The National Financial Reporting Authority (NFRA) has released the second installment of its “Auditor-Audit Committee Interactions” series, focusing on audit strategy and planning. The document highlights the importance of effective communication between auditors and audit committees, as mandated by the Companies Act 2013 and SEBI Regulations. It discusses key Standards on Auditing (SA 300, SA 315, SA 330, and others) that guide audit planning, risk assessment, and execution. The guidance outlines essential audit planning components, including identifying engagement scope, reporting requirements, and risk factors. It also details potential questions audit committees may ask auditors regarding their audit approach, independence, and risk management strategies. NFRA aims to enhance audit quality and investor protection by promoting awareness of auditing standards and responsibilities.
National Financial Reporting Authority
Auditor- Audit Committee*Interactions Series 2
Audit Strategy and Audit Plan-SA 300 etc.
*NFRA does not set standards and codes for Coporate Governance, Board of Directors And Audit Committees.
Introduction
In the course of NFRA’s enforcement, review, and monitoring activities, the auditor’s communication with those charged with governance (TCWG) (including the audit committees) has been highlighted in various ways. A need has been felt through these activities towards reinforcing the ways and means of communication between the Statutory Auditors and the Audit Committees in particular drawing upon the requirements in the Companies Act 2013 (CA 2013), the two relevant Standards on Auditing (SA 260 (Revised) and SA 265), other related SAs and the Standard on Quality Control (SQC 1).
Therefore, in accordance with NFRA’s obligations to suggest measures for improvement in overall audit quality and to promote awareness and significance of accounting and auditing standards, auditor’s responsibilities, audit quality, and keeping in view NFRA’s objectives of protecting public interest and investor protection, NFRA has commenced with this series of Auditor-Audit Committee Interactions, which are being issued on significant areas of accounting and auditing, from time to
This Auditor-Audit Committee Interactions Series 2 draws the attention of the auditors to the potential questions the Audit Committees/Board of Directors may ask them in respect of their Audit Strategy and Audit Plan1.
Development of an effective Audit Strategy and Audit Plan is the critical starting phase of an audit of financial statements. Its timely preparation, communication with TCWG/Audit Committee and its appropriate revisions during the course of audit will have several advantages leading to effective and efficient audit of financial statements. Audit Strategy is intended to set the overall scope, timing and direction of audit so as to guide the preparation of detailed audit plan including completion of the auditor’s risk assessment procedures2 and design of audit procedures responsive to assessed risks.3
What do Companies Act 2013 (CA 2013) and Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (SEBI Regulations) require from Audit Committee?
Section 177 of CA 2013 and Schedule II Part C of SEBI Regulations, inter alia, require the Audit Committee to review and monitor the auditor’s performance, independence, and effectiveness of audit process.
Key Standards on Auditing (SAs) that are relevant to Audit Strategy and Audit Plan
There are several SAs with prescriptions which will impact the auditor’s Audit Strategy and Audit Plan for an audit of Financial Statements. Some of the important prescriptions of these SAs that may be of particular relevance in the context of auditor’s interaction with Audit Committee are highlighted below.
SA 300 lays down the overarching framework for the Auditor’s responsibility towards development of overall Audit Strategy and a detailed Audit Plan. The former one is a high-level exercise comprising the following key aspects4:
❖ Identifying the nature and scope of the engagement e.g., whether it is audit of separate financial statements or group financial statements and whether the Auditor’s role is of a Group Auditor (Principal Auditor) or Component Auditor?
❖ Identifying reporting objectives e.g. whether the Auditor has any reporting obligations other than expressing audit opinion on financial statements such as CARO, ICFR, Prudential Regulator’s Compliance Certificate like Capital Adequacy Ratio?
❖ Identifying the applicable financial reporting framework i.e., Ind AS, AS or Financial Results under SEBI Regulations?
❖ Performing preliminary engagement activities such as Know Your Client steps for acceptance/continuation of engagement;
❖ Ascertaining the resources required including internal or external experts and the timing of their deployment such as whether at an interim stage or at key cut-off
Audit Planning is a comprehensive and detailed exercise that involves the following process.
❖Performing overall analytical
❖ The determination of overall materiality and
❖ performance 5
❖ Performing the risk assessment procedures required under SA 315; this step normally includes the following aspects:
✓ Identification and assessment of risk of material misstatement at financial statement level as well as assertions level for class of transactions, account balances, and disclosures.6
✓ Identification of areas of significant risk by considering factors such as risk of fraud, changes in economic and regulatory environment including changes in financial reporting framework, complexity of operating environment and transactions, risks of significant related party relationships and transactions, and unusual transactions or those outside the course normal business of the entity.
❖ Designing appropriate audit procedures to address the risks identified and This part includes deciding on nature of audit procedures such as Substantive procedures and Test of Controls, and the timing of performance of these procedures.7
What are some of the potential questions that the Auditors may expect from the Audit Committees in respect of his/her Audit Strategy and Audit Plan? (Illustrative only)
❖ What is the Auditor’s plan for communication with Audit Committee/TCWG such as its timing, frequency, mode and contents of the communication?
❖ In case of Group Auditor (or Principal Auditor)8,
✓ Has the Auditor identified and determined coverage of the components and locations?
✓ Has the Auditor understood his/her role and responsibility and that of component auditor (other auditor), if any, and communicated the same to the component auditor(s)?
✓ Has the Auditor evaluated the competence and capability of the component auditor(s)?
✓ What are the plans for communication and
✓ interaction with the component auditor(s)?
✓ Has the Principal Auditor advised the other auditor of the use that is to be made of the other auditor’s work and report and has made sufficient arrangements for co-ordination of their efforts at the planning stage of the audit?
❖ Has the Auditor evaluated compliance with independence norms and ethical requirements by the audit firm including members of its network firms?
❖ In case of initial audit engagement, how is the Auditor planning to obtain sufficient appropriate audit evidences for opening balances? 9 Has the Auditor reviewed the work papers of predecessor Auditor?
❖ Has the Auditor understood the overall nature and scope of the engagement including type of reporting responsibilities and timelines? Is there a timetable of reporting such as interim and final stages?
❖ Has the Auditor performed preliminary evaluation of the nature and extent of resources including experts required? Are there areas requiring specialized skill or knowledge needed in any audit area? Which are those areas where the Auditor intends to employ experts such Valuation Professionals, Credit Risk Experts, Forensic Accountants and Information Technology Specialists?
❖ Has the auditor estimated the time (number of hours) required for the audit? How many hours are expected to be devoted by the Engagement Partner and/or Senior Members of the Engagement Team?
❖ What are the areas where the Auditor intends to use information technology tools (Computer-assisted audit techniques)?
❖ What is the approach sampling, is it statistical sampling?
❖ Is there a plan to use analytics? How will you satisfy yourself that the databases used are reliable? Will the exercise cover all transactions throughout the accounting period?
❖ Has the Auditor determined whether the entity uses any service organisation10 and whether he has planned procedures to obtain assurance over design and/or operating effectiveness of internal controls at the user entity including those that are applied to the transactions processed by the service organisation?
❖ Does the Auditor’s plan include obtaining Type 1 or Type 2 report in case the entity uses a service organization?
❖ Does the Auditor intend to place reliance on work of internal auditors? If yes, has the Auditor considered the key requirements of SA 610 (Revised) 11 such as the internal audit function’s organizational status and objectivity, competency level and the prohibited areas for availing direct assistance by them?
❖ What is the basis of Auditor’s determination of Overall Materiality and Performance Materiality? Are these based on historical averages or forecast projections? Is the data used reliable? Are these quantitative thresholds used in determining sample sizes?
❖ What is the Auditor’s approach for identification and assessment of risk of material misstatement? What are the factors considered in evaluating the level of risk?
❖Has the Auditor identified areas of ‘Significant Risk’ and ‘Higher Level of Assessed Risk? What is the Auditor’s plan to address these risky audit areas?
❖Has the Auditor identified emerging areas of risks in the operating and regulatory environment of the entity which may impact the Financial Statements under audit?
❖ Has the Auditor understood the legal entity structure, operating structure and business strategy/philosophy of the entity and risks emanating, if any, from these areas?
❖ What is the Auditor’s approach for evaluation of internal control system and environment for the audit of Financial Statements and for expressing an opinion on the design and operating effectiveness of Internal Financial Controls over Financial Reporting?
❖Has the Auditor evaluated the Information Technology Systems and Processes? Are there any material or significant risks there?
❖What are the Auditor’s preliminary views about areas requiring significant attention of the Auditor and potential key audit matters?12
❖Has the Auditor identified related party relationship or related party transaction which the management has not identified? Has the Auditor evaluated the potential for existence of similar relationships or transactions?
❖ Has the Auditor identified any areas of laws/regulations or accounting areas that require significant judgment or external expert guidance to ensure adequate compliance?
❖ Is there any proposed accounting, auditing or reporting rule that could materially affect the Company’s financial statements?
❖ Are there any unresolved questions from the prior year’s audit? Based on previous years’ experience, are there accounting policies and methods that can be improved, even in non- material areas?
❖ Based on your previous years’ experience, are there accounting policies and methods that can be improved, even in non-material areas?
❖ Did the NFRA or Other Independent Regulator inspect the auditor’s work relating to the Company’s audit? If so, were there any deficiencies noted?
❖ What support would the auditor require from the Audit Committee to enable the auditor to discharge his role and responsibilities efficiently and effectively?
Acknowledgment: NFRA appreciates the guidance and support provided by eminent subject matter experts Shri D Sundaram, Shri Nawshir Mirza, Shri P R Ramesh and Shri R.Anand, in developing this publication.
Disclaimer: This publication by NFRA Staff is intended purely towards promotion of awareness of auditing and accounting standards and audit quality as part of NFRA’s education, training, seminar and advocacy initiatives. NFRA and the subject matter experts do not accept any responsibility or liability for any loss caused to any person or any entity, howsoever arising from the use of or refraining from the use of the contents of this document. This document is not a policy/standard/recommendation/statement of Executive Body of NFRA, the Authority or the Government and is not issued as a substitute for any obligations of Auditors, Management, TCWG including Audit Committees, as are provided in law, rules, and regulations.
Notes:
1 Standard on Auditing (SA) 300, Planning an Audit of Financial Statements
2 Standard on Auditing (SA) 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment time.
3 Standard on Auditing (SA) 330, The Auditor’s Responses to Assessed Risks
4 Refer Appendix to SA 300 for detailed guidance.
5 Refer Standard on Auditing (SA) 320, Materiality in Planning and Performing an Audit
6 Refer paras 25-26 and A117 to A125 of SA 315.
7 Refer Standard on Auditing (SA 330), The Auditor’s Responses to Assessed Risks
8 Refer Standard on Auditing (SA) 600, Using the Work of Another Auditor and NFRA Circular dated 03.10.2024
9 Standard on Auditing (SA) 510, Initial Audit Engagements- Opening Balances
10 Standard on Auditing (SA) 402, Audit Considerations Relating to an Entity Using a Service Organisation
11 Standard on Auditing (SA) 610 (Revised), Using the Work of Internal Auditors
12 Standard on Auditing (SA) 701, Communicating Key Audit Matters in the Independent Auditor’s Report
