NFRA Finds Continued Independence Issues at SRBC & Co. LLP in 2023 Inspection

A 2023 audit quality inspection by the National Financial Reporting Authority (NFRA) of M/s SRBC & Co. LLP revealed that the audit firm had not fully addressed independence deficiencies identified in a previous report. The NFRA’s review, conducted in 2024, found that SRBC & Co. LLP’s policies did not adequately recognize the relationship between the Ernst & Young Global (EY) network and its Indian network, SR Batliboi & Affiliates (SRB), potentially leading to non-compliance with Companies Act requirements concerning auditor independence and prohibited services. Despite being asked to revise its independence policy and review engagements considering the interconnectedness of the networks, SRBC & Co. LLP initially delayed providing complete information regarding non-audit services provided by EY network entities to its audit clients, hindering NFRA’s verification of full compliance with independence standards and regulations. While the firm later provided some information, NFRA raised concerns about the exclusion of certain services from the definition of non-audit services, the exclusion of private equity holding companies of audit clients from non-audit service restrictions, instances where non-audit fees exceeded audit fees, and the firm’s interpretation of ‘relatives’ under the Companies Act. The inspection also identified deficiencies in audit procedures related to Related Party Transactions and Internal Financial Control over Financial Reporting in selected audit engagements. While the firm had revised some policies related to documentation issues, the effectiveness of these revisions will be assessed in a future inspection.

INSPECTION REPORT 2023 – Audit Firm: M/s SRBC & Co. LLP
Firm Registration No. 324982E/E300003
Inspection Report No.132.2-2023-05
March 27, 2025

PART A

 Executive Summary

1. Section 132 of the Companies Act 2013 (the Act) mandates the National Financial Reporting Authority (NFRA), inter alia, to monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in quality of their services. Under this mandate, NFRA conducted audit quality inspections of the Chartered Accountant Firm M/s SRBC & Co LLP in 2024 (the Audit Firm/the Firm/SRBC). The scope included a review of the remedial actions taken by the Firm for the deficiencies reported in the previous inspection report, and a review of three selected individual audit engagements of financial statements for the years ending 31.03.2023, focusing on three significant audit areas, viz., Internal Financial Control over Financial Reporting on Revenue, Related Party Transactions and Impairment of Non-Financial Assets. The Inspection included an on-site visit in August 2024, discussions with the Audit Firm personnel including the engagement teams of select audit engagements, review of policies and procedures and examination of documents. The observations were conveyed to the Audit Firm. An inspection report was issued to the Firm, for which a written response was The observations in this report are based on the Firm’s remedial responses on the previous inspection report dated 22.12.2023, further information/documents provided by the Firm and results of selected sample audit engagement files. The key observations in this report are summarized as follows.

2. M/s SRBC & Co. LLP is member of two networks viz., Ernst & Young Global network (EYG/EY network) and SR Batliboi & Affiliates (Indian network/SRB network). In the previous inspection report dated 22.12.2023, we observed that the Audit Firm’s independence policies do not recognize relationship between EY network and SRB network resulting in non-compliance with section 141 & 144 of the Companies Act 2013. We had recommended that the Audit firm should make necessary changes to its Independence policy and also review all its ongoing engagements considering EY network entities as directly and indirectly related to SRB & Affiliates.

3. On a review of the Audit Firm’s response to the previous inspection report, we observed that the Audit Firm had not fully remediated the observations of the previous inspection report. The Audit Firm did not provide information relating to non-audit services provided by EY network entities to the Firm’s audit Thus, it could not be verified if the Firm is in full compliance with independence requirements given in section 141 & 144 of the Companies Act 2013, SQC 1¹, Standards on Auditing 220², and the Code of Ethics³. Accordingly, the Draft Inspection Report was sent to the Firm seeking its response.

4. In response to the Draft Inspection Report, the Firm informed of its proposal to amend its independence policy and also provided information relating to non-audit services provided by EY Network entities to the Firm’s audit clients. On account of substantial delay by the Firm to provide complete information to the inspection team, it could not be verified if the Firm is in full compliance with independence requirements given in section 141 & 144 of the Companies Act 2013, SQC 1, Standards on Auditing 220, and the Code of Ethics. However, our prima facie observations are as under–

a) The Firm should put in place a robust process to address all threats to independence, which may be created due to the exclusion of certain services from the term non-audit

b) The Firm should reconsider its policy to exclude NFRA regulated audit clients’ holding companies, which are in private equity business, for the purpose of providing non-audit services, to ensure full compliance with the laws and standards.

c) The EY network has provided ‘Financial Reporting and Accounting Advisory Services’ to its audit clients in 7 cases in 2022-23 and in 4 cases in 2023-24. This prima facie indicates that the Firm may be violating laws and standards.

d) In one sample case, the amount of non-audit fee exceeded audit fees. This might have created self-review threat and self-interest threat.

e) The restriction of section 141 applies to all partners of EY Network and their relatives. Further, the Act uses the term ‘relatives’ which has a wider meaning than the term ‘immediate family member’ used by the Firm. Therefore, the Firm should reconsider this policy to ensure compliance with section 141(3)(d) of the Act.

f) The Firm should (a) reconsider its policy to avoid indirect business relationship through EY Network entities and (b) put in place a robust process to ensure full compliance with section 141(3)(e) of with the Act.

g) The Firm should reconsider its policy and include the term ‘Key Managerial Person’ in place of ‘financial reporting oversite role’ to ensure full compliance with section 141(3)(f) of the Act; and apply this section to all partners and their relatives in the EY network. (Part B of this Report).

5. The Audit Firm revised its policies and procedures to remediate the documentation issues raised in the previous inspection report regarding its leadership structure, Engagement Quality Control Review and sign-off policy on audit work papers. Compliance with such revised policies and procedures will be further reviewed during next inspection (Part B of this Report).

6. In respect of Related Party Transactions (RPT), in all the three selected engagements, one or more audit procedures performed by the Firm were found to be deficient like not verifying the end use of the proceeds of the loans given by the company to its subsidiaries, not evaluating the basis of the management claim of arm’s length pricing of transactions with related parties, not evaluating management expert’s work, and incomplete RPT (Part C of this report).

7. In respect of ICFR-Revenue, in case of two selected engagements, the audit files did not contain appropriate evidence of performance of test of controls on one or more counts (Part C of this report).

Inspection Overview

8. Section 132 of the Act, inter alia, mandates the NFRA, to monitor compliance with Auditing and Accounting Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in the quality of their services. The relevant provisions of NFRA Rules prescribe the procedures in this regard, which include evaluation of the sufficiency of the quality control system of Auditors and the manner of documentation of their work. Under this mandate, NFRA initiated audit quality inspections in March 2024 (Inspection Cycle  2023). The overall objective of audit quality inspections is to evaluate the compliance of the Audit Firm with auditing standards and other regulatory and professional requirements, and the sufficiency and effectiveness of the quality control systems of the Audit Firm, including:

(a) adequacy of the governance framework and its functioning.

(b) effectiveness of the firm’s internal control over audit quality; and

(c) system of assessment and identification of audit risks and mitigating measures

9. This year’s inspections involved a review of the remedial action taken by the Firm in response to the previous inspection observations including further review wherever remedial actions taken by the Firm were found insufficient, and a test check of audit engagements performed by the Audit Firm during the financial year 2023.

10. Inspections are intended to identify areas and opportunities for improvement in the Audit Firm’s system of quality control. Inspections are, however, not designed to review all aspects and identify all weaknesses in the governance framework or system of internal control or audit risk assessment framework; nor are they designed to provide absolute assurance about the Audit Firm’s quality of audit work. In respect of selected audit assignments, inspections are not designed to identify all the weaknesses in the audit work performed by the auditors in the audit of the financial statements of the selected Inspection reports are also not intended to be either a rating model or a marketing tool for Audit Firms.

Audit Quality Inspection Approach

11. Selection of Audit Firms for the 2024 inspections was based upon the extent of public interest involved, as evidenced by the size, composition and nature of the audit firm, the number of audit engagements completed in the year under review: complexity and diversity of preparer’s financial statements audited by the firm and other risk indicators. M/s SRBC & Co. LLP (the Audit firm/the Firm/SRBC) was one of the audit firms selected as per the above parameters.

12. The selection of individual audit engagements of the Audit Firm was largely risk-based, based on financial and non-financial risk indicators identified by NFRA. Accordingly, the audit files of three audit engagements relating to statutory audit of financial statements for the years ending 31.03.2023 were reviewed during the inspection.

13. The scope of the inspection was as follows:

a) Review of the remedial measures and improvements made in response to the previous inspection observations for firm-wide quality controls to evaluate the Audit Firm’s adherence to SQC 1, Code of Ethics and the applicable laws and On account of the substantial delay by the Firm to submit relevant information to NFRA, the inspection team could not evaluate the Audit Firm’s adherence to SQC 1, Code of Ethics and the applicable laws and rules.

b) Review of individual Audit Engagement Files- A sample of three (3) individual audit engagement files pertaining to the annual statutory audit of financial statements for the years ending 31.03.2023 was selected from Textiles, Sugar and Consumer Goods industries. Three significant audit areas were identified in respect of each audit engagement , internal financial control over financial reporting pertaining to revenue, related party transactions and impairment of non-financial assets.

The selected sample of three individual audit engagements is not representative of the Firm’s total population of the audit engagements for the year under review.

Inspection Methodology

14. An entry meeting for the current year’s inspection was held with M/s SRBC & Co. LLP virtually on 29/30.04.2024. Discussions were held with the engagement teams of the three audit engagements selected for review. The on-site inspection was carried out in August 2024 for a review of the improvements in response to the previous inspection report.

15. Inspections are intended to identify areas and opportunities for improvement in the audit firm’s system of quality control. Inspections, by nature, are distinct from investigations undertaken under section 132 (4) of the Act. However, in certain cases, test-check by the inspection teams may provide basis for or require reference of such cases/matters for enforcement or investigation under applicable provisions of the Act and Rules.

Audit Firm’s Profile

16. M/s SRBC & Co LLP, a Limited Liability Partnership, is a member of M/s SRB & Affiliates, which is registered with ICAI (The Institute of Chartered Accountants of India). It is a member of the international network of Ernst & Young Global The Firm has seven offices in India with 32 partners. The Firm audited 561 entities which fall under Rule 3 of NFRA Rules 2018 for FY 2022-23.

Acknowledgment

17. While the Firm extended general cooperation during the inspection, they did not cooperate and did not provide certain information/documents relating to non-audit services provided by EY network entities to the Firm’s audit clients until the issue of the Draft Inspection Report. However, thereafter the Firm provided such information in its response to the Draft Inspection Report.

PART B

 Review of Firm-Wide Audit Quality Control System – Compliance with Previous Year’s Inspection Observations

A.   Independence of auditor

18. Independence of Auditors is fundamental requirement to ensure audit Relevant legal requirements are given in section 141 & 144 of the Act, SQC 1, Standards on Auditing 220 and the Code of Ethics, as detailed below –

❖ vSection 141 of the Act inter alia provides disqualifications of auditors; and section 144 of the Act provides a list of non-audit services which cannot be provided by auditors. The underlying intention of these provisions is to ensure that an auditor can maintain independence vis a vis the auditee company.

❖ Paragraph 18 of SQC 1 provides that the firm should establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including experts contracted by the firm and network firm personnel), maintain independence where required by the Code.

❖ Network is defined at paragraph 6(k) of SQC 1 as – “A larger structure:

(i) That is aimed at cooperation, and

(ii) That is clearly aimed at profit or cost-sharing or shares common ownership, control or management, common quality control policies and procedures, common business strategy, the use of a common brand name, or a significant part of professional resources”.

❖ Paragraph 11 of SA 220 provides that the engagement partner shall form a conclusion on compliance with independence requirements that apply to the audit engagement.

❖ Section 7 of the Code of Ethics (the Code) provides that if the firm is a member of a network, a professional accountant shall consider conflicts of interest that the accountant has reason to believe might exist or arise due to interests and relationships of a network firm.

❖ Section R400.11 of the Code provides that a firm performing an audit engagement shall be independent. Section 400.5 of the Code states that independence is linked to the principles of objectivity and integrity; and it comprises independence of mind and independence in appearance.

❖ Section R400.31 of the Code provides that “If an entity becomes an audit client during or after the period covered by the financial statements on which the firm will express an opinion, the firm shall determine whether any threats to independence are created by:

(a) Financial or business relationships with the audit client during or after the period covered by the financial statements but before accepting the audit engagement; or

(b)  Previous services provided to the audit client by the firm or a network firm”. (emphasis added)

❖ Section 51 of the Code provides that “A network firm shall be independent of the audit clients of the other firms within the network as required by this Part”. (emphasis added). Section 400.51 A1 of the Code states that the independence requirements in this Part that apply to a network firm apply to any entity that meets the definition of a network firm.

❖ Section R510.4 of the Code provides that “Subject to paragraph R510.5, a direct financial interest or a material indirect financial interest in the audit client shall not be held by:

(a) The firm or a network firm;

(b)  An audit team member, or any of that individual’s immediate family

(c)  Any other partner in the office in which an engagement partner practices in connection with the audit engagement, or any of that other partner’s immediate family; or

(d)  Any other partner or managerial employee who provides non-audit services to the audit client, except for any whose involvement is minimal, or any of that individual’s immediate family”. (emphasis added).

❖ Section 5 of the Code provides that “A firm, a network firm, an audit team member, or any of that individual’s immediate family shall not accept a loan, or a guarantee of a loan, from an audit client that is a bank or a similar institution unless the loan or guarantee is made under normal lending procedures, terms and conditions”. (emphasis added).

❖ Section R511.7 of the Code provides that “A firm, a network firm, an audit team member, or any of that individual’s immediate family shall not accept a loan from, or have a borrowing guaranteed by, an audit client that is not a bank or similar institution, unless the loan or guarantee is immaterial to:

(a) The firm, the network firm, or the individual receiving the loan or guarantee, as applicable; and

(b) The client”. (emphases added).

❖ Section R520.4 of the Code provides that “A firm, a network firm or an audit team member shall not have a close business relationship with an audit client or its management unless any financial interest is immaterial and the business relationship is insignificant to the client or its management and the firm, the network firm or the audit team member, as applicable”. (emphasis added).

❖ Section 5 of the Code provides that “firm, a network firm, an audit team member, or any of that individual’s immediate family shall not have a business relationship involving the holding of an interest in a closely-held entity when an audit client or a director or officer of the client, or any group thereof, also holds an interest in that entity, unless… ”. (emphasis added).

❖ Section R523.35 of the Code provides that “A partner or employee of the firm or a network firm shall not serve as a director or officer of an audit client of the firm”. (emphasis added).

❖ Section R600.4 of the Code provides that “Before a firm or a network firm accepts an engagement to provide a non-assurance service to an audit client, the firm shall determine whether providing such a service might create a threat to independence”. (emphasis added).

❖ Further, the Code prohibits network firms from providing accounting and bookkeeping services (R601.5); in some cases valuation services (R603.4); in some cases prepare tax calculations of current and deferred tax liabilities (or assets) (R604.6); in some cases tax planning and tax advisory services (R604.8); in some case assisting in resolution of tax disputes (R604.11); in some cases IT systems services (R606.5); in some cases advocacy roles in resolving a dispute or litigation (R608.6); in some cases recruiting services (R609.7); and in some cases corporate finance services (R610.4) to the audit clients and its related parties.

19. The above legal provisions show that independence requirements consider the relationship of an audit firm with its network However, SRBC’s policies do not fully consider its relationship with network firms. It is important to note that the Audit Firm entered into an agreement with Ernst & Young Global Limited (EYG) from 01.04.2013 to become a member firm of the EYG and according to this agreement (a) each member firm contributes substantial commercial value to the inter-relationship between the member firms; and (b) the member firm participates in implementing the global strategies and plan and common standards methodologies and policies. As a consequence of this joining agreement, the Audit Firm also entered into more agreements with EYG entities as mentioned below –

❖ Business Centre and Business Support Services Agreement – to avail services relating to –

>Accounting

>Administration

>Technology and Human Resource

> Quality and Risk Management Services – assist in implementation and monitoring of common standards, policies and tools including quality review, independence review and client acceptance

> Functional Office on seat basis

> Common Areas and Business Centre Facilities – housekeeping, canteen, security, air- conditioning, furniture, electricity, guest house, repair, storage, reception, telephone, and courier etc.

❖ Knowledge Sharing Agreement – To make available/avail knowledge to/from participants in the EYG Knowledge Community.

❖ Master Professional Services Agreement – To avail services relating to FAIT (Information Technology related), direct taxes, indirect taxes, and valuation.

❖ Professional Services Agreement – To avail valuation advisory and other

❖ Rental Services Agreement – To avail Laptop on rental.

A holistic review of the agreements provided by the Audit Firm clearly shows that EY is a network and the Audit Firm is a member of EY network.

20. In the previous inspection report dated 12.2023, we observed that “SRBC is a member of the international network of EY Global Ltd. (EY). The network relationship between SRBC and EYG results in a common business strategy, the use of a common brand name, or a significant part of professional resources. As part of the EYG Network, the Audit Firm and the larger EY Network are aimed at cooperation, profit or cost sharing and have common quality control policies and procedures which, as per SQC-1, are included in the definition of a Network. More importantly, considering the substance over form, the SRBA entities and EY Entities are related in the manner provided in Section 144 of the Act. However, SRBC’s independence policies do not recognise this relationship. The Inspection Team observed that SRBC was providing audit services to a client while some other EY network entity was providing non-audit services to the auditee group in violation of section 144 and section 141 of the Companies Act, 2013. In one sample, the Inspection Team observed a note in the Audit File implying that a partner of the Firm was providing non-audit service to an audit client. However, there was no proper documentation of evaluation of the nature of the non- audit service to rule out any violation of the law.

Due to the relationship between the SRBA network firms and the EY Network we also observed in two sample potential cases where the disqualification of an auditor may trigger under the Companies Act due to non-compliance with Section 141(3)(e) of the Act”.

21.In the previous inspection report dated 22.12.2023, we had recommended that the Audit firm should make necessary changes to its Independence policy and also review all its ongoing engagements considering EY network entities as directly and indirectly related to SRB & Affiliates.

22. The Audit Firm submitted its response to the previous inspection report. On review of the response, we observed that the Audit Firm had not fully remediated the observations in the previous inspection report. Therefore, to evaluate this matter, the inspection team requested the Firm to provide more information, including the information relating to non-audit services provided by EY network entities to the Firm’s audit clients. However, the Audit Firm did not provide such information until the issue of the Draft Inspection Report. Thus, it could not be verified if the Firm is in full compliance with independence requirements given in section 141 & 144 of the Companies Act 2013, SQC 1, Standards on Auditing 220, and the Code of Ethics. Accordingly, the Draft Inspection Report was sent to the Firm seeking its response. In response to the Draft Inspection Report the Firm provided such information. Since the Firm provided the information after substantial delay, we could not evaluate such information. However, our prima facie observations are as below –

NON-AUDIT SERVICES

 23. In response to the Draft Inspection Report, the Firm informed of its proposal to amend its independence policy on non-audit services. The Firm classified network firms into three categories e., (i) Audit firms in SRB Network, (ii) All Other Indian Member Firms of EYG Network and (iii) Overseas Member Firms of EYG Network.

Audit firms in SRB Network

a) According to the proposed policy, the Audit firms in SRB Network shall not provide any non-audit services to NFRA regulated audit clients (including their holding companies and subsidiary companies). Such non-audit services exclude the audit and assurance related services performed pursuant to assurance standards issued by regulators or other statutory bodies, and are of nature, as described below:

• • Statutory audit of financial statements, audit of special purpose financial statements, other audit engagements of similar nature;
  • Review of financial statements/ information, Group reporting or audit support to the group auditor, Tax Audit, Certificates, assignments covered by Guidance Note on Reports or Certificates for Special Purposes or Guidance Note on Reports in Company Prospectuses or other engagements of similar nature;
  • Other attestation services including and not limited to sustainability assurance and system and organisation controls assurance; and
  • Reports on Agreed Upon Procedures in accordance with Standard on Related Services (SRS) 4400 or International Standard on Related Services (ISRS 4400).

> In this connection, it is observed that the above excluded services include two categories of services i.e., (i) those services which can be performed by the statutory auditor only and (ii) those services which are not required to be performed by the statutory auditor only. The second category of services may create self- interest threat. Therefore, in order to be fully compliant with the laws and standards, we recommend that the Firm put in place a robust process to address all independence threats (not limited to self-interest threat) which may be created due to above exclusions or any other reason like services to be provided to joint ventures, associates, and entities under significant influence of KMP’s/Promoters.

All Other Indian Member Firms of EYG Network

b) According to the proposed policy, all Other Indian Member Firms of EYG Network will not provide any new non-audit services to NFRA regulated audit clients and holding and subsidiary companies of such audit clients, with effect from April 1, 2025, other than Tax Services (permissible tax compliance services, return preparation, tax advisory and assistance in tax disputes before tax authorities which are not Court or Tribunal). The proposed policy provides that this restriction will not apply to NFRA regulated audit clients’ holding companies which are in private equity business. As regards non-audit services (other than Tax Services) to be provided by Other Indian Member Firms of EYG Network to holding companies which are in private equity business, the Firm proposed to ensure that such services do not relate to NFRA regulated audited companies and their subsidiary The Firm is of the view that such tax services are permitted under ICAI code, IESBA code and SEC rules.

> It is observed that excluded tax services may create self-review threat and self-interest threat, considering the EY Network as a single unit as envisaged in the Act, SQC 1, SAs and the Code of Ethics. Therefore, in order to be fully compliant with the laws and standards, we recommend that the Firm put in place a robust process to address all independence threats which may be created due to above exclusions or any other reason like services to be provided to joint ventures, associates, and entities under significant influence of KMP’s/Promoters.

> The proposed policy excludes NFRA regulated audit clients’ holding companies which are in private equity business. It is observed that there is no exception in laws and standards with respect to the holding company of audit Thus, we recommend that the Firm should reconsider this policy and include the holding companies in private equity business to ensure full compliance with the laws and standards.

Overseas Member Firms of EYG Network

c) According to the proposed policy, under IESBA Code, EYG Network firms are not allowed to provide any services to a Public Interest Entity audit client (and its holding and subsidiary entities) which constitute acting as management or create self-review threat in relation to the public interest entity audit client. The Firm committed to ensure that Overseas Member Firms of EYG Network, either directly or by involving Indian member firms of EYG Network, shall not provide any non-audit services, other than permissible Tax Services as explained above, to NFRA regulated audited companies and their subsidiaries. Overseas Member Firms of EYG Network will not, directly or by involving Indian member firms of EYG Network, provide any services other than Tax Services (as explained above) to NFRA regulated audit clients’ holding companies (not being holding companies in private equity business) that are registered in India. For overseas registered holding companies of NFRA regulated audit clients, Overseas Member Firms of EYG Network will provide services in compliance with IESBA Code as applicable to holding companies of public interest entity audit If any services to such overseas holding companies relate to the NFRA regulated audit client, then such services will continue to be in compliance with the requirements of Section 144 of the Act.

> It is observed that there is no exception in laws and standards with respect to the holding company of audit client/companies in private equity business. Therefore, in order to be fully compliant with the laws and standards, we recommend that the Firm put in place a robust process to address all independence threats which may be created due to above exclusions or any other reason like services to be provided to joint ventures, associates, and entities under significant influence of KMP’s/Promoters.

24. In response to the Draft Inspection Report, the Firm also provided information relating to non-audit services provided by EY Network entities to the Firm’s audit clients. We could not evaluate this information due to the reasons mentioned in the preceding paragraphs. However, perusal of this information prima facie shows that the Firm might have been violating section 144 of the Act and there are potential situations of self-interest threat and self-review threat as detailed below –

> The EY network has provided ‘Financial Reporting and Accounting Advisory Services’ to its audit clients in 7 cases in 2022-23 and in 4 cases in 2023-24. This prima facie indicates that the Firm may be violating laws and standards.

> The Network has provided sustainability services, consulting services and tax compliance and advisory services to one company, the fees for such non-audit services was higher than the audit Thus, these might have created self-review threat and self- interest threat. This is only one example. We could not evaluate complete data due to delayed submission of information.

SECTION 141 OF THE ACT

 25. Section 141 of the Act deals with eligibility, qualifications and disqualifications of Sub-section 3 of this section provides a list of persons not eligible for appointment as an auditor of a company. The underlying intention of these provisions is to ensure that an auditor can maintain independence vis a vis the auditee company. This section treats ‘relatives’ of an auditor equivalent to auditor for the purpose of examining qualification of the auditor vis a vis holding security/interest, indebtedness, guarantee and business relationship. Our prima facie observations on this matter are given below –

• The Firm is of the view that in case a firm is appointed as auditor of a company, the restrictions prescribed under section 141(3)(d)[(i)-security/interest, (ii)-indebtedness, (iii)-guarantee] of the Act apply to the audit engagement partner, her/his relatives and other partners of the appointed audit firm. The Firm extended these restrictions to ‘immediate family members’ of other partners in the appointed audit firm, to comply with IESBA. The restriction of section 141 applies to all partners and their relatives of EY Example – the Firm’s interpretation will allow a situation in which the son of a partner of EY will be holding security/indebted/ guarantee/business relationship in audit client of SRBC/holding/subsidiary. The Act uses the term “relatives” which has wider meaning than the term “immediate family member” used in IESBA Code. Therefore, we recommend that the Firm reconsider this policy to ensure compliance with the Act.
• The Firm is of the view that in case a firm is appointed as auditor of a company, the restrictions prescribed under section 141(3)(e) of the Act relating to having business relationship, apply to the audit engagement partner and the appointed audit firm. The Firm’s policy covers other partners in the appointed audit firm and other Indian network firms. Further, as all SRB Network firms are covered under India policy, the appointed audit firm is restricted from having prohibited business relationships indirectly through other firms in SRB Network. Additionally, international network firms of EYG Network and partners in Indian and international member firms of EYG Network have to comply with EYG Independence Policy, which is aligned with IESBA Code. We recommend that the Firm (a) reconsider its policy to avoid indirect business relationship through EY Network entities and (b) put in place robust procedures to ensure compliance with such policies.
• Section 141(3)(f) of the Act disqualifies a person from being appointed as an auditor, whose relative is a director or is in the employment of the company as a director or Key Managerial Person (KMP). The Firm is of the view that if a firm (and not an individual chartered accountant) is appointed as auditor, then requirements of section 141(3)(f) of the Act do not apply. The Firm has applied this to engagement partner and audit team members Furthermore, the Firm says that the Act does not extend the requirements of Section 141(3)(f) of the Act to the partners (and their relatives) of international network firms. Section 141(3)(f) of the Act applies to all partners and their relatives of the EY network. Example – the Firm’s interpretation will allow a situation that a relative of a partner of EY Network can be CFO/Director in its audit client. Section 141(3)(f) of the Act uses the term ‘Key Managerial Person’ (KMP), whereas the Firm uses the term ‘Financial Reporting Oversight Role’, which includes Directors and Officers. The Firm defined ‘Directors and Officers’ as ‘Those Charged With the Governance (TCWG) of an entity, or acting in an equivalent capacity, regardless of their title, which might vary from jurisdiction to jurisdiction’. Thus, there is substantial difference between International practice and the Indian law, as the Companies Act 2013 uses the term KMP and International practice uses the term TCWG. Therefore, we recommend that the Firm reconsider this policy to ensure compliance with the Act.

Summary of observations on Independence of auditor

 26. On account of substantial delay by the Firm to provide complete information, the inspection team could not verify if the Firm is in full compliance with independence requirements given in section 141 & 144 of the Companies Act 2013, SQC 1, Standards on Auditing 220, and the Code of Ethics. However, our prima facie observations are as under–

a) In order to be fully compliant with the laws and standards, we recommend that the Firm put in place a robust process to address all independence threats, which may be created due to above exclusions or any other reason like services to be provided to joint ventures, associates, and entities under significant influence of KMP’s/Promoters.

b) We recommend that the Firm should reconsider its policy to exclude NFRA regulated audit clients’ holding companies, which are in private equity business, for the purpose of providing non-audit services to ensure full compliance with the laws and standards.

c) The EY network has provided ‘Financial Reporting and Accounting Advisory Services’ to its audit clients in 7 cases in 2022-23 and in 4 cases in 2023-24. This prima facie indicates that the Firm may be violating laws and standards.

d) In one sample case, the amount of non-audit fee exceeded audit fees. This might have created self-review threat and self-interest threat.

e) The restriction of section 141 applies to all partners and their relatives of EY Network. The Act uses the term “relatives” which has wider meaning than the term “immediate family member” used by the Firm. Therefore, we recommend that the Firm reconsider this policy to ensure compliance with section 141(3)(d) of the Act.

f) We recommend that the Firm (a) reconsider its policy to avoid indirect business relationship through EY Network entities and (b) put in place robust procedures to ensure full compliance with section 141(3)(e) of with the Act.

g) We recommend that the Firm reconsider its policy to include the term ‘Key Managerial Person’ to ensure compliance with section 141(3)(f) of the Act; and apply this section to all partners and their relatives in the EY network.

27. We will monitor and evaluate the Firm’s independence policies and procedures during the next inspection cycle including evaluation of the information belatedly submitted during this inspection.

B. Leadership Structure and Responsibilities

28. In the absence of network agreement provided to NFRA, as on 31st March 2021, and absence of reliably documented duties, responsibilities, accountability and modalities of the functions of the ALT, the previous inspection report had expressed inability to comment on whether the Audit Firm’s policies and processes met the requirements of SQC 1 as regards the fundamental element of leadership at the Audit Firm as per Paras 9 to 13 of SQC-1. In response, the Firm provided copy of Indian network agreement effective from April 1, 2022, including Audit Leadership Team’s (ALT) charter containing roles and responsibilities of ALT members. ALT appoints a Managing Partner of the Network, who heads the ALT as Assurance Leader (“AL”) of the audit firms. The AL has overall responsibility for administration of the network. It was observed that independence leader is not a part of ALT. Since independence is one of the important elements of SQC 1, it was recommended that independence leader may be included as a member of ALT. The Firm accepted the recommendation and assured to invite the Independence Leader to ALT meetings as a “Special Invitee” when independence matters are discussed.

C.  Audit documentation

29. The previous inspection report had observed that the Firm’s policies and procedures for ensuring the integrity of audit documentation were not fully in accordance with the requirements of Paras 77, 79 and 80 of SQC 1; the CANVAS (software used by the Firm to maintain audit files) did not meet the requirement of Para 9 of SA 230 regarding the recording of the date of completion of an audit procedure, as the documents can be signed off as completed before the completion of the audit procedures; and the copy of the archived Audit File used by the Audit Firm for post-audit requirements, such as inspections and reviews, lacks integrity and does not serve the purpose of audit documentation in full compliance with Para 3 of SA 230.

30. The Firm informed that it has taken the following remedial actions –

a) Any modifications to working papers after signoff by the reviewer, require signoffs again by the preparer and reviewer, to demonstrate that such modifications are appropriate and responsive to the engagement’s requirements.

b) Use of zip folder is banned.

c) In respect of bulk sign-off, the Firm issued guidance that sign-offs (including by the engagement partner/EQR) should be done when the relevant work is complete / substantively complete, and not grouped / signed off in bulk at only a few points of time, as a matter of For documents which need to be modified several times during an engagement life cycle (e.g., Minutes of meeting of EDAPs), engagement teams may consider having separate versions of the document, which are updated after every relevant phase, and signed-off separately, rather than making edits on the same version through the audit process.

d) In respect of editing of archived audit files, the Firm prepared a policy document for sharing of audit files with regulators.

31. NFRA will further evaluate the effectiveness of this policy during subsequent Inspection

D.  Engagement Quality Control Review

32. During the previous inspection, we observed absence of full compliance with mandatory requirements of SA 220 and SA 230 as audit files contain insufficient evidence of EQCR review. The Firm responded that it had issued guidance to EQCRs to adequately document discussions and conclusions through checklists, recording of minutes of meetings and retaining copies of emails containing review comments, discussions and their dispositions. The effectiveness of this policy will be evaluated during the subsequent Inspection Cycle.

PART C

Review of Individual Audit Engagement Files

33. This section discusses deficiencies observed in a few selected audit engagements. The inspection covered three individual audit engagements and focused on three audit areas , internal control over financial reporting pertaining to revenue, related party transactions and impairment of non-financial assets for detailed review. Certain critical audit procedures performed by the Firm’s engagement team in respect of these audit areas were reviewed viz., identification and assessment of risk of material misstatement, internal controls, design and execution of audit procedures in response to assessed risk (test of controls, test of details, sample sizes, analytical reviews etc.), accounting estimates, accounting policies, disclosures and evaluation of identified misstatements. The observations are discussed below.

Deficiencies in the audit of Related Party Transactions and ICFR-Revenue

Company – A

I. Related Party Transactions (RPT)

34. The Engagement Team (ET) did not evaluate the basis of the management claim of Arm’s Length Pricing (ALP) of transactions with related parties except documenting a report by a management appointed expert on ALP and audit committee (Para 24 of SA 550 – Related Parties).

35. The ET wrongly evaluated the competence, capability and objectivity of the previous year’s management expert instead of the current year’s management expert for using the work of management expert. (Para 8 of SA 500 Audit Evidence).

36. The RPT disclosures in respect of guarantees given during the year was incomplete as it is disclosed that there had been no guarantees provided or received for any related party receivables or payables, however outstanding balances of guarantees disclosed by the company had one balance which did not exist in the previous year. Further, the terms and conditions of outstanding loans given and inter-corporate deposits are not disclosed (para 18 of Ind AS 24). The ET did not evaluate or report these deficient (Para 6 & 7 of SA 705 – Modifications to the opinion in the Independent Auditor’s Report).

II.  ICFR on revenue recognition.

37. The Audit file lacks sufficient audit evidence of performance of Test of Control (TOC) as basis of marking conclusion of control attributes as ‘yes’ or ‘no’ is not recorded.

38. The Audit file lacks sufficient audit evidence of the performance of TOC in respect of credit sales of the company i.e., whether there is a credit sales policy of the company; what are eligibility criteria for credit sales to customers; and whether the system is in place to restrict the credit sales to customers beyond the credit limit allowed , despite the fact that credit sale constituted more than 50% of total sales.

(paragraph 8 to 17 of SA 330 – The Auditor’s responses to assessed risks)

SA 600 (Using the work of another auditor)

39.The Audit file lacks evidence whether the Firm, as principal auditor, had issued audit instructions to component auditors as per requirements of Para 13 of SA Although the Firm provided copies of instructions sent through email, these are not part of the Audit file. Further, the manner of receipt of deliverables from the component auditors is also not recorded in the Audit file.

Company – B

Related Party Transactions (RPT)

40. Company B availed the service of a management expert for limited review of the transactions with related parties and related document, to provide comments thereon and validate the appropriateness with regards to arm’s length requirement stipulated under Companies Act In the Audit file, the Engagement Team (ET) claimed to have verified the basis/backup workings of the expert, however, no detail is available to validate their claim. Further, the Audit file does not have adequate evidence of the ET’s evaluation of the competence, capabilities and objectivity of the management expert; and the appropriateness of the expert’s work. (paragraph 8 of SA 500 – Audit evidence).

ICFR – Revenue

41. The Audit file does not have audit evidence of the performance of TOC in respect of –

• credit sales e., credit sales policy, eligibility criteria, and credit limit and its enhancement even though majority of the sales are made on a credit basis;
• determination of discount amount; and
• rate of commission, approver of commission rate, calculation of commission rate and whether commission were as per Industry standard.

(paragraph 8 to 17 of SA 330)

Company – C

 Related Party Transactions

42.Section 185 of the Act provides that a company can give loan to its subsidiaries if proceeds of such loan are utilised for principal business activities of the Paragraph 3(iv) of the Companies (Auditor’s Report) Order (CARO) inter alia requires the auditor to report whether the company has complied with the provisions of section 185 of the Act in respect of loans, investments, guarantees, and security, if not, the details thereof are required to be reported. The Firm reported that the Company had not advanced loans to directors / to a company in which the Director was interested to which provisions of section 185 of the Companies Act, 2013 apply and hence did not comment upon this matter. It was observed from the Standalone Financial Statements of Company – C that it had granted loans to one wholly owned subsidiary and one more subsidiary which was 93.64% owned by Company – C. Thus, the Board of Directors of company – C were in a position to exercise or control voting powers at general meetings of such subsidiaries. However, the Audit Firm did not verify the end use of the proceeds of the loans given by the company to these two subsidiaries. Thus, the Audit Firm is non-compliant with Paragraph 3(iv) of CARO.

43. Company – C provided a corporate guarantee of a material amount for loans availed by one of its subsidiaries. However, the purpose of this loan was not disclosed in the financial statements of company – C, as required under Section 186(4) of the Act. This non- compliance was not reported by the Audit Firm. The Audit Firm is non-compliant with Paragraph 3(iv) of CARO.

44. Company – C did not disclose the terms and conditions of the loans given to related parties (sanctioned amount, rate of interest, repayment period etc.), which is non-compliant with paragraph 18 (b) (i) of Ind AS 24⁴. The Audit Firm did not report this non-compliance, and was therefore non-compliant with section 143(3)(e) of the Act. The Firm assured to advise the company to add these additional disclosures in the next financial statements.

PART D

 Chronology of Events

Notes:

¹ SQC 1 – Standard on Quality Control (SQC) 1 – Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements.

² Standards on Auditing (SA) 220 – Quality Control for an Audit of Financial Statements.

³ The Code of Ethics issued by the Institute of Chartered Accountants of India.

⁴ Paragraph 18 (b) (i) of Ind AS 24 requires disclosure about “the amount of outstanding balances, including commitments, and At a minimum, disclosures shall include: the amount of outstanding balances, including commitments, and: (i) their terms and conditions, including whether they are secured, and the nature of the consideration to be provided in settlement”.