NFRA Inspection Report 2024 on BSR & Affiliates Audit Firms Flags Weak Documentation and Risk Assessment in Audit Engagements
The National Financial Reporting Authority (NFRA), exercising its mandate under Section 132 of the Companies Act, 2013 conducted an audit-quality inspection of a large chartered accountant network forming part of a global accounting network. The inspection assessed firm-wide quality controls such as independence, human resources, consultations, and monitoring to evaluate compliance with the Standard on Quality Control (SQC-1). The review also included selected statutory audit engagements for financial statements for the year ending March 31, 2024, with particular focus on revenue recognition, loans and advances, and one engagement-specific high-risk area. NFRA conducted on-site inspection in November 2025 and reviewed policies, procedures, audit documentation, and internal systems through meetings with leadership and engagement teams. The inspection concluded that the firm was generally compliant with independence requirements and had implemented corrective actions from earlier inspections. However, the regulator observed that certain policies—especially those relating to acceptance of non-audit services for recently audited clients and root cause analysis processes—require strengthening to improve overall audit quality and monitoring effectiveness.
The inspection also identified deficiencies in several individual audit engagements. In one engagement involving an unlisted company, NFRA found that the audit opinion was unsupported by sufficient and appropriate audit evidence due to improper evaluation of provisions, inadequate documentation, and lack of assessment of misstatements. Other audit engagements revealed shortcomings in testing revenue recognition, particularly regarding cancelled orders, refunds, and risks of revenue understatement in cash transactions. Weaknesses were also noted in inventory verification, loans and advances documentation, and evaluation of contradictory audit evidence. The inspection further highlighted gaps in analytical procedures, risk assessment for fraud, IT control evaluation, and audit documentation practices. NFRA observed instances of confirmation bias in fraud risk assessment and inadequate supervision of audit workpapers. While these deficiencies did not materially affect most audit opinions reviewed, the regulator emphasized the need for stronger audit documentation, improved risk evaluation, and more robust monitoring systems to enhance audit quality and professional standards.
National Financial Reporting Authority
Inspection Report 2024
Audit Firms
B S R & Co. LLP
B S R & Associates LLP
B S R and Co
B S R S & Co (formerly known as B S R and Associates)
Of
B S R Affiliates Network
Network Registration No. NRN/W/00011 Inspection
Report No.132.2-2024-04
March 16, 2026
PART A
Executive Summary
Section 132 of the Companies Act, 2013 (the Act) mandates the National Financial Reporting Authority (NFRA), inter alia, to monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in the quality of their services. Under this mandate, NFRA conducted an audit-quality inspection of the Chartered Accountants firms forming part of the B S R & Affiliates network (the ‘Audit Firm’ or ‘BSR’ hereafter). The scope included a review of firm-wide quality controls pertaining to Independence, Human Resources, Consultations and Monitoring to assess the Audit Firm’s (also referred to as “the Firm’s”) adherence to SQC-1, including follow-up from previous inspections, and a review of selected Audit Documentation for the annual statutory audit of financial statements for the year ending 31.03.2024. Two focus areas, namely Revenue Recognition and Loans and Advances, and one engagement-specific area selected based on risk, were taken for inspection in each audit engagement. The on-site inspection was conducted in November 2025.
During the inspection, the Inspection Team held discussions with the Audit Firm’s personnel, reviewed policies and procedures, and examined documents to reach the prima facie observations. These observations were initially discussed with the Audit Firm, and after necessary changes, they were conveyed to the Audit Firm in writing. The Audit Firm’s responses and documents have been reviewed, and the Final Inspection Report has been issued after consideration of all submissions. This public version of the final inspection report excludes confidential or proprietary information, as pointed out by the Audit Firm.
The key observations in the Final Inspection Report are summarised as follows.
a. On firm-wide quality aspects, the firm has been found to be generally compliant with independence requirements and previous years’ inspection findings.
b. The policies on acceptance of non-audit services for the immediate past audit clients and the root cause analysis policies require strengthening.
c. In one audit engagement of an unlisted company, we observed insufficient evidence supporting the audit opinion. The details are given in part VI of this report. Other matters affecting overall audit quality are identified in the selected audit engagements. However, these are not of such significance as to affect the audit opinion.
Inspection Overview
1. Section 132 of the Act, inter alia, mandates NFRA to monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in the quality of their services. The relevant provisions of the NFRA Rules prescribe procedures for this, including the evaluation of the sufficiency of the auditor’s quality control system and the manner in which the auditors document the quality control procedures. Under this mandate, NFRA initiated audit quality inspections in November 2025 for the Audit Firm. The overall objective of audit quality inspections is to evaluate compliance of the Audit Firm with auditing standards and other regulatory and professional requirements, and the sufficiency and effectiveness of the quality control system of the Audit Firm, including:
(a) adequacy of the governance framework and its functioning.
(b) effectiveness of the firm’s internal control over audit quality; and
(c) system of assessment and identification of audit risks and mitigating measures.
2. Inspections involve a review of the quality control policy, a review of certain focus areas, a test check of the quality control processes, and a test check of audit engagements performed by the Audit Firm during the year.
3. Inspections are intended to identify areas and opportunities for improvement in the Audit Firm’s system of quality control. Inspections, however, are not designed to review all aspects or identify all weaknesses in the engagement performance, the governance framework, internal control system, or audit risk assessment framework, and they are not designed to provide absolute assurance about the Audit Firm’s quality of audit work. With respect to selected audit assignments, inspections are not designed to identify all weaknesses in the auditors’ audit work on the financial statements of the selected companies. Inspection reports are also not intended to be either a rating model or a marketing tool for Audit Firms.
Audit Quality Inspection Approach
4. Selection of Audit Firms inspections in 2024 was based on various parameters including the information filed in form NFRA 2, the extent of public interest involved, as evidenced by the size of the firm, its composition and nature, the number of audit engagements completed in the year under review, complexity and diversity of preparer’s financial statements (henceforth, Companies) audited by the firm and other risk indicators. B S R & Affiliates was one of the Audit Firm networks selected as per the above parameters. BSR & Affiliates is a registered network with the Institute of Chartered Accountants of India. This is a network of eight audit firms, a sub-licensee of KPMG International. For this year’s inspection, the entire BSR Affiliates network was treated as a single entity, and any reference to BSR/Audit Firm in this report includes all member firms of BSR & Affiliates that fall under Rule 3 of the NFRA Rules 2018.
5. The selection of individual audit engagements for this inspection was largely risk-based, based on financial and non-financial risk indicators identified by NFRA. Accordingly, two focus areas for the Statutory Audit of financial statements for the year ending 31.03.2024 were identified for each audit engagement: Revenue Recognition and Loans & Advances. A third significant area, specific to each engagement, was also selected during the inspection based on the risk of material misstatement.
6. The overall scope of the inspection of BSR was as follows:
a. Review of firm-wide quality controls to evaluate the Audit Firm’s adherence to SQC 1, Code of Ethics and the applicable laws and rules. The 2024 inspection of BSR Network covered elements of the firm’s quality control system, including independence, human resources, consultation, and the firm’s internal quality inspection program.
b. Review of individual Audit Engagement Files- A sample of five (5) individual audit engagement files pertaining to the annual statutory audit of financial statements for the year ending 31.03.2024 was initially selected. In three of five samples, because the major revenue and assets were contributed by certain material subsidiaries, the inspection team reviewed five additional engagement files related to the audit of these subsidiaries. Thus, the total sample size for this inspection has increased to 10 audit engagements from the initially planned 5.
c. The selected sample of ten audit engagements is not representative of BSR’s total population of audit engagements completed for the year under review.
Inspection Methodology
7. An entry meeting was held with BSR leadership on 10.11.2025 at the BSR office. The firm presented an overview of its governance and management structure, key internal policies and procedures, the Firm-wide system of quality control, its audit approach and methodologies, ethical standards and key changes from previous years. The on-site inspection was conducted over five days in November 2025. The inspection methodology included meetings, walkthroughs, observations, reviews, and interviews with members of the leadership team and engagement teams for the selected audit engagements. The Firm also presented its IT systems and procedures on 27.11.2025 at the NFRA office.
8. The observations included in the inspection reports are areas of potential improvement and not a negative assessment of the overall audit quality of the Audit Firm unless specifically indicated otherwise.
Audit Firm’s Profile
9. BSR & Affiliates is a registered network of 8 audit firms which are managed by the same leadership and have uniform policies and practices. All BSR Affiliates network Firms are sub-licensee of KPMG International. These Firms audit almost 400 entities falling under Rule 3 of the NFRA Rules.
Acknowledgement
10. NFRA acknowledges the cooperation and professional approach to the inspection process from the Audit Firm during all stages of the inspection.
PART B
Review of Firm-Wide Audit Quality Control System
11. Observations regarding the Audit Firm’s quality policies and on the application of the quality policies based on a review of sample audit engagements are discussed below. For the selected areas, any deviation of the Firm’s policy from the applicable law or any deviation in the application of the Firm’s policy in practice is reported. The best practices observed from the thematic areas are also reported, subject to proprietary and confidential matters.
I. Independence Requirements
Non-Audit Services to Immediately Past Audit Clients
12. In response to the previous inspections, BSR and KPMG India have decided to implement the Non-Assurance Services (NAS) Policy for entities covered by Rule 3 of the NFRA Rules 20181. The firm implemented this policy with effect from 1st January 2024. The Firm has issued media communications and internal communications regarding the policy. During the present inspection, we observed that the Firm has also implemented a monitoring mechanism at the Engagement Partner level to ensure compliance with the policy. Based on a sample test, we observe that the policy is generally complied with during the inspection period.
13. Additionally, we also observe that in a few sample cases, BSR or its network entities have initiated discussions with the clients for NAS during the audit or closely after the completion of the statutory audit for FY 2023-24. The relevant engagement partners approved these requests for NAS because FY 2023-24 was the firm’s final statutory audit year. Of the four cases noted, the firm got the NAS contract in one case, and discussions did not materialise in three. In the case where the Audit Firm got the NAS contract, the first request for approval was submitted while the statutory audit for FY 2023-24 was ongoing. The EP approved the request after the statutory audit tenure had concluded (i.e., after the AGM). In this case, we also note that the internal auditor for FY 2023-24 became the statutory auditor for 2024-25, while the BSR Entity became the internal auditor.
14. While there are no legal restrictions in accepting NAS for a non-audit client, the firm should not entertain the NAS calls during the pendency of the statutory audit engagement. The firm submits that these services are independent of audit engagements. Audit engagements are closely controlled by EQCR, Quality Performance Reviews, and the Second Line of Defence, all of which are already in place to ensure audit quality. However, we recommend issuing specific leadership communication and conducting a focused risk assessment on this matter.
II. Monitoring
Root Cause Analysis
15. We observe that the Firm has a strong governance system for Root Cause Analysis (RCA) headed by a senior partner. The RCA team is responsible for identifying issues arising from annual Quality Performance Reviews, external and internal inspections, peer reviews, independence reviews, global surveys, and related activities, and consolidating them into problem definition. Thereafter, discussions and interviews at various levels will be conducted to identify the root cause. The problems and root causes will be critically evaluated by a challenge panel consisting of three senior partners before approval by the leadership. This process occurs annually on the specified dates. Remedial actions will also be identified and approved by the leadership.
16. On an examination of the RCA outcome for the year 2023-24, we observe that the RCA needs improvement. Based on the RCA cases presented to the inspection team, we observe in a few cases that the identified RCA stops at the direct cause rather than the root cause. Despite a strong governance structure for RCA, the root cause is not clearly identified in some cases. If the root cause is not clearly identified, the remedial actions may be misaligned with the actual driver of the problem.
17. The RCA also needs process level improvement, as we observed in one case, the gap between the event and the RCA culmination is close to three years, because of the annual frequency followed for all cases, irrespective of the significance of the matter. As per SQC 1, monitoring is an ongoing consideration and evaluation of the firm’s quality control system. For significant risks, identification and analysis must be triggered immediately upon discovery of the deficiencies that may affect audit quality and the firm’s reputation.
18. Therefore, we recommend that the firm improve its RCA to address the above matters.
III. Observations of Previous Inspections
19. We note that the Firm has implemented remedial measures for all observations in the previous inspection reports.
PART C
Review of Individual Audit Engagement Files Focusing on Selected Areas of Audit
20. This section discusses deficiencies observed in the selected audit engagements. The inspection covered ten individual audit engagements and focused on three audit areas: Revenue, Loans & Advances, and a selected third area significant to each engagement. Audit procedures performed by the Firm’s engagement team in respect of these audit areas were reviewed viz., identification and assessment of risk of material misstatement, internal controls, design and execution of audit procedures in response to assessed risk (test of controls, test of details, sample sizes, and analytical reviews etc.), accounting estimates, accounting policies/disclosures and evaluation of identified misstatements.
IV. Revenue from Operations
The following observations relate to Company A, a restaurant chain operating stores across India. A significant portion of revenue arises from cash sales across store counters.
Cancelled Orders
21. Audit File mentions an audit procedure for assessing the appropriateness of the Company’s revenue recognition accounting policies for cancelled orders. Still, no evidence of an assessment of their SOPs for order cancellations and refunds for orders received through an aggregator and those received otherwise. Also, no process understanding is seen for commission refunds to aggregators despite cancelled orders.
22. The inspection noted that cancellations and refunds significantly affect revenue-related financial reporting, yet the Engagement Team (ET) did not properly document the understanding or evaluation of these processes. The ET assumed that aggregators fully pay for cancelled orders, but this was contradicted by contract terms that include time-out orders, quality issues, single-use plastic restrictions, and aggregator-specific policies. Since cancellations and refunds depend on these varied conditions and separate logistics agreements, the ET should have performed a detailed process understanding, risk assessment, and testing. Without this, the revenue samples selected for audit testing may not accurately represent the full population.
Refunds
23. The internal audit report highlights the observation that multiple refunds can be punched through the POS for the same order. The Audit File also records that individual transactions cannot be traced to their source from the daily sales summaries. These indicate control deficiencies that have not been specifically tested or mitigated. These issues indicate control deficiencies that the ET did not address. The design flaws in automated controls and the absence of audit trails increase the risk of undetected misstatements.
24. Based on the above, we observe that the Engagement Team did not assess the risk of material misstatement related to cancelled orders and refunds with adequate rigour. Such omissions may affect the overall quality of substantive and control testing, as risks and processes are incorrectly mapped to testing procedures.
Bias in the Assessment of Risk of Fraud in Revenue
25. The ET’s assessment and responses to the risk of fraud in revenue do not explicitly address the risk of understatement of revenue. The risk assessment identified risk factors for revenue overstatement. However, no specific rationale is provided to rebut the risk of fraud or revenue understatement in cash transactions. The rationale of the ET, that cash collections are tallied with bank deposits and revenue recorded in the FS, does not rule out the understatement of sales due to siphoning off cash. We observe from the risk assessment documentation that the overall evaluation is biased toward overstating income. The reasons for this observation are as follows.
i. The Engagement Team’s (ET’s) fraud risk assessment relating to cash misappropriation was insufficient, as it focused solely on the possibility of employee-level fraud and did not consider the significant risk of cash siphoning by senior management or brand owners. Given that brand owners exercised full control over the entity’s IT systems, the risk of management override of IT controls was elevated and required explicit evaluation.
ii. Weaknesses in system-level controls surrounding refunds and cancellations further increased the likelihood that fraud perpetrated at senior levels could remain undetected. Despite these risks, the ET relied primarily on inventory-related controls and did not perform additional procedures to identify possible indicators of revenue understatement, such as analyses of energy consumption relative to units sold, direct expenses versus units sold, or patterns in cash sales.
iii. Analytical review procedures were also deficient. ET did not conduct store-level revenue analyses or examine key relationships, including inventory consumed versus items sold or trends across months and regions. Differences identified between physical inventory and book records were not assessed for their impact on the entire population, and only selective cases were investigated—contrary to the requirements of SA 530.
iv. The ET’s understanding and testing of IT controls were limited. Their review of store-creation controls focused only on a basic ledger-code walkthrough, rather than a comprehensive evaluation of system-level processes for opening and closing stores. Other risk indicators—such as lower EBITDA and daily sales compared to industry peers, despite a larger store footprint, and the entity’s ownership structure involving overseas and tax haven jurisdictions—were not appropriately considered or addressed.
v. Further, the ET failed to reconcile the total number of operational stores with aggregated store-wise sales, undermining assurance over revenue completeness. No audit evidence was available regarding the verification of terms, service levels, or payments related to Cash Management Service (CMS) agencies.
vi. Testing of cancelled invoices revealed non-chronological numbering, indicating potential back-dated or forward-dated entries. However, controls over invoice sequencing were not examined. The ET also applied Monetary Unit Sampling (MUS) uniformly, despite MUS being unsuitable for detecting understatement risks, as it inherently biases testing towards higher value items.
vii. Known issues relating to access rights, privileged access, and audit trail gaps in various IT systems were not evaluated. Furthermore, the primary accounting system lacked an enabled audit trail, raising significant concerns about the integrity, completeness, and reliability of the financial data used in the audit.
26. SA 220 and Ethical Standards require the ET to maintain objectivity. Paragraph A7 of SA 610 states that objectivity refers to the ability to perform those tasks without allowing bias, conflict of interest or undue influence of others to override professional judgments. In this case, the engagement performance indicates confirmation bias, with the focus on audit procedures that address only the overstatement in revenue or profits. This has led to ignoring available indicators and potential audit procedures for assessing and evaluating the risk of revenue fraud due to understatement.
V. Provisions
27. In the case of Company C, an unlisted public company engaged in Real Estate Development, we observe that the financial statement contains a disclosure regarding provision movement, but a corresponding presentation of provisions is absent in the balance sheet. On enquiry, the ET stated that the amount, which is disclosed as provisions in the notes, is classified and presented as trade payables under current liabilities. The Audit Firm also stated that the misstatement is qualitatively not material.
28. A plain reading of the above disclosures indicates that the expenditure is a provision created to rectify quality issues in response to customer complaints, in a particular completed project. Customers had the option to have the residential units repaired or purchased back by the Company. Under the buyback offer, units purchased from customers have been accounted for as Stock in Trade. The SFS also states that the company utilised a portion of the provision, leaving a closing balance above materiality thresholds. However, the balance sheet does not disclose the outstanding provision balance. The audit file contains no working papers evidencing the examination of recognition, presentation, classification, disclosure, or reconciliation of this balance.
29. We note that there is no documentation of the qualitative or quantitative assessment of the materiality of the misstatements at the time of audit. Such an assessment during the audit would have resulted in a proper request to the management to correct the misstatements (Paragraph 8 of SA 450), proper evaluation of the misstatements (paragraphs 10 and 11 of SA 450), communication to those charged with governance (paragraph 12 of SA 450) and written representations (paragraph 14 of SA 450). The Audit Firm failed to comply with any of these requirements. In the absence of proper evaluation of the effect of the misstatements in classification, presentation and disclosure of provisions and trade payables, we are of the view that the Audit Opinion in this case is unsupported by sufficient appropriate audit evidence.
VI. Inventory
30. For Company C, the audit file states that some customers accepted the buyback offer, corresponding to which the management recorded the inventory. The list of buyback units from the project is available in the audit file. However, we observe insufficient evidence of testing of the valuation, completeness, or existence of the inventory buy-back. Sufficient appropriate evidence for the cost/NRV for the buyback unit is also not available. This was required as it differs from the cost/NRV of other unsold inventory in the same project and cannot be matched to other properties in the vicinity due to construction quality issues.
VII. Loans and Advances
31. In the case of Company D, a company engaged in the manufacturing of electric vehicles. In the test of details pertaining to capital advances, the purpose of the advances and their ageing analysis are not documented. Ageing analysis and evidence of the specific purpose of the advances are required to conclude on the management’s assertions regarding these loans. To this extent, the audit documentation is incomplete.
VIII. Documentation of Contradictory Evidence
32. In the case of Company B, a power generation company, the Audit Firm has adopted the Shared Service Centre (SSC) approach, based on its overall understanding of the group’s centralised operating structure. This approach was adopted on the premise that the Holding Company manages all subsidiary functions, including the Information Technology environment. However, regarding the operation of the Audit trail facility, the responses from the group auditor and the component auditors appeared contradictory regarding the audit trail at the database level. After the component auditors’ audit reports were evaluated, the ET marked “PASS” against the audit trail evaluation criteria without explaining how the contradictions in the documented evidence were addressed. Given ET’s understanding and the systems being centralised and homogeneous, the contradictory reporting by the component auditors should have been further evaluated and documented, as required by paragraph 11 of SA 230.
IX. Audit Documentation
33. The instances noted below, in the case of Company C, indicate inadequate supervision and insufficient review in the audit. Unlisted Public Interest Entities (PIEs) warrant the same level of professional attention and compliance with the Standards on Auditing as audits of listed entities. The observed deficiencies, therefore, reflect a shortfall in the supervision and review mechanisms to ensure audit quality in this Audit.
i) Audit files contained duplicate workpapers, unexplained manual calculations, and an unreconciled difference that was not evaluated or included in the misstatements summary.
ii) A replacement workpaper appeared altered, with selective formula use only for one related party, indicating possible modification and weak controls.
iii) Significant Accounting Policies were missing from both the published and archived financial statements, and an incorrect ECL policy under Ind AS 109 went unnoticed.
iv) Sampling documentation was incomplete, with no method or rationale recorded; multiple workpapers also contained outdated or incorrect information.
v) The information and dates recorded at multiple places in some WPs, and in one note to the financial statements, are either outdated or incorrect: hence, not relevant to the audit engagement.
vi) Materiality determination lacked proper basis—especially with respect to an unusual expenditure—and the audit file did not document required SA‑320 considerations for normalisation of the materiality benchmark.
PART D
Chronology of events
| Sr. No. | Date | Event/Correspondence |
| 1. | 28.03.2025 | Intimation of On-site Inspection from NFRA to the Audit Firm. |
| 2. | 15.10.2025 to 17.10.2025 | Meetings with Engagement Teams for Audit File Walkthroughs at NFRA office. |
| 3. | 10.11.2025 to
14.11.2025 |
On-Site Inspection at Firm’s Gurugram Office |
| 4. | 02.12.2025 | Communication of Inspection Team’s Observation (1st Set) to Firm. |
| 5. | 04.12.2025 | Communication of Inspection Team’s Observations (2nd Set) to Firm |
| 6. | 08.12.2025 | Audit Firm requested for extension of time for submission of response to second set of observations. |
| 7. | 09.12.2025 | Communication of Inspection Team’s Observations (3rd Set) to Firm |
| 8. | 10.12.2025 | Response received from the Audit Firm on first set of observations |
| 9. | 15.12.2025 | Communication of Inspection Team’s Observations (4th Set) to Firm |
| 0. | 16.12.2025 | Response received from the Audit Firm on third set of observations |
| 1. | 18.12.2025 | Communication of Inspection Team’s Observations (Final Set) to Firm |
| 2. | 22.12.2025 | Response received from the Audit Firm on fourth set of observations |
| 3. | 24.12.2025 | Response received from the Audit Firm on second set of observations |
| 4. | 25.12.2025 | Response received from the Audit Firm on final set of observations |
| 5. | 19.01.2026 | Communication of Draft Inspection Report from NFRA to the Audit Firm. |
| 6. | 12.02.2026 | Discussion between Audit Firm and NFRA inspection team at NFRA office. |
| 17. | 16.02.2026 | Submission of reply to Draft Inspection Report. |
| 18. | 24.02.2026 | Communication of Final Inspection Report from NFRA to the Audit Firm. |
| 19. | 03.03.2026 | Comments on the final inspection report by Audit Firm |
| 20. | 16.03.2026 | Publication of Inspection Report on the website of NFRA as per Rule 8 of NFRA Rules 2018. |
Appendix A: Audit Firm’s Response to the Inspection Report
Pursuant to Section 132(2) of the Companies Act, 2013and Rule 8 of NFRA Rules, 2018, the Authority is publishing its findings relating to non-compliances with SAs and sufficiency of the Audit Firm’s quality control system. As part of this process, the Audit Firm provided a written response to the Final Inspection Report, which is attached hereto. NFRA based on the request of the Audit Firm has excluded the information from this report which was considered proprietary.
–
–
Note:
1 Subject to certain exceptions as noted in the 2023 Inspection Report.
