The National Financial Reporting Authority (NFRA), mandated by Section 132 of the Companies Act 2013, plays a pivotal role in monitoring compliance with Auditing Standards and ensuring the quality of professional services in the realm of financial reporting. In line with this mandate, NFRA conducted an audit quality inspection of S R B C & Co. LLP (SRBC) in December 2022. This report, encapsulating the findings, focuses on crucial aspects such as adherence to auditing standards, quality controls, and documentation protocols during the annual statutory audit for the fiscal year ending March 31, 2021.
INSPECTION REPORT 2022
Audit Firm: S R B C & Co. LLP
Firm Registration No. 324982E/E300003
Inspection Report No. 132.2-2022-01
December 22, 2023
National Financial Reporting Authority
7th Floor, Hindustan Times House
18-20, Kasturba Gandhi Marg,
New Delhi 110001
https://nfra.gov.in
Page Contents
PART A
Executive Summary
Section 132 of the Companies Act 2013 mandates the National Financial Reporting Authority (NFRA), inter alia, to monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in quality of their services. Under this mandate, NFRA initiated audit quality inspections of the Chartered Accountant firm SRBC & Co LLP in December 2022. The scope of the inspection included a review of firm-wide quality controls to evaluate Audit Firm’s adherence to SQC-1 and review of selected Audit Documentation of the annual statutory audit of financial statements for the year ending 31.03.2021. Three significant audit areas were identified in respect of each audit engagement viz., Revenue, Trade Receivables and Investments, due to their inherent higher risk of material misstatement. The on-site inspection was carried out between December 2022 and January 2023.
During the inspection, the Inspection Team held discussions with the Audit Firm personnel, reviewed policies and procedures and examined documents to arrive at the prima facie observations. These observations were conveyed to the Audit Firm. After examining the replies, NFRA conveyed a draft inspection report to the Audit Firm. The replies and documents submitted by the Audit Firm have been examined and this report is issued. The key observations in this report are summarised as follows.
a. SRBC’s policies and procedures for ensuring the integrity of audit documentation are not fully in accordance with the requirements of Paras 77, 79 and 80 of SQC 1. The finalised and signed off audit documentation is editable at any time before archival without affecting the sign-offs. The Copy of the archived audit file used for various practical purposes such as inspections lacks integrity as it is fully editable by any engagement team member. (Paras 12, 13, 15 to 17)
b. The Audit documentation, in many cases, does not meet the requirement of SA 230 regarding the recording of the date of completion of an audit procedure, as the documents are signed off as completed before the completion of the audit procedures. (Para 14)
c. For the year under review, the Audit Firm did not have a documented leadership structure and responsibilities in accordance with the requirements of Paras 11, 12 and 13 of SQC 1. (Paras 18 to 23)
d. The independent policies of the Audit Firm do not recognise the direct and indirect relationship between SRBC and its network members of the international network Ernst & Young Global Limited (EY). This has resulted in violations of Sections 144 and 141 of the Companies Act, 2013. The India-specific requirements in the Independence Policy of the Audit Firm do not comply with section 144 of the Companies Act, 2013. (Paras 24 to 29)
e. The documentation pertaining to the Engagement Quality Control Review falls short of the requirements of the standards and the firm’s documentation policy. (Paras 30 and 31)
f. In one of the audit engagements it was observed that there was inadequate documentation of the rebuttal of presumptive fraud risk in accordance with SA 240. (Paras 32 and 33).
Inspection Overview
1. Section 132 of the Companies Act 2013, inter alia, mandates NFRA to monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in quality of their services. The relevant provisions of NFRA Rules prescribe the procedures in this regard, which includes evaluation of the sufficiency of the quality control system of the auditor and the manner of documentation of the system by the Auditors. Under this mandate, NFRA initiated audit quality inspections in December 2022. The overall objective of audit quality inspections is to evaluate compliance of the Audit Firm/Auditor with auditing standards and other regulatory and professional requirements, and the sufficiency and effectiveness of the quality control system of the Audit Firm/auditor, including:
(a) adequacy of the governance framework and its functioning;
(b) effectiveness of the firm’s internal control over audit quality; and
(c) system of assessment and identification of audit risks and mitigating measures
2. Inspections involve a review of the quality control policy, review of certain focus areas, test check of the quality control processes, and test check of audit engagements performed by the Audit Firm during the year.
3. Inspections are, however, not designed to review all aspects and identify all weaknesses in the governance framework or system of internal control or audit risk assessment framework and are also not designed to provide absolute assurance about the Audit Firm’s quality of audit work. In respect of selected audit assignments, inspections are not designed to identify all the weaknesses in the audit work performed by the auditors in the audit of the financial statements of the selected companies.
4. Inspections are intended to identify areas and opportunities for improvement in the Audit Firm’s system of quality control. Inspection reports are also not intended to be either a rating or a marketing tool for Audit Firms.
Audit Quality Inspection Approach
5. Selection of Audit Firms for the 2022 inspections was based upon the extent of public interest involved, as evidenced by the size of the firm, its composition and nature, the number of audit engagements completed in the year under review, complexity and diversity of preparer’s financial statements (henceforth, Companies) audited by the firm and other such risk indicators. M/s SRBC & Co. LLP was one of the Audit Firms selected as per the above parameters.
6. The selection of individual audit engagements of the Audit Firm was largely risk-based, using and based on financial and non-financial risk indicators identified by NFRA. Accordingly, the Audit Files in respect of five (5) Audit Engagements relating to the statutory audit of financial statements for the year ending 31.03.2021 were reviewed during the inspection.
7. The scope of the inspection was as follows:
a. Review of firm-wide quality controls to evaluate the Audit Firm’s adherence to SQC 1, Code of Ethics and the applicable laws and rules. Focus areas for the 2022 inspection related to critical elements of the Firm’s quality control system viz. leadership responsibilities within the Firm, auditor independence, acceptance and continuation of audit clients, engagement quality control and the Audit Firm’s internal quality inspection program.
b. Review of individual Audit Engagement Files- A sample of five (5) individual audit engagement files pertaining to the annual statutory audit of financial statements for the year ending 31.03.2021 was selected.Three significant audit areas were identified in respect of each audit engagement viz., revenue, trade receivables and investments, due to their inherent higher risk of material misstatement.
The selected sample of five individual audit engagements is not representative of the Firm’s total population of the audit engagements completed by the Firm for the year under review.
Inspection Methodology
8. An entry meeting was held with M/s SRBC & Co. LLP on 07.12.2022 at NFRA office. The Firm presented an overview of the Governance and Management Structure, Firm-wide System of Quality Control, their audit approach and methodologies, including IT Systems. The on-site inspection was carried out between December 2022 and January 2023. The inspection methodology comprised meetings, walkthroughs, presentations, and interviews with certain members of the leadership team as well as the Engagement Teams of the selected audit engagements.
9. The areas of weaknesses or deficiencies on the part of the Audit Firm, included in the inspection reports, should be understood as areas of potential improvement and not a negative assessment of the work of the Audit Firm unless specifically indicated otherwise.
Audit Firm’s Profile
10. M/s SRBC & Co. LLP is one of the five firms in the Indian Network S.R Batliboi & Affiliates (SRB Network). As presented by the Firm in their entry meeting, this Firm is also a member of the international network of Ernst & Young Global Limited (EYG). The Firm has seven offices in India with 32 partners. The table below presents an overview of the Firm’s profile:
| Networks of which Audit Firm is a member: | |
| (i) India: | S.R. Batliboi & Affiliates |
| (ii) Overseas: | Ernst & Young Global Limited |
| Name of other members of the network (Entities in the Indian Network): | |
| Name of Entity | Nature of Business |
| S R B C & CO LLP | Professional Services |
| S.R. Batliboi & Co. LLP | Professional Services |
| S.R. Batliboi & Associates LLP | Professional Services |
| S.V. Ghatalia & Associates LLP | Professional Services |
| S R B C & Associates LLP | Professional Services |
Acknowledgement
11. NFRA acknowledges the general cooperation of the Audit Firm during the inspection, However, the Firm did not provide details regarding their leadership structure and network agreement for the year under inspection (addressed in detail in Part B of this Report).
PART B
Review of Firm-Wide Audit Quality Control System
A. Integrity of Audit Documentation
12. Audit documentation that meets the requirements of the SAs provides evidence of the auditor’s basis for audit conclusion and evidence that the audit was planned and performed in accordance with SAs. SAs are to be complied mandatorily by the Auditor appointed under the Companies Act 2013. Audit documentation serves several additional purposes such as enabling the engagement team to be accountable for its work, enabling the conduct of quality control reviews and inspections, enabling the conduct of external inspections by regulators etc. SA 230 and several other SAs provide mandatory documentation requirements. SQC 1 underlines the integrity of Audit Documentation at all points in time.
13. SRBC prepares audit documentation in an electronic form, namely CANVAS. During the inspection, it was observed that SRBC’s policies and procedures for ensuring the integrity of audit documentation are not fully in accordance with the requirements of Paras 77, 79 and 80 of SQC 1.
a) It was observed that the audit evidence, which is reviewed and signed as final, can be edited, altered or modified subsequently without affecting the previously provided signoff. In some cases, work papers forming part of an audit process or procedures are grouped under a folder in the CANVAS and this folder is signed off as prepared/reviewed. Any member of the Engagement Team (ET) can then add documents to such a folder or delete documents from such folders without affecting the original signoffs. The control built in the CANVAS in this regard is a report that provides the list of documents edited during the audit period. Another report gives the list of documents edited after the report signing but before archival. The Firm stated that these reports are reviewed and signed off by the Engagement Partners at relevant times.
b) We are of the view that while the control report submitted may provide the list of edited documents, the documented audit evidence still carries the signature of the EP with the original date stamp before the editing by someone else. Also, the control report generated after the date of signing of the Audit Report does not identify the exact changes made in the document. Unless the EP has again reviewed the individual documents and affixed fresh sign-off, these documents cannot be considered as reviewed and agreed upon by the EP.
c) This control deficiency may lead to a situation similar to signing a blank document (such as a folder) with a timestamp and allowing the ET to add any document they wish at any time before the archival of the Audit File. This is a potential risk area and a control weakness in the electronic Audit Documentation process which needs to be addressed by the Audit Firm.
d) The Audit Firm submitted that it would aim to introduce a requirement for the relevant individuals to update their signoffs as of the audit report date if there have been any modifications to the respective evidence after their previous signoff. While this may be done, we also suggest that the same practice should be made applicable regarding the changes made after the audit report but before archival. Further, going forward, the Audit Firm may re-design the CANVAS to enable the cancellation of the sign-off from the WP as and when an edit by another person happens in a document that has already been signed off by the EP or EQCR Partner.
14. The CANVAS does not meet the requirement of Para 9 of SA 2301regarding the recording of the date of completion of an audit procedure, as the documents can be signed off as completed before the completion of the audit procedures. Neither the preparer’s signature nor the reviewer’s signature marks the actual date of completion of a procedure. The pre- signed-off document noted in a sample test indicates that there are control deficiencies in ensuring that the date of completion of a WP is invariably captured in CANVAS. We are of the view that the Audit Firm should identify the significant procedures necessary to be completed at relevant stages and ensure that the date of completion of the procedure is captured within the document itself rather than by way of bulk signoffs at a later stage.
15. The Firm achieves the electronic audit file within the stipulated period as per the Firm’s Policy. The copy of the archived Audit File used by the Audit Firm for post-audit requirements, such as inspections and reviews, lacks integrity and does not serve the purpose of audit documentation in full compliance with Para 3 of SA 230. This is because such an Audit File is fully editable. Also, any new member, with authorization for editing, can be added to the previously completed engagement making the Audit File further vulnerable to edits. Adding team members to already concluded engagement is not in line with Para 6(e) of SQC-1. The Audit Firm’s submission is that CANVAS has a built-in mechanism through reports to see whether any changes have been made to the documents. The regulators or internal inspection teams may generate this report and rely on the evidence before the inspection commences. However, this report does not identify the specific changes made after the signing off of the Audit Report or during the inspection period when the file is unarchived for inspections. The Audit File is the primary evidence of the work done and the reports issued by the Audit Firm. It is the property of the Firm. After archival no changes are permitted in the documentation. The archived Audit File of SRBC meets these requirements. At the same time, the archived file serves several other purposes such as inspections, reviews, legal compliance, evidence in courts, and supply of data to subsequent year’s audits. Hence, any form of edits to audit documentation after its archival should be prevented to preserve the integrity and reliability of the documentation that is used for the above purposes. Since a copy of the archived audit file is used for these purposes, the Audit Firm needs to ensure control over editing on such copies as well.
16. The Audit Firm suggested that for future inspections, it will (a) provide access to the restored CANVAS files only to the inspection team, which does not have the engagement team members invited to it; and (b) provide the inspection team with a system-generated report that identifies any changes made after the audit report date, which will include changes up to the archival date and any changes made after the archival date, up to the date of the commencement of the inspection.
17. Since a copy of the archived audit file is used for post-archival requirements, the Audit Firm need to ensure controls over editing on such copies as well. In this regard, we understand that CANVAS has Role-based Access Controls (RAC). Users are defined and permissions that allow users to read, edit, or delete documents in CANVAS are also assigned. We are of the view that in addition to the above-mentioned suggestions by the Audit Firm, the Audit Firm should make the RAC more robust. All users of audit files, after their archival, should only have permission to read the documents whenever the archived file is restored to CANVAS for inspections and reviews. The Audit Firm should also stop the practice of adding new members to the ET after the Audit File is archived.
B. Leadership Structure and Responsibilities
18. According to SQC 1, the firm should establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements and that reports issued by the firm or engagement partner(s) are appropriate in the circumstances. One of the elements of the system of quality control is the leadership responsibilities for quality within the firm (Para 7 of SQC-1). As per SQC 1, a firm’s leadership has to recognize that the firm’s business strategy is subject to the overriding requirement for the firm to achieve quality in all engagements of the firm. Accordingly, the firm assigns its management responsibilities so that commercial considerations do not override the quality of work performed. SQC-1 also states that necessary authority enables the person or persons to implement those policies and procedures.
19. The Audit Firm informed that the Indian network firms of SRB Affiliates (SRBA) have a common leadership team named the Assurance Leadership Team (ALT), which is responsible for the overall quality of audit of all the Indian network entities. Hence, in order to evaluate the compliance with the requirements of SQC 1, as stated above, and as per requirements in Paras 11, 12 and 13 of SQC 1, our inspection enquired into the structure of the ALT, responsibilities of the team members, business strategies, accountability and authority of the ALT team and its members.
20. The Audit Firm informed that the Firm’s management responsibilities have been assigned to eight individual members of the ALT who are partners from five different legal entities constituted as partnership firms that are part of a common network. However, for FY 20- 21, the Firm did not provide any documentation, such as an agreement between the individual firms or a network agreement, that delineated the leaders’ duties, responsibilities, and accountability. The ALT charter given to the inspection team also seemed to be a recently drawn-up document without authenticity.
21. In the absence of a legally enforceable agreement, there was no clarity on the assignment of responsibilities, authority with individuals claimed to be part of the leadership structure, reporting hierarchy, and accountability of the leaders and their respective legal entities. The Audit Firm did not provide the inspection team with a copy of their network agreement during the inspection, later explaining it to be on confidentiality grounds. We find these grounds without basis and in violation of Section 132 of the Companies Act, 2013 and NFRA Rules 2018. Leadership responsibilities for quality within the firm and ethical requirements are stated as two of the six elements of the system of quality control as per SQC -1. Paras 9 to 12 of SQC-1 make it clear that leadership responsibilities are the first and foremost of the six elements of a firm’s system of quality control. SQC requires that the quality control policies and procedures should be documented and communicated to the firm’s personnel. Such policies and procedures should require the firm’s CEO or firm’s managing partner or equivalent to assume ultimate responsibility for the firm’s system of quality control. The firm’s leadership and the examples it sets significantly influence the internal culture of the firm. The inconsistent replies by the firm and the absence of any authoritative document make it difficult for us to determine how such a large firm performing audits of numerous Public Interest Entities fulfils the fundamental requirement of a system of quality control as laid down in SQC-1.
22. The refusal of the Audit Firm to share requested information with the Regulator raised serious concerns about the Firm’s governance and organization, which were communicated to the Firm in the draft inspection report. The Firm then shared a copy of a Network Agreement dated 1 April 2022. However, the Network Agreement shared pertains to a later period and does not belong to the period under inspection.
23. In the absence of network agreement being provided to NFRA, as on 31st March 2021, and absent reliably documented duties, responsibilities, accountability and modalities of the functions of the ALT, we are unable to comment on whether the Audit Firm’s policies and processes met the requirements of SQC 1 as regards the fundamental element of leadership at the Audit Firm as per Paras 9 to 13 of SQC-1 for the year under inspection.
C. Deviations from Independence norms
24. Section 141(3) of CA 2013 lays down the disqualifications for appointment of the auditors of a company, the underlying intention of which is to ensure that a practitioner who is appointed as an auditor can maintain independence vis a vis the auditee company. Similarly, section 144 of the Act lists the prohibited non-audit services by the statutory auditors of Companies. Para 18 of SQC 1 requires the Audit Firm to establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including experts contracted by the firm and network firm personnel), maintain independence.
25. SRBC is a member of the international network of EY Global Ltd. (EY). The network relationship between SRBC and EYG results in a common business strategy, the use of a common brand name, or a significant part of professional resources. As part of the EYG Network, the Audit Firm and the larger EY Network are aimed at cooperation, profit or cost sharing and have common quality control policies and procedures which, as per SQC-1, are included in the definition of a Network. More importantly, considering the substance over form, the SRBA entities and EY Entities are related in the manner provided in Section 144 of the Act. However, SRBC’s independence policies do not recognise this relationship. The Inspection Team observed that SRBC was providing audit services to a client while some other EY network entity was providing non-audit services to the auditee group in violation of section 144 and section 141 of the Companies Act, 2013. In one sample, the Inspection Team observed a note in the Audit File implying that a partner of the Firm was providing non-audit service to an audit client. However, there was no proper documentation of evaluation of the nature of the non-audit service to rule out any violation of the law.
26. Due to the relationship between the SRBA network firms and the EY Network we also observed in two sample potential cases where the disqualification of an auditor may trigger under the Companies Act due to non-compliance with Section 141(3)(e) of the Act.
27. Therefore, we recommend that the Audit Firm should make necessary changes to its India Policy to recognise the direct/indirect relationship between the member firms of their international network. It should also review all its ongoing engagements considering EY Network entities as directly or indirectly related to SRBA Entities.
D. Independence Policy – Deviation from India-Specific Requirements
28. EY’s Global Independence Policy, which applies to SRBC with a carve-out for India- specific requirements, allows its member firms to provide non-audit services to upstream affiliates of an audited entity (i.e., the holding company of the audited entity). Such services include investment advisory services, investment banking services, rendering of outsourced financial services and management services, which are prohibited under section 144 of the Act. Though the policy prohibits the provision of “Corporate Finance Services” the definition of this service is not clear enough that it includes the above prohibited services also.
29. SRBC stated that it will assess the changes that may be required in the India-specific policy including expansion of the “Corporate Finance Services” to explicitly list the services that are prohibited under section 144 of the Act.
E. Engagement Quality Control Review
30. SA 220 mandatorily requires EQCR Partner to perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the auditor’s report. The evaluation shall involve the procedures prescribed therein. SA 220 also lists the mandatory requirements for audits of financial statements of listed entities. Apart from this, the Firm’s policies also mandate the performance of procedures by the EQCR. The performance of a mandatory procedure should be evidenced through documentation. The documentation requirements of review by the EQCR fall short of the requirements of SA 220 and SA 230 as it does not evidence full compliance with the mandatory provisions of the SA and the Firm’s policies. Also, in two of the samples selected, it was observed that the audit files contained incomplete WPs without sufficient evidence of EQC review being done.
31. The Firm should implement its policies strictly in accordance with SQC-1 and SA 220. The EQCR should document the discussions and basis for conclusions separately from the ET. The practice of deleting all the review comments should be reviewed as some of the review comments may essentially constitute discussions between EQCR and ET, which is a mandatory requirement of SA 220.
PART C
Review of Individual Audit Engagement Files Focusing on Selected Areas of Audit
Rebuttal of presumptive fraud risk
32. SA 240 mandates that when identifying and assessing the risks of material misstatement due to fraud, the auditor shall, based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks. If the auditor concludes that the presumption is not applicable in the circumstances of the engagement, then the basis for such a conclusion has to be documented. In one of the audit engagements, it was observed that the Engagement Team did not document its judgement for not recognizing applicable types of revenue, revenue transactions and assertions as a fraud risk as per the requirements of Para 47 read with Para 26 of SA 240.
33. It is recommended that the Audit Firm should ensure documentation of the mandatory requirements of SAs in all applicable cases.
PART D
Chronology of events
| Sr. No. | Date | Event/Correspondence |
| 1. | 11.11.2022 | Intimation of On-site Inspection from NFRA to the Audit Firm. |
| 2. | 17.11.2022 | Second intimation to the Audit Firm as no response was received for the first intimation. |
| 3. | 07.12.2022 | Pre-Inspection Meeting with SRBC held at NFRA office. |
| 4. | 14.12.2022 to
17.01.2023 |
On-Site Inspection |
| 5. | 24.01.2023 | Communication of Inspection Team’s Observations to Firm |
| 6. | 31.01.2023 | Extension sought by Firm for submission of replies |
| 7. | 18.02.2023 | Response received from the Audit Firm |
| 8. | 27.03.2023 | NFRA request for a copy of the domestic Network Agreement between member firms of SRBA Network registered with ICAI. |
| 9. | 12.04.2023 | Reply from Audit Firm the Audit Firm refusing to provide the information. |
| 0. | 16.08.2023 | Draft Inspection Report from NFRA to the Audit Firm. |
| 1. | 05.09.2023 | Discussion between SRBC and NFRA inspection team at NFRA office. |
| 2. | 13.09.2023 | Reminder letter from NFRA to SRBC for submission of reply to the Draft Inspection Report. |
| 3. | 18.09.2023 | Submission of reply to Draft Inspection Report. |
| 4. | 04.12.2023 | Communication of final Inspection Report to SRBC |
| 5. | 08.12.2023 | Comments on the final inspection report by SRBC |
| 6. | 22.12.2023 | Publication of Inspection Report on the website of NFRA as per Rule 8 of NFRA Rules 2018. |
Appendix A: Audit Firm’s Response to the Inspection Report
Pursuant to Section 132(2) of the Companies Act, 2013 and Rule 8 of NFRA Rules, 2018, the Authority is publishing its findings relating to non-compliances with SAs and sufficiency of the Audit Firm’s quality control system. As part of this process, the Audit Firm provided a written response to the Inspection Report, which is attached hereto. NFRA based on the request of the Audit Firm has excluded the information from this report which was considered proprietary.
SRBC& CO LLP
Chartered Accountants
12th Floor. The Ruby
29 Senapati Bapat Marg
Dadar (West)Mumbai- 400 028. India
Tel : +91 22 6819 8000
December 8, 2023
To
National Financial Reporting Authority
7th-8th Floor, Hindustan Times House
18-20 Kasturba Gandhi Marg
New Delhi – 110001
Subject: Response to Inspection Report 2022 of S R B C & CO LLP
Respected Sir/Madam,
We are pleased to provide our response to the Inspection Report of the National Financial Reporting Authority (“NFRA”) received by the Firm vide email dated 4 December 2023 pertaining to the 2022 inspection of SR B C & CO LLP (the “Report”).
Our overriding objective is to make certain that all aspects of our auditing and quality control processes are of the highest quality for the continued benefit of the capital markets in which the public participates and on which they rely. We are committed to performing consistent high-quality audits and consider NFRA’s inspection process to be a key input to further strengthening our plans to improve audit quality.
We respect the NFRA’s inspection process and have evaluated all observations in the Report. Our response to the observations in Part B and C of the Report, are enclosed herewith as Appendix A. We will continue to take necessary actions, wherever required, and ensure that we remain compliant with applicable policies, rules and laws.
We appreciate that our response to the Report will be published along with the Report.
We remain at your disposal to address any further questions or provide any clarifications/documents as may be necessary, with respect to our responses.
We look forward to continuing to work with NFRA on matters of interest to our auditing practice.
Yours sincerely
Arvind Sethi
Partner
S R B C & CO LLP
Chartered Accountants
Enclosed – As above
Appendix A
We, S R BC& CO LLP (“SRBC” or the “Firm”), hereby provide our response to the NFRA Inspection Report 2022 (the “Report”). The scope of inspection included a review of firm-wide quality controls to evaluate the Firm’s adherence to Statement on Quality Control 1— Quality Control for Firms That Perform Audits and Reviews of Historical Financial Information and Other Assurance and Related Services Engagements (“SQC 1”) and review of selected audit documentation of the annual statutory audit of financial statements for the year ended March 31, 2021.
I. Response to Part B of the Inspection Report — Observations on Firm-Wide Audit Quality Control System
Our Commitment to Audit Quality
We understand the trust that is placed in us as independent auditors and we embrace our responsibility to perform audits that promote confidence in financial reporting. We are committed to performing high-quality audits and consider NF RA’s Inspection Report to be a key input to further strengthening our efforts to improve audit quality.
A. Integrity of Audit Documentation
With respect to the observations in section A. Integrity of Audit Documentation, the Firm’s response is as under:
Our audit teams are committed to compliance with the requirements all Standards on Auditing (“SA”) including SA 230 on “Audit Documentation”. This includes identification of preparer and reviewer of the workpapers and the relevant dates of the review of audit workpapers and completion of work in relation thereof, through signoffs in Canvas. We, however, have noted the suggestions of NFRA regarding certain changes/modifications to the process and we, as part of the remediation plan, will ensure that we continue to remain in compliance with the requirements of SA 230.
With regard to certain specific observations in the Report, our submissions are as follows:
- In respect of observations described in paragraph 13, we submit that:
(i) In case of any change in the workpapers after the audit report date for assembly of audit file, Canvas has an in-built functionality of capturing these through a system generated report, which provides the details of nature of the change in the workpaper. This complies with the specific requirements of SA 230. Engagement partner mandatorily reviews and approves this report in Canvas before archival. Considering NFRA’s observation, we propose to introduce a requirement for the relevant individuals to update their signoffs on or before the audit report date, if there has been any modification to the evidence after their original signoff.
(ii) Considering the dynamic nature of the audit process, there may be a need to update a document after review and re-sign such document in Canvas. In such situations, cancelling a previous signoff as suggested in the pare 13 (d) of NFRA comments, would be tantamount to deletion of evidence of initial / earlier review. Hence, we believe that the Firm’s existing documentation practice is in compliance with SA 230.
- In respect of observations described in paragraph 14, we submit that:
(i) Paragraph 9 of SA230 requires documenting who performed and reviewed the work and the dates of such performance / review. In Canvas, the sign-off date on a working paper represents each of the dates the document was prepared /modified /reviewed /completed. Accordingly, the sign-off dates captured in Canvas meet the requirements of SA 230.
In the instance referred in paragraph 14 of the draft Inspection report, a specific workpaper was updated by the engagement team throughout the audit life cycle in accordance with the SA and the firm’s audit methodology, which necessitated update of the working paper and re-signing over the audit engagement period. Hence, as it relates to this observation, we believe the Firm’s existing documentation practice is in compliance with SA 230.
- In respect of observations described in paragraphs 15 to 17, we submit that:
(i) The Archive Records Centre (“ARC”) is an online cloud-based database where the final audit engagement file is archived and represents the official audit file maintained in accordance with SA 230. Any copies of the archived file are restored (and saved with the default term “Restored” added to the file name) by users, for various purposes (e.g., regulatory inspections, training, roll-forward for subsequent audits, etc). As a restored file is not the official version, any edits to such restored copies, including addition of team members, is not reflected in the version residing on the ARC, and is also not violative of the requirements of SQC 1.
(ii) As clarified above, there are other uses of the restored file and hence, we believe it would be impractical to only provide read-only access specially when the file is required to be restored for purposes other than regulatory inspection (eg, training, roll-forward to subsequent years audits, etc).
(iii) Similarly, in such situations (i.e., other than regulatory inspections) where the addition of other person is required to the restored Canvas file, it would not be violative of the requirements of 5QC 1, including paragraph 6(e) thereof, given that the restored Canvas file is not the official version of the Canvas. This also ensures that the integrity and reliability of the original and official copy of the working papers available in the archives, is not diluted in any manner.
(iv) As submitted to NFRA, we will provide greater clarity on the process followed for submissions of the audit files for inspection, to provide comfort on the integrity of the audit files submitted.
Hence, in view of the above submissions, we reiterate that the Firm’s existing documentation practice is in compliance with SA 230.
B. Leadership Structure and Responsibilities
With respect to the observations in section B. Leadership Structure and Responsibilities, the Firm’s response is as under:
- As a firm along with its Network Firms, we take leadership responsibility for audit quality in line with the SQC 1 seriously. For the review period ended Mardi 31, 2D21, all the Network Firms of the SRB Network have been working under the supervision and guidance of the Audit Leadership team (ALT) with the partners drawn from the SRB Network Firms under an ALT charter. The key extracts of the recently updated ALT charter were provided to NFRA.
- During the onsite inspection, the Firm also explained the leadership structure of the Firm and the Network, including the duties, responsibilities, and accountability of the Leader and the key members of the Leadership team, as was operational during the financial year ended March 31, 2021.
- In respect of observations described in paragraphs 20 to 23, a formal Network agreement between ICAI registered audit firms effective April 1, 2022, was provided to NFRA. This agreement, together with its annexures, ensure compliance with the relevant requirements of SQC 1 as regards leadership structure and responsibilities, taking forward the principles and processes which existed prior to March 31, 2022.
C. Deviations from Independence norms
With respect to the observations in section C Deviations from Independence norms, the Firm’s response is as under:
- The Firm takes the matter of auditor independence very seriously and has always ensured that all non-audit services provided by the firm and its network firms are tested rigorously for compliance with the provisions of the Companies Act and ICAI Code of Ethics. The firm’s network agreement with EYG also ensures that all EYG network firms mandatorily comply with EYG Independence Policy and any India specific independence requirement that may be applicable. In respect of observations described in paragraph 26, we submit that Firm has stringent processes to evaluate business relationships as defined under 141(3)(e) and has provided its detailed response with rationale to NFRA’s observation on the referred matters.
- As per our existing policies, we assure NFRA of our continued compliance with the applicable independence requirements per Companies Act, 2013 and ICAI Code of Ethics.
D. Independence Policy—Deviation from India-Specific requirements
In response to observations described in paragraphs 28 and 29, as stated earlier,
- We reconfirm that we do not provide any services which are proscribed under Section 144 of the Companies Act, 2013.
- We also confirm that EYG Independence Policy is supplemental to and does not override the extant provisions of the Companies Act and the rules framed thereunder. It is also in compliance with and is not contrary to the provisions of ICAI Code of Ethics.
However, we have noted suggestions of NFRA and will further clarify the requirements of Companies Act, 2013 in the India specific Independence policy documents.
E. Engagement Quality Control Review
With respect to the observations in section E. Engagement Quality Control Review, the Firm’s response is as under:
As mentioned in Inspection Report and as also mandated in our audit procedures, EQCR is a very important role in ensuring audit quality. Our policies with respect to review by EQCR are consistent with, and comply with, the relevant requirements of SA 220 and SQC 1. In response to observations described in paragraph 31, we submit that:
(i) In terms of SA 220, the EQCR is not a member of the engagement team, to whom the requirements of SA 230 apply. Therefore, the documentation requirements envisaged in SA 230 do not apply to the EQCR. The documentation requirements for EQCR’s procedures are guided by SA 220 read with SQC 1 and our policies comply to this effect.
(ii) We will reiterate the requirement for robust documentation to demonstrate EQCR’s involvement in the audit engagement including discussions and conclusions in compliance with SA 220.
II. Response to Part C of the NFRA Inspection Report —Observations on Individual Audit Engagement Files Focusing on Selected Areas of Audit
Our audit teams are committed to ensure documentation and compliance requirements as mandated by SAs. With respect to the observations relating to Individual Audit Engagement Files, the Firm’s response is as under:
- Our audit methodology and documentation thereof in the Canvas complies with the mandatory auditing standards. We assure you that we will continue to comply with applicable requirements of SA 240.
