Auditor–Board Communication Failures: NFRA issues Compliance Warning

The National Financial Reporting Authority (NFRA), through its circular dated 7 January 2026, has reiterated and strengthened the mandatory requirements for effective, documented, two-way communication between statutory auditors and those charged with governance (TCWG), including audit committees, under the Companies Act, 2013 and the Standards on Auditing (notably SA 260 (Revised) and SA 265). NFRA highlighted systemic deficiencies observed during investigations, such as incorrect identification of TCWG, inadequate documentation, failure to communicate audit scope, key risks, significant transactions, internal control weaknesses, related party issues, and instances of non-compliance with laws. The circular clarifies the distinct responsibilities of boards, independent directors, audit committees, and auditors, emphasizing that audits do not dilute governance accountability. It mandates early determination of TCWG, structured and timely written communications, escalation where required, and regular meetings before and during audits. NFRA stressed that lapses in communication undermine governance and audit quality, potentially eroding investor confidence, and called for robust frameworks to ensure compliance in letter and spirit.

National Financial Reporting Authority
*****

Circular No. NF-25013/3/2025–NFRA | Dated: 07.01.2026

To
1. All listed companies
2. Companies and bodies corporate as specified in Rule 3 of NFRA Rules, 2018
3. Auditors of the above companies

Subject: Effective Communication Between Statutory Auditors and Those Charged with Governance, Including Audit Committees

In the course of discharging of NFRA’s statutory functions, it has been noticed that there is a need to strengthen the communications between Statutory Auditors (Auditors), Those Charged with Governance (TCWG), including Audit Committees (ACs), in line with the requirements of the Companies Act, 2013 (CA 2013), the Standards on Auditing (SAs) prescribed under CA 2013, and other relevant Rules and Regulations.

2. Provisions of CA 2013 and other Relevant Rules: The CA 2013 has placed certain important obligations on the Board of Directors (BOD or the ‘Board’), Independent Directors (IDs), Audit Committees and Statutory Auditors of Companies in respect of Accounts and Audit of Companies.

2.1 Board of Directors:

Section 134 of CA 2013 and related Rules require that the financial statements, including the consolidated financial statements, if any, be approved by the Board of Directors. A report by the Board shall be attached to the financial statements, which shall include, inter alia, an important statement called Directors’ Responsibility Statement. According to sub-section 5 of Section 134, this statement shall disclose the Board’s assertions regarding certain critical aspects, such as adherence to applicable accounting standards; selection and application of accounting policies and making of judgements/estimates on reasonable and prudent basis; maintenance of adequate records for safeguarding the assets of the company and preventing and detecting fraud and other irregularities; preparation of accounts on a going concern basis; implementation of adequate internal financial controls and ensuring their operating effectiveness; and implementation of proper systems to ensure compliance with all applicable laws.

2.2 Independent Directors:

Schedule IV to the CA 2013 lays down a Code for Independent Directors. Sub-clause 4 of Clause

II casts an obligation on them to satisfy themselves of the integrity of financial information and that financial controls and the systems of risk management are robust and defensible. Further, Clause

III casts several duties on the independent directors, such as appropriate induction and regular updation of their skills, knowledge and familiarity with the company; clarification or amplification of information; remaining well informed about the company and the external environment it operates; paying sufficient attention and ensuring that adequate deliberations are held before approving related party transactions. Reporting concerns about unethical behaviour, actual or suspected fraud or violation of the company’s Code of Conduct or Ethics Policy; and where there are concerns about the running of the company or proposed action, the independent directors are to ensure that these are addressed by the Board and, to the extent that they are not resolved, insist that their concerns are recorded in the minutes of the Board meeting.

2.3 Audit Committees:

Section 177 of CA 2013, the related Rules stipulate several important roles and responsibilities of the Audit Committee. One of the critical responsibilities is to review and monitor the Auditor’s independence and performance, and the effectiveness of the audit process. Other areas of critical significance relate to related party transactions, inter-corporate loans and investments, the valuation of assets of the company, the evaluation of internal financial controls and risk management systems, the review of major accounting entries involving estimates based on the exercise of judgment by management and discussions with Auditors before the audit commences, about the nature and scope of audit as well as post-audit discussions to ascertain any area of concern and so on.

2.4 Auditors:

Section 143 of CA 2013 is titled ‘Powers and duties of auditors and auditing standards’. Sub-section 2 of section 143 requires the Auditor to make a report to members of the company on the accounts examined and the financial statements, inter alia, after taking into account the provisions of CA 2013, the accounting and auditing standards, and whether the financial statements give a true and fair view. Further, subsection 9 of section 143 of CA 2013 casts a statutory obligation on the Auditor to comply with the auditing standards.

3. Provisions of the SAs prescribed under CA 2013: There are two SAs, viz. SA 260 (Revised)¹ and SA 265² that deal with the communication between the Auditors and Those Charged with Governance (TCWG), Audit Committee and Management. Also, there are many other SAs, including SQC 1, that have specific communication requirements between the Auditor and TCWG (Refer Annexure I). Certain important requirements of these SAs are summarised below:

3.1 TCWG:

Paragraph 10 (a) of SA 260 (Revised) defines TCWG as those with responsibility for overseeing the strategic direction of the company and obligations relating to the accountability of the company. Paragraph 11 lays down a mandatory requirement for an Auditor to determine appropriate persons as TCWG within the governance structure. As per the CA 2013, since the Board of Directors is overall responsible for the governance of the company, it will qualify for being considered as TCWG. TCWG could also be a sub-group of the Board, which could be the Audit Committee plus some of the Board members. In such a case (where a sub-group has been determined to be TCWG) the Standard requires that the Auditor determines if there is a further need for communicating with the full Board. In any case, it is necessary for the Auditor to determine TCWG at the start of the Audit. Once TCWG is determined, the Standards require regular, two-way communication with TCWG throughout the Audit.

3.2 The Communication Process:

The SA 260 (Revised) mandates a two-way communication process that has to be documented alongside any matters communicated orally. There is sufficient guidance within the Standard (refer to para A37-A53 of SA 260 (Revised) and Appendix 2 to the SA) that details the form and process of this communication. For example, the Auditor is to communicate his approach to internal control and the nature and extent of the specialised skills and expertise needed for the audit, e.g., Fair Value Measurements, Expected Credit Loss Allowance computations, and seek TCWG’s suggestions on any particular area requiring the Auditor’s additional consideration during audit.

3.3 Specific matters to be communicated under SA 265:

This SA deals with the Auditor’s communication about the deficiencies in internal controls identified during the audit, with both TCWG and Management. These need to be communicated in writing and in a timely manner. The Auditor has to determine whether the control deficiencies identified are significant, individually or in combination, and the communication of such deficiencies must explain their potential effects. Moreover, significant deficiencies in internal control need to be communicated in writing and in a timely manner.

3.4 TCWG and Management Responsibilities:

The fact that the financial statements are audited does not relieve TCWG of its responsibilities. The objectives of communications with TCWG include obtaining from TCWG the information relevant to the audit and providing them with timely observations arising from the audit that are significant and relevant for them to fulfil their responsibility of oversight of the financial reporting. These communication requirements are designed, inter alia, to strengthen governance over the financial reporting process by ensuring that TCWG has a timely and clear visibility into the audit process. Timely information on how the audit is planned, what are the areas of key risks, and whether the Auditors are truly independent, enables TCWG to ensure uncompromising objectivity of the Auditors. These measures are instrumental in enhancing audit quality and, in turn, protecting public interest. Hence, every non-compliance with these important provisions of the Standards and CA 2013 is not just a procedural violation but would impact the governance framework of public interest entities that may ultimately erode investors’ confidence.

4. Common non-compliances with SA 260 (Revised) and SA 265 observed during NFRA’s investigations into professional misconduct by some Auditors.

4.1 The common non-compliances by some Auditors as noticed by NFRA are listed below:

a. Auditors were found to have not adequately evaluated the entity’s governance structure, and contrary to the requirements of SA 260 (Revised), they incorrectly identified only the Audit Committee and, at times, even Management Executives and Executive Directors as TCWG.

b. The communication process with TCWG was incomplete and was inadequately documented. It often failed to clearly record the purpose and objective of such communication by improper reliance on the audit engagement letter as being sufficient compliance with TCWG communication requirements. Auditors failed to communicate significant matters, including the planned scope and timing of the audit, materiality, key audit matters and significant risks (such as going concern issues, valuation deficiencies and unusual transactions outside the normal course of business).

c. Auditors failed to establish and document the form, timing and two‑way nature of communication with TCWG. They also did not document expected communications from TCWG about significant strategic decisions, suspected or identified fraud, and views regarding the integrity and competence of senior management.

d. In several instances, communications to the Audit Committee (which the Auditors treated as TCWG) were limited to a presentation shortly before approval of the financial statements, without adequate supporting documentation of discussions of significant matters or of actions arising from Audit Committee deliberations.

e. Often, meetings and discussions with management were erroneously construed as communication with TCWG.

f. Significant unusual transactions, including supplier and land advances, borrowing and lending transactions, and circuitous dealings with promoter or group‑controlled entities outside the normal course of business, were not communicated to TCWG or the Audit Committee, which is contrary to the requirements of the Standards.

g. Instances of non-compliance with laws and regulations, including prudential and regulatory requirements that could affect the entity’s license to operate, were not communicated.

h. Often, there was no communication of deficiencies in the entity’s related party transaction policy and issues in related party transactions, such as significant increases, questions as to whether they were in the ordinary course of business, or whether they were at arm’s length.

i. Despite the requirement of the Law and the Standards on both the Audit Committee and the Auditor, regarding internal controls, in one case, the Auditors failed to communicate identified weaknesses or the absence of internal controls to TCWG, including serious deficiencies in credit policies and the failure of the Risk Management Committee to meet over multiple years.

5. In view of the above, and other information from various monitoring activities, and in light of the instances of ineffective communication between the Auditors and TCWG, the following provisions of the SAs prescribed under the CA 2013, other requirements of the CA 2013 and relevant Rules thereof are reiterated for the attention of Statutory Auditors and Management/TCWG/ACs of the Companies that fall within the purview of NFRA.

5.1 Role and Responsibility to establish an Effective Two-way Communication:

As noted above, the requirements explicitly mandate compliance with the SAs and require robust two-way communication between the Auditors and TCWG. It is a joint or collective mandatory obligation of the Company’s Governing Body, i.e. Board of Directors, its Audit Committee, its Management, and its Auditors to establish a robust, effective two-way communication. Appropriate policies and processes are needed to implement these requirements in practice in letter & spirit.

5.2 Appropriate determination and documentation of TCWG under Indian Legal and Regulatory Framework:

As provided in paragraph 3.1 above, the Auditor shall determine who constitutes TCWG at the beginning of the Audit. If the Auditors communicate with a sub-group, as mentioned in paragraph 3.1 above, it is relevant that the Auditor keeps in mind as to whether the sub-group has the authority to take action in respect of the matters communicated, the adequacy of communication between the sub-group and the full Board of Directors, and whether they need to also communicate with the full Board in addition to communication with the sub-group of TCWG.

5.3 Establishing a robust two-way communication process:

In accordance with SA 260 (Revised), (Paragraph 18), the Auditor shall communicate with TCWG the form, timing, and expected general content of communications. To ensure clarity, it is recommended (though not mandatory) that the Auditor and TCWG discuss at the start of the financial year:

i. The planned scope and timing of the audit (SA 260 (Revised), Paragraph 15); and

ii. The expectations of two-way communication, including typically expected agenda items.

To enable effective implementation of the standards, it is recommended that the Board prepare and document an overall communication framework between TCWG and Auditors. This framework may include the following:

a. Objective and Purpose of the Two-way Communication

b. Name and details of Members of the Board and Audit Engagement Team (AET) who shall be nodal persons for ensuring an effective two-way communication throughout the audit. Nodal persons of the Board may include Independent Directors as well as Non-Independent Directors.

c. Expectations of the Auditors from the Board that they expect a two-way communication i.e., TCWG will communicate to the Auditors on the matters that will be relevant to audit such as strategic decisions that may significantly affect the nature, timing and extent of audit procedures, the suspicion or the detection of fraud, and concerns with the integrity or competence of senior management, significant communications, if any, with Regulators, their views, awareness and actions regarding Internal Controls including Internal Audit Function, TCWG’s awareness and actions in relation to developments in the financial reporting framework, corporate governance practices and other regulatory matters. This expectation is without prejudice to the professional scepticism required of the Auditor as per the standards on Auditing.

d. Summary of the prescriptions of key SAs that require communication of specific matters with TCWG by the Auditors.

e. Policy and Process of updating or escalating the matters to TCWG, about the discussion and communication between Nodal officers of TCWG and Auditors and also the Auditors’ interaction with subgroups of TCWG.

f. Policy and process of documenting and communicating the views/ instructions/ actions of TCWG on the significant matters communicated by the Auditors, such as planned scope and timing of audit, Auditor’s assessment of Risk of Material Misstatement due to fraud or error, Auditor’s evaluation of the Internal Control System in the Company.

g. Frequency of meetings between TCWG, and the Auditors and the expected Agenda matters for the meetings.

h. All significant communications shall be in writing and formally acknowledged by both the Auditor and TCWG, either in the form of minutes of the meeting or letters.

5.4 Appropriate form of communication by Auditors with TCWG/ACs and its documentation:

For a communication to be effective in a two-way exchange, it shall meet the following requirements.

a. Communication shall be in writing. In case of oral communication, it shall be documented in writing and shall include the date, time and details of the persons involved in the communication. The written communication shall form part of the Audit Work Papers and part of the agenda and minutes of the Board or AC meeting held subsequently.

b. Written communication shall be unambiguous and specific in respect of issues or matters for the consideration of both parties. Presentations in bullet form alone, or communication by emails with a caveat of ‘no comments from the other party is construed as acceptance’, is unacceptable, as it does not meet the objective of the SAs.

c. Communication shall also contain the views/suggestions of TCWG on the subject matter raised by the Auditors and vice versa.

d. Duration of discussion between the Auditors and TCWG must be sufficient for a meaningful outcome.

5.5 Timely communication with TCWG/ACs:

Regular two-way communication between the Auditors and TCWG/its sub-groups/nodal persons throughout the audit period is key to achieving the objectives of SA 260 (Revised) and SA 265. Timely and regular communications will help both parties to initiate and implement appropriate actions, rather than being faced with a fait accompli. Therefore, the following steps are recommended:

a. Auditors and TCWG should meet in person or virtually at least twice a year, once before the commencement of the audit and second-time, well in advance of the time, before the approval of financial statements by TCWG. The timing of these semi-annual meetings may be scheduled in such a way that it facilitates effective deliberations about the audit-related matters at the quarterly meetings of the Board required under section 173(1) of the CA 2013.

b. There may be situations warranting discussion between the Auditors and TCWG e.g., where the Auditors are experiencing significant difficulty during the audit to obtain the sufficient appropriate audit evidence, where the Auditors have reason to believe a potential fraud, where they have observed significant weaknesses in the internal controls or differences of views/opinions with those of the Management in respect of significant accounting estimates, etc. In such situations, Auditors shall request a meeting with TCWG in writing, and TCWG shall either accede to the request or, in writing, communicate the reasons for declining it.

5.6 Agenda and matters to be communicated with TCWG:

While the SAs, and provisions of CA 2013 and Rules thereof have a comprehensive and detailed list of matters to be discussed with and communicated between the Auditors and TCWG, the following matters shall invariably form part of the agenda matters for interactions between Auditors and TCWG.

a. Audit Strategy and Audit Planning including quantification of Materiality and its effect on nature and extent of audit work; Auditors assessment of risk of material misstatement (ROMM), Internal Control Environment in particular to prevent frauds and non-compliance with critical laws and regulations; areas of significant accounting policy judgment and management estimations; areas requiring involvement of experts, either by the Management or the Auditors; accounting or other areas of concerns requiring special attention by the Auditors.

b. Status of audit work and significant findings during the audit period:

• • Significant difficulties during the audit, like unavailability of expected information etc.
  • Significant transactions or events where the Management encountered difficulties in identifying the appropriate accounting policies or standards, and the Auditor’s view on the appropriateness of the policies applied by the Management.
  • Significant and material weaknesses in internal financial controls and non-qualification of the Auditor’s specific report on adequacy and operating effectiveness of internal financial controls.
  • Discussions with Management on accounting estimates that involve significant management judgments or use of significant assumptions and forecasts such as valuation and impairment testing of unlisted shares/properties, going concern assessments, expected credit loss allowance estimates, etc.

c) Auditor’s compliance with Independence and Code of Ethics regarding all the relationships and other matters such as business relationships, non-audit services, if any, between the Firm, Network Firms and the Auditee Company and other specified entities³ that may have an impact on Independence; and safeguards applied to eliminate or reduce threats to independence.

6. Company Secretaries of the above Companies are hereby requested to bring this circular to the notice of the Board of Directors and the Audit Committee.

Authorised for issue by the Executive Body, NFRA.

(Vidhu Sood)
Secretary, NFRA

Annexure:

Copy to:

1. Secretary, Ministry of Corporate Affairs, Government of India

2. Governor, Reserve Bank of India

3. Chairperson, Securities and Exchange Board of India

4. Chairperson, Insurance Regulatory and Development Authority of India

5. Director General of Corporate Affairs, Ministry of Corporate Affairs, Government of India

6. Director General (Commercial-II), O/o the Comptroller and Auditor General of India

7. President, The Institute of Chartered Accountants of India

8. President, The Institute of Company Secretaries of India

9. President, The Institute of Cost & Management Accountants of India

10. Director General, Confederation of Indian Industry (CII)

11. Director General, Federation of Indian Chamber of Commerce and Industry (FICCI)

12. Secretary General, The Associated Chambers of Commerce and Industry of India (ASSOCHAM)

13. Secretary General, PHD Chamber of Commerce and Industry (PHDCCI)

14. The CFO Board

15. Press Information Bureau, India

Annexure I

Appendix 1 of SA 260 (Revised)

Specific Requirements in SQC 1 and Other SAs that Refer to Communications with Those Charged with Governance

This appendix identifies paragraphs in SQC 1⁴ and other SAs that require communication of specific matters with those charged with governance. The list is not a substitute for considering the requirements and related application and other explanatory material in SAs.

• SQC 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements – paragraph 42(a).
• SA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements – paragraphs 21, 38(c)(i) and 40-42.
• SA 250, Consideration of Laws and Regulations in an Audit of Financial Statements – paragraphs 14, 19 and 22–24.
• SA 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management – paragraph 9.
• SA 299 (Revised): Joint Audit of Financial Statements paragraphs 10, 12, 21.
• SA 450, Evaluation of Misstatements Identified during the Audit – paragraphs 12-13.
• SA 505, External Confirmations – paragraph 9.
• SA 510, Initial Audit Engagements―Opening Balances – paragraph 7.
• SA 550, Related Parties – paragraph 27.
• SA 560, Subsequent Events– paragraphs 7(b)-(c), 10(a), 13(b), 14(a) and 17.
• SA 570 (Revised), Going Concern – paragraph 25.
• SA 580, Written Representations – Paragraphs 15 to 16 and A24.
• SA 610 (Revised), Using the Work of Internal Auditors – paragraphs 20 and 31.
• SA 701, Communicating Key Audit Matters in the Independent Auditor’s Report – paragraph 17.
• SA 705 (Revised), Modifications to the Opinion in the Independent Auditor’s Report paragraphs 12, 14, 23 and 30.
• SA 706 (Revised), Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report – paragraph 12.
• SA 710, Comparative Information—Corresponding Figures and Comparative Financial Statements – paragraph 18.
• SA 720(Revised), The Auditor’s Responsibilities Relating to Other Information– paragraphs 17–19.

Notes:

¹ Standard on Auditing (SA), 260 (Revised), Communication with Those Charged with Governance (SA 260 (Revised)

2 Standard on Auditing (SA), 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management (SA 265)

3 For more details please refer to Section 141 and 144 of the Companies Act 2013

4 SQC 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements.