The National Financial Reporting Authority (NFRA) issued Audit Quality Inspection Guidelines outlining the framework, scope, and methodology for regulatory inspections of audit firms. Exercising powers under Section 132 of the Companies Act, 2013 and NFRA Rules, 2018, the objective is to assess compliance with auditing standards, regulatory requirements, and the effectiveness of internal quality control systems. Inspections cover governance structures, audit risk assessment, internal controls, and audit engagements, using benchmarks such as applicable laws, auditing standards, firm policies, and regulatory directions. A proportionate, risk-based approach is followed in selecting auditors and engagements, with inspections involving document reviews, interviews, and testing of audit processes. The guidelines clarify that inspections are not investigations and do not provide absolute assurance or conclusive findings of misconduct. Inspection reports include findings, responses, and recommendations, with mandatory timelines for remediation and compliance. NFRA may publish non-compliance findings while safeguarding confidential information, ensuring transparency and regulatory oversight.
NATIONAL FINANCIAL REPORTING AUTHORITY
Audit Quality Inspection Guidelines
Audit quality inspections, worldwide’, are integral to the functioning of independent audit regulators. An inspection generally consists of firm-wide quality reviews and/or test-check of individual audit assignments to evaluate the level of compliance with applicable auditing standards and quality control policies and processes.
Mandate and Overall Objective
1. In keeping with the functions entrusted to NFRA under section 132 of the Companies Act 2013, audit quality inspections are a key tool with the Regulator to fulfil its statutory obligations. The mandate for inspections is derived from section 132 (2) of the Companies Act 2013 (Act, hereinafter) and the relevant provisions of the NFRA Rules 2018 (Rules, hereinafter).
2. The overall objective of inspections is to evaluate compliance of the audit firm/auditor (the ‘auditor’, hereinafter) with auditing standards and other regulatory and professional requirements, and the sufficiency and effectiveness of the quality control system of the auditor, including
(a) adequacy of the governance framework and its functioning,
(b) effectiveness of the auditor’s internal control over audit quality, and
(c) system of assessment and identification of audit risks and mitigation measures.
Criteria
3. Criteria are benchmarks used to check compliance, evaluate or measure subject matter consistently and reasonably. Criteria are identified based on the Laws, rules, regulations, policies, standards, etc., governing the subject matter.
4. Accordingly, the criteria for inspections would be:
- Provisions of the Act, Rules and amendments thereof,
- Standards of Auditing, including Standard on Quality Control (SQC 1) and Code of Ethics,
- Policies, guidelines, methodologies and manuals, etc. of the firm
- Accounting Standards, as may be applicable to selected individual audit engagements,
- Relevant circulars/directions of other regulators, as applicable.
Scope and Scale of Inspections
5. A proportionate regulatory approach is followed in inspections which is commensurate to the size of the firm, the significance of its audit portfolio to investors, creditors and public interest, past inspection compliance (where inspections are recurring), and risks pertaining to selected focus areas, amongst other relevant factors.
6. Inspections will involve a review of the quality control policy, including tone at the top, firm culture and governance, review of certain focus areas, test check of the quality control processes, controls around the use of technology in audit, and/or test check of audit engagements performed by the auditor during the year.
7. The scope of inspection will be informed by NFRA to the auditor at the commencement of inspection. The scope of an inspection will generally not vary during its execution unless specific circumstances or findings warrant an expansion of scope or coverage. Any change in scope or coverage would be intimated to the auditor, with due authorisation.
8. The audit engagements selected may be reviewed for application of all or select auditing standards, as may be decided by the inspection team.
9. Inspections are intended to identify areas and opportunities for improvement in the auditor’s system of quality control. Inspections, by nature, are distinct from investigations undertaken under section 132 (4) of the Act. However, in certain cases, test check by the inspection teams may provide a basis for or require reference of such cases/matters for enforcement or investigation under applicable provisions of the Act and Rules.
10. Inspections may not lead to a detection or identification of all the weaknesses in the governance framework or system of internal control or audit risk assessment framework and are not designed to provide absolute assurance about the auditor’s quality of audit work. In respect of selected audit assignments, inspections may not identify all the weaknesses in the audit work performed by the auditors in respect of the audits of the financial statements of the companies. Inspections are also not intended or designed to replace the role and responsibilities of the companies’ independent statutory auditors.
11. Inspections may, in certain cases, also lead to financial reporting quality reviews of financial statements of the companies whose audits are selected for inspection. They may also result in issue of advisories or directions to the auditors.
Selection of auditors and audit engagements
12. Selection of auditors – Selection of auditors and determination of periodicity of their inspections by NFRA will be based on assessment of risks in the audit environment and parameters such as the size of the firm, composition and nature of the firm, number of audit engagements completed in the year under review, complexity and diversity of preparer financial statements audited and other such risk indicators as NFRA may determine from time to time. In addition, any specific concerns highlighted by the Government, other regulators, or issues in the public domain may also influence the selection of auditors for inspection.
13. Selection of individual audit assignments – Selection of audit engagements will be both risk-based and random, and based on financial and non-financial indicators2 identified by NFRA. Details of audit engagements conducted by the auditor will be required to be provided by the auditors to the inspection team, in advance, for selection purposes.
14. The inspected auditor would have no role whatsoever in any selection by NFRA of the auditor or identification of any area of quality control or quality management policy or practices of the auditor, or selection and test-check of individual audit engagements undertaken by the auditor.
Methodology
15. The inspection process will usually commence with a presentation by the auditor. The presentation would comprise the specific areas communicated by NFRA and any areas the auditor may like to present. NFRA would also outline its inspection approach and plan to the auditor.
16. Inspections may involve questionnaires, conversations with the audit firm’s leadership, requests for written confirmations, entry and exit meetings, discussions, site visits, interviews, observations, walkthroughs, review of documents, review of the audit documentation system, including ERPs and other IT applications in place. The inspection team may issue questionnaire/s requesting the auditor to keep records ready for onsite inspection. At the start of on-site inspection, entry meetings with senior management of audit firm or heads of various verticals may be held to better appreciate the structure and working of the audit firm/auditor. Enquiry meeting/s with audit engagement teams of selected audit engagements may also be held at the start of the inspections.
17. The inspection execution cycle will comprise site-visits, interviews, reviews of controls, substantive testing, issue of queries and observations, and follow-up of previously issued observations (to be relevant in case of recurring inspections). The inspected auditor will be required to provide written responses to the queries and observations, and written confirmations as required by the inspection team, within the timelines communicated by the inspection team. The inspected auditor may be required to transfer the selected audit engagement files and other records to the inspection team in the manner requested.
18. Inspections would close with a meeting with the senior management of the auditor. NFRA would subsequently issue a draft inspection report for obtaining responses from the auditor before finalisation and issuance of the final inspection report.
Inspection Report and Follow-up.
19. The inspection report would comprise NFRA’s inspection approach in brief, findings or non-compliances, auditor’s responses, NFRA’s conclusions and recommendations and any other matter deemed significant. It may include requirements for the auditor to perform a root-cause analysis with respect to the deficiencies noted in the inspections and send the results and action taken thereon to NFRA.
20. The inclusion of an observation in an inspection report is not a determination by NFRA as to whether the auditor has engaged in professional misconduct under relevant provisions of the law and the Rules. Any references in an inspection report to violations or potential violations of law, rules, or professional standards are therefore not a result of an adjudicative process and do not constitute conclusive findings for purposes of imposing sanctions.
21. NFRA publishes the results of the inspections in accordance with Rule 8 (5) of NFRA Rules 2018, which states that ‘NFRA shall publish its findings relating to non-compliances on its website and in such other manner as it considers fit, unless it has reasons not to do so in the public interest and it records the reasons in writing.’ NFRA also ensures, in keeping with Rule 8 (6) of NFRA Rules 2018, that “The Authority shall not publish proprietary or confidential information, unless it has reasons to do so in the public interest and it records the reasons in writing”. The inspected firm will have to demonstrate with evidence in support which information, in its view, falls in the category of ‘confidential’ and ‘proprietary’, for the purpose. In either of the above circumstances, NFRA may issue a detailed inspection report to the auditor for compliance, remediation and follow-up, in addition to the report published on its website. References to inspection reports in these guidelines, therefore, include detailed inspection reports as well.
22. Given that the draft inspection report is issued after discussions, confirmations, issue of inspection observations, sufficient opportunity for the auditor to respond, and examination and analysis of replies and submissions, the inspected auditor, in the interest of timely finalisation of the inspection report, will be required to provide their response to the draft inspection report, within 10 days of its issue.
23. The inspected auditor will be required to submit a remediation plan to NFRA within 90 days of the issue of an inspection report. Compliance with all inspection findings contained in the detailed inspection report shall be provided by the auditor within the timelines prescribed therein, but no later than 180 days from the date of issue of the inspection report (detailed or otherwise). Any extended timelines for compliance will need to be communicated by the auditors to NFRA with detailed justification and would be subject to approval of the Competent Authority at NFRA.
24. Follow-up by NFRA on its inspection observations and findings will invariably form a part of the next inspection, where it is recurring. Follow-up may also be required to be undertaken by NFRA earlier than the next inspection, as may be warranted by the nature of the observations and findings, including the public or investor interest involved.
25. All auditors are encouraged to present the inspection report to the audit committees of the public interest entities3 audited by them.
Revision of these guidelines.
26. The inspection procedures and processes outlined above will be subject to periodic review at NFRA and revised from time to time, as per requirements.
Notes:
1 Reference: Core principles of independent audit regulators by the International Forum for Independent Audit Regulators (IFIAR) require that audit regulators should, as a minimum, conduct recurring inspections of audit firms undertaking audits of public interest entities in order to assess compliance with applicable professional standards, independence requirements and other rules, laws and regulations. IFIAR comprises independent audit regulators from 56 jurisdictions.
2 May include audit areas that are complex, areas where new accounting standards have been introduced, audit areas significant to prevailing economic trends or conditions etc
3 Entities falling under Rule 3 of NFRA Rules 2018.
