The National Financial Reporting Authority (NFRA) conducted an audit quality inspection of M/s CNK & Associates LLP under Section 132 of the Companies Act, 2013 to assess compliance with auditing standards and the adequacy of quality control systems. The inspection identified deficiencies in firm-wide controls, including lack of formal documentation for leadership roles, independence evaluations, and governance decisions. Weaknesses were noted in independence processes, audit documentation controls, monitoring mechanisms, engagement quality control review, and assignment of audit teams. In individual audit engagements, significant gaps were observed in procedures relating to revenue recognition, loans and advances, provisions, going concern assessments, and trade receivables, including inadequate testing, lack of documentation, and non-compliance with auditing standards. NFRA emphasized that these findings indicate areas for improvement rather than a complete assessment of audit quality. The firm acknowledged the observations and committed to strengthening policies, documentation, monitoring, and compliance systems going forward.
INSPECTION REPORT
2024
Audit Firm:
M/s CNK & Associates LLP
Firm Registration No. 101961 W/W – 100036
Inspection Report No.132.2-2024-09
March 27, 2026
National Financial Reporting Authority
7th Floor, Hindustan Times House
18-20, Kasturba Gandhi Marg,
New Delhi 110001
PART A
Executive Summary
Section 132 of the Companies Act 2013 mandates the National Financial Reporting Authority (NFRA), inter alia, to monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in the quality of their services. Under this mandate, NFRA initiated audit quality inspections of the Chartered Accountants firm M/s CNK & Associates LLP in March 2025. The scope of the inspection included a review of firm-wide quality controls to evaluate the Audit Firm’s adherence to SQC-1 and a review of selected audit documentation of the annual statutory audit of financial statements for the year ending 31.03.2024. Two focus areas, namely Revenue Recognition and Loans and Advances, and one engagement-specific area selected based on risk, were taken for inspection in each audit engagement. The on-site inspection was conducted in October/November 2025.
During the inspection, the Inspection Team held discussions with the Audit Firm personnel, reviewed policies and procedures and examined documents to arrive at the prima facie observations. These observations were conveyed to the Audit Firm in writing. The Audit Firm’s responses and documents have been reviewed, and the Final Inspection Report has been issued after consideration of all submissions. This public version of the final inspection report excludes confidential or proprietary information, as pointed out by the Audit Firm. The key observations are summarised as follows:
Firm-Wide Audit Quality Control System
a. The Firm needs to have documentation regarding (a) nomination of leaders of Key Functional Areas like Independence, Audit Quality, HR and Monitoring, etc., (b) assessment of the suitability of such persons and communication to the person concerned and others in the organization, and (c) the decisions concerning governance and management of the Firm. The Firm assured to maintain formal documentation of these matters. (ref. Paragraphs 11 to 13 of this report)
b. The Firm needs to have documentation regarding evaluations of independence threats, including self-interest, self-review, and familiarity threats, prior to (a) accepting non-audit services for existing audit clients, and (b) accepting audit engagements where an affiliate or network firm is already providing non-audit services to the same entity. The Firm assured to document these processes and strengthen monitoring and communication going forward. (ref. Paragraphs 14 to 17 of this report)
c. Independence declarations obtained from partners and professional staff need to fully capture the requirements prescribed under Section 141(3) of the Companies Act, 2013. On the basis of inspection observations, the Firm revised the independence declaration formats to address the identified deficiencies and commenced obtaining declarations in the revised formats from all partners and staff. (ref. Paragraphs 18 to 20 of this report)
d. The Firm needs to strengthen its policies, procedures, and controls relating to audit documentation, including controls over permitted modifications after the date of the audit report, documentation evidencing preparation and review, and timely assembly of engagement files. The Firm assured that it proposes to implement enhanced electronic controls to restrict modification of audit documentation after archival, with read-only access for engagement teams, partner approval for any post-archival changes (supported by audit trails), timely assembly of audit files, and documents evidencing preparation and review. (ref. Paragraphs 21 to 25 of this report)
e. The Firm needs to have policy & procedure for evaluation of the operating effectiveness of the Firm’s quality control system including periodic review of completed engagements. The Firm explained its existing monitoring framework and expressed its intention to formalize the documentation thereof. The Firm also stated that it has commenced the internal monitoring process of the Audit files for FY 2024-25. (ref. Paragraphs 26 to 27 of this report)
f. The Firm needs to strengthen its policy relating to Engagement Quality Control Review. The Firm stated that it has initiated steps to strengthen its EQCR framework. (ref. Paragraphs 28 & 29 of this report)
g. The Firm needs to have documented policies and procedures for the assignment of engagement partners and engagement team members to audit engagements. The Firm assured to formalise this process by documenting such decisions in the minutes of meetings and communicating assignments formally to engagement team members to enhance clarity, accountability, and compliance with the requirements of SQC 1. (ref. Paragraphs 32 to 33 of this report)
Individual Audit Engagements
a. In respect of audit of Revenue (in all the three selected audit engagements), one or more audit procedures were not appropriately performed in respect of Concession policy, Verification of Accounting policy, Arm’s Length price of related party transactions, Test of Controls, Selection of Samples, Verification of actual services performed and Payment received from customers. (ref. Paragraphs 35 to 41 of this report)
b. In respect of the audit of Loans & Advances (in one audit engagement), one or more audit procedures were not appropriately performed in respect of Internal Financial Controls, Sample Selection and audit documentation. (ref. Paragraphs 42 to 44 of this report)
c. In respect of audit of third engagement specific focus areas i.e., (a) for Provisions – audit procedures were inadequately performed in respect of loans downgraded within a short period after sanctions; (b) for Going Concern – adequate audit procedure was not performed to evaluate management plan to address mismatch between current assets and current liabilities; and (c) for Trade Receivables – direct confirmations were not obtained from debtors. (ref. Paragraphs 45 to 49 of this report)
Inspection Overview
1. Section 132 of the Companies Act 2013 (Act) inter alia mandates the NFRA, to monitor compliance with Auditing and Accounting Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in the quality of their services. The relevant provisions of NFRA Rules prescribe the procedures in this regard, which include evaluation of the sufficiency of the quality control system of Auditors and the manner of documentation of their work. Under this mandate, NFRA initiated this year’s audit quality inspections in March 2025. The overall objective of audit quality inspections is to evaluate the compliance of the Audit Firm/Auditor with auditing standards and other regulatory and professional requirements, and the sufficiency and effectiveness of the quality control systems of the Audit Firm/Auditor, including:
(a) adequacy of the governance framework and its functioning;
(b) effectiveness of the firm’s internal control over audit quality; and
(c) system of assessment and identification of audit risks and mitigating measures
2. Inspections involve a review of the quality control policy, review of certain focus areas, test check of the quality control processes, and test check of audit engagements performed by the Audit Firm during the year.
3. Inspections are intended to identify areas and opportunities for improvement in the Audit Firm’s system of quality control. Inspections are not designed to review all aspects and identify all weaknesses in the governance framework or system of internal control or audit risk assessment framework; nor are they designed to provide absolute assurance about the Audit Firm’s quality of audit work. In respect of selected audit assignments, inspections are not designed to identify all the weaknesses in the audit work performed by the auditors in the audit of the financial statements of the selected Companies. Inspection reports are also not intended to be either a rating or a marketing tool for Audit Firms.
Audit Quality Inspection Approach
4. Selection of audit firms for the 2024 inspections was based upon public interest involved, as evidenced by the size of the firm, composition and nature, the number of audit engagements completed in the year under review, complexity and diversity of preparer of financial statements (henceforth, Company) audited by the Firm and other such risk indicators. M/s CNK & Associates LLP (CNK/Audit Firm) was one of the audit firms selected on the above parameters.
5. Selection of individual audit engagements of the Audit Firm was largely risk-based, based on financial and non-financial risk indicators identified by NFRA. Accordingly, the Audit Files in respect of three Audit Engagements relating to the statutory audit of financial statements for the year ending 31.03.2024 were reviewed during the inspection.
6. The scope of the inspection was as follows:
a. Review of firm-wide quality controls to evaluate the Audit Firm’s adherence to SQC 1, Code of Ethics and the applicable laws and rules.
b. Review of individual Audit Engagement Files- A sample of three individual audit engagement files pertaining to the annual statutory audit of financial statements for the year ending 31.03.2024 was selected from different sectors like Banking, Shipping, and Pesticides. Two significant audit areas were identified for each audit engagement, namely Revenue Recognition and Loans & Advances (Assets) considering their inherently higher risk of material misstatement. In addition, a third focus area was selected which was specific to the engagement (Provisions, Going Concern, and Trade Receivables).
The selected sample of three individual audit engagements is not representative of the Firm’s total population of the audit engagements completed during the year under review.
Inspection Methodology
7. An entry meeting was held with the Firm on 16.09.2025 at NFRA office. The Firm presented an overview of the Governance and Management Structure, Firm-wide System of Quality Control, their audit approach and methodologies, including IT Systems. The on-site inspection was carried out during October to November 2025. The inspection methodology comprised meetings, walkthroughs, presentations and interviews with members of the leadership team as well as the Engagement Teams of the selected audit engagements.
8. The areas of weaknesses or deficiencies on the part of the Audit Firm, included in the inspection reports, should be viewed as areas of potential improvement and not as a negative assessment of the work of the Audit Firm unless specifically indicated otherwise.
Audit Firm’s Profile
9. M/s CNK & Associates LLP, established in 1936, is currently operating through three offices in India and two overseas offices at Dubai and Abu Dhabi. Its network, registered with the ICAI as M/s CNK & Affiliates (CNK Network), comprises four other firms operating through six additional offices in India. The Firm has 32 partners, with a further 21 partners across the network firms, and a staff strength of over 1,000 personnel. During the period under review, the Firm had 53 audit clients regulated by NFRA.
Acknowledgement
10. NFRA acknowledges the general cooperation of the Audit Firm during the inspection.
PART B
Review of Firm-Wide Audit Quality Control System
A. Leadership Responsibilities for Quality within the Firm
11. The Firm has intimated that overall leadership responsibilities rest with the Principal Partners, each heading specific verticals such as Assurance, Taxation, and Advisory. In addition, certain partners are informally designated to oversee Key Functional Areas (Independence & Ethics, Audit Quality, Human Resources, IT, and Monitoring) reporting to the Principal Partners.
12. There is a need to have formal process and documentation regarding (a) nomination of leaders of Key Functional Areas (b) assessment of suitability of persons and formal communication to the person concerned and others in the organization and (c) the decisions relating to governance and management of the Firm (such decisions are taken on understanding/consultation basis). Further, there is a need for communication or circulation of updated SQC 1 policy to the partners, staff, or affiliates. (ref. paragraphs 9 to 13 of SQC-1)
13. The Firm acknowledged the need for formal documentation in respect of the above matters and stated that leadership responsibilities rest with the Principal Partners, who assign oversight of key functional areas to suitable partners based on competence and experience, with decisions taken in partners’ meetings. The Firm stated that it has initiated maintenance of records of partners’ meetings since April 2024 and has committed to formalizing minutes, nomination processes for leadership roles, and structured communication of decisions and SQC policy updates to all staff through documented and timely communication going forward. As these developments do not relate to the period covered by the inspection, an evaluation of the sufficiency of the documentation and details provided for meeting requirements of SQC 1 is not a part of this inspection report.
B. Independence requirements –
Firm Independence:
14. The Firm needs to maintain document for evaluations of independence threats including self-interest, self-review, and familiarity threats prior to (a) accepting non-audit services for existing audit clients, and (b) accepting audit engagements where an affiliate or network firm is already providing non-audit services to the same entity. (ref. paragraph 18 of SQC-1)
15. The Firm stated that such evaluations are carried out through informal discussions via WhatsApp groups, telephone calls, and, in some cases, follow-up emails. However, no documentation, approval, or evidencing of these evaluations is maintained. This practice does not provide an adequate audit trail or evidence of compliance with paragraphs 18 and 19 of SQC 1, the Firm’s independence policies and the Code of Ethics, which require identification, evaluation, documentation of threats to independence, and application of appropriate safeguards.
16. It was further observed that while CNK operates within a network comprising four other firms, the Firm does not maintain a consolidated or centralized record of non-audit services rendered by these affiliates to audit clients of the CNK network. In the absence of a central monitoring mechanism, the Firm may not be able to ensure full compliance with the prohibitions and restrictions on non-audit services under Section 144 of the Companies Act, 2013, or effectively evaluate independence threats arising from services provided by network entities.
17. The Firm acknowledged these observations and stated that independence and conflict evaluations are currently carried out through partner communications, which have generally enabled identification and resolution of conflicts. To strengthen this process, the Firm stated that it has initiated steps to implement an application to maintain a centralized, real-time record of services rendered across the network. As an interim measure, the Firm collated historical service data in a central spreadsheet for independence and conflict checks and has proposed the introduction of formal partner declarations prior to onboarding new clients. The Firm has committed to documenting these processes and strengthening monitoring and communication going forward. However, an evaluation of these steps taken after the inspection is not a part of this report.
Personnel independence
18. The Firm has an Independence and Ethics Partner; and a process of obtaining semi-annual & engagement specific independence declarations from the employees and partners. However, there is a need to have processes to evaluate these declarations and to conduct independence compliance audit. The Firm assured to strengthen its policy and procedure on this matter. (ref. Section 141 of the Act and Paragraphs 18, 20, 86 and 87 of SQC 1).
19. The Firm obtains independence declarations from partners and professional staff, however, the declarations need to fully capture the requirements prescribed under Section 141(3) of the Act.
20. The Firm stated that it has revised the independence declaration formats to address the points identified during inspection and has commenced obtaining declarations in the revised format from all partners and staff. The revised formats have addressed the above point. The Firm has also assigned responsibility for evaluation of these declarations to the Independence and Ethics Partner and has proposed implementation of a process for sample verification of information contained in the declarations from future reporting periods. However, an evaluation of these steps taken subsequent to the inspection is not a part of this report.
C. Audit Documentation
21. The Firm prepares and maintains audit documentation electronically using an application during the course of the audit, while final assembly of audit files is done in another application except for some exceptions. It was noted that the audit team members and other users with access rights of completed audit files were able to create and modify audit documentation even after the signing of the audit report and archival of the audit file, without any effective restriction or control. This practice is not in compliance with paragraphs 77 and 79 of SQC 1, which require firms to establish controls to prevent unauthorized changes to engagement documentation after completion of the assembly of the final engagement file and to safeguard the integrity, confidentiality, and retrievability of such documentation.
22. Further, in a majority of audit documentations, details such as the name of the preparer & the reviewer, and the dates of preparation & review were either incomplete or missing. Even in cases where names were mentioned, the corresponding dates were not recorded. As a result, the audit documentation does not clearly evidence who performed & reviewed the audit work and when such work was completed, thereby leading to weak traceability, accountability, and supervision within the audit process. (ref. Paragraph 79(a) of SQC 1).
23. Further, it was observed that in certain engagements, the final audit files were not assembled within the 60 day period prescribed in paragraph 75 of SQC 1. Such delays indicate deficiencies in the Firm’s documentation control processes and may impair the completeness and integrity of the audit files.
24. The above observations indicate the need for strengthening the Firm’s policies, procedures, and controls relating to audit documentation under SQC 1, including controls over post-issuance modifications, documentation standards evidencing preparation and review, and timely assembly of final engagement files.
25. The Firm stated that it proposes to implement enhanced controls to restrict modification of audit documentation after archival, with read-only access for engagement teams and partner approval for any post-archival changes, supported by audit trails. The Firm also indicated that it has sensitized its audit teams on documenting preparer and reviewer details along with dates, updated its audit manual, and strengthened post-audit monitoring through dedicated review personnel. Further, the Firm informed that it has initiated a System of Quality Management Documentation and Automation Improvement Project aimed at formalizing, standardizing, and automating documentation and quality management processes in line with SQC 1. The effectiveness of these measures, being post-inspection actions, has not been evaluated as part of this report.
D. Monitoring
26. The Firm needs to have policies and procedures for evaluation of the operating effectiveness of the Firm’s quality control system including periodic review of completed engagements as per the requirements of paragraphs 90, 91, 93 to 95, and 97 of SQC 1, which require cyclical inspection of engagements, evaluation of deficiencies, communication of results, and annual reporting of monitoring outcomes.
27. The Firm submitted a note describing its monitoring framework under SQC 1, outlining the roles of partners responsible for various service lines, ongoing supervision mechanisms, annual technical and post-audit sessions, internal discussion forums, and engagement of an external reviewer for select assurance engagements. The Firm further stated that it has historically carried out hot and cold reviews of selected audit engagements and, since FY 2024-25, has enhanced the process by appointing an external professional and employees to review select files and review of the audit files of NFRA regulated clients and some other select clients has started. The Firm has committed to formalizing documentation of such reviews, including signed review summaries, and to strengthening its monitoring framework through documented meetings, periodic engagement reviews, and involvement of an external consultant. The Firm has indicated that these measures will be implemented in a phased manner with defined timelines to ensure ongoing compliance with SQC 1. The effectiveness of these post-inspection actions has not been evaluated as part of this report.
E. Engagement Performance
Engagement Quality Control Review (EQCR):
28. The Firm has documented policies and procedures relating to Engagement Quality Control Review. However, review of the same indicated that further strengthening is required in the following areas (ref. paragraphs 60 to 63 of SQC-1):
a) The opening paragraph of the Firm’s EQCR policy needs to clearly articulating the role and purpose of the Engagement Quality Control Reviewer/Review.
b) The policy needs to explicitly require appointment of an EQCR for audits of all listed entities, as envisaged under SQC 1.
c) The policy needs to specify the nature, timing, and extent of the EQC review to be performed.
d) The policy needs to have provision about the qualifications, experience, independence, and authority of the EQCR.
e) The Firm’s Audit Manual needs to adequately describe the EQCR process, including documentation and reporting requirements.
29. The Firm stated that it has initiated steps to strengthen EQCR framework in line with SQC-1. Guidance covering the scope, procedures, and documentation requirements for EQCR has been rolled out for statutory audits of public interest entities for FY 2024-25, with plans to extend the framework to other audit engagements. The Firm has indicated that criteria for appointment of EQCRs, including applicability to listed and other high-risk engagements, along with requirements relating to nature, timing, extent, qualifications, experience, and authority of EQCRs, are being formally documented. The Audit Manual has been updated to incorporate the EQCR process, and phased implementation across engagements is in progress, with full implementation targeted by March 2026. The effectiveness of these measures has not been evaluated as part of this report.
Differences of Opinion
30. The Firm needs to have a documented policy or procedure for dealing with and resolving differences of opinion, as required under paragraph 57 of SQC 1 and as envisaged in the Firm’s own Quality Control Manual.
31. The Firm stated that although no differences of opinion have arisen historically, it will establish and document a formal policy and procedure to address and resolve differences of opinion in the future.
F. Human Resources
32. The Firm needs to have documented policies and procedures for the assignment of engagement partners and engagement team members to audit engagements. (ref. paragraphs 42 to 45 of SQC-1)
33. The Firm stated (a) that such decisions are taken through discussions in partners’ meetings after considering factors such as experience and workload; and (b) to formalise this process by documenting such decisions in the minutes of meetings and communicating assignments formally to engagement team members to enhance clarity, accountability, and compliance with the requirements of SQC 1.
PART C
Review of Individual Audit Engagement Files Focusing on Selected Areas of Audit
34. This section discusses deficiencies observed with respect to three selected audit engagements named as Company – A, Company – B and Company – C. Two significant audit areas were identified for each audit engagement, namely Revenue Recognition and Loans & Advances (Assets) considering their inherently higher risk of material misstatement. In addition, a third focus area specific to the engagement was selected (Provisions, Going Concern, and Trade Receivables respectively). Certain critical audit procedures performed by the Firm’s engagement team in respect of these audit areas were reviewed viz., identification and assessment of risk of material misstatement, internal controls, design and execution of audit procedures in response to assessed risk (test of controls, test of details, sample sizes, and analytical reviews etc.), accounting estimates, accounting policies/disclosures and evaluation of identified misstatements. The observations are listed below.
Revenue Recognition
Company ‘A’
35. There is no evidence in the Audit file that the auditor obtained, reviewed, or tested the Company A’s concession policies relating to interest, processing fees, documentation charges, or other applicable charges. The absence of testing in this area indicates an incomplete audit approach, especially given that concessional pricing may directly affect income recognition.
36. The Audit team did not evaluate a divergence between a part of the stated Revenue recognition policy and its application in the financial statements i.e., The Company A’s stated Revenue recognition policy provided that processing or other transaction fees shared with Business Correspondents (BCs) and partners were to be netted from fee income. But the Company A had, in practice, presented BC commission as an expense under “Other Expenditure” and the income was recognised on gross basis.
(ref. Paragraph 18 of SA 330 read with paragraph 6 of SA 500).
Company ‘B’
37. The Company’s revenue from operation with related parties constituted 99% of the total revenue. The Audit file has no evidence of the auditor’s evaluation whether such transactions were conducted at arm’s length. The Auditor obtained margin calculations for the relevant contracts, in which the margin is 25% in one contract and 35% in second contract. However, basis of differential margin was not evaluated by the Firm. It was stated by the Firm that matter was discussed with the management and their oral explanation was accepted. The Firm assured that in future such evaluation will be formally documented.
38. The above stated revenue was from overseas entities, but the Audit file has no evidence of the auditor’s verification of payment received from overseas entities. The Firm responded that in case of one party, there was no outstanding and in case of second party, balance confirmation was obtained. An auditor should verify (at least on test check basis) receipt of payment in bank statement as part of substantive audit procedure.
39. The Audit file has no evidence of auditor’s verification of actual services provided by the Company to the above stated related parties. The Firm stated that the Audit team verified invoices, details of personnel involved in rendering services and estimated time spent by them for the respective contract were verified from the margin calculations. It is observed that procedures performed by the Firm do not provide assurance that actual services were performed. In such situation, an auditor should verify the time spent by the personnel from the daily contract wise time sheets, records of actual output generated by its personnel and periodical monitoring of the services by the service receivers.
40. The Firm reported under Section 143(3)(i) of the Act that the company has, in all material respects, adequate internal financial controls with reference to financial statements and such internal financial controls were operating effectively as at March 31, 2024. However, the Audit file has no evidence of performance of any audit procedure relating to controls i.e., identification of controls, evaluation of design and implementation (D&I) of relevant controls, and test of controls. The Firm responded that (A) Control testing was done in earlier years, there was no substantial change; and (b) since the volume of transactions were low, all the transactions were verified.
(ref. Paragraphs 24 to 26 of SA 240, 12 to 14, 25 & 26 of SA 315, 14(b) & 18 of SA 330, 6 of SA 500 and 11, 12 & 24 of SA 550).
Company ‘C’
41. The Company’s revenue consisted of (a) exports (30%) (b) to one domestic customer (35%) and (c) other domestic customers (35%). While performing substantive audit procedure in respect of other domestic customers, the Firm selected 9 sample invoices based on certain criteria (3 samples basis highest value, 3 samples basis highest quantity and 3 samples basis highest product price). These samples covered about 6 % of the total population. However, this process also left about 29% revenue (having 2544 invoices) untested. Thus, the sampling method used by the Firm is not compliant with para 8 of SA 530 as each sampling unit did not have a chance of selection. It is suggested that the Firm should also use technology for deciding sample size and selecting items for sample.
Loans & Advances (Asset)
Company ‘A’
42. The Firm reported in the Audit report that the Company A’s Internal Financial Controls over Financial Reporting (ICFR) were operating effectively as at 31 March 2024. However, the audit documentation evidences that the Audit team had identified several control gaps and delayed implementation of some key controls during the audit period. These include instances where credit products were sanctioned to blocked or high-risk accounts, limit enhancement, absence of real-time or ongoing monitoring mechanisms in certain loan processes, EMI date and reliance on compensating or system-based controls that were implemented only towards the end of, or after the financial year. Such observations indicate that certain controls were not operating as designed for a part of the audit period or on the reporting date.
While the Firm stated that the identified exceptions were non-pervasive and not material, the Audit documentation does not clearly evidence how the impact of these control deficiencies was evaluated during the audit. (ref. Section 143(3)(i) of the Act read with paragraphs 8 to 10 of SA 330)
43. Audit documentation does not clearly record the criteria or rationale applied for selection of samples for testing of Micro Finance, Housing and Other Loans. While the Firm stated that random sampling was applied considering the homogeneous nature of the populations and the high volume of small ticket transactions, this rationale is not adequately documented in the Audit file. More explicit documentation of the sampling approach, including the population characteristics, method of selection, sample size, and linkage to audit objectives, would improve transparency and demonstrate compliance with SA 530. Adoption of a consistently documented sampling framework across engagements would further strengthen the audit approach and support the conclusions drawn. It is suggested that the Firm should also use technology for deciding sample size and selecting items for sample. (ref. paragraphs 6 to 8 of SA 530)
44. For certain loan files, the Audit documentation contained blank or partially completed checklists and generic remarks without supporting evidence, conclusions, or sign-offs. While the Firm has indicated that relevant procedures were performed and supporting documents were obtained, the Audit file does not reflect completion and closure of these procedures. (ref. Paragraph 6 of SA 500)
Provisions
Company ‘A’
45. The Firm identified a significant number of cases where loans were downgraded within a short period after sanction, however, the Audit documentation does not evidence that the Firm performed focused audit procedures in response to the heightened risk indicator associated with such cases. In particular, there is limited documentation demonstrating assessment of the underlying causes of down gradation or evaluation of whether these trends indicated weaknesses in underwriting, controls, or increased fraud risk. Given that down-gradation of loans within a short period after sanction, is a recognized red-flag indicator, more targeted risk assessment and responsive audit procedures, with appropriate documentation, would have strengthened compliance with the requirements of SA 240, SA 315, and SA 330.
Going Concern
Company ‘B’
46. The Company has disclosed in the Financial Statements that the net worth of the Company is eroded as it has been incurring operating losses since last several years; the Company’s current liabilities exceeds its current assets; its source of revenue; and that it is taking steps to rectify the mismatch between current assets and current liabilities. In view of this, the Financial Statements were prepared on a Going Concern basis.
47. The Audit file has a proposed management plan to address mismatch between current assets and current liabilities. This plan includes sale of investment in subsidiaries at fair value, arranging funds from group company and Service Level Agreements (SLA) executed with related parties. The Auditor did not evaluate –
- reasonableness of the fair value considered by the management, marketability of assets, agreements relating to pledged assets with lender etc.;
- which group company will provide how much funds;
- that the proceeds generated from SLAs was substantially lower than the fund requirement; and
- appropriateness of the disclosure given by the Company (paragraph 49 above).
(ref. Paragraphs 12 & 19 of SA 570).
48. In respect of ‘Going Concern’, the Firm has given Material Uncertainty over Going Concern paragraph, EoM (Emphasis of Matter) paragraph and KAM (Key Audit Matter) paragraph in the Audit report. Including the same matter at three places in the Audit report is not as per SAs. Para 15 and A52 of SA 701 states that the Going Concern itself is a key audit matter and shall not be described in KAM section of the auditor’s report. Further, EoM is also prohibited on Going Concern in the case the Auditor has included a separate section for material uncertainty related to going concern in the Audit report. (ref. Paragraph 8 of SA 706).
Trade Receivables
Company ‘C’
49. The Firm relied upon the balance confirmations obtained by the Company from debtors and did not obtain balance confirmations directly from debtors. This is not as per para 7 of SA 505. It is suggested that the Firm should have control over confirmation process and direct confirmation may be obtained.
PART D
Chronology of events
| Sr. No. |
Date | Event/Correspondence |
| 1. | 28.03.2025 | NFRA intimated about inspection with initial requisition list |
| 2. | 15.04.2025 to 17.04.2025 | CNK’s responded to preliminary points |
| 3. | 29.08.2025 | NFRA requested for Pre-Inspection Meeting |
| 4. | 16.09.2025 | Pre-Inspection Meeting held at NFRA office. |
| 5. | 01.10.2025 | Introductory presentations by CNK on selected engagements |
| 6. | 06.10.2025 | File folder links shared by CNK with NFRA |
| 7. | 27.10.2025 to 04.11.2025 | On-Site Inspection |
| 8. | 01.11.2025 to 04.11.2025 | Observations on SQC 1 issued by NFRA |
| 9. | 12.11.2025 | CNK submitted response to observations on SQC 1 |
| 0. | 25.11.2025 to 28.11.2025 | Observations on 3 selected engagements issued by NFRA |
| 1. | 27.11.2025 to 04.12.2025 | CNK submitted response to observations on 3 selected engagements |
| 2. | 04.12.2025 | CNK requested for in person meeting |
| 3. | 15.12.2025 | In person meeting held at NFRA office for follow-up discussions |
| 4. | 19.01.2026 | Draft Inspection Report sent by NFRA to the Audit Firm. |
| 5. | 29.01.2026 | Submission of reply by CNK to Draft Inspection Report. |
| 6. | 27.03.2026 | Publication of Inspection Report on the website of NFRA as per Rule 8 of NFRA Rules 2018. |
Appendix A: The Firm’s response to this inspection report
Pursuant to Section 132(2) of the Companies Act, 2013 and Rule 8 of NFRA Rules, 2018, the Authority is publishing its findings relating to non-compliances with SAs and sufficiency of the Audit Firm’s quality control system. As part of this process, the Audit Firm provided a written response to the draft Inspection Report, which is attached hereto. NFRA based on the request of the Audit Firm has excluded the information from this report which was considered proprietary.
CNK & Associates LLP
Chartered Accountants
CNK/VLP/ LE/163/2025-26
Date: 29th January 2026
The Secretary,
National Financial Reporting Authority,
7th Floor, Hindustan Times House,
18-20, Kasturba Gandhi Marg,
New Delhi – 110001
Respected Sir,
Subject — Response to Inspection Report of C N K & Associates LLP
We acknowledge receipt of the Draft Inspection Report received via email dated 19 January 2026.
We appreciate NFRA’s inspection process and the objectives thereof, along with the suggestions and recommendations contained in the Inspection Report, particularly with respect to strengthening and formalization of the firm-wide quality control system and improving the documentation of our assurance work to ensure ‘sufficient appropriate audit evidence.
The inspection clarified regulatory expectations and identified opportunities for qualitative improvements in our systems and procedures.
As a Firm, we are committed to taking all necessary actions, wherever required, to ensure that our policies and procedures are appropriately enhanced for greater clarity and transparency, while continuing to remain fully compliant with applicable standards and requirements.
Our responses to the observations in the Report are enclosed as Annexure A.
Thanking You,
Yours Faithfully,
Himanshu Kishnadwala
Partner
Annexure A
Firm-wide Audit Quality Control Systems
1. Leadership Responsibilities for Quality within the Firm
The overall leadership responsibilities rest with the Principal Partners (PPs) and the responsibility to oversee key functional areas in the firm is assigned to specific partner/s depending on their competence and experience. The said process will be further strengthened and formalised with effective communication as per the SQC.
2. Independence
Firm Independence
The firm will put in place a CRM software to ensure real-time availability of services rendered to clients at all locations in order strengthen the process of Firm level Independence. In the interim period, the firm has compiled a centralized list of clients and assignments undertaken at the firm as well as its network firms, which will serve as a ready reference prior to acceptance of any engagement.
Personal Independence
We have updated our half-yearly independence declaration forms. A process for obtaining fresh declarations, in the revised format, has been initiated. The responsibility for evaluation of these declarations including sample verification of securities held, indebtedness, or guarantees given by partners and their relatives has been assigned to the Independence and Ethics Partner.
3. Audit Documentation
Our Information Technology team is working on the methodology for amending the audit file archival process and restrict edit rights on audit files after a period of 60 days from the date of the audit report. Any edits after the 60-day period shall be permitted in exceptional circumstances and with express approval of the Engagement Partner which also shall be documented.
4. Monitoring
The firm has already initiated the internal monitoring of audit files and has formalized the documentation of such reviews through the maintenance of review summaries. The Firm is also in the process of formalizing and documenting its monitoring process for overall quality management of the firm.
5. Engagement Performance
From FY 2024-25, the firm has already implemented steps to strengthen its EQCR framework in line with SQC-1. Criteria for appointments of EQCRs are formally documented.
Difference of Opinion
The firm shall formalize and document the policy and procedure to address and resolve the differences of opinion situations, if any.
6. Human Resources
The Firm has initiated steps to formalize policies and procedures for the assignment of engagement partners and team members in line with SQC-1 based on experience, expertise and work-load. assessment.
7. Individual Audit Engagement Files
Our audit methodology and documentation is designed to comply with the applicable Standards on Auditing.
We have, however, taken note of the observations made on the specific audit engagements and to improve our methodology and documentation and will work towards the same.
