paragraph 157 (f), (g), and (h)); to do so might overshadow the disclaimer. IG 20.22 If the auditor concludes that he or she cannot express an opinion because there has been a limitation on the scope of the audit, the auditor should communicate, in writing, to management and the audit committee8 that the audit of internal financial controls cannot be satisfactorily completed. Impact of modified opinion on internal financial controls over financial reporting in subsequent interim period financial reporting IG 20.23 As stated in paragraph IG 20.19, the management relies solely on its internal financial controls when preparing financial statements and as such the ability of a company to accurately describe its own financial condition is dependent on the adequacy and operating effectiveness of the internal financial controls. IG 20.24 If the auditor’s report for the audit of internal financial controls under the Act for the financial year proceeding the interim period was modified consequent to material weakness, the auditor should consider the effect of such modification when carrying out a review of interim financial statements / information under SRE 2400 or SRE 2410 issued by the Institute of Chartered Accountants of India. IG 20.25 Accordingly, the auditor should carry out additional procedures to determine if the material weakness and the significant deficiency in the internal financial controls as reported in the previous financial year have been remediated. The auditor should consider the guidance provided for testing design of controls, testing operating effectiveness of controls and remediation testing in determining the timing, nature and extent of testing. IG 20.26 If after performing such additional procedures as explained in paragraph IG 20.25, the auditor concludes that the significant deficiency or material weakness in internal control reported earlier has not been remediated, the auditor shall modify his or her report on the interim financial statements / 8 In case of a small or a one person company as defined in the Act, since there is no requirement to have an audit committee, the auditor would make such communication to the Board of Directors. 972 Audit of Internal Financial Controls information describing the material weakness reported earlier and stating that based on the procedures carried out by him or her, the said material weakness in internal control does not appear to have been remediated. If any of the significant deficiencies reported to those charged with governance in the earlier year has not been remediated and such deficiency in control is considered as a material weakness in the current period, the report of the auditor on the interim financial statements / information should describe the deficiency and state that the same is viewed as a material weakness in the current interim period. IG 20.27 If the interim financial statements are subject to audit, the auditor should comply with the Standards on Auditing for reporting on such interim financial statements. In planning and performing the audit, the auditor should consider the effect of the significant deficiency or material weakness reported in the previous financial year on the interim financial statements. Since such audit is not carried out as per the provisions of the Act, the auditor is not required to separately test and report on the internal financial controls in the interim period. IG 21 Understanding and Evaluating Financial Reporting Process IG 21.1 The financial reporting process, while an undefined term in the professional standards, generally refers to the process that begins when the underlying flows of transactions at the account/ assertion level culminate (e.g., typically in a subsidiary ledger or the general ledger). For a company, the financial reporting process encompasses the activities necessary to prepare, review, and approve the quarterly and annual financial statements, including the required disclosures, for filing in accordance with the required rules and regulations. IG 21.2 Because of its importance to financial reporting and to the auditor's opinions on internal financial controls and the financial statements, the auditor must evaluate the period-end financial reporting process. The period-end financial reporting process includes the following: • Procedures used to enter transaction totals into the general ledger; • Procedures related to the selection and application of accounting policies; • Procedures used to initiate, authorize, record, and process journal entries in the general ledger; • Procedures used to record recurring and non-recurring adjustments to the annual and quarterly financial statements; and 973 Handbook of Auditing Pronouncements-II • Procedures for preparing annual and quarterly financial statements and related disclosures. • With regard to the consolidated financial statements, the understanding the financial reporting process would include understanding the procedures for: a) identification of subsidiaries, associates and joint ventures that would form part of the consolidation process; b) identification of inter-company transactions for elimination and elimination of any unrealised profits on such transactions; c) identification and quantification of minority interest; d) ensuring consistency of accounting policies amongst the consolidating entities; e) ensuring consistency of the classification of account balances amongst the consolidating entities; f) recording recurring and non-recurring adjustments to the annual and quarterly consolidated financial statements; and g) ensuring appropriate disclosures in the consolidated financial statements. • In addition to the above, the auditor should also assess the impact, if any, of the subject matter of any qualification, adverse opinion or disclaimer stated by any of the component auditors in their respective components, and any remedial measures effected by the parent company to mitigate the effect of such observations in the component audit reports on the financial reporting process for the consolidated financial statements. IG 21.3 As part of evaluating the period-end financial reporting process, the auditor should assess: • Inputs, procedures performed, and outputs of the processes the company uses to produce its annual and quarterly financial statements; • The extent of information technology ("IT") involvement in the period- end financial reporting process; • Who participates from management; • The locations involved in the period-end financial reporting process; • The types of adjusting and eliminating entries; and 974 Audit of Internal Financial Controls • The nature and extent of the oversight of the process by management, the board of directors, and the audit committee. Note: The auditor should obtain sufficient evidence of the effectiveness of those quarterly controls that are important to determining whether the company's controls sufficiently address the assessed risk of misstatement to each relevant assertion as of the date of management's assessment. However, the auditor is not required to obtain sufficient evidence for each quarter individually. Understanding the financial reporting process IG 21.4 The auditor is required to obtain a sufficient understanding of the processes and flows of transactions for significant accounts and disclosures to validate the points at which a material misstatement could occur, and for identifying the controls that mitigate those potential misstatements. His/her understanding of the flows of transactions and processes of the significant accounts and disclosures begins at the initiation of a transaction and concludes with its presentation in the financial statements. For practical purposes, the auditor typically bifurcate understanding of significant accounts and disclosures (including the process for consolidating and preparing the financial statements) into two parts: (1) the account/assertion level process and (2) the financial reporting process (depicted in Figure below): • Significant Accounts: Separately understand the flows of transactions and processes (and related controls) for each significant account as part of the account /assertion level process until the transactions reach an appropriate “hand-off” point to the financial reporting process (e.g., a subsidiary ledger or the general ledger). • Disclosures: Understand the flows of transactions and processes (and related controls) for the preparation of each disclosure as part of the financial reporting process (although the controls related to the underlying transactions and events may have already been addressed at the account/assertion level. Note: Disclosures may alternatively be addressed in conjunction with the related significant account balance at the account/assertion level until they are accumulated at the financial reporting process level. • Preparation of the Financial Statements: Understand the processes (and related controls) for the preparation, review, and approval of the financial statements as part of the financial reporting process. 975 Handbook of Auditing Pronouncements-II Figure: Understanding financial reporting process IG 21.5 Similar to how the auditor obtains an understanding of the processes and relevant controls relating to individual account balances and disclosures, performing a walkthrough of the financial reporting process is likely to be the most effective way to understand the financial reporting process from beginning- to-end, and provides the basis for identifying the risks of material misstatement and the relevant controls, any relevant IPE, and any relevant application systems. IG 21.6 Reviews and financial analysis of the draft financial statements and related disclosures by management, the disclosure committee, the audit committee, or the board of directors are important controls that support their assertion and certifications. However, while these controls may be considered “direct” controls, they are often not designed to operate at a sufficient level of precision to address a risk of material misstatement by themselves (e.g., the purpose of such a control is to identify anomalies, not verify that the amounts are fairly stated). Nonetheless, these controls are typically selected for testing, as 976 Audit of Internal Financial Controls they are important to the overall reliability of financial reporting even when they are not sufficiently precise on their own. Understanding the application systems and controls over financial reporting process IG 21.7 Many entities use technology to automate aspects of the financial reporting process. Identifying the relevant application systems that support the financial reporting processes is necessary to identify the IT risks and general IT controls or other controls (e.g., direct controls) that are relevant to the financial reporting process. Considerations when identifying controls relevant to the financial reporting process may include: • Automated interfaces: Data typically flows into the general ledger either systematically through automated interfaces or via journal entries that are manually input. When the system users rely on automated interfaces (i.e., the electronic transfer of transactions and data between systems), similar to an automated control, auditor subject the automated interface to testing. The extent of testing depends in part on whether the application is subject to effective general IT controls. • Consolidation applications/tools: Financial reporting application systems (e.g., Hyperion) may be used to automate the consolidation process and may interface with one or more data warehouses or other application systems. Accordingly, when the system users rely on the application’s automated controls, the reliability of the data, and/or the reports generated by the application systems (which are IPE), the application is relevant to ICFR and the relevant IT risks and controls (e.g., general IT or other similar controls) are identified. For example, the entity uploads the financial data received from its branches into Hyperion in which the consolidation with head office is performed as well as the output of financial data for analysis. Hyperion (including the underlying data warehouse) is within the scope of the general IT controls; therefore, the identified IT risks are addressed by the general IT controls that operate over Hyperion. For example, the entity uploads data from the general ledger system into a data warehouse that is not within the scope of the general IT controls. Therefore, the entity implemented controls such as manual input/output controls to verify that the data coming out of the data warehouse agrees with the data that was uploaded into the data warehouse and we test the reports (which are IPE) more extensively since the application is not subject to general IT controls. 977 Handbook of Auditing Pronouncements-II In addition, review-type controls (e.g., a review of financial information and data by management, the disclosure committee or the board of directors) are often dependent upon the accuracy and completeness of the reporting packages and data (which are IPE) derived from these applications/tools; therefore, consideration and testing of the design and operating effectiveness of the relevant controls, including the general IT controls, may also be relevant for purposes of evaluating the effectiveness of such review-type controls. IG 21.8 The auditor should obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including: • The classes of transactions in the company's operations that are significant to the financial statements; • The procedures, within both automated and manual systems, by which those transactions are initiated, authorized, processed, recorded, and reported; • The related accounting records, supporting information, and specific accounts in the financial statements that are used to initiate, authorize, process, and record transactions; • How the information system captures events and conditions, other than transactions that are significant to the financial statements; and • The period-end financial reporting process. Understanding accounting policies IG 21.9 The company’s process and controls to select and apply its accounting principles, financial reporting policies, and related disclosures, underpin effective financial reporting. Accordingly, the auditor is required to obtain an understanding of the entity’s selection and application of accounting policies and principles, including related disclosures. The following matters, if present, are relevant to the necessary understanding of the company's selection and application of accounting principles, including related disclosures: • Significant changes in the company's accounting principles, financial reporting policies, or disclosures and the reasons for such changes; • The financial reporting competencies of personnel involved in selecting and applying significant new or complex accounting principles; 978 Audit of Internal Financial Controls • The accounts or disclosures for which judgment is used in the application of significant accounting principles, especially in determining management's estimates and assumptions; • The effect of significant accounting principles in controversial or emerging areas for which there is a lack of authoritative guidance or consensus; • The methods the company uses to account for significant and unusual transactions; and • Financial reporting standards and laws and regulations that are new to the company, including when and how the company will adopt such requirements. For internal financial reporting purposes, the auditor considers the company’s controls over the selection and application of GAAP (i.e., the company’s controls over applying GAAP to new transactions or events or implementing new GAAP requirements). Implicit in this evaluation is the auditor’s evaluation of the competence of those individuals responsible for the selection, development, and application of such policies and principles. Understanding the process for recording journal entries IG 21.10 The process for initiating, reviewing, authorizing and recording journal entries is integral to the financial reporting process. For many entities, this process may involve a combination of automated and manual procedures for transferring transactions and data from a source (e.g., sub-ledger, manual spreadsheet, analysis) to the general ledger. Many entities utilise different journal entry types, for example: • Entries to record transaction activity • Routine closing entries • Non-routine closing entries • Consolidating and eliminating entries • Top-side entries When such entries are subject to different processes and controls, they are evaluated and tested separately; that is, it is not appropriate to design a testing strategy on the basis of the controls being common if the characteristics of a common control are not met. IG 21.11 In understanding and testing the relevant controls over the journal entry process, area based considerations specific to journal entries include the following: 979 Handbook of Auditing Pronouncements-II • Segregation of duties (e.g., who prepares, reviews and posts entries) • The review and approval process, including the purpose of the review (e.g., the level of management at which the review is performed “reasonableness” review versus a detailed review of the supporting documentation) • Adequacy of the supporting documentation for the journal entry to enable a reviewer to determine whether the entry is appropriate • Competence of the preparer • Competence and authority of the reviewer. IG 21.12 Management override of controls over journal entries is a presumed risk of fraud (and therefore a significant risk) that is addressed by controls at either the financial statement level (e.g., entity-level controls designed to address the risk of management override of controls) or the account balance level for each account. Accordingly, auditor focuses additional attention on the effectiveness of the design and the operating effectiveness of controls that mitigate such risk. Understanding the process for disclosures IG 21.13 The auditor identifies which disclosures are significant disclosures (and therefore included in the scope of a combined audit of internal financial controls over financial reporting and financial statements), then identify the relevant assertions for each significant disclosure. As the GAAP requirements are not applicable to immaterial items, it would be rare for a disclosure in an entity’s financial statements not to be considered a significant disclosure. The relevant assertions for presentation and disclosure are as follows: • Occurrence and rights and obligations — Disclosed events, transactions, and other matters have occurred and pertain to the entity. • Completeness — All disclosures that should have been included in the Financial Statements have been included. • Classification and understandability — Financial information is appropriately presented and described, and disclosures are clearly expressed. • Accuracy and valuation — Financial and other information are disclosed fairly and at appropriate amounts. There are two key considerations when developing the audit approach for disclosures: 980 Audit of Internal Financial Controls • Identify the process steps (and controls) that are unique to each disclosure (i.e., when the process, risks and controls are not common). For example, the preparation of the legal disclosure may be subject to different processes, risks and controls than the preparation of the stock compensation disclosures, in which case those relevant controls would be subject to testing separately. However, the use of a GAAP disclosure checklist is an example of a control that is performed on an overall basis (and therefore the control operates with respect to all disclosures). • Identify which disclosures are derived from transactions or events for which auditor has already tested the relevant controls. For example, the inventory footnote is typically derived from data within the general ledger. Since auditor has already tested the relevant controls over inventory into the general ledger, auditor only needs to test the controls over the accuracy and completeness of the presentation of the footnote in the draft financial statements for ICFR purposes. 981 APPENDIX I Illustrative Engagement Letter (Referred to in Paragraph 75) Agreeing the terms of audit engagement for the audit of internal financial controls The following factors need to be considered by an auditor when agreeing the terms of an audit engagement for the audit of internal financial controls. These factors are in addition to those stated in SA 210 “Agreeing the terms of Audit Engagements” for an audit of the financial statements. 1. In order to establish whether the preconditions for an audit of internal financial controls are present, the auditor shall: (a) Obtain the agreement of management that it acknowledges and understands its responsibility: (i) For laying down internal financial controls to be followed by the company; (ii) For ensuring that that such internal financial controls are adequate and are operating effectively; (this is in addition to the requirement in Paragraphs A15 to A18 of SA 210; (iii) To provide the auditor with: • Access to all information, such as records and documentation, and other matters that are relevant to their assessment of internal financial controls; • Additional information that the auditor may request from management for the purpose of the audit; and • Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. Determining the acceptability of the internal financial controls criteria 2. Factors that are relevant to the auditor’s determination of the acceptability of the internal financial controls criteria include: a) Whether the aforesaid controls are based on the essential components of internal controls as stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India. 982 Audit of Internal Financial Controls b) The nature of the entity (for example, whether it is a business enterprise, or not for profit organization); c) The size of the entity (for example, internal controls in a smaller entity are comparatively lesser than that of a large entity); d) Whether the entity is listed or unlisted; and e) Whether law or regulation prescribes any requirement for internal financial controls. Limitation on scope prior to audit engagement acceptance 3. If management or those charged with governance impose a limitation on the scope of the auditor’s work in the terms of a proposed audit engagement such that the auditor believes the limitation will result in the auditor disclaiming an opinion on the internal financial controls, the auditor shall not accept such a limited engagement as an audit engagement, unless required by law or regulation to do so. Agreement on audit engagement terms 4. The agreed terms of the audit engagement shall be recorded in an audit engagement letter or other suitable form of written agreement and shall include: (a) The objective and scope of the audit of the internal financial controls; (b) The responsibilities of the auditor; (c) The responsibilities of management; (d) Identification of the applicable criteria to be applied for establishing the internal financial controls; and (e) Reference to the expected form and content of any reports to be issued by the auditor and a statement that there may be circumstances in which a report may differ from its expected form and content. Form and content of the audit engagement letter 5. The form and content of the audit engagement letter may vary for each entity. Information included in the audit engagement letter may be based on SA 210. The auditor may issue a combined engagement letter for reporting on financial statements and reporting on internal financial controls or a separate engagement letter for each. In addition to including the matters required by SA 210, an audit engagement letter may make reference to, for example: • The agreement of management’s responsibilities for establishing and maintaining adequate and effective internal financial controls based on the control criteria [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of 983 Handbook of Auditing Pronouncements-II Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”.] for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. • The agreement of management to make available to the auditor their evaluation and assessment of the adequacy and effectiveness of the company's internal financial controls, based on the control criteria as mentioned above. • The agreement of management to inform the auditor of any communications from regulatory agencies concerning non- compliance with or deficiencies in financial reporting practices. • The agreement of providing management’s conclusion over the company's internal financial controls based on the control criteria set above as of the balance sheet date; • The agreement of providing the component auditors’ report under section 143(3)(i) in the case of components that are companies covered under the Companies Act, 2013 that form part of the consolidated financial statements of the parent company Example of a Separate Audit Engagement Letter for Audit of Internal financial controls over financial reporting The following is an example of an engagement letter for an audit of internal financial controls over financial reporting in the case of standalone financial statements that is separate from the engagement letter for an audit of the financial statements prepared in accordance with the Accounting Standards notified under Section 133 of the Companies Act, 2013. This letter is not authoritative but is intended only to be a guide that may be used in conjunction with the considerations outlined in this Guidance Note and SA 210. It will need to be varied according to individual requirements and circumstances. *** To the Board of Directors of ABC Company Limited: The objective and scope of the audit You have requested that I / we carry out an audit of the internal financial controls over financial reporting of ABC Company Limited (the ‘Company’) as at March 31, 20X1 [balance sheet date] in conjunction with our audit of the standalone and consolidated financial statements of the Company for the year ended on that date. 984 Audit of Internal Financial Controls I am/We are pleased to confirm my / our acceptance and my / our understanding of the audit engagement by means of this letter. My / Our audits will be conducted with the objective of expressing our opinion under Section 143(3)(i) of the Companies Act, 2013 (“2013 Act”) on the adequacy of the internal financial controls system over financial reporting and the operating effectiveness of such controls as at March 31, 20X1 based on the internal control criteria established by you. Audit of internal financial controls over financial reporting I / We will conduct our audit of the internal financial controls over financial reporting in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (“the Guidance Note”) and the Standards on Auditing issued by the Institute of Chartered Accountants of India (ICAI) and deemed to be prescribed by the Central Government in accordance with Section 143(10) of the 2013 Act, to the extent applicable to an audit of internal financial controls over financial reporting. These Guidance Note and Standards require that I / we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness as at the balance sheet date. An audit of internal financial controls over financial reporting involves performing procedures to obtain audit evidence about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness. The procedures selected depend on the auditor’s judgement, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. Inherent limitations in an audit of internal financial controls over financial reporting Because of the inherent limitations of internal financial controls over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal financial controls over financial reporting to future periods are subject to the risk that the internal financial control over financial reporting may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Management’s responsibility My / Our audit will be conducted on the basis that [management and, where appropriate, those charged with governance] acknowledge and understand that they have responsibility: 985 Handbook of Auditing Pronouncements-II (a) For establishing and maintaining adequate and effective internal financial controls based on [state criteria ] [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”] for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Act. (b) To provide me / us with: (i) Access, at all times, to all information, including the books, account, vouchers and other records and documentation, of the Company, whether kept at the head office of the company or elsewhere, of which [management] is aware that is relevant to the preparation of the financial statements such as records, documentation and other matters; (ii) All information, such as records and documentation, and other matters that are relevant to my / our assessment of internal financial controls; (iii) Management’s evaluation and assessment of the adequacy and effectiveness of the company's internal financial controls, based on the control criteria [mention the control criteria] and all deficiencies, significant deficiencies and material weaknesses in the design or operations of internal financial controls identified as part of management’s evaluation. (iv) Additional information that I / we may request from [management] for the purpose of the audit. (v) Unrestricted access to persons within the entity from whom I / we determine it necessary to obtain audit evidence. This includes my / our entitlement to require from the officers of the Company such information and explanations as I / we may think necessary for the performance of my / our duties as auditor. (vi) Any communications from regulatory agencies concerning non-compliance with or deficiencies in financial reporting practices. (vii) Management’s conclusion over the company's internal financial controls based on the control criteria set above as at the balance sheet date [insert date]. 986 Audit of Internal Financial Controls (viii) Informing me / us of significant changes in the design or operation of the Company’s internal financial controls that occurred during or subsequent to the date being reported on, including proposed changes being considered. (ix) Providing me / us with the component auditors’ report under section 143(3)(i) in the case of components that are companies covered under the Companies Act for the purposes of our reporting in the case of the consolidated financial statements of the Company. (c) As part of my / our audit process, I / we will request from [management and, where appropriate, those charged with governance], written confirmation concerning representations made to me / us in connection with the audit. I / We also wish to invite your attention to the fact that my / our audit process is subject to 'peer review' / ‘quality review’ under the Chartered Accountants Act, 1949 to be conducted by an Independent reviewer. The reviewer may inspect, examine or take abstract of my / our working papers during the course of the peer review. Reporting My / Our audit report will be issued pursuant to the requirements of Section 143(3)(i) of the Act. The form and content of my / our report may need to be amended in the light of my / our audit findings. Our opinion on the adequacy and operating effectiveness of internal financial controls over financial reporting in the case of the consolidated financial statements of the Company, in so far as it relates to subsidiary companies, jointly controlled companies and associate companies incorporated in India, will be based solely on the reports of the auditors of such companies. [Insert any other information, such as fee arrangements, billings and other specific terms, as appropriate.] [Any other relevant information] This letter should be read in conjunction with my / our letter dated ___ for the audit of the standalone and consolidated financial statements of the Company under the Act. I / We look forward to full cooperation from your staff during my / our audits. Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with, the arrangements for my / our audit of the internal financial controls over financial reporting including our respective responsibilities. 987 Handbook of Auditing Pronouncements-II (Signature) XYZ & Co. Chartered Accountants Place: Date: Acknowledged on behalf of ABC Company Limited by …………………….. (Signature) Name and Designation Date 988 Audit of Internal Financial Controls Appendix II Illustrative Management Representation Letter for Matters Relating to Audit of internal financial controls over financial reporting (Referred to in paragraphs 150 - 152) The following illustrative letter includes written representations that are required by this Guidance Note and SA 580 “Written Representations” and other Standards on Auditing as applicable to an audit of internal financial controls over financial reporting, which are in effect as at _______[balance sheet date]. It is assumed in this illustration that the relevant internal financial controls are based on the essential components of internal control identified in the Guidance Note on Audit of Internal Financial Controls over Financial Reporting, issued by the Institute of Chartered Accountants of India; and that there are no exceptions to the requested written representations. If there were exceptions, the representations would need to be modified to reflect the exceptions. (Entity Letterhead) (To Auditor) (Date) This representation letter is provided in connection with your audit of the internal financial controls over financial reporting in the audit of ABC Company Limited (“the Company”) in conjunction with your audit of the standalone/ consolidated financial statements of the Company for the year ended March 31, 20X1, for the purpose of expressing an opinion as to whether the Company had, in all material respects, an adequate internal financial controls system over financial reporting and the operating effectiveness of such controls in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (“the Guidance Note”) and the Standards on Auditing issued by the Institute of Chartered Accountants of India (ICAI) and deemed to be prescribed by the Central Government in accordance with Section 143(10) of the 2013 Act, to the extent applicable to an audit of internal financial controls over financial reporting. We confirm that to the best of our knowledge and belief, having made such inquiries as we considered necessary for the purpose of appropriately informing ourselves: 1. We are responsible for establishing and maintaining adequate and effective internal financial controls based on [mention control criteria] and the preparation and presentation of the financial statements as set out in the terms of 989 Handbook of Auditing Pronouncements-II the audit engagement dated [insert date] and, in particular, the assertions to you on the internal financial controls in accordance with the _____ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. 2. We have performed an evaluation and made an assessment of the adequacy and effectiveness of the company's internal financial controls and based on the following control criteria [mention the control criteria]. 3. We have not used the procedures performed by you during the audit of internal financial controls over financial reporting as part of the basis for our assessment of the effectiveness of internal financial controls. 4. Based on the assessment carried out by us and the evaluation of the results of the assessment, we conclude that the Company has adequate internal financial controls system that was operating effectively as at the March 31, 20X1 [balance sheet date] (or) Except for the below mentioned deficiencies noted during our assessment and evaluation of internal financial controls, the other relevant controls were determined adequate and were operating effectively as at March 31, 20X1 [balance sheet date]. a. (brief of design deficiencies) b. (brief of deficiencies in operating effectiveness) 5. We have disclosed to you all deficiencies in the design or operation of internal financial controls identified as part of management's evaluation, including separately disclosing to you all such deficiencies that we believe to be significant deficiencies or material weaknesses in internal financial controls in paragraph [4]. 6. There were no instances of fraud resulting in a material misstatement to the company's financial statements and any other fraud that does not result in a material misstatement to the company's financial statements but involves senior management or management or other employees who have a significant role in the company's internal financial controls. (or) The following instances of fraud that resulted in material misstatement of financial statements in earlier years and frauds involving senior management or management or other employees who have a significant role in the company's internal financial controls were noted: (list instances and amounts involved). 990 Audit of Internal Financial Controls 7. The control deficiencies identified in the previous engagement of audit of internal financial controls and communicated to the Company and those charged with governance have been remediated, except for the following: (list control deficiencies not remediated as at the balance sheet date) (This issue is not applicable in the first year when the Company is subject to an audit of internal financial controls under the Companies Act, 2013) 8. There have been no communications from regulatory agencies concerning non-compliance with or deficiencies in financial reporting practices. 9. We have provided you with: • All information, such as records and documentation, and other matters that are relevant to your assessment of internal financial controls; • Additional information that you have requested from us; and • Unrestricted access to those within the entity. • Audit reports of the component auditors, including their report under Section 143(3)(i) of the Act for the following subsidiary companies, jointly controlled companies and associate companies to whom reporting under Section 143(3)(i) is applicable: • There are no other subsidiary companies, jointly controlled companies and associate companies of the company to whom reporting under Section 143(3)(i) is applicable and whose auditors have not issued their report under Section 143(3)(i) of the Act. • In the case of the following subsidiary companies, jointly controlled companies and associate companies of the company to whom reporting under Section 143(3)(i) is applicable, the respective component’s year end is other than that of the Company: With respect to these components, we have provided to you the audit reports of the component auditors, including their report under Section 143(3)(i) of the Act for their respective financial year under the Act that has been considered in the preparation of the consolidated financial statements of the Company. 10. There are no changes in the internal financial controls system from March 31, 20X1 [balance sheet date] till the date of this representation letter. (or) The following changes have been made to the internal financial controls system since March 31, 20X1 [balance sheet date] and the date of this letter: (list changes and reason for the change). 991 Handbook of Auditing Pronouncements-II 11. These changes include corrective actions taken by us with regard to significant deficiencies or material weaknesses noted with respect to the following: (list significant deficiency or the material weakness and the related change in internal controls). 12. The following changes to internal financial controls system have been proposed as on date of this representation letter but have not yet been implemented: (list proposed changes and reason for the proposed change). 13. The changes to the internal financial controls since March 31, 20X1 [balance sheet date] and the proposed changes that are under consideration by the Company do not impact our assessment, evaluation and conclusion of the internal financial controls system as at March 31, 20X1 [balance sheet date] 14. [Any other matters that the auditor may consider appropriate.] For and on behalf of ABC Company Limited …………………….. ……………….. (Signature) (Signature) Name and Designation Name and Designation 992 Audit of Internal Financial Controls APPENDIX III Illustrative Reports on Internal Financial Controls Over Financial Reporting (Referred to in paragraphs 157 - 164) Example 1 – Separate Reports The following is an example of separate unmodified audit report for an audit of internal financial controls over financial reporting in the case of standalone financial statements. This report is not authoritative but is intended only to be a guide that may be used in conjunction with the considerations outlined in this Guidance Note and SA 700 “Forming an Opinion and Reporting on financial Statements”. The report is also not an exhaustive report which includes all aspect of reporting by the auditor under Sub-sections 2 and 3 of Section 143 of the Companies Act, 2013. It will need to be varied according to individual requirements and circumstances. *** ANNEXURE TO THE INDEPENDENT AUDITOR’S REPORT OF EVEN DATE ON THE STANDALONE FINANCIAL STATEMENTS OF ABC COMPANY LIMITED Report on the Internal Financial Controls under Clause (i) of Sub- section 3 of Section 143 of the Companies Act, 2013 (“the Act”) I / We have audited the internal financial controls over financial reporting of ABC Company Limited (“the Company”) as of March 31, 20X1 in conjunction with my / our audit of the standalone financial statements of the Company for the year ended on that date. Management’s Responsibility for Internal Financial Controls The Company’s management is responsible for establishing and maintaining internal financial controls based on _____ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”.] These responsibilities include the design, implementation and maintenance of adequate internal financial controls that were operating effectively for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention 993 Handbook of Auditing Pronouncements-II and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Companies Act, 2013. Auditors’ Responsibility My / Our responsibility is to express an opinion on the Company's internal financial controls over financial reporting based on my / our audit. I / We conducted my / our audit in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (the “Guidance Note”) and the Standards on Auditing, issued by ICAI and deemed to be prescribed under section 143(10) of the Companies Act, 2013, to the extent applicable to an audit of internal financial controls, both applicable to an audit of Internal Financial Controls and, both issued by the Institute of Chartered Accountants of India. Those Standards and the Guidance Note require that I/we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether adequate internal financial controls over financial reporting was established and maintained and if such controls operated effectively in all material respects. My/Our audit involves performing procedures to obtain audit evidence about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness. My/Our audit of internal financial controls over financial reporting included obtaining an understanding of internal financial controls over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. The procedures selected depend on the auditor’s judgement, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. I / We believe that the audit evidence I/we have obtained is sufficient and appropriate to provide a basis for my /our audit opinion on the Company’s internal financial controls system over financial reporting. Meaning of Internal Financial Controls Over Financial Reporting A company's internal financial control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with 994 Audit of Internal Financial Controls generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Inherent Limitations of Internal Financial Controls Over Financial Reporting Because of the inherent limitations of internal financial controls over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal financial controls over financial reporting to future periods are subject to the risk that the internal financial control over financial reporting may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Opinion In my / our opinion, the Company has, in all material respects, an adequate internal financial controls system over financial reporting and such internal financial controls over financial reporting were operating effectively as at March 31, 20X1, based on ______ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. For XYZ & ASSOCIATES Chartered Accountants (Firm‘s Registration No.______) Signature (Name of the Member Signing the Audit Report) (Designation) (Membership No. XXXXX) Place: Date: 995 Handbook of Auditing Pronouncements-II Example 2 – Separate Reports The following is an example of separate modified (qualified / adverse) audit report for an audit of internal financial controls over financial reporting and not impacting the audit opinion on the standalone financial statements of the company. This report is not authoritative but is intended only to be a guide that may be used in conjunction with the considerations outlined in this Guidance Note and SA 700 “Forming an Opinion and Reporting on Financial Statements”. The report is also not an exhaustive report which includes all aspect of reporting by the auditor under Sub-sections 2 and 3 of Section 143 of the Companies Act, 2013. It will need to be varied according to individual requirements and circumstances. *** ANNEXURE TO THE INDEPENDENT AUDITOR’S REPORT OF EVEN DATE ON THE STANDALONE FINANCIAL STATEMENTS OF ABC COMPANY LIMITED Report on the Internal Financial Controls under Clause (i) of Sub- section 3 of Section 143 of the Companies Act, 2013 (“the Act”) I / We have audited the internal financial controls over financial reporting of ABC Company Limited (“the Company”) as of March 31, 20X1 in conjunction with my / our audit of the standalone financial statements of the Company for the year ended on that date. Management’s Responsibility for Internal Financial Controls The Company’s management is responsible for establishing and maintaining internal financial controls based on _____ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. These responsibilities include the design, implementation and maintenance of adequate internal financial controls that were operating effectively for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Companies Act, 2013. Auditors’ Responsibility My / Our responsibility is to express an opinion on the Company's internal financial controls over financial reporting based on my/our audit. I/We conducted 996 Audit of Internal Financial Controls our audit in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (the “Guidance Note”) and the Standards on Auditing, to the extent applicable to an audit of internal financial controls, both issued by the Institute of Chartered Accountants of India. Those Standards and the Guidance Note require that I / we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether adequate internal financial controls over financial reporting was established and maintained and if such controls operated effectively in all material respects. My / Our audit involves performing procedures to obtain audit evidence about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness. My / Our audit of internal financial controls over financial reporting included obtaining an understanding of internal financial controls over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. The procedures selected depend on the auditor’s judgement, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. I / We believe that the audit evidence I / we have obtained is sufficient and appropriate to provide a basis for my / our qualified / adverse audit opinion on the Company’s internal financial controls system over financial reporting. Meaning of Internal Financial Controls Over Financial Reporting A company's internal financial control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Inherent Limitations of Internal Financial Controls Over Financial Reporting Because of the inherent limitations of internal financial controls over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may occur and not be 997 Handbook of Auditing Pronouncements-II detected. Also, projections of any evaluation of the internal financial controls over financial reporting to future periods are subject to the risk that the internal financial control over financial reporting may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Scenario 1 - Qualified Opinion on adequacy (and therefore operating effectiveness) of Internal Financial Controls Over Financial Reporting Qualified opinion According to the information and explanations given to me / us and based on my / our audit, the following material weakness/es has / have been identified as at March 31, 20X1: a) The Company did not have an appropriate internal control system for customer acceptance, credit evaluation and establishing customer credit limits for sales, which could potentially result in the Company recognising revenue without establishing reasonable certainty of ultimate collection. b) [list other deficiencies identified] A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. In my / our opinion, except for the effects/possible effects of the material weakness/es described above on the achievement of the objectives of the control criteria, the Company has maintained, in all material respects, adequate internal financial controls over financial reporting and such internal financial controls over financial reporting were operating effectively as of March 31, 20X1, based on ______ [for example “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. I / We have considered the material weakness/es identified and reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the March 31, 20X1 standalone financial statements of the Company, and the / these material weakness/es does not / do not affect my / our opinion on the standalone financial statements of the Company. 998 Audit of Internal Financial Controls Scenario 2 - Adverse Opinion on adequacy (and therefore operating effectiveness) of Internal Financial Controls Over Financial Reporting Adverse opinion According to the information and explanations given to me / us and based on my / our audit, the following material weakness/es has / have been identified as at March 31, 20X1: a) The Company did not have an appropriate internal control system for customer acceptance, credit evaluation and establishing customer credit limits for sales, which could potentially result in the Company recognising revenue without establishing reasonable certainty of ultimate collection. b) The Company did not have an appropriate internal control system for inventory with regard to receipts, issue for production and physical verification. Further, the internal control system for identification and allocation of overheads to inventory was also not adequate. These could potentially result in material misstatements in the Company’s trade payables, consumption, inventory and expense account balances. c) [list other deficiencies identified] A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. In my / our opinion, because of the effects/possible effects of the material weakness/es described above on the achievement of the objectives of the control criteria, the Company has not maintained adequate internal financial controls over financial reporting and such internal financial controls over financial reporting were not operating effectively as of March 31, 20X1, based on ______ [for example “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. I / We have considered the material weakness/es identified and reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the March 31, 20X1 standalone financial statements of the Company, and the / these material weakness/es does not / do not affect my / our opinion on the financial statements of the Company. 999 Handbook of Auditing Pronouncements-II Scenario 3 - Qualified Opinion on operating effectiveness of Internal Financial Controls Over Financial Reporting and unmodified opinion on adequacy of such controls Qualified opinion According to the information and explanations given to me / us and based on my / our audit, the following material weakness/es has / have been identified in the operating effectiveness of the Company’s internal financial controls over financial reporting as at March 31, 20X1: a) The Company’s internal financial controls over customer acceptance, credit evaluation and establishing customer credit limits for sales, were not operating effectively which could potentially result in the Company recognising revenue without establishing reasonable certainty of ultimate collection. b) [list other deficiencies identified] A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. In my / our opinion, the Company has, in all material respects, maintained adequate internal financial controls over financial reporting as of March 31, 20X1, based on ______ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”], and except for the effects/possible effects of the material weakness/es described above on the achievement of the objectives of the control criteria, the Company’s internal financial controls over financial reporting were operating effectively as of March 31, 20X1. I / We have considered the material weakness/es identified and reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the March 31, 20X1 financial statements of the Company, and the / these material weakness/es does not / do not affect my / our opinion on the standalone financial statements of the Company. Scenario 4 - Adverse Opinion on operating effectiveness of Internal Financial Controls Over Financial Reporting and unmodified opinion on adequacy of such controls Adverse opinion According to the information and explanations given to me / us and based on my / our audit, the following material weakness/es has / have been identified in the 1000 Audit of Internal Financial Controls operating effectiveness of the Company’s internal financial controls over financial reporting as at March 31, 20X1: a) The Company’s internal control system for customer acceptance, credit evaluation and establishing customer credit limits for sales, were not operating effectively which could potentially result in the Company recognising revenue without establishing reasonable certainty of ultimate collection. b) The Company’s internal control system for inventory with regard to receipts, issue for production and physical verification were not operating effectively. Further, the internal control system for identification and allocation of overheads to inventory was also not operating effectively. These could potentially result in material misstatements in the Company’s trade payables, consumption, inventory and expense account balances. c) [list other deficiencies identified] A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. In my / our opinion, the Company has, in all material respects, maintained adequate internal financial controls over financial reporting as of March 31, 20X1, based on ______ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”], and because of the effects/possible effects of the material weakness/es described above on the achievement of the objectives of the control criteria, the Company’s internal financial controls over financial reporting were not operating effectively as of March 31, 20X1. I / We have considered the material weakness/es identified and reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the March 31, 20X1 standalone financial statements of the Company, and the / these material weakness/es does not / do not affect my / our opinion on the financial statements of the Company. Scenario 5 - Adverse Opinion on Internal Financial Controls Over Financial Reporting – essential components of internal controls not adequately considered in the internal financial controls established by the company Adverse opinion According to the information and explanations given to me / us and based on my / our audit, the following material weakness/es has / have been identified as at March 31, 20X1: 1001 Handbook of Auditing Pronouncements-II a) The Company did not have an appropriate internal financial control system over financial reporting since the internal controls adopted by the Company did not adequately consider risk assessment, which is one of the essential components of internal control, with regard to the potential for fraud when performing risk assessment, b) [list other deficiencies identified] A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. In my / our opinion, because of the effects/possible effects of the material weakness/es described above on the achievement of the objectives of the control criteria, the Company has not maintained adequate and effective internal financial controls over financial reporting as of March 31, 20X1, based on ______ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. I / We have considered the material weakness/es identified and reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the March 31, 20X1 standalone financial statements of the Company, and the / these material weakness/es does not / do not affect my / our opinion on the standalone financial statements of the Company. For XYZ & ASSOCIATES Chartered Accountants (Firm’s Registration No.______) Signature (Name of the Member Signing the Audit Report) (Designation) (Membership No. XXXXX) Place: Date: 1002 Audit of Internal Financial Controls Example 3 – Separate Reports The following is an example of separate modified (disclaimer) audit report for an audit of internal financial controls over financial reporting with / without impact on audit opinion on the standalone financial statements. This report is not authoritative but is intended only to be a guide that may be used in conjunction with the considerations outlined in this Guidance Note and SA 700 “Forming an Opinion and Reporting on Financial Statements”. The report is also not an exhaustive report which includes all aspect of reporting by the auditor under Sub- sections 2 and 3 of Section 143 of the Companies Act, 2013. It will need to be varied according to individual requirements and circumstances. *** ANNEXURE TO THE INDEPENDENT AUDITOR’S REPORT OF EVEN DATE ON THE STANDALONE FINANCIAL STATEMENTS OF ABC COMPANY LIMITED Report on the Internal Financial Controls under Clause (i) of Sub- section 3 of Section 143 of the Companies Act, 2013 (“the Act”) I / We were engaged to audit the internal financial controls over financial reporting of ABC Company Limited (“the Company”) as of March 31, 20X1 in conjunction with my / our audit of the financial statements of the Company for the year ended on that date. Management’s Responsibility for Internal Financial Controls The Company’s management is responsible for establishing and maintaining internal financial controls based on [……………….for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. These responsibilities include the design, implementation and maintenance of adequate internal financial controls that were operating effectively for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Companies Act, 2013. Auditors’ Responsibility My / Our responsibility is to express an opinion on the Company's internal financial controls over financial reporting based on my/our audit conducted in 1003 Handbook of Auditing Pronouncements-II accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (the “Guidance Note”) and the Standards on Auditing, to the extent applicable to an audit of internal financial controls, both issued by the Institute of Chartered Accountants of India. Because of the matter described in Disclaimer of Opinion paragraph below, I / we was / were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion on internal financial controls system over financial reporting of the Company. Meaning of Internal Financial Controls Over Financial Reporting A company's internal financial control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Disclaimer of Opinion Scenario 1 – Framework for internal financial control over financial reporting not established but does not impact the audit opinion on financial statements According to the information and explanation given to us, the Company has not established its internal financial control over financial reporting on criteria based on or considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India. Because of this reason, we are unable to obtain sufficient appropriate audit evidence to provide a basis for my / our opinion whether the Company had adequate internal financial controls over financial reporting and whether such internal financial controls were operating effectively as at March 31, 20X1. 1004 Audit of Internal Financial Controls I / We have considered the disclaimer reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the standalone financial statements of the Company, and the disclaimer does not affect my / our opinion on the standalone financial statements of the Company. Scenario 2 – Auditor unable to obtain sufficient appropriate audit evidence on internal financial controls over financial reporting but does not impact audit opinion on the financial statements The system of internal financial controls over financial reporting with regard to one of the significant branches of the Company at _____ were not made available to me / us to enable me / us to determine if the Company has established adequate internal financial control over financial reporting at the aforesaid branch and whether such internal financial controls were operating effectively as at March 31, 20X1. I / We have considered the disclaimer reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the financial statements of the Company, and the disclaimer does not affect my / our opinion on the financial statements of the Company. Scenario 3 – Auditor unable to obtain sufficient appropriate audit evidence on internal financial controls over financial reporting and impacting audit opinion on the financial statements The system of internal financial controls over financial reporting with regard to the Company were not made available to me / us to enable me / us to determine if the Company has established adequate internal financial control over financial reporting and whether such internal financial controls were operating effectively as at March 31, 20X1. I / We have considered the disclaimer reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the standalone financial statements of the Company, and the disclaimer has affected my / our opinion on the financial statements of the standalone Company and I / we have issued a qualified (/ adverse / disclaimer of) opinion on the financial statements. For XYZ & ASSOCIATES Chartered Accountants (Firm Registration No.__________) 1005 Handbook of Auditing Pronouncements-II Signature (Name of the Member Signing the Audit Report) (Designation) (Membership No. XXXXX) Place: Date: 1006 Audit of Internal Financial Controls Example 4 – Separate Reports The following is an example of separate modified (adverse) audit report for an audit of internal financial controls over financial reporting causing a modified report on the standalone financial statements. This report is not authoritative but is intended only to be a guide that may be used in conjunction with the considerations outlined in this Guidance Note and SA 700 “Forming an Opinion and Reporting on Financial Statements”. The report is also not an exhaustive report which includes all aspect of reporting by the auditor under Sub-sections 2 and 3 of Section 143 of the Companies Act, 2013. It will need to be varied according to individual requirements and circumstances. *** ANNEXURE TO THE INDEPENDENT AUDITOR’S REPORT OF EVEN DATE ON THE STANDALONE FINANCIAL STATEMENTS OF ABC COMPANY LIMITED Report on the Internal Financial Controls under Clause (i) of Sub- section 3 of Section 143 of the Companies Act, 2013 (“the Act”) I / We have audited the internal financial controls over financial reporting of ABC Company Limited (“the Company”) as of March 31, 20X1 in conjunction with my / our audit of the financial statements of the Company for the year ended on that date Management’s Responsibility for Internal Financial Controls The Company’s management is responsible for establishing and maintaining internal financial controls based on _____ [for example “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. These responsibilities include the design, implementation and maintenance of adequate internal financial controls that were operating effectively for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Companies Act, 2013. Auditors’ Responsibility My / Our responsibility is to express an opinion on the Company's internal financial controls over financial reporting based on my/our audit. I/We conducted our audit in accordance with the Guidance Note on Audit of Internal Financial 1007 Handbook of Auditing Pronouncements-II Controls Over Financial Reporting (the “Guidance Note”) and the Standards on Auditing, to the extent applicable to an audit of internal financial controls, both issued by the Institute of Chartered Accountants of India. Those Standards and the Guidance Note require that I / we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether adequate internal financial controls over financial reporting was established and maintained and if such controls operated effectively in all material respects. My / Our audit involves performing procedures to obtain audit evidence about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness. My / Our audit of internal financial controls over financial reporting included obtaining an understanding of internal financial controls over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. The procedures selected depend on the auditor’s judgement, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. I / We believe that the audit evidence I / we have obtained is sufficient and appropriate to provide a basis for my / our adverse audit opinion on the Company’s internal financial controls system over financial reporting. Meaning of Internal Financial Controls Over Financial Reporting A company's internal financial control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Inherent Limitations of Internal Financial Controls Over Financial Reporting Because of the inherent limitations of internal financial controls over financial reporting, including the possibility of collusion or improper management override 1008 Audit of Internal Financial Controls of controls, material misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal financial controls over financial reporting to future periods are subject to the risk that the internal financial control over financial reporting may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Adverse Opinion According to the information and explanations given to me / us and based on my / our audit, the following material weakness/es has / have been identified as at March 31, 20X1: (a) The Company did not have appropriate internal controls for reconciliation of physically inventory with the inventory records, which has resulted in misstatement of inventory values in the books of account. (b) [list other deficiencies identified] A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. In my / our opinion, because of the effect of the material weakness/es described above on the achievement of the objectives of the control criteria, the Company has not maintained adequate and effective internal financial controls over financial reporting as of March 31, 20X1, based on ______ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”. I / We have considered the material weakness/es identified and reported above in determining the nature, timing, and extent of audit tests applied in my / our audit of the March 31, 20X1 standalone financial statements of the Company, and the / these material weakness/es has / have affected my / our opinion on the standalone financial statements of the Company and I / we have issued a qualified (/ adverse / disclaimer of) opinion on the standalone financial statements. For XYZ & ASSOCIATES Chartered Accountants 1009 Handbook of Auditing Pronouncements-II (Firm Registration No.______) Signature (Name of the Member Signing the Audit Report) (Designation) (Membership No. XXXXX) Place: Date: 1010 Audit of Internal Financial Controls Example 5 – Separate Report in case of Consolidated Financial Statements Note: The following illustrative format is based on the assumptions that • The Group has: o Certain components which have been audited by auditor/s other than the Principal Auditor and such component/s is/ are material to the consolidated financial statements of the Group. The auditors of such components which are Indian companies, have submitted report on section 143(3)(i) of the Companies Act, 2013. o Certain components which are unaudited and such component/s is/ are not material to the consolidated financial statements of the Group. • The independent auditor of Consolidated Financial Statements o Gives a clean opinion in respect of section 143(3)(i) of the Companies Act, 2013 o Discloses the aforementioned facts about the Components in the “Other Matters” Paragraph in accordance with the Announcement issued by the Auditing and Assurance Standards Board under the authority of the Council of ICAI in February 2014. .......................................................................................................... Illustrative Report on Internal Financial Controls Over Financial Reporting in the case of Consolidated financial statements (Referred to in paragraphs 157 - 164) The following is an example of unmodified audit report for an audit of internal financial controls over financial reporting in the case of consolidated financial statements. This report is not authoritative but is intended only to be a guide that may be used in conjunction with the considerations outlined in this Guidance Note and SA 700 “Forming an Opinion and Reporting on financial Statements”. The report is also not an exhaustive report which includes all aspect of reporting by the auditor under Sub-sections 2 and 3 of Section 143 of the Companies Act, 2013. It will need to be varied according to individual requirements and circumstances. *** 1011 Handbook of Auditing Pronouncements-II ANNEXURE TO THE INDEPENDENT AUDITOR’S REPORT OF EVEN DATE ON THE CONSOLIDATED FINANCIAL STATEMENTS OF ABC COMPANY LIMITED Report on the Internal Financial Controls under Clause (i) of Sub-section 3 of Section 143 of the Companies Act, 2013 (“the Act”) In conjunction with my / our audit of the consolidated financial statements of the Company as of and for the year ended March 31, 20X1, I / We have audited the internal financial controls over financial reporting of ABC Company Limited (hereinafter referred to as “the Holding Company”) and its subsidiary companies, its associate companies and jointly controlled companies, which are companies incorporated in India, as of that date. Management’s Responsibility for Internal Financial Controls The respective Board of Directors of the of the Holding company, its subsidiary companies, its associate companies and jointly controlled companies, which are companies incorporated in India, are responsible for establishing and maintaining internal financial controls based on _____ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India (ICAI)”.] These responsibilities include the design, implementation and maintenance of adequate internal financial controls that were operating effectively for ensuring the orderly and efficient conduct of its business, including adherence to the respective company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Companies Act, 2013. Auditor’s Responsibility My / Our responsibility is to express an opinion on the Company's internal financial controls over financial reporting based on my / our audit. I / We conducted my / our audit in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (the “Guidance Note”) issued by the ICAI and the Standards on Auditing, issued by ICAI and deemed to be prescribed under section 143(10) of the Companies Act, 2013, to the extent applicable to an audit of internal financial controls, both issued by the Institute of Chartered Accountants of India. Those Standards and the Guidance Note require that I/we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether adequate internal financial controls 1012 Audit of Internal Financial Controls over financial reporting was established and maintained and if such controls operated effectively in all material respects. My / Our audit involves performing procedures to obtain audit evidence about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness. My / Our audit of internal financial controls over financial reporting included obtaining an understanding of internal financial controls over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. The procedures selected depend on the auditor’s judgement, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. I / We believe that the audit evidence I / we have obtained and the audit evidence obtained by the other auditors in terms of their reports referred to in the Other Matters paragraph below, is sufficient and appropriate to provide a basis for my /our audit opinion on the Company’s internal financial controls system over financial reporting. Meaning of Internal Financial Controls Over Financial Reporting A company's internal financial control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Inherent Limitations of Internal Financial Controls Over Financial Reporting Because of the inherent limitations of internal financial controls over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal financial controls over financial reporting to future periods are subject to the risk that the internal financial control over financial reporting may become inadequate because of 1013 Handbook of Auditing Pronouncements-II changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Opinion In my / our opinion, the Holding Company, its subsidiary companies, its associate companies and jointly controlled companies, which are companies incorporated in India, have, in all material respects, an adequate internal financial controls system over financial reporting and such internal financial controls over financial reporting were operating effectively as at March 31, 20X1, based on ______ [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”]. Other Matters Our aforesaid reports under Section 143(3)(i) of the Act on the adequacy and operating effectiveness of the internal financial controls over financial reporting insofar as it relates to __(number) subsidiary companies, __(number) associate companies and __(number) jointly controlled companies, which are companies incorporated in India, is based on the corresponding reports of the auditors of such companies incorporated in India. For XYZ & ASSOCIATES Chartered Accountants (Firm‘s Registration No.______) Signature (Name of the Member Signing the Audit Report) (Designation) (Membership No. XXXXX) Place: Date: 1014 Audit of Internal Financial Controls Appendix IV* Illustrative Risks of Material Misstatement, Related Control Objectives and Control Activities (Referred to in paragraphs 77 and 100) Standard on Auditing (SA) 315 requires understanding of the entity in order to identify and respond to the risks of material misstatement in the financial statements. In doing so, auditors focus their risk-assessment process on the classes of transactions; account balances, including transaction types within account balances; and disclosures that are material and, thus, have a reasonable possibility of containing a misstatement that, individually or when aggregated with others, has a material effect on the financial statements. The determination of whether a class of transactions, account balance, or disclosure is material is a matter of professional judgment that takes into account quantitative and qualitative factors and is made without regard to the effectiveness of controls. Once the material classes of transactions, account balances, and disclosures [significant accounts and disclosures] are identified, one needs to identify and assess the risks of material misstatement at the financial-statement level and the assertion level for those classes of transactions, account balances, and disclosures. Following the identification of risks of material misstatement, one has to identify relevant controls that may address the risks of material misstatement that are responsive to the risks of material misstatement and the related assertion. This appendix has been developed to provide guidance and examples to assist in identifying risks of material misstatement at the assertion level and relevant controls that may address the applicable risks of material misstatement. For each class of transactions and account balance, risks of material misstatement and relevant controls are divided into two categories: “Core Risks and Controls,” which may be applicable for normal risks of material misstatement on most entities, and “Other Possible Risks and Controls,” which may or may not be applicable. The risks of material misstatement included in this appendix are illustrative only and are intended to provide examples of common risks. As a result, the risks of material misstatement are described using generic terminology. It is critical that users identify the risks of material misstatement that are relevant to the entity based on professional judgment and not rely solely on the risks of material * The complete Appendix IV is given in CD along with this Guidance Note. 1015 Handbook of Auditing Pronouncements-II misstatement provided in this appendix. Additionally, when the risk of material misstatement is considered significant, further tailoring or complete customisation is often appropriate. The Example Controls included in this appendix are illustrative only and are intended to provide examples of controls that may address the relevant risks of material misstatement. Actual controls in place at the entity that address the relevant risks of material misstatement may and often do differ; thus, the Example Controls may (1) require some degree of tailoring to describe the control more specifically or (2) be replaced entirely by a control in place at the entity that addresses the risk of material misstatement. Users who use this appendix should not interpret the existence of more than one Example Control to indicate that all controls would need to be tested to address the risk of material misstatement. It is critical that practitioners identify the actual controls in place at the entity that address the risks of material misstatement and not rely solely on the Example Controls provided in this appendix. This appendix will assist in the identification of relevant controls that may address the applicable risks of material misstatement. This includes specific application or general IT controls. This appendix also illustrates the risk of material misstatement and the control related to the risk that is likely to be reflected in the Other Affected Accounts. Material classes of transactions or account balances relevant to the entity may not be included in this appendix. Therefore, it is critical that users identify the relevant transaction types for each material class of transaction, account balance, and disclosure for the specific circumstances of the entity. Certain example controls illustrated in this appendix may use computer- generated information as source data. Users should consider the controls related to this computer-generated information and tailor the control description accordingly. Certain example controls involve an application control. Users should identify specific controls at the entity related to application controls and tailor the control description accordingly. Certain reports relevant to example controls may be electronically generated by an ERP system. If such reports are generated from an ERP system, users should consider the controls related to this computer-generated information and tailor the control description accordingly. Illustrative list of Risks of Material Misstatement - Control Objectives - Control Activities and illustrative work paper templates for testing controls 1016 Audit of Internal Financial Controls have been provided in a CD along with this Guidance Note for the following account balances and processes: 1. Cash/Bank Balances 2. Prepaid Expenses 3. Trade Receivables 4. Inventory 5. Fixed Assets 6. Goodwill and Intangible Assets 7. Trade payables 8. Provision for expenses 9. Loans/Borrowings 10. Employee Benefits 11. Income Taxes 12. Deferred Taxes 13. Provision for Income taxes/Advance Income taxes 14. Share Capital 15. Revenue from Operations 16. Cost of Sales 17. Depreciation/ Amortisation and Other Expenses 18. Finance Cost 19. Journal Entries 20. Financial Reporting 1017 Handbook of Auditing Pronouncements-II Appendix V Examples of Control Deficiencies (Referred to in paragraph IG 20) (Depending on severity could also be significant deficiencies and material weaknesses) Examples of Deficiencies in the Design of Controls • Inadequate design of internal control over the preparation of the financial statements being audited. • Inadequate design of internal control over a significant account or process. • Inadequate documentation of the components of internal control. • Insufficient control consciousness within the organization, for example, the tone at the top and the control environment. • Absent or inadequate segregation of duties within a significant account or process. • Absent or inadequate controls over the safeguarding of assets (this applies to controls that the auditor determines would be necessary for effective internal control over financial reporting). • Inadequate design of information technology (IT) general and application controls that prevent the information system from providing complete and accurate information consistent with financial reporting objectives and current needs. • Employees or management who lack the qualifications and training to fulfill their assigned functions. For example, in an entity that prepares financial statements in accordance with generally accepted accounting principles, the person responsible for the accounting and reporting function lacks the skills and knowledge to apply generally accepted accounting principles in recording the entity’s financial transactions or preparing its financial statements. • Inadequate design of monitoring controls used to assess the design and operating effectiveness of the entity’s internal control over time. • The absence of an internal process to report deficiencies in internal control to management on a timely basis. Examples of Failures in the Operation of Internal Control • Failure in the operation of effectively designed controls over a significant account or process, for example, the failure of a control 1018 Audit of Internal Financial Controls such as dual authorization for significant disbursements within the purchasing process. • Failure of the information and communication component of internal control to provide complete and accurate output because of deficiencies in timeliness, completeness, or accuracy, for example, the failure to obtain timely and accurate consolidating information from remote locations that is needed to prepare the financial statements. • Failure of controls designed to safeguard assets from loss, damage, or misappropriation. This circumstance may need careful consideration before it is evaluated as a significant deficiency or material weakness. For example, assume that a company uses security devices to safeguard its inventory (preventive controls) and also performs periodic physical inventory counts (detective control) timely in relation to its financial reporting. Although the physical inventory count does not safeguard the inventory from theft or loss, it prevents a material misstatement of the financial statements if performed effectively and timely. Therefore, given that the definitions of material weakness and significant deficiency relate to likelihood of misstatement of the financial statements, the failure of a preventive control such as inventory tags will not result in a significant deficiency or material weakness if the detective control (physical inventory) prevents a misstatement of the financial statements. Material weaknesses relating to controls over the safeguarding of assets would only exist if the company does not have effective controls (considering both safeguarding and other controls) to prevent or detect a material misstatement of the financial statements. • Failure to perform reconciliations of significant accounts. For example, accounts receivable subsidiary ledgers are not reconciled to the general ledger account in a timely or accurate manner. • Undue bias or lack of objectivity by those responsible for accounting decisions, for example, consistent understatement of expenses or overstatement of allowances at the direction of management. • Misrepresentation by client personnel to the auditor (an indicator of fraud). • Management override of controls. • Failure of an application control caused by a deficiency in the design or operation of an IT general control. 1019 Handbook of Auditing Pronouncements-II Examples of Significant Deficiencies Deficiencies in the following areas ordinarily are at least significant deficiencies in internal control: • Controls over the selection and application of accounting principles that are in conformity with generally accepted accounting principles. Having sufficient expertise in selecting and applying accounting principles is an aspect of such controls. • Antifraud programs and controls. • Controls over non-routine and non-systematic transactions. • Controls over the period end financial reporting process, including controls over procedures used to enter transaction totals into the general ledger; initiate, authorize, record, and process journal entries into the general ledger; and record recurring and non-recurring adjustments to the financial statements. Examples of Material Weaknesses Each of the following is an indicator of a control deficiency that should be regarded as at least a significant deficiency and a strong indicator of a material weakness in internal control: • Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance. • Restatement of previously issued financial statements to reflect the correction of a material misstatement. (The correction of a misstatement includes misstatements due to error or fraud; it does not include restatements to reflect a change in accounting principle to comply with a new accounting principle or a voluntary change from one generally accepted accounting principle to another generally accepted accounting principle.) • Identification by the auditor of a material misstatement in the financial statements for the period under audit that was not initially identified by the entity’s internal control. • This includes misstatements involving estimation and judgment for which the auditor identifies likely material adjustments and corrections of the recorded amounts. (This is a strong indicator of a material weakness even if management subsequently corrects the misstatement.) 1020 Audit of Internal Financial Controls • An ineffective internal audit function or risk assessment function at an entity for which such functions are important to the monitoring or risk assessment component of internal control, such as for very large or highly complex entities. • For complex entities in highly regulated industries, an ineffective regulatory compliance function. This relates solely to those aspects of the ineffective regulatory compliance function for which associated violations of laws and regulations could have a material effect on the reliability of financial reporting. • Identification of fraud of any magnitude on the part of senior management. (The auditor has a responsibility to plan and perform procedures to obtain reasonable assurance about whether the financial statements are free of material misstatement caused by error or fraud. However, for the purposes of evaluating and communicating deficiencies in internal control, the auditor should evaluate fraud of any magnitude including fraud resulting in immaterial misstatements on the part of senior management, of which he or she is aware.) • Failure by management or those charged with governance to assess the effect of a significant deficiency previously communicated to them and either correct it or conclude that it will not be corrected. • An ineffective control environment. Control deficiencies in various other components of internal control could lead the auditor to conclude that a significant deficiency or material weakness exists in the control environment. 1021 Handbook of Auditing Pronouncements-II Appendix VI (Referred to in Paragraph IG 14) Standard on Internal Audit (SIA) 5 - Sampling* Contents Paragraph(s) Introduction ..................... ................................................................................. 1-2 Definitions.............. ...................... ..................................................................... 3-9 Use of Sampling in Risk Assessment Procedures and Tests of Controls ........ ...................... ........................................................... 10-12 Design of the Sample.... ...................... ..........................................................13-19 Sample Size ................. ...................... ......................................................... 20-21 Statistical and Non-Statistical Approaches ......... ....................... .................. 22-26 Selection of the Sample ..................... ....................... ................................... 27-28 Evaluation of Sample Results ........ ....................... ....................................... 29-38 Documentation ............................. ...................... ...............................................39 Effective Date ............................... ...................... ...............................................40 Examples of Factors Influencing Sample Size for Tests of Controls Examples of Factors Influencing Sample Size for Tests of Details (TOD) Methods of Sample Selection Frequency of Control Activity and Sample Size The following is the text of the Standard on Internal Audit (SIA) 5, Sampling, issued by the Council of the Institute of Chartered Accountants of India. These Standards should be read in conjunction with the Preface to the Standards on Internal Audit, issued by the Institute. In terms of the decision of the Council of the Institute of Chartered Accountants of India taken at its 260th meeting held in June 2006, the following Standard on Internal Audit shall be recommendatory in nature in the initial period. The Standards shall become mandatory from such date as notified by the Council. * Published in the October 2008 issue of The Chartered Accountant. 1022 Audit of Internal Financial Controls Introduction 1. The purpose of this Standard on Internal Audit (SIA) is to establish standards on the design and selection of an audit sample and provide guidance on the use of audit sampling in internal audit engagements. The SIA also deals with the evaluation of the sample results. This SIA applies equally to both statistical and non-statistical sampling methods. Either method, when properly applied, can provide sufficient appropriate audit evidence. 2. When using either statistical or non-statistical sampling methods, the internal auditor should design and select an audit sample, perform audit procedures thereon, and evaluate sample results so as to provide sufficient appropriate audit evidence to meet the objectives of the internal audit engagement unless otherwise specified by the client. Definitions 3. "Audit sampling" means the application of audit procedures to less than 100% of the items within an account balance or class of transactions to enable the internal auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form a conclusion concerning the population. Certain testing procedures, however, do not come within the definition of sampling. Tests performed on 100% of the items within a population do not involve sampling. Likewise, applying internal audit procedures to all items within a population which have a particular characteristic (for example, all items over a certain amount) does not qualify as audit sampling with respect to the portion of the population examined, nor with regard to the population as a whole, since the items were not selected from the total population on a basis that was expected to be representative. Such items might imply some characteristic of the remaining portion of the population but would not necessarily be the basis for a valid conclusion about the remaining portion of the population. 4. “Error” means either control deviations when performing tests of controls, or misstatements, when performing tests of details. 5. “Population’’ means the entire set of data from which the sample is selected and about which the internal auditor wishes to draw conclusions. A population may be divided into various strata, or subpopulations, with each stratum being examined separately. 6. “Sampling risk‘” means the risk that from the possibility that the internal auditor’s conclusions, based on examination of a sample may be different from the conclusion reached if the entire population was subjected to the same types of internal audit procedure. The two types of sampling risk are – 1023 Handbook of Auditing Pronouncements-II (a) The risk that the internal auditor concludes, in the case of tests of controls (TOC), that controls are more effective than they actually are, or in the case of tests of details (TOD), that a material error or misstatement does not exist when in fact it does. (b) The risk that the internal auditor concludes, in the case of tests of controls (TOC), that controls are less effective than they actually are, or in the case of tests of details (TOD), that a material error or misstatement exists when in fact it does not. The mathematical complements of these risks are termed confidence levels. 7. “Sampling unit” means the individual items or units constituting a population, for example, credit entries in bank statements, sales invoices or debtors’ balances. 8. “Statistical sampling” means any approach to sampling procedure which has the following characteristics – (a) Random selection of a sample; and (b) Use of theory of probability to evaluate sample results, including measurement of sampling risk. 9. “Tolerable error” means the maximum error in a population that the internal auditor is willing to accept. Use of Sampling in Risk Assessment Procedures and Tests of Controls 10. The internal auditor performs risk assessment procedures to obtain an understanding of the entity, business and its environment, including the mechanism of its internal control. Ordinarily, risk assessment procedures do not involve the use of sampling. However, there are cases, where the internal auditor often plans and performs tests of controls concurrently with obtaining an understanding of the design of controls and examining whether they have been implemented. 11. Tests of controls are performed when the internal auditor‘s risk assessment includes an expectation of the operating effectiveness of controls. Sampling of tests of controls is appropriate when application of the control leaves audit evidence of performance (for example, initials of the credit manager on a sales invoice indicating formal credit approval). 12. Sampling risk can be reduced by increasing sample size for both tests of controls and tests of details. Non-sampling risk can be reduced by proper engagement planning, supervision, monitoring and review. 1024 Audit of Internal Financial Controls Design of the Sample 13. When designing an audit sample, the internal auditor should consider the specific audit objectives, the population from which the internal auditor wishes to sample, and the sample size. Internal Audit Objectives 14. The internal auditor would first consider the specific audit objectives to be achieved and the internal audit procedures which are likely to best achieve those objectives. In addition, when internal audit sampling is appropriate, consideration of the nature of the audit evidence sought and possible error conditions or other characteristics relating to that audit evidence will assist the internal auditor in defining what constitutes an error and what population to use for sampling. For example, when performing tests of controls over an entity's purchasing procedures, the internal auditor will be concerned with matters such as whether an invoice was clerically checked and properly approved. On the other hand, when performing substantive procedures on invoices processed during the period, the internal auditor will be concerned with matters such as the proper reflection of the monetary amounts of such invoices in the periodic financial statements. When performing tests of controls, the internal auditor makes an assessment of the rate of error the internal auditor expects to find in the population to be tested. This assessment is on the basis of the internal auditor’s understanding of the design of the relevant controls, and whether they have actually been implemented or the examination of a small number of items from the population. Population 15. The population is the entire set of data from which the internal auditor wishes to sample in order to reach a conclusion. The internal auditor will need to determine that the population from which the sample is drawn is appropriate for the specific audit objective. For example, if the internal auditor's objective were to test for overstatement of accounts receivable, the population could be defined as the accounts receivable listing. On the other hand, when testing for understatement of accounts payable, the population would not be the accounts payable listing, but rather subsequent disbursements, unpaid invoices, suppliers' statements, unmatched receiving reports, or other populations that would provide audit evidence of understatement of accounts payable. 16. The individual items that make up the population are known as sampling units. The population can be divided into sampling units in a variety of ways. For example, if the internal auditor's objective were to test the validity of accounts receivables, the sampling unit could be defined as customer balances or individual customer invoices. The internal auditor defines the sampling unit in 1025 Handbook of Auditing Pronouncements-II order to obtain an efficient and effective sample to achieve the particular audit objectives. 17. It is important for the internal auditor to ensure that the population is appropriate to the objective of the internal audit procedure, which will include consideration of the direction of testing. The population also needs to be complete, which means that if the internal auditor intends to use the sample to draw conclusions about whether a control activity operated effectively during the financial reporting period, the population needs to include all relevant items from throughout the entire period. 18. When performing the audit sampling, the internal auditor performs internal audit procedures to ensure that the information upon which the audit sampling is performed is sufficiently complete and accurate. Stratification 19. To assist in the efficient and effective design of the sample, stratification may be appropriate. Stratification is the process of dividing a population into sub- populations, each of which is a group of sampling units, which have similar characteristics (often monetary value). The strata need to be explicitly defined so that each sampling unit can belong to only one stratum. This process reduces the variability of the items within each stratum. Stratification, therefore, enables the internal auditor to direct audit efforts towards the items which, for example, contain the greatest potential monetary error. For example, the internal auditor may direct attention to larger value items for accounts receivable to detect overstated material misstatements. In addition, stratification may result in a smaller sample size. Sample Size 20. When determining the sample size, the internal auditor should consider sampling risk, the tolerable error, and the expected error. The lower the risk that the internal auditor is willing to accept, the greater the sample size needs to be. Examples of some factors affecting sample size are contained in Appendix 1 and Appendix 2 to the Standard. 21. The sample size can be determined by the application of a statistically based formula or through exercise of professional judgment applied objectively to the circumstances of the particular internal audit engagement. Statistical and Non-Statistical Approaches 22. The decision of using either statistical or non-statistical sampling approach is a matter for the internal auditor’s professional judgment. In the case of tests of controls, the internal auditor’s analysis of the nature and cause of 1026 Audit of Internal Financial Controls errors will often be of more importance than the statistical analysis of the mere presence or absence of errors. In such case, non-statistical sampling approach may be preferred. 23. When applying statistical sampling, sample size may be ascertained using either probability theory or professional judgment. Sample size is a function of several factors. Appendices 1 and 2 discuss some of these factors. Tolerable Error 24. Tolerable error is the maximum error in the population that the internal auditor would be willing to accept and still conclude that the result from the sample has achieved the objective(s) of the internal audit. Tolerable error is considered during the planning stage and, for substantive procedures, is related to the internal auditor's judgement about materiality. The smaller the tolerable error, the greater the sample size will need to be. 25. In tests of controls, the tolerable error is the maximum rate of deviation from a prescribed control procedure that the internal auditor would be willing to accept, based on the preliminary assessment of control risk. In substantive procedures, the tolerable error is the maximum monetary error in an account balance or class of transactions that the internal auditor would be willing to accept so that when the results of all audit procedures are considered, the internal auditor is able to conclude, with reasonable assurance, that the financial statements are not materially misstated. Expected Error 26. If the internal auditor expects error to be present in the population, a larger sample than when no error is expected ordinarily needs to be examined to conclude that the actual error in the population is not greater than the planned tolerable error. Smaller sample sizes are justified when the population is expected to be error free. In determining the expected error in a population, the internal auditor would consider such matters as error levels identified in previous internal audits, changes in the entity's procedures, and evidence available from other procedures. Selection of the Sample 27. The internal auditor should select sample items in such a way that the sample can be expected to be representative of the population. This requires that all items or sampling units in the population have an opportunity of being selected. 28. While there are a number of selection methods, three methods commonly used are: 1027 Handbook of Auditing Pronouncements-II a. Random selection and use of CAATs b. Systematic selection c. Haphazard selection Appendix 3 to the Standard discusses these methods. Evaluation of Sample Results 29. Having carried out, on each sample item, those audit procedures that are appropriate to the particular audit objective, the internal auditor should: (a) analyse the nature and cause of any errors detected in the sample; (b) project the errors found in the sample to the population; (c) reassess the sampling risk; and (d) consider their possible effect on the particular internal audit objective and on other areas of the internal audit engagement. 30. The internal auditor should evaluate the sample results to determine whether the assessment of the relevant characteristics of the population is confirmed or whether it needs to be revised. Analysis of Errors in the Sample 31. In analysing the errors detected in the sample, the internal auditor will first need to determine that an item in question is in fact an error. In designing the sample, the internal auditor will have defined those conditions that constitute an error by reference to the audit objectives. For example, in a substantive procedure relating to the recording of accounts receivable, a mis-posting between customer accounts does not affect the total accounts receivable. Therefore, it may be inappropriate to consider this an error in evaluating the sample results of this particular procedure, even though it may have an effect on other areas of the audit such as the assessment of doubtful accounts. 32. When the expected audit evidence regarding a specific sample item cannot be obtained, the internal auditor may be able to obtain sufficient appropriate audit evidence through performing alternative procedures. For example, if a positive account receivable confirmation has been requested and no reply was received, the internal auditor may be able to obtain sufficient appropriate audit evidence that the receivable is valid by reviewing subsequent payments from the customer. If the internal auditor does not, or is unable to, perform satisfactory alternative procedures, or if the procedures performed do 1028 Audit of Internal Financial Controls not enable the internal auditor to obtain sufficient appropriate audit evidence, the item would be treated as an error. 33. The internal auditor would also consider the qualitative aspects of the errors. These include the nature and cause of the error and the possible effect of the error on other phases of the audit. 34. In analysing the errors discovered, the internal auditor may observe that many have a common feature, for example, type of transaction, location, product line, or period of time. In such circumstances, the internal auditor may decide to identify all items in the population which possess the common feature, thereby producing a sub-population, and extend audit procedures in this area. The internal auditor would then perform a separate analysis based on the items examined for each sub-population. Projection of Errors 35. The internal auditor projects the error results of the sample to the population from which the sample was selected. There are several acceptable methods of projecting error results. However, in all the cases, the method of projection will need to be consistent with the method used to select the sampling unit. When projecting error results, the internal auditor needs to keep in mind the qualitative aspects of the errors found. When the population has been divided into sub-population, the projection of errors is done separately for each sub- population and the results are combined. 36. For tests of controls, no explicit projection of errors is necessary since the sample error rate is also the projected rate of error for the population as a whole. Reassessing Sampling Risk 37. The internal auditor needs to consider whether errors in the population might exceed the tolerable error. To accomplish this, the internal auditor compares the projected population error to the tolerable error taking into account the results of other audit procedures relevant to the specific control or financial statement assertion. The projected population error used for this comparison in the case of substantive procedures is net of adjustments made by the entity. When the projected error exceeds tolerable error, the internal auditor reassesses the sampling risk and if that risk is unacceptable, would consider extending the audit procedure or performing alternative internal audit procedures. 38. If the evaluation of sample results indicate that the assessment of the relevant characteristic of the population needs to be revised, the internal auditor, may: 1029 Handbook of Auditing Pronouncements-II (a) Request management to investigate the identified errors and the potential for any further errors, and to make necessary adjustments, in cases where management prescribes the sample size; and / or (b) Modify the nature, timing and extent of internal audit procedures. In case of tests of controls, the internal auditor might extend the sample size, test an alternative control or modify related substantive procedures; and / or (c) Consider the effect on the Internal Audit Report. Documentation 39. Documentation provides the essential support to the opinion and/ or findings of the internal auditor. In the context of sampling, the internal auditor’s documentation may include aspects such as: i. Relationship between the design of the sample vis-à-vis specific audit objectives, population from which sample is drawn and the sample size. ii. Assessment of the expected rate of error in the population to be tested vis-à-vis auditor’s understanding of the design of the relevant controls iii. Assessment of the sampling risk and the tolerable error. iv. Assessment of the nature and cause of errors. v. Rationale for using a particular sampling technique and results thereof. vi. Analysis of the nature and cause of any errors detected in the sample. vii. Projection of the errors found in the sample to the population. viii. Reassessment of sampling risk, where appropriate. ix. Effect of the sample results on the internal audit’s objective(s). x. Projection of sample results to the characteristics of the population. 1030 Audit of Internal Financial Controls Appendix 1 to SIA 5 – Sampling Examples of Factors Influencing Sample Size for Tests of Controls The following are some factors which the internal auditor considers when determining the sample size required for tests of controls (TOC). These factors need to be considered together assuming the internal auditor does not modify the nature or timing of TOC or otherwise modify the approach to substantive procedures in response to assessed risks. Factor to be considered by Internal Auditor Effect on sample size An increase in the extent to which the risk of material Increase misstatement is reduced by the operating effectiveness of controls An increase in the rate of deviation from the prescribed Decrease control activity that the internal auditor is willing to accept An increase in the rate of deviation from the prescribed Increase control activity that the internal auditor expects to find in the population An increase in the internal auditor’s required confidence Increase level An increase in the number of sampling units in the Negligible effect population Notes – 1. Other things being equal, the more the internal auditor relies on the operating effectiveness of controls in risk assessment, the greater is the extent of the internal auditor’s tests of controls, and hence the sample size is increased. 2. The lower the rate of deviation that the internal auditor is willing to accept, the larger the sample size needs to be. 3. The higher the rate of deviation that the internal auditor expects, the larger the sample size needs to be so as to make a reasonable estimate of the actual rate of deviation. 4. The higher the degree of confidence that the internal auditor requires that the results of the sample are indicative of the actual incidence of errors in the population, the larger the sample size needs to be. 1031 Handbook of Auditing Pronouncements-II 5. For large populations, the actual population size has little effect on sample size. For small populations, sampling is often not as efficient as alternative means of obtaining sufficient appropriate audit evidence. Appendix 2 to SIA 5 - Sampling Examples of Factors Influencing Sample Size for Tests of Details (TOD) The following are some factors which the internal auditor considers when determining the sample size required for tests of details (TOD). These factors need to be considered together assuming the internal auditor does not modify the nature or timing of TOD or otherwise modify the approach to substantive procedures in response to assessed risks. Factor to be considered by Internal Auditor Effect on sample size An increase in the internal auditor’s assessment of the Increase risk of material misstatement An increase in the use of other substantive procedures Decrease by the internal auditor, directed at the same assertion An increase in the total error that the internal auditor is Decrease willing to accept (Tolerable Error) Stratification of the population when appropriate Decrease An increase in the amount of error which the internal Increase auditor expects to find in the Population An increase in the internal auditor’s required confidence Increase level The number of sampling units in the population Negligible effect Appendix 3 to SIA 5 - Sampling Methods of Sample Selection The principal methods of sample selection are as – 1. Using a computerised random number generator or through random number tables. 2. Systematic selection – In this method, the number of sampling units in the population is divided by the sample size to give a sampling interval, for 1032 Audit of Internal Financial Controls example 20, and having thus determined a starting point within the first 20, each 20th sampling unit thereafter is selected. Although the starting point may be haphazardly determined, the sample is likely to be truly random if the same is determined by using a computerised random number generator or random number tables. In this method, the internal auditor would need to determine that sampling units within the population are not structured in such a way that the sampling interval corresponds with any particular pattern within the population. 3. Haphazard selection – In this method, the internal auditor selects the sample without following any structured technique. The internal auditor should attempt to ensure that all items within the population have a chance of selection, without having any conscious bias or predictability. This method is not appropriate when using statistical sampling technique. 4. Block selection – This method involves selection of a block(s) of adjacent or contiguous items from within the population. Block selection normally cannot be used in internal audit sampling because most populations are structured in such a manner that items forming a sequence can be expected to have similar characteristics to each other, but different characteristics from items elsewhere in the population. This method would not be an appropriate sample selection technique when the internal auditor intends to draw valid inferences about the entire population, based on the sample. Appendix 4 to SIA 5 - Sampling Frequency of Control Activity and Sample Size The following guidance related to the frequency of the performance of control may be considered when planning the extent of tests of operating effectiveness of manual controls for which control deviations are not expected to be found. The internal auditor may determine the appropriate number of control occurrences to test based on the following minimum sample size for the frequency of the control activity dependant on whether assessment has been made on a lower or higher risk of failure of the control. Frequency of control activity Minimum sample size Risk of failure Lower Higher Annual 1 1 Quarterly (including period- end, i.e., +1) 1+1 1+1 Monthly 2 3 1033 Handbook of Auditing Pronouncements-II Weekly 5 8 Daily 15 25 Recurring manual control (multiple times 25 40 per day) Note: Although +1 is used to indicate that the period–end control is tested, this does not mean that for more frequent control operations the year-end operation cannot be tested. 1034