NFRA penalises and debarred auditor for lapses in DHFL audit

Introduction: The National Financial Reporting Authority (NFRA) has issued Order No. 63/2023 under Section 132(4) of the Companies Act, 2013, concerning CA Jignesh Mehta (ICAI Membership No. 102749). The order addresses significant lapses in the statutory audit of Dewan Housing Finance Corporation Limited (DHFL) for the Financial Year 2017-18 by M/s Chaturvedi & Shah LLP. This detailed analysis covers the key sections of the order.

A. Executive Summary: The order outlines the background, legal matters, major audit lapses, charges of professional misconduct, and the sanctions imposed on CA Jignesh Mehta. The EP’s failure to meet audit requirements and violations of the Companies Act and Standards on Auditing (SA) are highlighted.

B. Introduction and Background: Media reports in January 2019 revealed alleged siphoning by DHFL directors. NFRA initiated an Audit Quality Review, leading to the issuance of a Show Cause Notice (SCN) to CA Jignesh Mehta. The EP’s inadequacies in discharging professional duties and prima facie violations of the Companies Act and SAs prompted the SCN.

C. Preliminary Legal Matters: The EP’s detailed submissions were examined, revealing failures in significant areas of the audit. The order concludes that the EP was grossly negligent, lacking professional skepticism, and failing in due diligence.

D. Major Lapses in the Audit: Several critical areas of audit were identified where the EP exhibited gross negligence. Failure to complete branch audits, material misstatements in financial statements, non-consolidation of subsidiary financials, and inadequate assessment of risks are among the highlighted lapses.

E. Articles of Charges of Professional Misconduct: The EP’s failure to comply with SA requirements, identify deficiencies in internal controls, verify related party transactions, assess internal financial controls, and issue a baseless audit report on ICFR are outlined. These failures resulted in a baseless audit opinion, violating multiple SA provisions.

F. Sanctions and Penalties: CA Jignesh Mehta is found guilty of professional misconduct. The order imposes a monetary penalty of Rs. 5 Lakh and debarment for 10 years from being appointed as an auditor or undertaking any audit-related functions.

Conclusion: The NFRA Order holds CA Jignesh Mehta accountable for significant lapses in the DHFL audit, imposing monetary penalties and a 10-year debarment. The sanctions aim to reinforce accountability and adherence to professional standards under the Companies Act, 2013.

Government of India
National Financial Reporting Authority
*****
7th Floor, Hindustan Times House,
Kasturba Gandhi Marg, New Delhi

Order No. 63/2023 Date: 05.12.2023

Order under Section 132 (4) of the Companies Act, 2013 in respect of CA Jignesh Mehta (ICAI Membership No. 102749)

This Order disposes of the Show Cause Notice (SCN) dated 29.09.2021, issued to CA Jignesh Mehta, Partner of M/s Chaturvedi & Shah LLP, (C&S), who is a Member of the Institute of Chartered Accountants of India (ICAI Membership No. 102749) and was the Engagement Partner (EP) for the statutory audit of Dewan Housing Finance Corporation Limited (DHFL), a housing finance company listed on both, Bombay Stock Exchange (BSE) and National Stock Exchange (NSE), for the Financial Year 2017-18. This Order is divided into the following sections:

A. Executive Summary

B. Introduction and Background

C. Preliminary Legal Matters

D. Major Lapses in the Audit

E. Articles of Charges of Professional Misconduct

F. Sanctions and Penalties

EXECUTIVE SUMMARY

1. In January 2019, some media reports brought to light the alleged siphoning by the directors of DHFL of around 231000 crore of public money. NFRA, pursuant to the duty cast upon it under Section 132 (2) (b) of the Companies Act, 2013 (the Act, hereafter) and Rule 8 of the NFRA Rules, 2018, took up the Audit Quality Review of the Statutory Audit of DHFL for the Financial Year 2017-18 carried out by C&S. Based on the extensive review of audit documentation, NFRA came to the prima facie view that the EP had not discharged his professional duties in accordance with the Act as well as the Standards on Auditing (SA, hereafter). Consequently, an SCN was issued to the EP asking him to show cause why action under Section 132 (4) of the Act should not be initiated against him for professional misconduct.

2. After examining his detailed written submissions, this Order concludes that the EP failed to meet the relevant requirements of the SAs and violated the Act in respect of several significant areas of audit. In the areas of the audit identified in this Order, the EP was found to be grossly negligent and failed to apply professional skepticism and due diligence sufficiently and adequately to challenge the management assertions.

3. DHFL operates through a network of around 250 branches across various states in India. C&S was appointed as the company’s statutory auditor, including its zonal/ regional and branch offices, in the 32^nd Annual General Meeting (AGM) for five years from FY 2016­17. The 33rd AGM ratified the said appointment for FY 2017-18. The EP, in his Independent Auditor’s Report to the members of DHFL, has, inter alia, stated that the reports on the accounts of the branch offices of the Company audited under Section 143 (8) of the Act by branch auditors have been properly dealt with by him in preparing the audit report. The audit report also stated that the audited financial statements incorporated the Returns for the year ended on that date audited by the branch auditors of the Company’s branches/offices at 250 locations. However, there is no evidence in the Audit File to establish the existence of legal appointment of any branch auditor by the AGM of the Company and that C&S has carried out the audit of the entire company including all its 250 branches. In total dereliction of his duty, the EP relied on the illegally appointed branch auditor’s reports, which were made in violation of SAs.

4. The EP failed to discharge his statutory duty of completing the branch audits, which was the key requirement of the Act in the completion of the audit of the Company’s Financial Statements for the year 2017-18. In the absence of the audit of the branches, the Independent Auditor’s opinion on the financial statements of 2017-18 is incomplete and invalid and, therefore, void ab initio.

5. In FY 2016-17, DHFL incorporated a wholly owned subsidiary, DHFL Investments Limited by investing around 2100 crore in equity share capital. On March 31, 2017, DHFL sold its entire stake in DHFL Pramerica Life Insurance Company Limited to DHFL Investments Limited at a fair market value of 22000.50 crore. This transaction added 21969.43 crore to DHFL’s profits. The DHFL Investments funded the investment through the issue of Compulsorily Convertible Debentures (CCD) of 21901 crore to Wadhawan Global Capital Pvt. Ltd. (WGC), a promoter entity of the DHFL. WGC pledged these CCDs for borrowing around Z1900 crore through debentures from external sources. Despite DHFL Investments Limited being a 100% subsidiary, DHFL did not consolidate the financial statements of the subsidiary. Had it been consolidated, the liabilities of DHFL would have been higher by 21901 crore with a corresponding reduction in net worth. The EP did not report this material misstatement in the Consolidated Financial Statements.

6. DHFL was regulated by the National Housing Bank (NHB) and hence was bound to follow the relevant NHB Guidelines. The NHB inspection reports for FY 2016-17 flagged certain potential significant violations by DHFL. In this regard, the EP failed to document any evidence in the Audit File to show that there was no material misstatement in the financial statements due to non-compliance with laws and regulations having a direct effect on the disclosures in the financial statements.

7. The EP failed to obtain sufficient appropriate audit evidence regarding the entity’s ability to continue as a going concern. The EP ignored clear indications/events that should have raised concerns over the entity’s ability to continue as a going concern. The EP failed in the discharge of his professional duties by not challenging management’s assessment of the going concern assumption, by failing to test the adequacy of the supporting evidence, and by failing to evaluate the risk of management bias. The EP, therefore, did not comply with SA 570 (Revised)¹.

8. In the absence of adequate audit procedures in the identification, assessment and conclusions of Risk of Material Misstatement (RoMM) and documentation as required by Para 32 of SA 315² and SA 230³, the EP failed to appropriately identify, classify and assess the RoMM and consequently failed to contain the RoMM to an acceptably low level as required under various stipulations in SA 315 and SA 240⁴. This has rendered the entire audit process unreliable.

9. The EP failed to identify the deficiencies in internal control relating to the appraisal and sanction of loans at the head office level and branch level.

10. The EP failed to obtain sufficient information necessary for the expression of an opinion on Internal Financial Controls over Financial Reporting (ICFR). He issued a baseless audit report on ICFR under Section 143(3)(i) of the Act. The EP did not maintain professional skepticism, professional competence and due care during the audit of ICFR.

11. The EP failed to verify the Related Party Transactions (RPT) as required by the SAs. The EP failed to understand the nature of related party relationships and transactions, failed in testing for completeness of information on related parties and related party transactions, failed in evaluating management override of controls, failed in verifying arm’s length basis of related party transactions and failed in duly reporting under CARO 2016 as there was no record of sufficient appropriate audit evidence in the Audit File about these matters. Such failures have resulted in the violation of the provisions of SAs 500⁵ and 550⁶. Consequently, the EP has failed to demonstrate the achievement of the objectives of the respective SAs.

12. As a consequence of all the above failures the EP failed to obtain reasonable assurance about whether the financial statements as a whole were free from material misstatement due to fraud or error. The EP also failed to ensure that the financial statements were prepared, in all material respects, in accordance with the applicable financial reporting framework. The Audit Opinion issued by the EP is therefore baseless.

13. Based on the investigation and proceedings under Section 132 (4) of the Act and after giving the EP adequate opportunity to present his case, we find the EP guilty of professional misconduct and impose through this Order, the following monetary penalties, and sanctions, which will take effect after 30 days from issuance of this Order. In light of the judgment of the Hon’ble National Company Law Appellate Tribunal (NCLAT) dated 01.12.2023, we have limited the monetary penalty to Rs. 5 Lakh only since the violations relate to FY 2017-18.

a. Monetary penalty of Rupees Five Lakh.

b. In addition, CA Jignesh Mehta is debarred for 10 years from being appointed as an auditor or internal auditor or from undertaking any audit in respect of financial statements or internal audit of the functions and activities of any company or body corporate.

B. INTRODUCTION AND BACKGROUND

14. This Order is being passed pursuant to an investigation by the National Financial Reporting Authority (NFRA) into the professional conduct of CA Jignesh Mehta for his role as the EP in the audit of DHFL. DHFL is a company listed on both, Bombay Stock Exchange and National Stock Exchange (BSE & NSE, hereafter), and was one of India’s leading housing finance companies. The DHFL group consisted of around’ 250 branches, three wholly owned subsidiaries, associates and joint ventures as on 31S^t March 2018, and was primarily engaged in the housing finance, life insurance and financial services sector. As per its books of account, the group’s revenue from operations was around 210,515 crore and it had total assets of 21,07,627 crore and total external liabilities of 299,067 crore as on 31S^t March 2018, mainly from banks and financial institutions, debt market instruments and public deposits. It reported a profit of 21,166 crore (consolidated) and a profit of 21,172 crore (standalone) for the Financial Year (FY, hereafter) 2017-18. DHFL was required to prepare its Financial Statements for FY 2017-18 in accordance with Schedule III and other applicable provisions of the Act and Accounting Standards (AS) notified under the Companies (Accounting Standards) Rules, 2006.

15. C&S was the Statutory Auditor of DHFL for FY 2017-18 and CA Jignesh Mehta was the EP for this audit.

16. In January 2019, some media reports alleged siphoning of around 231000 crore in public money by DHFL promoters. NFRA, pursuant to the duty cast upon it under Section 132 (2) (b) of the Companies Act, 2013 (the Act, hereafter) and the NFRA Rules, 2018, took up the Audit Quality Review (AQR, hereafter) of the statutory audit (the Engagement, hereafter) of DHFL for the FY 2017-18 carried out by C&S. As part of the AQR process, vide NFRA letter dated 22n^d February 2019, the Audit File and Audit Report signed by the EP, CA Jignesh Mehta, in respect of the Engagement was called for from the Audit Firm. The Audit Firm submitted the said Audit File on 27t^h February 2019.

17. While the AQR was in progress, NFRA observed several instances where the audit had been carried out in violation of the applicable SAs, laws and regulations. However, the EP CA Jignesh Mehta had issued unmodified audit reports on the SFS and CFS of DHFL for the FY 2017-18 on 30^th April 2018, certifying that these Financial Statements presented a true and fair view of the affairs of the Company.

18. After an extensive examination of the Audit File, we had reasons to believe prima facie that the violations by the EP may amount to professional misconduct as conceived in Section 132 (4) of the Act, and thus a Show Cause Notice dated 29^th September 2021 (the SCN, hereafter) was issued to CA Jignesh Mehta, the EP. The EP was charged with professional misconduct of:

a. failure to disclose material facts known to him, which is not disclosed in a financial statement, but disclosure of which is necessary in making such financial statement, where he is concerned with that financial statement in a professional capacity;

b. failure to report material misstatements known to him to appear in a financial statement with which the EP is concerned in a professional capacity;

c. failure to exercise due diligence, and being grossly negligent in the conduct of professional duties;

d. failure to obtain sufficient information which is necessary for the expression of an opinion, or its exceptions are sufficiently material to negate the expressions of an opinion; and

e. failure to invite attention to any material departure from the generally accepted procedures to audit applicable to the circumstances.

C. PRELIMINARY LEGAL MATTERS

19. The EP has raised objections with regard to the powers and jurisdiction of NFRA under the Act and the process followed by NFRA during this proceeding.

20. The Audit Firm and the EP had filed writ petitions, WP (C) 5326/2022 and 119/2022, in the Hon’ble Bombay High Court challenging NFRA’s jurisdiction to issue the SCN. The Hon’ble High Court vide its order dated 13^th June 2023 disposed of the Writ Petition 1399 of 2023 along with Writ Petition No. 5326 of 2022/ Writ Petition No. 119 of 2022/ Writ Petition No. 5323 of 2022 and instructed NFRA to decide its own jurisdiction. The relevant extracts of the Bombay High Court order dated 13.06.2023 are as follows: “It appears to us logical that the issue of jurisdiction will be decided first because if the NFRA ultimately holds that it does not have jurisdiction, then obviously further decisions will be neither permissible nor necessary. If the NFRA on the other hand holds that it has jurisdiction, then it cannot be expected to stop at that. It must then proceed to decide all other issues and return final findings._ We take the liberty of issuing a direction identical to that which we would have issued at the hearing on the jurisdiction being before us rather than the Authority. The direction is that all Petitioners must coordinate between themselves to present their arguments on one day together on the jurisdictional issue. It seems to us unworkable to expect the Authority to hear the same argument on jurisdiction repeatedly. How the submissions are to be divided between the parties and their counsel is a matter left to them but the scheduling by the Authority should ideally be in such a way that the jurisdictional point is on one day when all counsel for all matters can be heard. Thereafter a different schedule can be set for the facts for the individual cases that follow thereafter, if necessary, i.e., if the authority finds that it does have jurisdiction…. We clarify that we do not expect the order on jurisdiction to be passed first unless the Authority finds in favour of the present Petitioners in which case it will be the only order to be passed”.

21. Against the Order dated 13.06.2023 of the Hon’ble Bombay High Court, the EP approached the Hon’ble Supreme Court vide SLP No. 13201-13202/ 2023. The Hon’ble Apex Court, vide its order dated 10.07.2023, upheld the decision of the Hon’ble Bombay High Court and dismissed the Special Leave Petition.

22. In compliance with the above order of the Hon’ble Bombay High Court, an oral hearing before the Executive Body (EB) of NFRA was scheduled on 11.07.2023 to decide the jurisdiction of NFRA. The EP availed of the opportunity along with his legal counsel and also submitted a written summary of submissions vide email dated 17.07.2023. We have examined these submissions in detail and found that NFRA has the required jurisdiction under Section 132(4)(c) of the Companies Act, 2013, as discussed in paragraphs 23 to 32 below.

Jurisdiction of NFRA

23. Section 143 (9) of the Companies Act, 2013 mandates an Auditor to comply with the Auditing Standards. The proviso to Section 143 (10) states that until the Auditing Standards are notified by the Central Government, the Auditing Standards specified by the ICAI would be deemed to be the Standards on Auditing. The notification of NFRA with effect from 01-10-2018, as the body responsible inter alia for investigating professional misconduct and other misconduct, did not alter the Auditor’s liability to fully comply with the Standards and the law as it existed before the formation of NFRA.

24. Section 132 (4) of the Companies Act gives exclusive jurisdiction to NFRA in matters of professional or other misconduct of Auditors of entities that fall within the jurisdiction of NFRA, which is evident from the following:

a. The Proviso to Section 132 (4) (a) of the Act states – “Provided that no other body or institute shall initiate or continue with proceedings in such matters of misconduct where the National Financial Reporting Authority has initiated an investigation under this section”.

b. Also, Rule 10 (3) of the NFRA Rules, 2018 states – “On the commencement of these rules- (a) the action in respect of cases of professional or other misconduct against auditors of companies referred to in Rule 3 shall be initiated by Authority and no other institute or body shall initiate any such proceedings against such auditors”.

25. A plain reading of the law would disclose that Section 132 (4) (a) confers upon the NFRA the power to investigate into the matters of professional or other misconduct committed by any member or firm of Chartered Accountants registered under the Chartered Accountants Act, 1949 in such manner as may be prescribed.

26. The proviso to Section 132 (4) (a) creates a bar on any other institute to initiate or continue any proceedings where the NFRA has initiated an investigation under this Section. This clearly implies that even for matters of professional or other misconduct committed prior to the coming into force of Section 132 (4), NFRA can initiate an investigation, which would disentitle any other institute, such as the ICAI, from continuing their proceedings in such matters of misconduct. The expression “such matters of misconduct” and “misconduct committed” would clearly mean misconduct which has been committed prior to 24.10.2018 i.e. the date of coming into force of Section 132 (4) and qua which proceedings were already underway by the ICAI and with effect from 24.10.2018, the said proceeding would be in the exclusive domain of NFRA.

27. Section 132 (4) (a) itself speaks of “matters of professional or other misconduct committed by any member or firm of Chartered Accountants, registered under the Chartered Accountants Act, 1949″. So obviously, the Authority has jurisdiction over misconduct committed in the past as well.

28. It is a well-settled law that retrospective applicability can either be expressly provided for or can be inferred by necessary implications from the language employed. The Hon’ble Supreme Court in the case of Zile Singh v. State of Haryana, (2004) 8 SCC 1 at Para 15, held, “It is not necessary that an express provision be made to make a statute retrospective and the presumption against retrospectivity may be rebutted by necessary implication especially in a case where the new law is made to cure an acknowledged evil for the benefit of the community as a whole (ibid., p.440). This can be achieved by express enactment or by necessary implication from the language employed If it is a necessary implication from the language employed that the legislature intended a particular section to have a retrospective operation, the courts will give it such an operation. In the absence of a retrospective operation having been expressly given, the courts may be called upon to construe the provisions and answer the question whether the legislature had sufficiently expressed that intention giving the statute retrospectivity. Four factors are suggested as relevant: (1) general scope and purview of the statute; (ii) the remedy sought to be applied; (iii) the former state of the law, and (iv) what it was the legislature contemplated (p.388). ” In the instant case the language used viz ” other misconduct committed”, clearly implies jurisdiction over past conduct i.e. before 24.10.2018, the day when the said section came into force.

29. Further, the presumption against retrospective applicability arises when a vested right is sought to be impaired. The explanation to Section 132 (4) would clearly reveal that the subject matter of investigation and penalty under this provision is “professional or other misconduct” having the same meaning assigned under Section 22 of the Chartered Accountants Act, 1949. No Chartered Accountant can claim to have a vested right to commit professional or other misconduct, which was already prohibited and illegal and subject to disciplinary action under a different regulatory statute, namely, the Chartered Accountants Act, 1949.

30. As explained above, compliance with the Standards of Auditing was mandatory, and its non-compliance was punishable even before the establishment of NFRA, hence no new obligation or offence has been created on the Auditors. Section 132 (4) designates NFRA as the forum for determination of professional misconduct. The setting up of NFRA does not impose any new duties or obligations on Auditors, rather NFRA only evaluates their professional work in accordance with the Standards on Auditing and statutory requirements prevailing at the time of the audit. Therefore, there is no bar on NFRA’s jurisdiction over the cases of professional or other misconduct committed prior to the establishment of NFRA because the exercise of retrospective jurisdiction, in this case, is only with regard to procedure and forum and is not creating any new offence.

31. Given this backdrop and specific wordings of Section 132 and Rule 10 quoted above, it is clear that NFRA has the sole and exclusive jurisdiction to initiate proceedings in cases of professional misconduct committed in earlier years too or else it would lead to an anomalous situation of a regulatory gap where any misconduct committed before the formation of NFRA will go unpunished. The law enabling investigation into professional and other misconduct, being in existence in the period before 2018, cannot be said to be retrospective and NFRA jurisdiction is established for implementing the process of investigation into misconduct committed in the past as well. Thus, the challenge to the jurisdiction of NFRA with respect to misconduct committed before 2018 does not stand.

32. Thus, NFRA has the requisite jurisdiction to monitor compliance with Accounting standards, monitor and enforce compliance with the SAs and to investigate matters of professional misconduct of Chartered Accountants in respect of the entities falling under the NFRA domain.

D. MAJOR LAPSES IN THE AUDIT

33. Vide letter dated 28.07.2023, the EP was informed about NFRA’s decision on the issue of jurisdiction, and he was requested to submit his reply to the SCN. The EP approached Hon’ble NCLAT vide Comp. App. (AT) No. 167 of 2023 wherein the EP raised the issue of non-supply of reasons for arriving at the issue of jurisdiction. The appeal was dismissed as withdrawn vide NCLAT order dated 05.09.2023.

34. The EP was required to submit his reply to the SCN on or before 1″ November 2021. After availing multiple extensions of time, the EP submitted his reply to the SCN, vide letter dated 06.09.2023, and requested an opportunity for a personal hearing. The EP was granted an opportunity for a personal hearing along with his legal representative on 05-10-2023. However, on request from the EP, the hearing was rescheduled to 12.10.2023. The EP requested an adjournment of the hearing again and it was rescheduled to 19.10.2023. The EP again requested for adjournment, and he was informed that he should avail of the hearing on 19.10.2023 itself. The EP was repeatedly informed that if he fails to appear, the matter will be decided on merits based on available records and his written reply to the SCN. The EP did not attend the oral hearing. Thus, after giving multiple opportunities as mentioned above, we have proceeded in the matter on merits, based on materials available on record and the detailed written reply to the SCN.

35. The major charges in the SCN included false reporting in the Independent Auditor’s Report about the audit of branches, failure to report material misstatements in the CFS, failure to examine non-compliance with NHB Directions, failure to verify internal financial controls, failure to assess the risk of material misstatements, failure to evaluate the going concern assumption, failure to verify the Related Party Transactions, and failure to consider suspected violations of laws and regulations.

36. Replies of EP to the charges in the SCN are examined and discussed under the following broad categories. Only the violations/actions/omissions proved to result in one or more professional misconduct as per the articles of charges in the SCN are covered in this Order.

D. 1. Audit of Branches

D. 2. Consolidated Financial Statements

D. 3. Consideration of Laws and Regulations

D. 4. Going Concern

D. 5. Assessment of the Risk of Material Misstatements D.6, Internal control relating to the appraisal of loans

D. 6. Reporting under Section 143(3)(i) of the Act

D. 7. Related Party Transactions (RPT) 1. Audit of Branches

37. DHFL, a Non-Banking Housing Finance Company, operates through a network of around 250 branches across various states in India. C&S was appointed as the company’s Statutory Auditor, including its zonal/ regional and branch offices, in the 32n^d Annual General Meeting (AGM) for five years from FY 2016-17. The 33rd AGM ratified the said appointment for FY 2017-18. The EP, in his Independent Auditor’s Report to the members of DHFL, has, inter alia, stated that: “The reports on the accounts of the branch offices of the Company audited under Section 143 (8) of the Act by branch auditors have been sent to us and have been properly dealt with by us in preparing this report”. The audit report also states that the audited financial statements incorporate “the Returns for the year ended on that date audited by the branch auditors of the Company’s branches/offices at 250 locations”. The records in the Audit File also showed EP’s reliance on the Branch Audit Reports issued by the illegally appointed Branch Auditors. In this background, the EP was charged with the following.

a. There is no evidence in the Audit File to establish the existence of legal appointment of
any branch auditor by the AGM of the Company as required under the Act. There was also no evidence that C&S, the legally appointed auditor for the branches, has carried out the audit of the entire company, including all its 250 branches. The EP failed to discharge his statutory duty of completing the branch audits, which was the key requirement in the completion of the audit of the Company’s Financial Statements. In the absence of the audit of the branches, the Independent Auditor’s opinion on the financial statements of 2017-18 is incomplete and invalid and, therefore, void ab initio.

b. Failure to perform the audit procedures required for the Company’s branches, failure to meet the requirements of Section 143(3)(b) of the Act, failure to conduct the audit in compliance with the applicable SAs, and issuance of false statements in the Independent Auditors’ Report for FY 2017-18,

No audit of branches under Section 143

38. The EP in his replies admits that C&S was the Sole Statutory Auditor responsible for the audit of the Company and its Branches. However, he denied all the charges and submitted that he had carried out the audit of the entire company including all its 250 branches and also dealt with the branch auditor’s reports sent to him by the Company as required under section 143(8) as an additional procedure. The Company’s consolidated database (ERP system) was used for the audit of the company and the branches, treating them as a single accounting unit. On detailed examination of the replies, the Audit File, the Audit Report issued by the EP and the AGM resolutions, we observe the following.

a. The Audit Report clearly refers to the Branch Auditors appointed by the Company at 250 locations. It also states that “the reports on the accounts of the branch offices of the Company audited under section 143(8) of the Act by branch auditors have been sent to us….”. However, there were no branch auditors appointed under Section 143 (8) of the Act. The Company, in the 32nd Annual General Meeting (AGM), appointed only C&S as Statutory Auditors of the Company, including all its Branches, for five financial years with effect from FY 2016-17. The appointment was ratified in FY 2017-18 in the 33r^d AGM. This appointment has been made under section 139(1) of the Companies Act, 2013.

b. As per section 143 (8) “Where a company has a branch office, the accounts of that office shall be audited either by the auditor appointed for the company (herein referred to as the company’s auditor) under this Act or by any other person qualified for appointment as an auditor of the company under this Act and appointed as such under section 139″ (Emphasis added). The requirement of Branch audit is thus mandatory and only one statutory auditor is permitted for the branches, i.e., either the company auditor or the branch auditor, in either case, appointed under section 139.

c. After the EP accepted the appointment as per his letter dated 25 July 2017 (Engagement acceptance letter), in August 2017, DHFL appointed a few other branch auditors for a “statutory audit” of its branches vide appointment letters signed by an unidentified authorised signatory of the Company. This appointment of the Branch statutory auditor for FY 2017-18 by the Company was not in accordance with sections 143 (8) and 139 of the Act. Hence, these branch auditors were not the statutory branch auditors appointed under Section 143(8) of the Act, since the appointment was not made by the shareholders in the AGM as required by section 139. Besides, the shareholders of the Company had already appointed C&S as the only Statutory Auditor. All the appointment letters issued to the branch auditors, describing them as “statutory” branch auditors, were issued in consultation with C&S and were also copied to the Audit Firm. The EP documented all these letters in the Audit File, despite knowing the admitted fact that C&S was the only statutory auditor for the Company and all its branches.

d. The EP did not point out the illegality of the appointment of branch auditors to the Company. Instead, he received the audit reports, along with the specified returns, directly from the branch auditors and used those reports/returns for reporting on the financial statements of the Company, as is evident from the Audit Report issued by him. It is also evident from the following facts, recorded in the Audit File, that C&S, DHFL and many of the branch auditors considered this as a valid statutory audit of branches.

i. The appointment letters of Branch Auditors state that “In consultation with the Statutory Auditors of the Company, we are pleased to inform you that your firm has been appointed as our Statutory Auditor of branch/es as mentioned in the Annexure I enclosed herewith for the Financial Year 2017 — 18″ and “4. Please also find attached guidelines for Statutory Audit of Branches, brief indicative scope of work as per Companies Act with specific requirements of work and various Annexures required.” (emphasis added). These appointment letters were copied to C&S.

ii. The reports of these branch auditors so appointed are all addressed directly to C&S, as required by the Act.

iii. The confirmation letters from the Branch Auditors addressed to C&S state that “2. We are aware that (i) the financial information of the branches for the year ended 31′ March 2018 for which we have been engaged to perform audit, will be included in the financial statements for the Company for the year ended 31′ March, 2018 and (ii) our report on our audit of the financial information of the branches will be referred to by you as a basis, in part, for your report on your audit of the financial statements of the Company.”

iv. The report made under CARO 2016 on the SFS states that “the reports on the account of the branches offices of the Company audited under section 143 (8) of the Act by branch auditors have been sent to us and have been properly dealt by us in preparing this report; ” (Emphasis added).

v. As per the disclosure requirements of Schedule III, the Company has disclosed in note 32 to the Standalone Financial Statements (SFS) “AUDITORS REMUNERATION” – “Audit Fees of Branch Auditors” 55 Lakh and 53 Lakhs for FY 2017-18 and FY 2016-17 respectively. The EP’ s agreement to this disclosure is evidence that apart from the Company, the Audit Firm also considered the branch auditors as statuary auditors.

vi. The reporting by the company auditor under clause 143 (3) (c) arises only if the company has a separate Branch auditor appointed under section 143(8) read with 139. The EP reported in the Audit Report of both SFS and CFS that “As required by Section 143(3) of the Act, we report that: … c) The reports on the accounts of the branch offices of the Company audited under Section 143 (8) of the Act by branch auditors have been sent to us and have been properly dealt with by us in preparing this report.” (Emphasis added). The Proviso to section 143 (8) states “Provided that the branch auditor shall prepare a report on the accounts of the branch examined by him and send it to the auditor of the company who shall deal with it in his report in such manner as he considers necessary. (Emphasis added). This makes it clear that the requirement of ‘dealing with’ branch auditor reports arises only when the branch auditor and company auditor are different.

vii. We examined the work of the so-called branch auditors in a separate proceeding under Section 132(4) of the Act. We issued SCNs to 33 engagement partners representing the illegally appointed branch auditors. In reply to our SCN, the engagement partners of 122 branches stated that they were the statutory branch auditors appointed by the Company in consultation with C&S. In all other cases where we issued disciplinary orders, it has been proven that these auditors acted as statutory auditors for the branches without legal authority. However, none of the 250 branch auditors verified the compliance of their appointment with the Companies Act, 2013.

e. The EP is aware of the provisions of section 128 (1) which stipulates that every company shall prepare and keep at its registered office books of account and other relevant books and papers and financial statements for every financial year which give a true and fair view of the state of the affairs of the company, including that of its branch office or offices, if any, and explain the transactions effected both at the registered office and its branches. Section 128 (2) further stipulates that where a company has a branch office in India or outside India, it shall be deemed to have complied with the provisions of sub-section (1), if proper books of account relating to the transactions effected at the branch office are kept at that office and proper summarized returns periodically are sent by the branch office to the company at its registered office or the other place referred to in sub-section (1). Thus, the returns are sent to the company by the branch offices when proper books of account relating to the transactions effected at the branch office are kept at those offices. The Audit Report states “b) In our opinion, proper books of account as required by law have been kept by the Company so far as appears from our examination of those books and proper returns adequate for the purpose of our audit have been received from branches not visited by us” (emphasis added). This report conveys the clear message that the books of accounts are also kept at branch offices.

39. It is established from the above that the EP was referring to the Report of the illegally appointed branch auditors in his report. Admittedly, C&S was the sole statutory auditors of the Company including all its branches. Therefore, the EP’ s report under section 143 of the Companies Act 2013 and the report under CARO 2016, both referring to the illegally appointed branch statutory auditors, are false and invalid.

Failure to Conduct Branch Audit

40. The audit report conveys in unambiguous terms that there were branches audited by the branch auditors. The EP has taken the returns from branches not visited by him in forming his opinion on the financial statements. Despite this reporting, the EP in his reply to SCN denied any reliance on the works of the branch auditors and maintained that C&S carried out the Audit of the Company, including all its branches. The EP contends that his audit of branches was performed through the ERP system of the company. His stand was that the company had centralised controls, and all branches operated under the same control environment and the transactions in the branches were immaterial. The EP being aware of the provisions of the Act, has thus made false statements in his audit report about the involvement of branch auditors, and all the submissions regarding the pro per conduct of branch audits by the EP are afterthoughts only. This is evidenced by the following:

a. None of these submissions are supported by evidence in the Audit File and are thus afterthoughts and rationalisations on his part to justify his conduct.

b. Contrary to EP’s submissions, we note that the majority of the loans (which is a material
item) are initiated at the branches, loan accounts are created at the branches, accounted for from the branches and are serviced by the branches. The Branches also handle collection, disbursement, and cash balances, which are susceptible to fraud risk. It is recorded in the Audit File⁸ that 22 activities, including Data Entry, Appraisal Note, Approval Note, Issuance of Sanction Letter, Execution of Loan documents, Check for all compliance, charge creation etc. are carried out at branches for SME Loans. The approval powers are also delegated to branch operations managers, cluster operations managers, circle operation managers and Operations depending on the amount of the loan, evidencing decentralised operations.

c. The materiality of the transactions and controls at the branch level is further evident from the scope of work of the purported branch auditors, documented by the EP. As per the mandate, these branch auditors were required to report on the true and fair view of the branch, verification of 15 loans disbursed, top 20 outstanding loans, random loan files, verification of loan documentation, report of tax audit under the Income Tax Act, report under CARO 2016, cash verification, bank reconciliation, verification of security value, reporting of significant risks, deficiencies in internal control, related parties identified and misstatements, if any, in the branch accounts. Had all the branch operations and controls been available to the EP through the ERP, the remaining operations in the branches would have been immaterial, and there would have been no need for the company to engage the so-called branch auditors at all. There is no documentation of the controls around ERP either.

d. The EP’s submission, without supporting evidence in the Audit File, is that the books of accounts are kept centrally in the ERP. However, this is contradicted by the fact that the branches send periodical returns to the head office as admitted by the EP.

e. Given the contradictory evidence documented by the EP himself, we reject the contentions of the EP that the books and controls are centralized. Despite the above facts, there is no examination of the controls at the branches either by the EP or by the illegally appointed branch statutory auditors. Without properly verifying the control procedures at the branches, the opinion on the Company’s accounts, including all its branches, formed by the EP cannot be taken as appropriate.

Reliance by the EP on the work of Illegally appointed Branch statutory auditors

41. The EP stated that he did not rely on the work of the branch auditors. This is contradictory to the facts recorded in the Audit File and the Audit Reports issued by the EP, as explained below.

a. The Audit Reports on standalone and Consolidated Financial Statements (CFS) and under CARO 2016 unambiguously refer to the branch auditor’s reports, as explained in the above paragraphs. The audit report nowhere indicates that the EP did not rely on these branch auditors.

b. The WP “Audit Closure”, documented in the Audit File, records that “The Company has appointed various Branch Auditors whose scope are pre-defined and on whose report the statutory auditor rely with respect to the areas covered in their respective scope” (emphasis added). This is an unequivocal statement by the engagement team evidencing reliance on the work of the illegally appointed branch statutory auditors.

c. The EP stated before the Audit Committee on 30-04-2018⁹ that “We have also considered the reports received from the branch auditors in respect of the financial information of the branches in forming our opinion” and “We have received reports from 250 branch auditors which have been considered and relied upon in forming our opinion.” (emphasis added).

d. The statements made in reply to the SCN are opposite to what has been recorded by the EP in his Audit File at the time of audit and in the Statutory Audit Report. There is no explicit documentation in the Audit File that the EP did not rely on or use the work of the illegally appointed branch auditors. The presentation to the Audit Committee on the date of signing of the audit report clearly mentions the reliance placed by the EP on the so-called branch auditors, which we cannot overlook.

e. In the WP ‘Audit Planning Memorandum’ the EP noted “Branch Auditors report review” as a ‘Significant Area’ of the audit. By identifying the Branch Auditor’s report review as a significant area, the EP has again contradicted his contention that he has not relied on the report of the branch auditors and that the branch audit was conducted solely by C&S.

f. In WP ‘SA 315. pdf’ for verification of the opening balance of loans it is stated that
“the respective branch auditors provide a list of top 10 borrowers with complete scrutiny of the same. As a practice, we also take a sample from the same and verify”. However, no such sample testing that has been documented by the EP. This means the EP fully relied on the branch auditors for the most significant item of loans.

g. The confirmation letters issued by all the branch auditors to C&S state that “… (ii) our report on our audit of the financial information of the branches will be referred to by you as a basis, in part, for you report on your audit of the financial statements of the Company”. The EP did not document anything to deny that the branch audit reports would not be used as a basis for his reporting.

h. The whole exercise of appointment, determining the scope of the work and receipt of reports of the so-called branch auditors was carried out with the full knowledge and concurrence of C&S. All the communications were either copied to C&S or are addressed directly to C&S. The EP has taken them on the record in his Audit File thus rendering his work as devoid of any legal basis.

42. Thus, there is no merit in the arguments now advanced by the EP that he did not rely on the work of the Branch Auditors. These are afterthoughts not supported by evidence in the Audit File or Audit Report. The documentation in the audit file and the plain meaning of the wordings used in his audit reports clearly show EP’s reliance on the work of the branch auditors as a basis for his opinion. Also as explained above, the language used by the EP in his audit report complies with the legal requirements when separate auditors of the Company and branches are legally appointed. However, the EP also admits that there is only one auditor, i.e., C&S, for the company and its branches. Due to these contradictions, the replies of the EP lack substance and hence are rejected.

Audit of the Branches by EP

43. The EP’s next contention is that C&S did the audit of all the branches in the manner required by the Act. We observe that these contentions are also not supported by evidence, as explained below.

a. The EP enumerated a summary of the branch audit reports in a work paper^l° in the Audit File. The adverse observations noted by the branch auditors were listed against 39 branches out of 250. However, there are no further audit procedures documented regarding how the EP addressed these adverse remarks, what was the materiality of these misstatements and how it was considered in forming an opinion on the financial statements as per SA 700.

b. The EP states that the audit of individual branches of the company is not mandated in law. This is false and misleading. As per the provisions of Section 143 of the Companies Act, 2013, where a company has a branch office, the accounts of that office shall be audited. Therefore, it was the statutory duty of C&S to audit each branch’s accounts that contribute to the Company’s financial statements and to report on the Company’s accounts as a whole as per section 143. The statement of the EP is evidence that he did not audit the branch accounts as required in the Act.

c. Regarding the sample of five regional processing units selected by the EP for purported audit procedures, there is no documentation of the determination of a sample size sufficient to reduce sampling risk to an acceptably low level nor is there any evidence of application of a statistically based formula or the exercise of professional judgment in accordance with para 7 and Al 1 of SA 530. The audit file also did not show any substantive audit procedures on branch transactions conducted by the EP. For example, in the Ahmedabad branch”, the issues noted in loan docket verification remain unaddressed. Similarly, there is no testing of branch-level controls. There are no WPs to show compliance with the requirements of SA 230, regarding the nature, timing and extent of audit procedures performed with respect to branch operations.

d. Irrespective of the centralised accounting software, as the branches handle material transactions and are the sources of information to the central database, the control procedures followed in the branches need to be tested for arriving at an opinion on the financial statements as a whole. The EP failed to verify this key aspect.

e. Without prejudice, we examined the work of the branch auditors, despite them not being
appointed legally. In all the concluded cases, we found¹² that none of the branch auditors followed SAs while conducting the audit. We also found that the opinions issued by these purported branch auditors did not conform to SA 700 and were baseless.

44. Thus, the evidence leads us to a situation where neither the illegally appointed branch auditors nor the legal statutory auditor C&S audited the branches as per SAs. This amply proves that the EP who was responsible for the Audit failed to conduct the branch audits as per the Act and SAs and made a false report to the shareholders. In the absence of the branch audit of 250 branches as required by the Act, the Audit Reports on the SFS and CFS of DHFL, dated 30-04-2018 issued by the EP in the capacity of the Statutory Auditor of DHFL are void ab initio. All the charges in Para 37 thus stand proved.

D.2. Consolidated Financial Statements

45. On February 13, 2017, DHFL incorporated a wholly-owned subsidiary, DHFL Investments Limited (DIL), by investing around Z100 crore towards its equity share capital. On March 31, 2017, DHFL sold its entire stake in DHFL Pramerica Life Insurance Company Limited (DPLI) (representing 50% of the paid-up equity share capital of DPLI) to DIL at a fair market value of 22000.50 crore. This transaction added 21969.43 crore to DHFL’s profits, being the excess fair value over the cost of acquisition. DIL funded the investment through the issue of Compulsorily Convertible Debentures (CCD) of 21901 crore to Wadhawan Global Capital Pvt. Ltd. (WGC), a promoter entity of the DHFL. As on March 31, 2018, DHFL had an investment of Z 101.25 crore¹³ in equity shares of DIL. Despite DIL being a 100% subsidiary, DHFL did not consolidate the financial statements of DIL citing the reason that the “Company’s intention is to liquidate investments in DIL, subject to favourable market condition and therefore, in accordance with Paragraph 11(a) of Accounting Standard on ‘Consolidated Financial Statements’ (AS 21)”. Consequently, two associates/JVs of DIL also did not get consolidated. Had it been consolidated, the external liabilities of DHFL would have been higher by 21901 crore¹⁴ with a corresponding reduction in net worth.

46. In this regard, the EP was charged with failure to understand the provisions of AS 21¹⁵ and the importance of interpretation of the term “near future”¹⁶ used in para 11 of AS 21, which is relied upon by the Company for not consolidating the wholly owned subsidiary. The failure has resulted in material misstatement in the CFS as it does not reflect a true and fair view of the financial position of the company and its subsidiaries and associates.

47. The EP denied the charges and submitted that the accounting treatment adopted by the Company was in line with Paragraph 11 (a) of AS 21. According to the EP, the conversion of CCDs issued by DIL will take place “after 100 months”, which is a finite period and hence falls within the meaning of ‘near future’ as used in AS 21. Also, he submitted that DHFL did not have control over DIL due to a condition in a triparty agreement between DHFL, DIL and DPLI. The condition was that DHFL had to obtain the consent of WGC for the appointment or removal of directors in DIL. Such transfer of control of DIL comes within the meaning of the term ‘subsequent disposal in near future’. Also, the accounting treatment reflected the substance of the transaction rather than the legal form. It was also supported by an expert opinion. Hence, according to EP, there was no violation of AS 21.

48. We have examined the replies, the Audit File and the Financial Statements. We observe that the contentions of the EP are not supported by evidence. The EP did not document sufficient appropriate audit evidence and conclusions that the exclusion of DIL from consolidation was in accordance with AS 21. The submissions of the EP echo the management’s views and some afterthoughts. Without prejudice, we examined these submissions on merits and observe as follows.

a. Paragraph 9 of AS 21 requires consolidation in the CFS of all subsidiaries of the parent.

The contention of the EP, that DHFL does not control DIL, is not true to the facts. Because 100% of the share capital of the subsidiary DIL was held and controlled by DHFL¹⁷, its accounts should have been consolidated.

b. The only exception to the above requirement of consolidation is provided in Paragraph 11 of AS 21. The Company and the EP relied on Paragraph 11 (a) of AS 21 which states that a subsidiary should be excluded from consolidation when control is intended to be temporary because the subsidiary is acquired and held exclusively with a view to its subsequent disposal in the ‘near future’. Explanation (b) to the above paragraph states that “The period of time, which is considered as near future for the purposes of this Standard primarily depends on the facts and circumstances of each case. However, ordinarily, the meaning of the words ‘near future ‘ is considered as not more than twelve months from acquisition of relevant investments unless a longer period can be justified on the basis of facts and circumstances of the case. The intention with regard to disposal of the relevant investment is considered at the time of acquisition of the investment”.

c. We observe that there is no evidence to support the argument that the subsidiary was acquired and held exclusively for its subsequent disposal in the ‘near future’. DHFL was to continue to exercise its 100% voting power till the conversion of CCDs one-half of the voting power of an enterprise; or (b) control of the composition of the board of directors in the case of a company or of the composition of the corresponding governing body in case of any other enterprise so as to obtain economic benefits from its activities scheduled after 100 months. The standard explains that the intention with regard to the disposal of the relevant investment is considered at the time of acquisition of the investment. The EP did not refer to any board resolutions recording the Company’s intention at the time of investment in DIL that it was for disposal in the near future. Even in the disclosure made in the financial statements of 2016-17 and 2017-18, the Company did not explicitly state that the control is temporary, and the intention is to dispose of the subsidiary in the near future. The disclosure note¹⁸ only states that “…Company’s intention is to liquidate investments in DIL, subject to the favorable market conditions….” The tripartite agreement dated 31′ March 2017, referred to by the EP also does not evidence any intent on the part of DHFL for disposal of investment in DIL in the near future.

d. The term “near future” cannot be interpreted to mean more than 12 months in the normal course, as explained¹⁹ in AS 21. In the present case, the subsidiary DIL could be. Disposed of only after 100 months, i.e. over 8 years, post-conversion of CCDs. The arrangements allowed dilution of the stake of DHFL in DIL only in the event of the conversion of CCDs being subscribed by WGC. Thus, at the time of investment, there was nothing to indicate the management’s intention to dispose of the subsidiary in the near future. In fact, the terms indicate possible disposal after 8 years while the standard indicates the term ‘near future’ to be construed as a period of not more than 12 months (Explanation (b) to Paragraph 11 of AS 21).

e. The EP contends that in substance the control had already been transferred to WGC because of the condition in the tripartite agreement that DHFL cannot change the composition of the Board of DIL without the consent of WGC. He also claimed that DIL was in substance a subsidiary of WGC, not that of DHFL. We observe that these arguments do not justify the decision to not consolidate DIL, for the following reasons:

i. On an examination of the financial statements of WGC for FY 2017-18, audited by C&S and signed by CA Jignesh Metha, we observe that WGC has disclosed DIL as its subsidiary because it was exercising control by way of power to appoint or remove directors. DIL was also a subsidiary of DHFL due to the 100% holding of its shares and the control derived through voting power. In such a situation, the explanation in paragraph 10 of AS 21 makes it clear that DIL shall be considered as a subsidiary of both the controlling enterprises “and, therefore, both the enterprises need to consolidate the financial statements of that enterprise as per the requirements of this Standard.” Though the EP quoted this paragraph in his reply to SCN, he failed to apply this in practice.

ii. From the financials of WGC we also observed that WGC pledged the CCDs in DIL for obtaining external borrowings in the form of non-convertible debentures amounting to 21900 crore. Thus, the borrowing of WGC effectively got transferred to DHFL through DIL. Therefore, contrary to what is contended by the EP, the substance of the transaction was external borrowings of 21900 crore by DHFL through multiple layers of group entities. Hence there is no merit in the contention that DHFL presented a true and fair view and considered substance over form by not consolidating DIL. In fact, the true and fair view was not achieved as there were multiple violations of AS 21 and inadequate disclosures and understatement of liabilities in the CFS. Compliance with the requirements of the applicable standards is basic to a fair presentation.

iii. The EP placed reliance on an expert opinion obtained by the management. However, as the Audit File did not contain any procedures required as per SA 500 regarding management experts, the expert opinion cannot be accepted as sufficient audit evidence. On merits, we observe that the expert opinion was made on incomplete data^2° and echoes the same conclusion as that advanced by the EP in his replies to the SCN. We observe that while referring to section 129(5) of the Act, the expert recommends that “adequate disclosure would, of course, be required of the departure from the standard [AS 21], the reasons for the departure and consequences of such departure”. Section 129(5) is applicable only when the financial statements of a company do not comply with the accounting standards. Hence this comment indirectly acknowledges the departure from the standard and talks of adequate disclosures to be given. However, in the immediately preceding paragraph of the opinion, the expert recommends that “in accordance with the Accounting Standards[AS 21], the accounts of DIL should not be consolidated in the accounts of DHFL”. If the expert believed that the recommended accounting treatment was in accordance with AS 21, then how did the question of departure from the same standard arise at all? The EP’s reliance on such an evidently erroneous expert opinion for furnishing a reply to an SCN shows his non-evaluation of that opinion and his causal approach.

49. Based on the above facts and evidence it is established that the CFS of DHFL for the FY 2017-18 does not give a true and fair view and it is materially misstated due to non­compliance with the applicable financial reporting framework. By blindly following the management’s assertions the EP failed to exercise professional skepticism and failed to report the material misstatements in his report. The charges in para 46 therefore stand proved.

D.3 Consideration of Laws and Regulations

50. DHFL was regulated by the National Housing Bank (NHB) and hence bound to follow the relevant NHB Directions. The NHB inspection reports for FY 2016-17 flagged significant potential violations of its directions by DHFL. The EP was charged with failure to document any evidence in the Audit File to show that there is no misstatement in the financial statements due to non-compliance with laws and regulations having a direct effect on the disclosures in the financial statements. The EP was also charged with failure to apply professional skepticism in this regard. The EP was thus charged with violations of SA 250 `Consideration of Laws and Regulations in an Audit of Financial Statements’.

51. The EP denied all the charges. The EP submitted that Para 6 of SA 250 limits an auditor’s responsibility to cases where there is a material impact on the amounts and disclosures in the financial statements. According to him, the SCN is silent about whether compliance stated in the charges in the SCN is of the nature that would have an effect on the material amounts and disclosures in the financial statement. We see no merit in this argument advanced by the EP, as explained below:

a. SA 250 deals with the auditor’s responsibility to consider laws and regulations when performing an audit of financial statements²¹. The requirements in the SA are designed to assist the auditor in identifying material misstatements of the financial statements due to non-compliance with laws and regulations²². The auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error.²³ The objective of the Auditor as given in para 10 of SA 250 is:

i. to obtain sufficient appropriate audit evidence regarding compliance with those laws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the financial statements.

ii. to perform specified audit procedures to help identify instances of noncompliance with other laws and regulations that may have a material effect on the financial statements; and

iii. to respond appropriately to non-compliance or suspected non-compliance with laws and regulations identified during the audit.

b. From the above provisions of the SAs the responsibilities of identifying the relevant laws, understanding the nature of those laws vis-a-vis the material amounts and disclosures in the financial statements and responding appropriately to suspected or identified non-compliance lies with the auditor. The EP lists some WPs where it is claimed that compliance with applicable laws is documented. However, many WPs relied upon by the EP, in fact, copy the disclosures made in the financial statements by the management. The understanding of the EP regarding the applicable provisions of the laws, his conclusions regarding compliance with the relevant laws and the procedures performed in this regard are absent in these WPs. Hence, the EP failed to comply with Para 13 and 14 of SA 250.

c. The SCN clearly points out suspected instances of violations of NHB Directions, which
are documented by the EP. Having documented the suspected violations, it was obligatory for the EP to perform further procedures to determine the nature of the violations and to decide its probable impact, including materiality, and document the conclusions.

d. The NHB Inspection Report for FY 2016-17, documented in the audit file, is sufficient evidence of suspected non-compliance. However, there is no record of audit procedures performed against the observations of NHB and conclusions reached regarding its impact on the financials. When the auditor becomes aware of such a suspected non­compliance, the auditor shall perform audit procedures in accordance with Paras 18 to 21 of SA 250, which is absent in this case. Consequently, there were no specific responses to address the risk of non-compliance with laws and regulations.

e. In his reply, the EP states that rescheduling loans is one of the material issues. According to the NHB Inspection report for the year 2016-17, documented by the EP, the reported and assessed Net Owned Funds (NOF) of the Company were 27,264.7 crore and 26,311 crore respectively. As per NHB, the reported NOF was overstated by 2953 crore on account of short provisioning of 12 rescheduled/restructured Project Loans for Slum Redevelopment and one non-housing loan, the wrong classification of plot loans as housing loans, etc. The EP failed to examine this independently with professional skepticism even though the suspected misstatement was much above the materiality levels.

f. In this regard the EP relied on WP ‘Audit Closure’ wherein he claims that he noted the management’s observations in the WP and concluded that their “clarifications seems to be reasonable”. We observe that the EP accepted the management’s views without challenging them. As noted by the EP, the management stated that “In SRA (Slum Rehabilitation Authority) cases these projects got hit badly due to RERA and Demonetization which are beyond control of the borrowers and therefore, there was need to restructure and provide interest mortarium”. Without performing any Audit procedures, the EP agreed and noted his conclusion that “Management clarifications seemed to be reasonable and therefore these loans were treated as standard assets and accordingly provisioning norms on standard assets as per direction [HFC(NHB) Directions 2010] have been applied for”. No efforts were made to check compliance with the directions of the NHB on asset classification and provisioning of restructured loans²⁴.

g. The possible effect of short provisioning due to wrong asset classification of rescheduled/ restructured loans amounting to 2893.07 crore could have been significant. The EP should have performed other appropriate audit procedures as prescribed in SA 250. Since the possible impact could be above the materiality threshold decided by the EP, it had a direct impact on the audit report in accordance with SA 705(Revised) read with Para 25 of SA 250. The casual approach of the EP demonstrates the absence of due diligence and professional skepticism in this regard.

h. The EP’s claim, that he examined the reply of the Company to NHB, is unsubstantiated. The reply letter of DHFL was dated 02-05-2018, i.e., after the signing of the audit report. The reply letter was approved by the Board on 30.04.2018, the date of the audit report and the date of approval of the Board for the financial statements. However, there is no documentation of the contents of the letter in the Audit File. The EP claims that he examined the draft of the letter during the audit. However, there is no evidence to substantiate that the draft of the letter was examined. Such claims, unsupported by any evidence, reflect afterthoughts on the part of the ER

i. The NHB Inspection Report for the year ended 31st March 2016 interalia reported the wrong classification of loan accounts due to restructuring of loans, capitalisation of overdue interest which were not accounted as NPA etc. This led to an inaccurate assessment of NOF and Capital Adequacy Ratio (CAR). Despite similar adverse comments in the NHB Inspection Report of 2016-17, the EP did not evaluate the loan recovery trends from previous years, progress of projects to determine the creditworthiness of borrowers and challenge contentions of the management that these loans were standard assets.

j. The NHB Directions envisage prior permission of the Board of Directors of the Company for the re-scheduling of the loans. There is no mandate in the said Directions for the Board to either delegate such power or to ratify the decision taken by any other body. The EP admitted that the scheduling of project loans referred to in the NHB Report was approved by MD and later ratified by the Board. This violation of the NHB directions was not examined by the EP.

k. As on the date of the audit report the NHB has given a report containing potential violations of NHB Regulations by DHFL. Such violations fall in the category of suspected non-compliance as per SA 250. The EP contends that the NHB Inspection reports are not final and not concluded by NHB as of the date of the audit report and hence not covered by SA 250. This has no relevance in this case since SA 250 also relates to cases of suspected non-compliance. The EP was bound to follow Para 18 and 21 of SA 250, which was not done in this case. Ironically, the EP himself concluded in the referred WP that the management’s contentions are acceptable, and no provisioning is required as suspected by NHB. In the same breath, he states that provision is not made since NHB did not conclude the report. It is not documented on what basis the EP could presume that, NHB would not recommend provisioning in the final report.

l. The EP stated that he checked the accounting for the items of the inspection report for which the DHFL had agreed to make provision. For those not agreed to by DHFL, the EP also agreed with DHFL. Thus, in both cases, the EP blindly agreed with the management without an independent examination of facts, which is unbecoming of an auditor.

52. Based on the above discussion and facts all the charges in para 50 stand proved. Apart from the above, the following charges in the SCN are also proved in the absence of proper explanations and evidence in the Audit File.

a. In his report, as per the provisions of Housing Finance Companies — Auditor’s Report (National Housing Bank) Directions 2016, the EP stated that “Based upon the audit procedures performed for the purpose of reporting the true and fair view of the financial statements and to the best of information and according to the explanations given to us, we state that the Company has complied with the prudential norms with respect to loan to value ratio, exposure to capital market and concentration of credit/investments as specified in the NHB Directions 2010”. However, this report was issued without performing sufficient procedures regarding compliance with laws as explained below.

i. For the computation of exposure to capital markets, loans/advances sanctioned and guarantees issued for capital market operations would be reckoned with reference to sanctioned limits or outstanding whichever is higher. As per directions of the NHB, direct investment by a housing finance company in shares, convertible bonds, convertible debentures and units of equity-oriented mutual funds shall be calculated at their cost price²⁵. There is no mention in the Audit File of sanctioned and outstanding amounts under the various fund and non-fund facilities given by the Company nor evidence of verification of direct investment in bonds, debentures etc. This shows gross negligence and failure to comply with provisions of SA 250. Instead of explaining this non-compliance, the EP merely stated that “capital market exposure can be easily calculated based on information in the financial statement”. This reply is evidence of absolute disregard for the duty of the auditor regarding independent examination of management assertions.

ii. Regarding the Concentration of Credit, the EP was required to verify compliance with Para 32 of HFC (NHB) Directions 2010. The WP ‘Interest income on ICD’ contains loans given to several parties. However, no analysis has been made of group exposure limits as per the prescribed legal guidelines of NHB. There is no evidence with respect to any procedure to ensure that lending and investment together did not exceed the threshold limits for a single group of parties (40% of owned funds) as per the directions issued by NHB²⁶. The insufficiency of audit evidence renders the EP’ s opinion unreliable.

b. As per NHB Guidelines²⁷, a pre-requisite for putting in place the Asset Liability Management (ALM) System is a strong Management Information System (MIS). It is necessary to computerise the MIS and make use of specialised software for managing the assets and liabilities with respect to maturity mismatches and the various risks associated with such mismatches. ALM has to be supported by a management philosophy that clearly specifies the risk policies and tolerance limits. The EP did not examine the Company’s IT system for generating automated MIS as part of internal control testing nor did he understand the risk policies and tolerance limits if any. The violations of the ALM guidelines are further explained in this Order in the subsequent section on “Going concern”.

c. The EP did not inquire with the management whether DHFL had any prudential limits approved by the Board in terms of Earnings at Risk (EaR) or Net Interest Margin (NIM) in place²⁸. Even though the prudential liquidity gap limits for negative gaps up to one year as per NHB Guidelines was 15% of the cumulative cash outflows for that period, no steps were taken by DHFL to rectify the breach of limits as seen from the disclosure of maturity pattern of assets and liabilities at end of the year 2018.

53. The above discussion establishes the materiality of the amounts involved and the failure of the EP to comply with SA 250 and its objectives, thus making the Auditor’s report baseless.

D.4. Going Concern

54. The EP was charged with the following regarding the requirements of SA 570, – Going Concern.

a. The EP failed to obtain sufficient appropriate audit evidence regarding the entity’s ability to continue as a going concern. The EP ignored clear indications/events that should have raised concerns over the entity’s ability to continue as a going concern.

b. The EP failed in the discharge of his professional duties by not challenging management’s assessment of the applicability of the going concern assumption, by failing to test the adequacy of the supporting evidence, and by failing to evaluate the risk of management bias. The EP’s evaluation²⁹ of the going concern assumption was inadequate in support of the professional obligation to test, evaluate and report on the Going Concern assumption of the Company. The EP, therefore, did not comply with SA 570 (Revised).

55. The EP denied all the charges. He submitted that there were no events indicating the inability of the company to continue as a going concern. In such a scenario the SA does not require the management to prepare a forecast for cash flow for the next 12 months to examine the going concern and thus there was no requirement for the ET to challenge the management.

56. We observe from the Audit File that the EP has stated his conclusion regarding the going concern. This conclusion states that going concern basis is appropriate because the company consistently makes profits, declares dividends, and has liquidity and a positive economic environment. However, the basis for the factors mentioned in the conclusion is not documented in the Audit File.

57. The EP also failed to obtain sufficient appropriate audit evidence regarding the appropriateness of management’s use of the going concern basis of accounting in the preparation of the financial statements, as explained in the following paragraphs.

a. At the outset, we note the contention of the EP that the SAs “only provide guidelines and principles for procedures to be performed” and that all the discussions and inquiries need not be documented. Such comments of the EP arise from a flawed understanding of the law, the Standards and the regulatory regime in place. It is needless to remind the EP that the SAs are mandatorily required to be followed as per Section 143 (9) of the Act. The requirements of the SAs denoted by the word “shall” are unconditionally mandatory and need to be documented invariably as per SA 230.

b. As evident from the Audit File and replies of the EP, the management did not perform a preliminary assessment of the entity’s ability to continue as a going concern. In such a scenario, the EP was required by Para 10(b) of SA 570 (Revised) to discuss with management the basis for the intended use of the going concern basis of accounting and inquire of management whether events or conditions exist that, individually or collectively, may cast significant doubt on the entity’s ability to continue as a going concern. This procedure is part of risk assessment procedures as per SA 315. However, no such discussions are documented by the EP at the risk assessment stage or even thereafter.

c. Section 134(5) of the Act requires the Board to state specifically in its report that the annual accounts are prepared on a going concern basis. Hence, the EP was required to obtain the basis for such an assessment by the management and to evaluate the entity’s ability to continue as a going concern. Instead of doing so, the EP, based on his knowledge, concluded that the Company is a going concern. This violates the mandatory requirement of Para 12 of SA 570(Revised)³⁰. Consequently, the EP did not comply with Para 13 of SA 570 (Revised) as well.

d. Para 14 of the SA requires that in evaluating management’s assessment, the auditor shall consider whether management’s assessment includes all relevant information of which the auditor is aware as a result of the audit. Para 11 of SA 570 (Revised) requires that the auditor shall remain alert throughout the audit for audit evidence of events or conditions that may cast significant doubt on the entity’s ability to continue as a going concern. Thus, the duty cast by the Standard is clear. However, the EP did not comply with these requirements, as explained below.

i. The EP in his reply mentioned that he considered various factors like sufficient liquidity, increase in Assets Under Management, approval for issue of debentures etc. to determine that no events or conditions existed that could cause significant doubt on the entity’s ability to continue as a going concern. However, no such considerations are documented in the Audit File.

ii. As per the guidelines for Asset Liability Management system in Housing Finance Companies issued by NHB (ALM guidelines) DHFL disclosed in note 38.14, “Maturity pattern of certain items of Assets Liabilities”. This disclosure in the SFS shows the liquidity of certain assets and liabilities in different time buckets of contractual maturity. The note shows a liquidity gap in one year. Total outflows are 222,309.68 Crore while inflows are only 214,002.15 Crore indicating, a gap of 28,307.53 Crore. Regarding the financing of the gap, the ALM guidelines stipulates that the negative gap (i.e. where outflows exceed inflows) up to 30/31 days time-buckets should not exceed the prudential limit of 15 per cent of outflows of each time-bucket and the cumulative gap up to the period should not exceed 15% of the cumulative cash outflows up to one year period. In case these limits are exceeded, the measures proposed for bringing the gaps within the limit should be shown by a footnote in the relative statement.. In DHFL’s case, the cumulative gap was 37%, much above the regulatory limit. Thus, there was a regulatory breach which remained unchecked by the EP. As per para 10 read with para A3-A6 of SA 570 (Revised), non-compliance with capital or other statutory requirements is one of the indicators of events or conditions that may cast significant doubt on the entity’s ability to continue as a going concern. The Audit File is silent on this aspect.

iii. There was a 46% to 55% gap in three-time buckets from 2 months to 12 months. The Audit Report was signed on 30th April 2018. By that date, the actual assets realized and liabilities discharged in the 30/31 days bucket would have been known. Despite the liquidity mismatch in the subsequent buckets, the EP did not verify whether the assets were actually realized within the month and were in line with the management’s projection in note 38.14.

iv. Responding to this the EP submitted that the liquidity of the Company is not reflected in note 38.14 as it covers only some of the assets and liabilities. The EP referred to the statement of structural liquidity. However, there is no evidence in the Audit File which shows a reconciliation between the figures as appearing in note 38.14 and the statement of structural liquidity and the balance sheet. There is also no evidence why the liquidity gap mentioned above does not represent the actual liquidity of the Company.

v. The balances of cash and cash equivalents on the closing date have declined by almost 50% as compared to the previous year, and though these may be indicative of liquidity in the hands of the Company, the test of the source of this cash generated and the ability of the Company to meet immediately arising future liabilities has not been performed by the auditor. From the Financial Statements, it is seen that the Company had total current liabilities of 227,230.48 Crore and current assets of Z18,092.05 Crore as of 31-Mar-2018, giving a net current liability of 29,138.43 crore. Read with other indicators explained above, this was a negative factor that ought to have been tested by the EP, with due professional skepticism, regarding the Company’s ability to meet the immediate liabilities.

vi. As per ALM guidelines DHFL was required to submit periodical returns comprising three parts, viz, Statement of structural liquidity, Statement of short- term dynamic liquidity, and Statement of Interest Rate Sensitivity. However, there is no evidence in the Audit File of any examination of these returns.

vii. The ALM guideline also requires the “ALM Support Groups consisting of operating staff’ to prepare forecasts (simulations) reflecting the impact of various possible changes in market conditions on the balance sheet and recommend the action needed to adhere to HFC’s internal limits. There is no evidence of examination of such a forecast prepared by the ALM Support group.

viii. The Company, during 2017-18, indulged in aggressive lending as the housing and other property loans disbursed had doubled compared to previous years. The Company relied heavily on borrowed funds to carry out its lending activities. Coupled with the negative operating cash flows (increased by 50% compared to the previous year), such practices could hamper the operating capability of the Company. The EP failed to examine these indicators³¹.

e.The basic analysis of going concern includes regulatory aspects and liquidity aspects³². The EP’s purported examination of going concern does not even touch upon any such aspects. Thus, the EP ignored the documented information available to him when doing his perfunctory assessment of the going concern assumption.

f. Paras 16 to 25 of SA 570 (Revised) become applicable only if the EP had complied with the basic requirements in Paras 10 to 15. As none of these requirements was complied with by the EP, there is no basis in contending that he complied with the rest of the SA.

58. Based on the above-noted facts we conclude that the EP did not evaluate the going concern basis of the preparation of financial statements as required by SA 570 (Revised). The EP therefore failed to obtain sufficient appropriate audit evidence regarding the entity’s ability to continue as a going concern. All the charges in para 54 above are therefore stand proved.

59. Such lapses have been viewed seriously by international regulators as well. For example, the Public Company Accounting Oversight Board (PCAOB), the US Regulator, charged³³ Bravos & Associates CPA’s (“Firm”) and Thomas W. Bravos, CPA (“Bravos”) for its failure in connection with the audit of UAHC for FYE June 30, 2013 and stated in its order —”where Bravos authorized issuance of the Firm’s unqualified audit report, which included going concern explanatory language regarding those financial statements. However, Respondents did not have a reasonable basis for making these statements and issuing their audit report” For misconduct including this and others, PCAOB censured the firm by revoking its registration and imposed a civil monetary penalty of $ 10000 on the firm. Bravos was barred from being an associated person of a registered public accounting firm.

D.5. Assessment of the Risk of Material Misstatements (RoMM)

60. SA 315 requires audit procedures for the identification, assessment and conclusion relating to RoMM. Para 32 of SA 315 and SA 230 require the corresponding documentation. In the absence of such documented procedures, the EP was charged with failure to appropriately identify, classify and assess the RoMM and failure to contain the RoMM to an acceptably low level as required by SA 315 and SA 240.

61. The EP responded that there is no requirement to document procedures performed to arrive at an understanding of the entity and the risks identified. He further stated that the checklists used by the ET sufficiently document the requirements of para 32 of SA315 and hence all the charges were denied.

62. The EP’s reply demonstrates either his lack of understanding of the SAs and the present regulatory regime or is a rationalization in response to the show cause notice, which is indefensible.

63. On a harmonious reading of Paras 4 and 6 of SA 500, Audit Evidence, and Paras 5 and 8 of SA 230 it is clear that the Auditor is required to document all the audit procedures he designed and performed, all the audit evidence obtained and the results of all such audit procedures to demonstrate compliance with the SAs and sufficient and appropriate record of the basis for the auditor’s report. Para 8 (c) of SA 230 requires documentation of significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions. Moreover, SAs are mandatorily required to be followed as per Section 143 (9) of the Act. The requirements of the SAs denoted by the word “shall” are unconditionally mandatory and need to be documented invariably to evidence compliance with the requirements of the law.

64. SA 230 underlines the documentation requirement of all audit procedures and evidence obtained to support the opinion as further emphasised in other provisions of SA 230, such as the purposes served by the audit documentation, the requirement of timely preparation of Audit Documentation, mandatory requirements for documenting the significant matters, conclusions, and significant professional judgements made in reaching those conclusions. In this process, addressing contradictory evidence appropriately is also a mandatory requirement of SAs.

65. The objective of the auditor, as per SA 315, is to identify and assess the ROMM at the financial statement and assertion levels thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. This will help the auditor to reduce the risk of material misstatement to an acceptably low level. Assertions are representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur. The cryptic documentation in the Audit File indicates that the EP did not assess ROMM at the financial statement level and assertion level. The available documents were prepared as a mere formality without following any of the requirements of SA 315. The basis for this finding is as follows.

a. The EP’s submission that audit procedures are not required to be documented is against the mandatory requirement of SAs. The EP failed to produce any evidence of performing audit procedures as required by SA 315. The conclusions, which too are grossly inadequate, without being supported by the nature, extent and timing of audit procedures are baseless.

b. Para 5 of SA 315 states that the auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. The procedures shall include inquiries, analytical procedures, observation and inspection. None of these mandatory procedures for risk assessment are documented in the Audit File.

c, Para 10 of SA 315 requires that the EP and other key ET members shall discuss the susceptibility of the entity’s financial statements to material misstatement, and the application of the applicable financial reporting framework to the entity’s facts and circumstances. No such discussions are documented in the Audit File.

d. Para 11 of SA 315 mandates that the auditor shall obtain an understanding of various factors regarding the entity and its environment to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. This includes the entity’s objectives and strategies, and those related business risks that may result in ROMM. However, the relevant WPs³⁴ in this regard nowhere identify the significant classes of transactions, account balances and disclosures that are related to the identified factors of the entity and its environment. In the case of business risks, the WP lists 4 risk factors (without any basis documented), but there is no documentation on how these business risks result in ROMM and which classes of transactions or account balances are affected.

e. The documentation is silent about how the key factors such as understanding of the IT
environment, key estimates, litigation and claims, regulatory communications, fraud risk factors and entity-level controls are factored into risk assessment. The documentation nowhere identifies any accounting assertions that are susceptible to ROMM. The risk classification, as required by Para 27 of SA 315, of significant account balances, class of transactions and disclosures are absent. In his reply to the charges on compliance with reporting under Section 143 (3) (i) of the Act, the EP has partially admitted this failure that the “identified risk was not mapped to related assertions in the audit file”.

f. In the WP titled ‘Audit Planning Memorandum’ the EP lists down certain “External Factors”, “Nature of Entity” and “Other” factors to evidence the understanding of the entity and its environment. Almost all the factors are categorised as “pervasive” risks in the WP (without documented the basis), implying that these risks relate to the financial statements as a whole and potentially affect many assertions. However, there is no final risk classification at the financial statement level or assertion level. The EP’ s contention in this regard is that the “significant areas to be covered during the audit” are listed in the WP titled ‘Audit Planning Memorandum’ and “risks relating to these significant areas were the ‘significant risks’. This statement is evidence of the precarious situation the EP is in when it comes to the assessment of ROMM. Para 25, 26 and 27 of SA 315 read with the explanatory paragraphs in this regard make it clear that the identification of specific risks (at the financial statement level and associated with each account caption, disclosures, and related assertions) is a mandatory requirement and is the foundation for subsequent audit procedures. There is no such identification as claimed by the EP and there is no mapping of risk to any account captions, disclosures or assertions. It is not understood as to how, without even determining the materiality, the EP could make a statement that there are “significant areas” and all risks are significant. Does it mean that there were no low or moderate-risk areas in DHFL? If so, then what was the response to the significant risks planned by the EP? How are fraud risk and control testing results factored into the ROMM assessment? The EP’s rudimentary work is in total disregard of the SAs. Importantly, the EP in the WP titled ‘Overall audit strategy’ in point no 11, against the checklist item “Ensure special attention required for any significant risks is given duly while framing the overall audit strategy” recorded that “There is no significant risk”! This recording in the audit file is in total contrast to the plea taken by the EP in response to this charge.

g. The EP claims that WP ‘SA 315. pdf “lists the assessed and identified ROMM at account and assertion level”. The statement itself proves the fallacy of the whole contentions around ROMM. The WP lists “Area of audit”, “Examples of Risks Assessed” and “Examples of steps taken to mitigate the” (sic). Listing ‘examples’ cannot be accepted as compliance with the requirements of SAs in practice. Admittedly, this document lists “40 audit risks in relation to 21 items of financial statements”. However, the financial statements of DHFL contain more than 60 major account captions and several disclosures. The accounting assertions relating to these items are manifold. The basis for arriving at 21 captions, which include captions not available on the financial statements of DHFL, is nowhere documented. Evidently, a template containing “examples” copied from some unknown sources³⁵ cannot contain the actual financial statement captions of DHFL. As a requirement of Paras 27 and 28 of SA 315, having failed to identify and classify risks due to fraud or error, the EP has neither been able to rebut fraud risks and taking them as significant risks nor identify and assess ‘significant risks’ sufficiently, appropriately and objectively. The listed examples of risks in WP `SA315.pdf cannot be concluded to have been assessed completely for multifarious possibilities of their risk.

h. The EP was required to document an assessment of the level of ROMM for each account balance, class of transactions and disclosure at the individual assertion level. However, there is no such identification of the significant risks that require special audit consideration and those risks for which substantive procedures alone are not sufficient. For instance, fraud risk factors regarding loans and provisions could include significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate, incentive and pressure on management to show good numbers, susceptibility to management override, non-conformity with loan covenants, risk of evergreening, rollover, restructuring, deficiencies in credit appraisal, poor recovery patterns, and so on. None of these risk factors are documented by the EP. Since the ROMM is not properly assessed, there is no proper response to the ROMM.

i. Para 26, SA 240 requires the auditor to make a presumption that there is a risk of fraud
in revenue recognition and thereafter an evaluation as to which types of revenue, revenue transactions or assertions give rise to such risks. There is neither any assessment nor the rebuttal of any presumption (Para 47, SA 240) documented in the WPs. There is also no documentation of ROMM due to fraud at the financial statement level and the assertion level as required by Para 44 of SA 240.

j. The EP has made a few fraud-related inquiries³⁶ such as entity-level controls, internal control, accounting processes etc. only with the CFO of the Company. As required by para 17 to 21 of SA 240 the auditor is required to make inquiries with management and others within the entity including the internal auditor, where an internal audit function is present, and also with those charged with governance for identifying risk of material misstatements due to fraud. Para A6 of SA 315 also deals with the requirement to inquire with management and others within the entity including other employees with different levels of authority to identify the ROMM. For instance, there were various deficiencies identified³⁷ by the internal auditor in almost all quarters of 2017-18 like inadequate security creation, non-adherence to product norms, sanction conditions, inadequate approvals, document execution etc. Therefore, a discussion with the internal auditor at the risk assessment stage makes more sense rather than just a formal exercise to comply with the SAs. Even though the glaring indicators of fraud risks were available to the EP, he failed to exercise professional skepticism since no evidence of enquiries at the relevant level is present in the Audit File.

k. Thus, it can be seen from the above facts that the purported assessment of ROMM by the EP is an eyewash and served no purpose.

66. Before the conclusion of the audit, the EP was required³⁸ to evaluate whether the assessments of the risks of material misstatement at the assertion level remain appropriate. This is because information may come to the auditor’s attention that differs significantly from the information on which the risk assessment was based. Though the EP submits that the assessment of ROMM is a continuous process, no such assessment is documented in the Audit File.

67. Therefore, we conclude that the EP failed to appropriately identify, classify, assess and document the RoMM and consequently failed to contain the RoMM to an acceptably low level as required under various stipulations in SA 315 and SA 240. Therefore, the EP failed to design and perform further audit procedures that respond to the assessed ROMM to provide the evidence necessary to support the audit opinion. Thus, the charges in para 60 above stand proved.

68. Such lapses in risk assessment are viewed seriously by audit regulators across the world. In the matter of Ronald R. Chadwick, P.C. and Ronald R. Chadwick, CPA the PCAOB observed³⁹ that the auditors failed to properly identify and assess audit risk, including the risk of material misstatement. Regarding fraud risk, the PCAOB order states that “the requirement that auditors should presume that there is a fraud risk involving improper revenue recognition, 56 Respondents did not identify a risk offraud associated with revenue recognition, nor did the audit work papers document any reasons why a fraud risk was not identified”. The PCAOB revoked the registration of the firm and barred Chadwick for 3 years from being an associated person of a registered public accounting firm.

69. Lack of sufficient documentation has also been viewed seriously by national and international regulators as well. For example, in the matter of Bharat Parikh & Associates Chartered Accountants, dated 19.03.2019, PCAOB took a serious view of the lack of sufficient documentation and imposed penalties and sanctions for violations including insufficient documentation. The PCAOB order states that “….Audit documentation must contain sufficient information to enable an experienced auditor, having no previous connection with the engagement to: (a) understand the nature, timing, extent, and results of the procedures performed, evidence obtained, and conclusions reached, and (b) determine who performed the work and the date such work was completed as well as the person who reviewed the work and the date of such review…….. the documentation for each of those audits was insufficient to demonstrate the nature, timing, extent, and results of the procedures performed, evidence obtained, and conclusions reached, including in those areas of the audits involving significant risks. For the FY 2016 and 2017 Issuer A audits, the documentation also failed to demonstrate who performed the work and the date such work was completed. Additionally, in each of the Issuer A and Issuer B audits, the audit documentation was insufficient to demonstrate which aspects of the audit and which audit documentation Bharat Parikh reviewed.”

D.6. Internal control relating to the appraisal of loans

Controls on appraisal and sanction of loans

70. The EP was charged with failure to identify the deficiencies in internal control relating to the appraisal and sanction of loans at the head office level and branch level. Needless to say, this is the case of an NBFC where loans are its core function. The revenue, liquidity and asset quality are all dependent on the loan portfolio and hence the verification of this item was a significant matter and material to the financial statements.

71. The EP replied that he complied with all the requirements. He described the loan appraisal process followed by the Company. However, we observe that the EP failed to perform the audit procedures required of him regarding control testing. The EP did not even document the credit SOP followed by the Company or the relevant processes as per the SOP of the Company. The EP has referred to a WP^4° in which he purportedly tested the controls over the appraisal and sanction of loans at the head office. However, this document does not provide evidence of any control testing procedures performed and evidence obtained by the EP.

72. None of the contentions of the EP are acceptable in the absence of proper identification of the controls, testing of the design, implementation and operating effectiveness. We note from the referred WP that in 4 cases⁴¹ amounting to Z1205 Crore of sanctioned loans, the loan was disbursed prior to the issue of the sanction letter and the date of the loan agreement, which clearly shows either no controls existed or controls were not followed. Similarly, the samples do not evidence testing of controls to ensure credit worthiness of the borrower and that the delegated powers of approval are followed. There are many instances of non-compliance with the project loan policy which remain unchecked, as mentioned below:

i. Requirement of the project loan policy to keep Asset Coverage Ratio @125% based on project valuation.

ii. Testing of legal search and technical scrutiny reports based on which project loan was sanctioned.

iii. Verification of charge created on assets.

73. The WP is a testimony that the EP had simply relied on all the information provided by the management without any professional skepticism.

74. Regarding the evaluation of internal controls relating to the appraisal of loans at branch level, the EP submitted that all the required controls were tested based on the 5 sample RPUs selected and based on the controls at the head office level. However, we observe that there are no branch-related controls documented by the EP. Even with the limited sample testing in most of the cases credit reports and valuation reports were not available. Though the ET has noted this, no further follow-up was done in this regard. Such instances indicate the absence of controls at branches, but the EP did not address these deficiencies appropriately.

75. Based on the above, the charges in para 70 regarding failure to examine controls over loan appraisal and sanction stand proved.

Management override of controls

76. The EP was charged with failure to design and perform audit procedures to minimise the risk of material misstatement due to management override of controls⁴² in the loan appraisal process of the Company. The EP was also charged with failure to verify the Internal Controls over ensuring end-use in accordance with the sanction terms.

77. Though the EP explained certain processes instituted by the management in this regard, in the absence of any evidence of testing on the part of EP the charges are established. Moreover, from the Audit File, it is found that the end-use monitoring clause is present only in the case of housing loans granted to individuals. In other loan cases, specifically in project loans, which are high-value corporate loans, such end-use monitoring was not part of the respective policies. Hence, for high-value corporate loan cases, there is no system of monitoring of funds disbursed by the Company. This explains the existence of high credit risk, which if not addressed, may result in such loans becoming non-performing assets. The EP failed to notice such lacunae in the internal control over credit monitoring.

78. We also noted that the illegally appointed branch auditors did not examine the controls over loans at the branch level. Some of these reports highlighted issues in loan documentation which remain unaddressed either by the EP or by the branch auditors. Such issues may lead to control deficiencies, which were ignored by the EP.

79. As charged in the SCN, the above actions of the EP amount to failure to design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence as per Para 6 of SA 500. The EP also failed to document the key elements of internal controls as required by Para 32 (b) of SA 315. The limited documentation made by the EP did not comply with the requirements of Para 8 of SA 230. Therefore, the charges in paras 76 above are proved.

D.7. Reporting under Section 143(3)(i) of the Act

80. The EP was charged with failure to obtain sufficient information which is necessary for the expression of an opinion on Internal Financial Controls over Financial Reporting (ICFR) and for issuing a baseless audit report under Section 143(3)(i)⁴⁴ of the Act. The EP did not maintain professional skepticism, professional competence and due care during the audit.

81. The EP in his reply denied all the charges, stating that the opinion on ICFR was based on audit procedures as per the Guidance Note of ICAI on ICFR. We observe that the contention of the EP is not supported by evidence as explained below.

a. The EP stated in his report on ICFR of the SFS that “We conducted our audit in accordance with the Guidance Note on Audit of Internal Financial Controls over Financial Reporting (the “Guidance Note “) and the Standards on Auditing, issued by ICAI”. Based on the requirements of the Guidance Note and SAs, the EP was expected to:

i. Obtain an understanding of the overall risks to internal financial controls over financial reporting.

ii. Identify significant entity-level controls as part of the Company’s control environment and controls over management override.

iii. Identify significant account balances and disclosure items and their relevant assertions.

iv. Determine the flow of transactions relevant to these assertions, to show the initiation, authorization, process and recording of these transactions.

v. Perform audit procedures, such as walkthroughs, on significant flow of transactions to identify areas where control is missing or not appropriately designed.

b. However, we observe that the EP’s work is grossly inadequate and does not comply with the above basic requirements of SAs and the Guidance Note referred to by the EP. In section D.5 we have proved that the EP failed to identify ROMM appropriately. In this regard, the EP has placed reliance on WP `SA315.pdf , which lists down certain “examples”. Its lack of evidentiary value is already explained in Section D.5. We also proved in the said section that the EP did not identify the significant account balances and disclosure items and their relevant assertions, mapped to the ROMM. The EP’s contention in this regard is that though such mapping is not done in the Audit File, one can understand it from the “description of the assessed risk”. Such comments from the EP again prove his disregard for the mandatory provisions of the SAs. It also proves his lack of understanding of the fact that proper risk classification at the financial statement level and the levels of account balances, classes of transactions, disclosure and their relevant assertions form the very basis for a risk-based audit culminated in providing reasonable assurance. Nowhere in the Audit File, the EP has done proper risk assessment and classification as required by the standards. Therefore, the EP’s stated reliance on the ROMM assessment as the basis for the identification of significant controls is non-est. This fact alone makes the name-sake control testing performed by the EP irrelevant for the purpose of expressing an opinion on ICFR.

c. We also proved that the EP failed to examine the management override of controls in its entirety. This is further evidenced by the fact that against control to address the risk of unauthorised journal entries, in the WP⁴⁵ referred by the EP, it is recorded that “JVs in Fixed deposit Module are automatically passed in OMNI system however certain JVs which are related to adjustments are manually approved”. There is no further examination by the EP in the angle of management override of controls, even after noting the manual override of automated controls in journal entries.

d. In the WP, the ET has recorded some controls with respect to the following: Entity Level Controls, Book Closure, IT General Controls, Payroll, Revenue, Borrowings, Investments, Interest and Finance costs, Key Operating Expenses, Fixed Assets, and Loans & Advances. There is no documentation to show the audit procedures followed by the ET based on which significant account balances/disclosure items and relevant assertions that may carry the potential of a misstatement have been identified.

e. In the referred WP, the controls listed, the risks identified, and the control processes therein are exactly as provided by the Company as per their Risk Control Matrix (RCM). SA 315 (Para 16) in this regard requires that if the entity has established a risk assessment process, the auditor shall obtain an understanding of it, and the results thereof. Where the auditor identifies risks of material misstatement that management failed to identify, the auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects would have been identified by the entity’s risk assessment process. However, there is no such examination done by the EP, neither documented in the Audit File nor claimed to have been done. The EP proceeded to his purported test of the controls on the basis of the data provided by the Company without examining it with professional skepticism. This is the reason why the risks noted therein do not have any connection to the EP’s audit plan and risk assessment.

f. The RCM provided by the management does not cover branch operations. It is also evident from the WP `6ACM 3OAPR 2018. pdr that the development of the “Risk Control Matrix (RCM) basis the assurance framework” was “in Progress” during FY 17-18. As per this WP, a draft RCM was prepared for Regional, Branch and Service Center audits and RCM for other functions were in progress.

g. Regarding the tests performed by the EP on the data provided by the Company, we observe that there is no evidence of the work done by the EP to determine the flow of transactions relevant to these assertions, to show the initiation, authorization, process and recording of these transactions. The IT processes which are relevant to the flow of transactions have also not been identified by the ET. The EP, after explaining in detail the processes in the RCM document which is nothing but the Company data, claims that he evaluated the process flows and corresponding workflows in the IT system. This statement is rejected since there is neither any evidence of such testing nor are any WPs referenced by the EP in his reply. Documentation of evidence obtained, identification characteristics of the population tested and the timing and extent of audit procedures are mandatory requirements of SA 230. Further, we also observe that the EP has referred to certain screenshots of the IT system in his Audit File. A screenshot in isolation can never evidence compliance with a control process testing by the EP.

h. The EP’s procedures were inadequate to ensure the design effectiveness of controls as required by Para 13 of SA 315. We observe that in several cases⁴⁶, even after noting control deficiencies, the ET noted that testing regarding design and operating effectiveness is pending. The EP failed to perform any audit procedures to determine whether these control deficiencies constituted a material weakness in the internal financial controls. We also observe that the EP did not perform the test of the operating effectiveness of the majority of the controls. For instance, regarding loans, which is the most significant item in the financial statement, for 29 out of 53 controls listed, the EP’s testing is limited to the purported ‘walkthrough⁴⁷‘. A walkthrough of one transaction does not confirm that a control stated to be in place by the Company has been operating as designed for the period under reporting. Testing the operating effectiveness requires drawing a representative sample and then testing the control procedures through various audit procedures. There is also no evidence of testing that the designed control operated as prescribed by persons possessing the necessary authority and competence to perform the control activity and can effectively prevent or detect errors or fraud.

i. Apart from the above fundamental deficiencies, we observe the following further deviations from SAs or the Guidance Note that render the audit opinion on ICFR baseless.

i. Entity Level Controls: Entity-level controls, as described in Para 90 of the Guidance Note, are controls that have a pervasive effect on a Company’s internal control. The process of identifying relevant entity-level controls could begin with discussions between the auditor and appropriate management personnel to obtain a preliminary understanding of each component of internal financial controls. Other than relying on the policy documents provided by the management, the ET did not document any discussion with the management and/or the ET’s conclusions on the operation of such controls. The availability of the Company’s policies is no indication of whether these had been adhered to in practice. The ET claims to have undertaken walkthroughs of certain policies and risk management practices. Placing a copy of the policy document in the audit file is not a walkthrough. While documents reflect what the Company intends to do, they do not answer the implementation question. A walkthrough is evidenced by enquiries, inspection of documents and observations. The Audit File did not evidence such a walkthrough.

ii. In his reply, the EP has given the following example of his testing of control, including a walkthrough:

Risk	Control Obj ective	Control Activity	Testing description
Unauthor ized/inco rrect disburse ment of loan	Loan disburse ment is correct and authorize d as per the Authority Matrix	Any change in the signatory list or limits is based on an approved Board Resolution. The change  request approved by the authorized signatories along with the Board Resolution is submitted to the Bank for necessary changes of authorized signatories and limits at their end. The request approved by the authorized signatories along with the Board Resolution is submitted to the Banks for necessary changes of authorized signatories and limits at their end within one month time.	We reviewed Board Resolution evidencing authorized signatories list We did a walkthrough of requests sent by Manager Accounts to 5 Banks about addition and deletion of authorized signatories

iii. To test the above control. the EP has documented the Board Resolution dated 27th January 2016 and communication to 4 banks dated 20^th December 2017. The Board resolution carries the names of authorised signatories stated in the letters as removed from the signatory list due to resignation or transfer, not the people included in the signatories as per the letters. Then the EP claims that he did a “walkthrough” of 5 banks. A walkthrough is tracing a transaction from start to end. However, the EP did not verify the relevant board resolution, the approval of the authorised signatory, or the time limits prescribed in the control. Also, the walkthrough should end with ensuring that the Board-approved authorisation is followed by the Company in practice. Mere documentation of the Company documents does not amount to a walkthrough. Giving this as an example in the reply shows that the EP is unaware of how an audit procedure, such as a walkthrough, is to be conducted for control testing. If we go by the EP’ s example, it is observed that the control was not operating as designed.

iv. The gross inadequacy of the testing is further evidenced by the reply of the EP to our observation in the SCN that there is no documentation of the management’s assessment of the adequacy and effectiveness of internal controls. To evidence the management assessment, the EP cites a presentation documented in the Audit File, claiming to be made by the management in the audit committee meeting on 9th April 2018. The EP then claims in his reply that “Without carrying out a thorough assessment and evaluations, the management would not have designed the Risk Control Matrix, which had 266 controls, and also, subsequently, made a presentation before the audit committee”.

v. In this regard, we note that Section 134 (5) of the Act requires the directors’ responsibility statement to state that the directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and operating effectively. Also, Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the Board of Directors’ report of all companies to state the details in respect of adequacy of internal financial controls with reference to the fmancial statements. Section 143(3) (i) of the Act requires the EP to give an opinion on (a) whether the company has adequate internal financial controls in place and (b) the effectiveness of ICFR. Thus, the auditor’s responsibility of giving an opinion follows the Company’s responsibility of instituting and maintaining an adequate system of internal controls. A periodical assessment by the management is basic to this responsibility.

vi. Para 17(a) of SA 240, read with Para A 1 2 and A63 emphasises the importance of management’s assessment of internal controls. The Guidance Note also emphasise this⁴⁸ and states that in a combined audit of ICFR and financial statements, the auditor expresses an opinion on the (a) “Opinion on internal control over financial reporting, which requires: — Evaluating and opining on management’s assessment of the effectiveness of internal financial controls” and (b) Evaluating and opining on the effectiveness of internal controls over financial reporting.

vii. A mere presentation before the audit Committee and Risk Control Matrix prepared by the management, cannot lead an EP to conclude that the management had carried out a “thorough assessment and evaluation” of ICFR at specific dates. The EP must obtain persuasive evidence in this regard which has not been done in the instant case.

82. We have already discussed the absence of testing in the case of internal control relating to the appraisal of loans at the head office and branches. Read with the above facts, we observe that the EP failed to obtain sufficient information which is necessary for the expression of an opinion on ICFR and issued a baseless audit report under Section 143(3)(i) of the Act. By ignoring even, the basics of the audit of ICFR, the EP demonstrated the absence of professional skepticism, professional competence, and due care as required by SA 200⁴⁹. In view of these facts, the charges in para 80 stand proved.

83. Lapses in the audit of ICFR are viewed seriously by audit regulators across the world. In the matter of James R. Waggoner, CPA^5° the US audit regulator PCAOB barred the CPA for three years from being an associated person of a registered public accounting firm. The disciplinary order, inter alia, observed “Waggoner authorized BSP’s issuance of an audit report containing an unqualified opinion on the effectiveness of North American Gaming’s ICFR as of December 31, 2008, despite knowing that North American Gaming could not perform an impairment analysis over a material asset as of December 31, 2008. Waggoner failed to perform any audit procedures to determine whether this control deficiency constituted a material weakness in North American Gaming’s ICFR.”

D.8. Related Party Transactions

84. The EP was charged with failure to verify the Related Party Transactions (RPT) as required by the SAs. The ET has failed in understanding the nature of related party relationships and transactions, failed in testing for completeness of related parties and transactions, failed in evaluating management override of controls, failed in verifying arm’s length basis of related party transactions and failed in duly reporting under CARO 2016 as there was no record of sufficient appropriate audit evidence in the Audit File about these matters. Such failures have resulted in the violation of the provisions of SAs 500 and 550. Consequently, the ET has failed to demonstrate the achievement of the overall objectives of the audit as well as the objectives of the respective SAs.

85. The EP submitted that the RPTs in the Company were not significant, and that the EP complied with all the requirements of the standards. We observe that the EP, under Clause 3(xiii) of the Companies (Auditor’s Report) Order, (CARO) 2016 on the Company’s standalone financial statements for FY 2017-18, reported that “In our opinion and according to the information and explanations given to us, Company is in compliance with Sections 177 and 188 of the Act, wherever applicable, for all the transactions with related parties and their details have been disclosed in the standalone financial statements etc., as required by the applicable accounting standards.”. As this reporting is irrespective of the materiality of RPTs we examine EP’s compliance with the applicable SAs and the Act and observe as follows,

a. There is no evidence that the EP has verified the complements of RPTs and hence the claim that RPTs are not material is not admissible. At the planning stage,⁵¹ the EP identified the following risks and their response related to RPTs.

Audit Risk: Risks with regard to related-party transactions are:-

Overly complex transactions: Related parties may operate through an extensive and complex range of relationships and structures.

Relationships and transactions not identified.
Not conducted in the normal course of business.

Response to Audit Risk : Review of Related Parties hosed on declaration in MBP 1 by Directors. Review of Compliances of Provisions of Sect ion 177 and 188 of Companies Act,

b. The EP in his reply to SCN, stated that the ET reviewed declarations by directors in form MBP 1, reviewed minutes of the audit committee and the Board, scrutinised ledger transactions and obtained written representations to ensure compliance with Sections 177 and 188 of the Act. However, we observe no procedures and evidence of review of related parties, other than written representations and verification of declarations by the directors documented in the Audit File. The verification of MBP-1 can only evidence a part of the related parties, as declared by the Directors. In this regard, the EP was required⁵² to perform audit procedures and related activities set out in paragraphs 12­17 of SA 550.

c. We observe that the Audit File contains Form MBP 1 for 7 directors. Out of the 7 forms, the date of signature and date of declaration is not mentioned in 2 forms. Further in all the forms it is clearly mentioned that the declaration is applicable “For the financial year commencing from 1st April, 2018”. The date of signature of the director making the declaration was 1st April 2018 wherever it is available. In this regard, as per Section 184 (1) of the Act the relevant date for the declaration by directors for the year of audit (2017-18) should be the date of the first meeting of the Board in FY 2017-18. Instead of this, the EP relied on declarations on 1st April 2018, applicable for FY 2018-19. This shows that the EP just obtained Form MBP 1 from the management and documented it without any evaluation. Further, we observe that there are changes in the interests of some of the directors during the FY 2017-18. The audit file does not contain the declarations for FY 2017-18. Thus, the EP has failed to comply with Para 11 and 13 of SA 550. In the absence of documented procedures and evidence, the completeness of RPTs remains unverified.

d. Without prejudice, we note that the EP’s further procedures fall short of the requirements of the standards as explained below.

i. To prove compliance with para 13 (c) of SA 550 the EP submits that he obtained the ledger accounts of the related parties and verified the reported transactions. The WP cited shows a copy of the ledger accounts of some of the related parties. Such an examination does not identify the actual purpose of the transactions as required by para 13 (c) of SA 550.

ii. To prove compliance with para 14 of SA 550 the EP submits that he verified the minutes of the meeting of the Audit Committee which approves related party transactions. However, reading the minutes does not enable the auditor to obtain an understanding of the controls regarding identification, accounting, and disclosure of related party relationships and transactions in accordance with the applicable financial reporting framework. Thus, the EP violated para 14 (a) of SA 550.

iii. Regarding approval of RPT as per Section 177, the EP claims that the Audit Committee had approved all the transactions. However, the WPs in this regard only have partial” evidence of approval of the audit committee for “investment for an amount not exceeding Rs. 50 Crore in Avanse Financial Services Limited”⁵⁴ and a trademark fee transaction with another related party. Even, these two approvals are also partial since the amounts of the transactions are not clearly available in the approval. There is no other documentation evidencing the RPT details and the amounts approved by the Audit Committee. Given the fact that as per Sections 177 and 188 of the Act, all the RPTs require Audit Committee approval or recommendation, it was the duty of the EP to ensure compliance by ensuring proper controls over RPT approvals and through substantive procedures. The documentation of EP does not evidence such compliance by the Company. Out of RPTs with 21 parties mentioned in Note 36B of Standalone Financial Statements 2017-18, a partial approval is seen documented only for one party as explained above.

iv. There is no proper verification of the arm’s length nature of the RPTs. The EP’s contention in this regard is that the approval process and arm’s length nature verified in one transaction of trademark fee with one related party for Z 43.84 crore. According to him, this evidence shows that proper controls existed in the Company for all other transactions. However, we note that no controls are documented in this regard. Our observations of control testing are detailed in section D.7 of this Order. Further, the arm’s length price was stated to be tested for the above transaction based on a valuation report taken by the company from an external expert. It is observed that there are no documents in the Audit File evidencing the examination, evaluation and conclusions drawn on the said valuation report. Also, there is no audit evidence of compliance with para 8 of SA 500, regarding the use of the work of a management expert.

e. Thus, the failures to obtain sufficient appropriate audit evidence as per SA 500 regarding the completeness of RPT, the arm’s length nature and the Audit Committee approval has resulted in issuing a baseless report under CARO 2016 on compliance with Sections 177 and 188 of the Act.

86. Based on the above facts we observe that the EP failed to verify the related party transactions as required by the SAs. The EP failed to understand the nature of related party relationships and transactions, failed to test the completeness of related parties and transactions, failed to evaluate controls, failed to verify the arm’s length basis of related party transactions and failed to duly report under CARO 2016. Such failures have resulted in violations of SA 500 and 550 as explained in the paras above. Consequently, the EP has failed to demonstrate the achievement of the objectives of the respective SAs. Hence the charges in para 84 above stand proved.

87. As a consequence of all the above failures, the EP failed to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement due to fraud or error. The EP also failed to ensure that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. The Audit Opinion issued by the EP is therefore baseless.

88. The auditor’s failure to obtain sufficient appropriate audit evidence in respect of RPTs has been viewed seriously by the International Regulators as well. For example, PCAOB, in the matter of Cheryl L. Gore, CPA and Stanley R. Langston, CPA (Respondents)⁵⁵, barred the respondents from being associated with a registered public accounting firm and imposed a monetary penalty of $30,000 collectively for their failure inter alia to obtain sufficient appropriate audit evidence with respect to related party transactions.

89. In another case, PCAOB, in the matter of Yichien Yeh, CPA (Firm) and Yichien Yeh (Respondent)⁵⁶, revoked the firm’s registration and barred the respondents from being associated with a registered public accounting firm and imposed a monetary penalty of $10,000 collectively for their failure inter alia to obtain sufficient appropriate audit evidence with respect to related party transactions.

Articles of Charges of Professional Misconduct

90. As discussed, the EP has made a series of serious departures from the Standards and the Law, in the conduct of the audit of DHFL for FY 2017-18. Based on the above discussion, it is proved that EP had issued an unmodified opinion on the Financial Statements without any basis. The poor quality of the audit, incomplete documentation and attempt to mislead through baseless replies further compound the professional misconduct on the part of the EP. He demonstrated a lack of awareness and disregard for the mandatory provisions of the SAs and the law throughout the replies. Based on the discussion and analysis, we conclude that the EP has committed Professional Misconduct as defined in the Act, as below:

a. CA Jignesh Mehta committed professional misconduct as defined by Section 132 (4) of the Companies Act, 2013, read with Section 22 and Clause 5 of Part I of the Second Schedule of the Chartered Accountants Act, 1949 (No. 38 of 1949) as amended from time to time, which states that a Chartered Accountant is guilty of professional misconduct when he “fails to disclose a material fact known to him which is not disclosed in a financial statement, but disclosure of which is necessary in making such financial statement where he is concerned with that financial statement in a professional capacity”.

This charge is proved as the EP failed to disclose in his report the material non-compliances of the Company regarding branch audits, consolidated financial statements and ICFR as explained in sections D.1, D.2 and D.7 above.

b. CA Jignesh Mehta committed professional misconduct as defined by Section 132 (4) of the Companies Act, 2013, read with Section 22 and Clause 6 of Part I of the Second Schedule of the Chartered Accountants Act, 1949 (No. 38 of 1949) as amended from time to time, which states that a Chartered Accountant is guilty of professional misconduct when he “fails to report a material misstatement known to him to appear in a financial statement with which he is concerned in a professional capacity”.

This charge is proved as the EP failed to disclose in his report the material non-compliances of the Company regarding branch audits and consolidated financial statements as explained in sections D.1 and D.2 above.

c. CA Jignesh Mehta committed professional misconduct as defined by Section 132 (4) of the Companies Act, 2013, read with Section 22 and Clause 7 of Part I of the Second Schedule of the Chartered Accountants Act, 1949 (No. 38 of 1949) as amended from time to time, which states that a Chartered Accountant is guilty of professional misconduct when he “does not exercise due diligence or is grossly negligent in the conduct of his professional duties”.

This charge is proved as the EP, conducted the Audit of a Public Interest Entity in total disregard of his statutory duties, evidenced by multiple critical omissions and violations of the standards. The instances of failure to conduct the audit in accordance with the SAs and applicable regulations, and failure to report the material misstatements in the financial statements and non-compliances made by the Company are as explained in Paras D.1 to D.8 above.

d. CA Jignesh Mehta committed professional misconduct as defined by Section 132 (4) of the Companies Act, 2013, read with Section 22 and Clause 8 of Part I of the Second Schedule of the Chartered Accountants Act, 1949 (No. 38 of 1949) as amended from time to time, which states that a Chartered Accountant is guilty of professional misconduct when he “fails to obtain sufficient information which is necessary for expression of an opinion or its exceptions are sufficiently material to negate the expression of an opinion”.

This charge is proved as the EP failed to conduct the audit in accordance with the SAs and applicable regulations as well as due to his total failure to report the material misstatements and non-compliances made by the Company in the financial statements as explained in Paras D.1 to D.8 above.

e, CA Jignesh Mehta committed professional misconduct as defined by Section 132 (4) of the Companies Act, 2013, read with Section 22 and Clause 9 of Part I of the Second Schedule of the Chartered Accountants Act, 1949 (No. 38 of 1949) as amended from time to time, which states that a Chartered Accountant is guilty of professional misconduct when he “fails to invite attention to any material departure from the generally accepted procedure of audit applicable to the circumstances”.

This charge is proved since the EP failed to conduct the audit in accordance with the SAs as explained in Paras D.1, D.3, D.4, D.5 and D.8 above but falsely reported in his audit report that the audit was conducted as per SAs.

91. Therefore, we conclude that the charges of professional misconduct in the SCN, as detailed above, stand proved based on the evidence in the Audit File, the audit reports on the standalone financial statements and consolidated financial statements for the FY 2017-18 dated 30^th April 2018, the submissions made by the EP, the audited financial statements of DHFL and other material on record.

F. SANCTIONS AND PENALTIES

92. Section 132 (4) of the Companies Act, 2013 provides for penalties in a case where professional misconduct is proved. The seriousness with which proved cases of professional misconduct are viewed is evident from the fact that a minimum punishment is laid down by the law.

93. Independent Auditors of publicly listed companies serve a critical public function of enabling the users of audited Financial Statements to make informed decisions. It is the duty of an auditor to conduct the audit with professional skepticism and due diligence and report his opinion in an unbiased manner. Statutory audits provide useful information to the stakeholders and public, based on which they make their decisions on their investments or do transactions with the public interest entity.

94. Absent a robust system of auditing, investors, creditors and other users of Financial Statements would be handicapped and their work compromised. The entire corporate governance system would fail and result in a breakdown in the trust and confidence of investors and the public at large if the auditors do not perform their job with professional skepticism and due diligence and adhere to the standards.

95. The EP in the present case was required to ensure compliance with SAs to achieve the necessary audit quality and lend credibility to Financial Statements to facilitate its users. As detailed in this Order, substantial deficiencies in audit, abdication of responsibility and inappropriate conclusions on the part of CA Jignesh Mehta establish his professional misconduct. The replies of the EP showed his absolute disregard for challenging the management assertions, documenting the audit procedures, documenting evidence and conclusions, lack of understanding of the mandatory nature of SAs, lack of understanding of the basic audit procedures and absence of required professional skepticism. There was no proper audit of the 250 branches, where neither the EP nor the illegally appointed branch auditors followed SAs. C&S were the sole Statutory Auditors of the Company including all its branches. Therefore, the EP’s report under section 143 of the Companies Act 2013 and the report under CARO 2016, both referring to and relying on the work of the illegally appointed branch statutory auditors, rendered invalid.

96. The deficiencies and lapses pointed out in this Order, rendered the entire audit infructuous.

97. Despite being a qualified professional, CA Jignesh Mehta has not adhered to the Standards and has thus, not discharged the duty cast upon him. The absence of professional skepticism and challenge of the management in critical areas of the audit were prevalent in all the above areas of the audit. Because professional misconducts have been proved and considering the nature of violations and principles of proportionality and keeping in mind the deterrence, signalling value of the sanctions, we, in the exercise of powers under Section 132 (4) of the Companies Act, 2013, proceed to order the following sanctions:

98. The professional misconduct has been detailed and proven on various counts in the body of this Order. Considering the nature and seriousness of violations and principles of proportionality, we, in the exercise of powers under Section 132 (4) (c) of the Companies Act, 2013, order the sanctions detailed below. In light of the judgment of the Hon’ble National Company Law Appellate Tribunal (NCLAT) dated 01.12.2023,⁵⁷ we have limited the monetary penalty to ZS Lakh only since the violations relate to FY 2017-18.

a. Imposition of a monetary penalty of Rupees Five Lakh upon CA Jignesh Mehta.

b. In addition, CA Jignesh Mehta has been debarred for Ten years from being appointed as an auditor or internal auditor or from undertaking any audit in respect of financial statements or internal audit of the functions and activities of any company or body corporate.

99. This order will become effective after 30 days from the date of issue of this order.

Sd/-
(Dr. Aj ay Bhushan Prasad Pandey)
Chairperson

Sd/-
(Praveen Kumar Tiwari)
Full-Time Member

Sd/-
(Smita Jhingran)
Full-Time Member

Authorised for issue by the National Financial Reporting Authority.

 

Date: 05.12.2023
Place: New Delhi

(Vidhu Sood)
Secretary

To,

CA Jignesh Mehta,
ICAI Membership No. 102749,
Partner, Chaturvedi & Shah LLP, Chartered Accountants,
Firm Registration Number (FRN): 101720W,
714-715, Tulsaini Chambers,
121, Nariman Point, Mumbai 400021,
Maharashtra, India
Email: jignesh.m@cas.ind.in

Copy to:

(i) Secretary, Ministry of Corporate Affairs, Government of India, New Delhi.

(ii) Secretary, Institute of Chartered Accountants of India, New Delhi.

(iii) Reserve Bank of India.

(iv) Securities and Exchange Board of India.

(v) Piramal Housing Finance Limited, Mumbai

(vi) National Housing Bank

(vii) IT-Team, NFRA for uploading the order on the website of NFRA.

Notes

¹ SA 570 (Revised) Going Concern.

² SA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment.

³ SA 230 Audit Documentation.

⁴ SA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements.

⁵ SA 500 Audit Evidence.

⁶ SA 550 Related Parties.

⁷ As provided in the annual report 17-18.

⁸ WP – SME_Operations_Manual.

⁹ The presentation made by EP, documented in WP 30302 Audit Committee presentation, slide 4 and 19.

¹⁰ WP 29 Branch Audit\Branch Audit Gist FY 17-18.xls.

¹¹ WP Auditors Requirements & Loan Docket Samples -Ahmedabad final.

¹² Orders against the branch auditors are available on the NFRA website. In a few cases, the order is yet to be passed/given effect due to court orders. Such cases are not included in the cases mentioned here.

¹³ Note 2.2 of the CFS for FY 2017-18.

¹⁴ It is seen from the financial statements of DIL for FY 2017-18, which are part of the Audit File, that DIL has no revenue from operations, and its paid-up equity was X101.25 crores as on 31.03.2018. As on 31st March 2018, the net worth of DIL stood at 299.78 crores.

¹⁵ Accounting Standard (AS) 21 Consolidated Financial Statements

¹⁶ Considered as 100 months by the Company and agreed by the EP.

¹⁷ AS 21 — Para 5.2 “A subsidiary is an enterprise that is controlled by another enterprise (known as the parent)”. Para 5.1 “Control: (a) the ownership, directly or indirectly through subsidiary(ies), of more than

¹⁸ Note 2.2 of the CFS of 2017-18

¹⁹ ‘Near Future’ is considered as not more than twelve months from the acquisition of relevant investments unless a longer period can be justified on the basis of facts and circumstances of the case. (Explanation (b) to Paragraph 11 of AS 21).

20 The Expert opinion dated 29-04-2017, issued by Bhavna Doshi Associates LLP talks about “nominal share capital of Rs 1,00,000” in DIL. But as on 31″ March 2017, the shareholding of DHFL in DIL was around T100 crore. The opinion did not consider that the CCDs were pledged by WGC for external borrowings. The Opinion also ignores the fact that DIL was a subsidiary of DHFL as well as WGC.

²¹ Para 1, SA 250.

²² Para 4 of SA 250.

²³ Para 5 of SA 250

²⁴ HFC NHB Directions 2010 Para 2 clause (zc) states that restructured loans are sub-standard assets.

²⁵ Para 31(2)(d) of HFC(NHB) Directions 2010.

²⁶ Para 32(1)(iii)(b) of HFC(NHB) Directions 2010

²⁷ ALM System for HFCs Guidelines (NHB/ND/DRS/Pol-No. 35/2010-11) dated 11 October 2010

²⁸ As per para 14.5 of the Guidelines in footnote 27 above read with Note 38.14 ^,if SFS.

²⁹ As per WP \\27 Closing Documents1Audit Checklist\Audit Closure.pdf

³° Para A 8 states “It is not the auditor’s responsibility to rectify the lack of analysis by management…..when there is a history of profitable operations and a ready access to financial resources, management may make its assessment without detailed analysis.” Here, there is no analysis at all by the management.

³¹ AS 3 states, “The amount of cash flows arising from operating activities is a key indicator of the extent to which the operations of the enterprise have generated sufficient cash flows to maintain the operating capability of the enterprise”.

³² Para A3 of SA 570 (Revised).

³³ PCAOB release No. 105 2015 028 dated 23.07.2015.

³⁴ Mainly, WP Audit Planning Memorandum.pdf, WP ‘Understanding the Entity and its Environment’, WP ‘Overall Strategies Memorandum’, WP ‘SA 315.pdf, WP Engagement Summary Memorandum.pdf, WP ‘Fraud Risk.pdf

³⁵ The list contains “area of audit” not featured in the financial statements of DHFI. Eg. “Secured Loan from FI1” and “Insurance Control Accounts”.

³⁶ WP Fraud risk.pdf

³⁷ As documented in the Audit Committee Presentations

³⁸ Para 25 of SA 330.

³⁹ PCAOB Release No. 105-2015-009 April 28, 2015.

⁴° Workpaper \\Soft Files\10 Housing Loan \Project Loan Testing.xls

⁴¹ Polarisian Buildwell Limited, Satyasankalp Buildcon LLP, V R Syntex and Marino Shelters Pvt Ltd

⁴² As required by Para 31 of SA 240

⁴³ WP, ‘Housing Loan Policy DHFLCredit_Policy_Ver_1.3.pdf, , ‘Project Guidelines Project Finance July 2017.Pdf and `SME_Operations_Manual.pdf

⁴⁴ Report on whether the company has adequate internal financial controls with reference to financial statements in place and the operating effectiveness of such controls.

⁴⁵ Working paper “1\24 Internal Financial Control\ DHFL RCMs.xls”

⁴⁶ Example: In sheet ‘Revenue’ for 4 controls, the test of design is shown as pending, where the ET has noted control deficiencies, In sheet “Book Closure” 11 controls where the test of effectiveness is pending, One in sheet “Borrowing”, One in interest, and 4 in Fixed assets.

⁴⁷ See para 78 i (ii) below regarding our observations on the `walkthrough’ performed by the EP

⁴⁸ The auditor’s objective in an audit of internal financial controls over financial reporting is to express an opinion on the effectiveness of the company’s internal financial controls over financial reporting and the procedures in respect thereof are carried out along with an audit of the financial statements. Because a company’s internal controls cannot be considered effective if one or more material weakness exists, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain sufficient appropriate evidence to obtain reasonable assurance about whether material weakness exists as of the date specified in management’s assessment.

49″ SA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing

⁵⁰ PCAOB Release No. 105-2012-003 May 22, 2012

⁵¹ WP Audit Planning memorandum

⁵² Para 11 of SA 550.

⁵³ As per `WP\26 Secreterial\DHFL Gist of Secretarial Records 2017-18.doc’ the board of directors had taken up the item “to consider and approve investment for an amount not exceeding 50 crore in Avanse Financial Services Limited”. However, the actual investment made by DHFL in Avanse Financial Services Limited was of 77.36 crore. Apparently, there is an excess investment beyond the approval of the Audit Committee.

⁵⁴ WP -DHFI, Gist of Secretarial Records 2017-18, notes the minutes of 78th meeting of audit committee held on 22nd January, 2018.

⁵⁵ PCAOB Release No. 105-2021-020

⁵⁶ PCAOB Release No. 105-2021-011

⁵⁷ Order in the matter of Comp. App. (AT) No. 68, 87,90 &91 of 2023, Judgment dated 01.12.2023, page 92, that states regarding retrospective jurisdiction of NFRA, that “We also take into consideration the fact that neither any new misconduct has been created in law, which NFRA can investigate and levy penalty, if required nor NFRA can levy penalty greater than the quantum of penalty envisaged under the Chartered Accountants Act, 1949.”