Why Licence Validity Matters in Stock Audits and What the Auditor Should and Should Not Do About It?
A few years back, I was reviewing a stock audit report prepared by another firm, for a bank that had asked me for a second opinion. The report was competent in the traditional sense. The inventory had been physically verified, the debtor ageing was properly done, the DP computation was clean and the account was within limits. On paper, everything looked fine.
I asked one question that the report did not address. Was the factory’s Consent to Operate from the State Pollution Control Board valid as on the audit date?
Nobody knew and the report did not mention it. The auditor had not checked. The bank had not asked for it and the borrower had not volunteered the information.
It turned out the CTO had expired four months before the audit date. The renewal application was filed but pending with the SPCB. The factory was technically operating without a valid environmental consent. The bank had a substantial working capital exposure against hypothecated stock sitting inside a factory that could be shut down any day. The report said the stock was there, the valuation was fine and the DP was comfortable. What it did not say was that the legal permission to operate the factory had lapsed.
That incident reinforced something I had been thinking about for a while. Stock auditors spend most of their attention on the quantitative side – how much stock is there, what is it worth, what is the DP. Very few pay attention to the qualitative question sitting underneath all the numbers: can this factory legally operate tomorrow? And if it cannot, what happens to the stock inside it?
How licence validity connects to the bank’s security
When a bank lends against hypothecated stock, it makes an assumption so fundamental that it is rarely stated: the borrower’s operations will continue, stock will move through the production cycle, finished goods will be sold and the cash will service the lending. That entire cycle depends on the borrower’s legal ability to keep operating. When a critical licence lapses, that assumption weakens. When the wrong licence lapses, it collapses.
The connection is not theoretical. It operates through three distinct channels.
| Channel | How the Bank’s Security Is Affected | Practical Consequence |
| Operational shutdown | A regulatory authority orders the factory to cease operations because a mandatory licence has lapsed. Production stops. | Raw materials cannot be processed. WIP cannot be completed. The hypothecated inventory becomes a static, depleting asset rather than a revolving one. In shelf-life sectors (food, pharma, cement, paints), the static stock loses value daily. |
| Legal saleability | Certain licences are permissions to sell, not just to operate. Without them, the finished goods cannot legally enter the market. | Finished goods are physically intact, correctly valued, and included in the DP, but cannot be legally sold. Their realisable value to the bank is effectively zero until the licence is restored. A DP built on unsaleable inventory is an illusion. |
| Insurance impairment | Insurance policies contain conditions and warranties linked to regulatory compliance. | When a claim is filed after a loss, the insurer checks whether the premises were operating in compliance. If a licence was lapsed, the claim may be reduced or rejected. The stock the bank thought was insured may not be protected when it matters most. |
All three channels lead to the same conclusion. A licence that was valid when the facility was sanctioned or when the last audit was conducted, but has since expired, represents a risk to the bank’s security that the stock audit report should make visible.
Not because the auditor is a compliance authority and not because the auditor can predict whether the regulator will act, but because the documentary fact – that a licence is or is not valid as on the audit date – is information the bank needs for informed credit monitoring.
The critical phrase: as on the audit date
This is where practical execution most often falls short. The question is not whether the borrower has ever held the licence (most have), nor whether the borrower intends to renew it (most do), nor whether the renewal application has been filed (in many cases it has). The question is narrower: is the licence valid as on the date the stock audit is conducted?
This is a documentary question not a legal one. It does not require interpreting regulatory law or assessing enforcement probability. It requires looking at the document, noting the validity period and comparing the expiry date with the audit date.
| What the Auditor Often Does | What the Auditor Should Do |
| Notes the licence number and date of issue only | Notes the licence number, date of issue and expiry date, and confirms validity as on the audit date |
| Accepts “renewal is in process” verbally | Obtains the renewal application receipt, notes the application date and records the management representation |
| Confirms a licence was once issued | Confirms the licence is currently valid – a licence issued in 2019 may have expired in 2022 |
| Treats an expired licence with pending renewal as “valid” | Treats it as expired as on the audit date, with the pending renewal noted as a representation, not a fact |
A licence issued in an earlier year, valid for three years, may have expired well before the audit date. Noting the issuance date without the expiry date creates a false sense of comfort. An expired licence with renewal “in process” is still an expired licence as on the audit date. The renewal may come through next week, take six months or be rejected. The auditor cannot predict the outcome. The auditor can state the position as it stands and let the bank assess the risk.
The line the auditor must not cross – verification versus certification
This is the boundary every stock auditor must understand, because crossing it creates entirely unnecessary professional risk. The stock auditor should check licence validity. The stock auditor should not certify compliance.
| Checking Licence Validity (Within Scope) | Certifying Compliance (Outside Scope) |
| Documentary verification – look at the document, note the dates, compare with the audit date | Substantive assessment – evaluate whether operations actually comply with all licence conditions |
| Requires no specialised regulatory expertise | Requires technical knowledge of effluent standards, safety norms, product specifications |
| States a factual position | Expresses a legal or technical opinion |
| “The CTO expired on [date] and has not been renewed as on the audit date” | “The borrower is in violation of the Water Act” |
| A finding the auditor is qualified to make | A conclusion only the regulator or the courts can render |
| Keeps the observation within the engagement scope | Exposes the auditor to liability for a verdict outside their competence |
The language in the report must reflect this distinction. Consider the difference between two ways of reporting the same fact.
| Appropriate Reporting Language | Inappropriate Reporting Language |
| “The Consent to Operate issued by the [State] Pollution Control Board under reference [number] dated [date] expired on [expiry date]. As on the audit date, it has not been renewed. Management has represented that the renewal application was filed on [date].” | “The borrower is not in compliance with environmental regulations and is operating in violation of the law.” |
| “The factory licence under the Factories Act expired on [date]. The bank may wish to note this position.” | “The borrower has failed to maintain statutory compliance and is liable for prosecution.” |
The appropriate language states what is true on the audit date without predicting what happens next. It keeps the observation factual, keeps it within scope, and insulates the auditor from liability for the consequences of the finding. If the borrower disputes it, the auditor points to the expired document. If the SPCB later renews the licence and the borrower complains of unnecessary alarm, the auditor demonstrates that the report stated only what was true on the audit date.
When the reporting format does not ask for it
Many auditors get stuck here. The bank’s prescribed format has sections for stock, debtors, creditors, DP, and insurance. There is no section titled “Licence and Compliance Status.” The format does not ask for it, so the auditor does not report it.
This reasoning is understandable but professionally flawed. The ICAI Guidance Note on Reports or Certificates for Special Purposes provides that the report should both address the matters specified in the terms of reference and be useful to the person for whom it is prepared. These are two separate requirements.
| Requirement | What It Means | The Failure Mode |
| Address the terms of reference | Cover stock, debtors, DP, and whatever else the format specifies | An auditor can satisfy this and still miss the point |
| Be useful to the user | Surface anything that materially affects the bank’s security, even if the format has no checkbox for it | A report with a perfect DP but no mention of an expired CTO fails this test |
A report that accurately states the DP but does not mention that the CTO expired three months ago has addressed the terms of reference but failed the usefulness test. It is like a doctor who measures blood pressure perfectly but ignores the chest pain the patient described, because the form only has a field for blood pressure.
The practical solution is simple. Most bank formats include a section titled “Other Observations,” “Auditor’s Remarks,” or “General Comments.” Licence validity findings belong there. If the format has no such section, the auditor should add one. No bank objects to an auditor adding an observation section. Banks object to missing information, not to additional information.
The basic licences a stock auditor should check
A fair objection is that the stock auditor is a financial professional, not a regulatory specialist, and cannot be expected to know every licence a borrower needs. This is valid up to a point. The auditor is not expected to conduct a comprehensive regulatory mapping – that is a separate engagement. But the auditor is expected to check the obvious ones: the licences so fundamental that any manufacturing professional would know about them.
These should be added to the Letter of Requirement at the start of every manufacturing-sector engagement. Examine them when received, note the validity dates, compare with the audit date. If all five are valid, note the details in the working papers and move on. If any have expired or are missing, a risk to the bank’s security has been identified that the DP alone would never reveal.
For sector-specific licences beyond basics – mining leases, PESO certificates, drug manufacturing licences, FSSAI registrations and the many specialised approvals that various sectors require – the auditor should build familiarity over time with the key licences applicable to the sectors most frequently encountered. This is part of the professional competence the ICAI Code of Ethics expects every practitioner to develop in their areas of practice.
It is precisely this body of sector-specific knowledge, built up over years of conducting audits across different manufacturing sectors, that I am currently compiling into a Practical Handbook on Licences and Approvals for Manufacturing Entities. The handbook sets out, sector by sector, the key licences and approvals a manufacturing borrower typically requires, the governing legislation, the granting authority, the normal tenure, and most importantly, the relevance of each to a lender’s security. It is being written from the perspective of what I have actually learnt in the field, rather than as a theoretical compilation of statutes, and it is intended as a desk reference that a stock auditor can consult during an engagement when a borrower from an unfamiliar sector raises questions the standard checklist does not cover.
Handling the borrower’s response
When the auditor raises a licence validity issue during the engagement, the borrower’s response usually falls into one of four categories.
| Borrower’s Response | What It Looks Like | What the Auditor Should Do |
| Cooperation | Produces the renewed, valid document | Note the document details in working papers. Matter resolved. |
| Explanation | Licence expired, renewal filed, application receipt produced, timeline explained | Note the expiry date, application date, receipt number, and the management representation. Report the factual position including the pending renewal. |
| Deflection | Says the licence is “not required” or “SPCB verbally confirmed we don’t need it” | Exercise caution. Verbal confirmations are not documents. If the licence appears required given the operations, note that the document was requested, the borrower stated it is not applicable, and record the representation for the bank’s independent verification. |
| Non-cooperation | Does not produce the document and does not explain why | Report it plainly: the document was requested on [date] and has not been produced; validity as on the audit date could not be verified. This is the clearest signal of all. |
The fourth response deserves particular attention. When a borrower will not produce a basic document like the CTO and will not explain why, that silence tells the bank everything it needs to know – either the licence does not exist, or it has expired and the borrower does not want it seen, or there is some other issue. In every such case, the bank should follow up, and the auditor’s job is simply to make the gap visible.
The fifteen-minute check that can save lakhs
The entire discussion above comes down to a simple professional habit. Five documents, fifteen minutes, at every manufacturing-sector engagement.
| The Check | The Time | The Protection |
| Add five documents to the Letter of Requirement | Two minutes when preparing the LOR | Ensures the documents are ready when you arrive |
| Examine the five documents and note validity dates | Fifteen minutes during the engagement | Identifies licence gaps the DP computation cannot catch |
| Report any expired or missing document factually | Five minutes when drafting the report | Makes the risk visible to the bank and documents the auditor’s diligence |
If all five are valid and current, note the details and move on. If any have expired or are missing, report it, and let the bank decide what to do about it. That is the stock auditor’s role – not to certify compliance, not to interpret regulatory law, not to predict enforcement action, but to make visible to the bank any factual position that could affect its security. The decision that follows is the bank’s. The visibility is the auditor’s responsibility.
*******
Disclaimer and Limitation
The views expressed in this article are the personal views and professional observations of the author based on his experience in stock and receivables audit practice. They are not intended to constitute legal advice, regulatory guidance, compliance advice, or a definitive interpretation of any law, rule, standard, or professional pronouncement.
The regulatory framework for manufacturing in India is complex and varies by sector, state, and the specific nature of the manufacturing activity. The observations regarding licence validity and its relevance to stock audits are of a general nature and may not cover every applicable licence or regulatory requirement for a specific borrower.
Nothing in this article supersedes any ICAI pronouncement, Standard on Auditing, statutory provision, RBI direction, or judicial order. In the event of any inconsistency between the views expressed here and the applicable professional, statutory, or regulatory framework, the applicable framework shall prevail.
The author accepts no liability for any loss or professional consequence arising from the application of any view discussed in this article.
Author Bio
