1. Profiling of registered person:
1.1 Audit requires a strong database for profiling each registered person so that risk-factors relevant to a registered person may be identified in a scientific manner and audit is planned and executed accordingly. Some of the relevant data has to be collected from the registered person during the course of audit, while the rest is to be extracted from the, application for registration, registration documents and returns filed by the registered person as well as from his annual return, E-way Bills, reports/returns submitted to regulatory authorities or other agencies, Income Tax returns, contracts with his clients, audit reports of earlier periods as well as audits conducted by other agencies, like office of C&AG, etc. most of which will be available in GSTN.
1.2 A comprehensive data base about a registered person to be audited is an essential pre-requisite for selection of units as well as for undertaking preliminary desk review and effective conduct of audit. A substantial amount of data is already available in GSTN. Some of the data like those contained in annual financial statements keeps changing every year. Utility named Taxpayer at a Glance (TAG) containing all the available information of the registered person will be accessible to the auditor.
2. Reviewing the taxpayer data: The first step towards an effective audit is to review all relevant information about the registered person. Annexure GSTAM – I contains details of all the relevant data required for review.
2.1 Whenever GST audit of a registered person is taken up, the audit team conducting the audit should review the data already available and the data that is not available and collect the information not available and update the data of the registered person.
2.2 The Planning and coordination section of the Audit Commissionerate shall make available all the information of the registered person selected for audit to the respective audit group as per the said Annexure GSTAM I
2.3 The information of each registered person should be updated periodically after completion of each audit. The audit working papers, audit report, duly approved during the audit monitoring meeting, along with the latest documents should be filed properly in a file of the registered person.
3. Allocation of audits amongst the audit parties:
The audit schedule should also mention the Group No. of the audit groups to conduct audit of a particular unit. It must be ensured that the group members of the audit party are fully trained for conducting audit in accordance with the guidelines in this manual.
4. Action to be taken by the Audit Group:
Once the audit schedule, with Group allocation, is finalised, the action shifts to audit groups. The group should have adequate time to complete the preparation for audits to be conducted as per the audit schedule. All units listed to be audited should be intimated at least 15 days before the commencement of audit verification in their premises. A format of the letter (ADT – 01) intimating the registered person about the audit and the records/documents to be provided to the auditors has been notified under CGST Rules, 2017 provided in Annexure – GSTAM-II of this manual.
5. Desk Review
5.1 Objective:
The desk review lays emphasis on gathering data about the registered person, his operations, business practices and an understanding of the potential audit issues, understanding his financial and accounting system, studying the flow of materials, cash and documentation and run tests to evaluate the vulnerable areas. The preliminary review assists in development of a logical audit plan and focus on potential issues.
5.2 This is the first phase of the audit programme done in the office. The idea is to gather as much relevant information about the registered person and its operations, as is possible, before visiting the unit. A good desk review under the supervision of senior officers is critical to the drawing up of good audit plan. The services of Deputy/ Assistant Director (Costs) allocated to CC Zone may be utilised effectively wherever required.
5.3 The auditor should refer to the information of the Registered Taxpayer (Annexure-GSTAM-I). Study of the information could throw up important points, which may merit inclusion in the audit plan. In addition, the auditor should also obtain the latest Trial Balance Sheet, Tax Audit Report, Annual Financial Statement, Cost Audit Report or any such document prepared or published after the last updating of information. From the scrutiny of these documents, certain points may further emerge for inclusion in the audit plan. The auditor should also incorporate the result of any parameters brought to light by risk analysis into the desk review for pin pointing specific issues for scrutiny during audit. An illustrative list of scrutiny of important documents from the audit angle is given at Annexure –GSTAM-III).
5.4 All receipts of the taxpayer need to be tested for GST liability. Analysis of exports turnover, turnover of non-taxable and exempted goods and services gives a clear picture of the amounts which were not considered for Tax payment. It also helps to conclude whether such exemptions claimed are proper or not. (Part III (I) of Working papers in Part B {for services} of GSTAM-VIII refers). The auditor should reconcile the ITC credit availed as shown in GSTR 1 with that shown in GSTR 2A and identify any gaps in the ITC availment. This gap should be mentioned in the Audit Plan for verification at the time of audit.
5.5 Cost Accounting Records/Cost Audit:
(i) In respect of Regulated sectors like Telecommunication, Electricity, petroleum and Gas, Drugs and Pharma, fertilizers and Sugar, Cost audit requirement has been made subject to a turnover based threshold of Rs 50 crores for all products and services and Rs 25 crores for individual product and services.
(ii) In respect of Non-Regulated sectors – The threshold is Rs 100 crores and Rs. 35 crores respectively.
For latest amendments and existing norms the Companies (Cost Records and Audit) Rules 2014 may be referred to.
5.6 From the RPMF, Trial Balance and Annual Financial Statements (Profit & Loss Account and Balance Sheet) it is possible to work out important financial ratios. The said ratios should be compared with the ratios of earlier year and wherever significant variation is noticed, these areas may be selected for audit verification. It may be kept in mind that any adverse ratio is only an indicator for verification of such an area and there may be valid reasons for the same. Therefore, only on the basis of such an adverse ratio, a point for verification can be selected. An illustrative list of important ratios is given at Annexure-GSTAM-IV.
5.7 Reconciliation of data with third party information: GST payment shown in the GSTR-9 returns can be reconciled with that shown in the financial accounts. Further, from the reconciled figure of GST payment, value of the sales can be worked out. This can then be compared with the sales figure shown in financial records. The difference, if any, must be analysed. The unit assessable value of the registered person can be compared with that of another registered person supplying the same supply. This method would give an idea whether the valuation and duty calculation system of the registered person is a high/low risk area. A comparative chart of items from financial statement to be drawn for reconciling the data is annexed as Annexure-GSTAM-V. The auditor should check the data available in GSTR-9 returns with other documents such as gross trial balance, Income Tax Returns, Annual Audited accounts, Income Tax Audit report etc. and to carry out a preliminary reconciliation for the purpose of identifying any amount that might have escaped GST.
5.8 Revenue Risk Analysis:
Risk Analysis is a method of identifying potential revenue risk areas by employing modern techniques. It can be carried out by (i) reconciling various specific financial data, comparing it with different business accounts/documents, (ii) deriving certain data and comparing with the actual figures of the financial documents & (iii) comparing the key data figures of the unit with the average of all industry figure of similar kind (if available) or past figures of the same registered person. The result of Revenue Risk Analysis should be filled in the relevant column of working papers.
5.9 Trend Analysis:
Trend analysis is a type of computational support needed for the analysis preparatory to planning, by analysing historical data and working out future projections. Historical data is analysed to discover patterns or relations that would be useful in projecting the future production, clearances and values etc.
5.10 For audit purposes, either absolute values or certain ratios are studied over a period of time to see the trend and the extent of deviation from the average values during any particular period. The analysis of trends as mentioned in the relevant table of working papers may be carried out. (refer III (9) of Annexure –GSTAM-VIII Part A & III C of Part B of GSTAM-VIII).
5.11 For audit of Traders, a check list is provided in Annexure XIII. For audit of Composite Dealers, a check list is provided in Annexure XIV.
6. Audit Plan
6.1 The objective of preparing an audit plan is to outline a logical series of review and examination steps that would meet the goals and standards of an audit in an efficient and effective manner.
6.2 Audit Plan is the most important stage before conduct of audit. All the previous steps are actually aimed at preparation of a purposeful Audit Plan. Therefore, it is important that all previous steps are completed and the relevant Working Paper of each of the steps is filled up before commencing preparation of an audit plan. By now, the auditor is in a position to take a reasonable view regarding the vulnerable areas, the weak points in the systems, abnormal trends and unusual occurrences that warrant detailed verification. Certain unanswered or inadequately answered queries about the affairs of the registered person may also be added to this list.
6.3 Audit plan should be a detailed plan of action, preferably in a standard format. The audit plan should be consistent with the complexity of the audits (Annexure –GSTAM-VII).
6.4 The summary results of desk review, along with the completed Working Papers, should be submitted to the Deputy/Assistant Commissioner for approval and guidance, if any.
6.5 The audit plan must be discussed with the Deputy Commissioner / Assistant Commissioner of the Circle and should be finalised after approval by the Commissioner/ Additional/ Joint Commissioner/ Deputy/ Assistant Commissioner as the case may be.
6.6 The audit group should put up documents received, along with filled in Questionnaire and working papers in the prescribed proforma, related to top five units of each audit circle mentioned in the Annual Plan for audit coverage to the Commissioner and the rest to the Additional / Joint Commissioner through Deputy / Assistant Commissioner in-charge of Circle, for approval of the audit plan, after carrying out preliminary reconciliation, identifying discrepancies, if any, and carrying out detailed examination of the records and information (including that already captured in the Master File of registered person).
6.7 In the case of circles where ADC/JC is not stationed at the place of Circle:
i. In respect of large and medium units, the audit parties should forward the draft audit plans to the Additional/Joint Commissioner, through the DC/AC of the circle, by e-mail, for approval. The audit of the respective units should not be conducted till receipt of the approval of the ADC/JC, through e-mail. While sending the desk review and the draft audit plan, the information in GSTAM Annexure – I should also be sent.
ii. In respect of small units, the Deputy/Assistant Commissioner of the Circle is competent to approve the audit plan. However, the approved audit plan should be forwarded to the Additional/Joint Commissioner, through e-mail, at least 10 days before the conduct of actual audit so as to enable the ADC/JC to communicate additions, if any, before the actual audit takes place.
7. Audit Verification
7.1 The objective of audit verification is to perform verification activities and document them in order to obtain and record audit evidence. The verification techniques must be appropriate for audit objectives identified in the audit plan. It is important that in an audit, the objections that are raised are technically correct and stand up against scrutiny or challenge. Law being open to interpretation, it may be difficult to test the technical correctness of all objections. However, it should be correct to the extent that any professional auditor, working with and having access to the same research material would likely to come to the same conclusion. It also means that the auditor must demonstrate, in writing, the research and reasoning used to base his/her application of legislation, policies and jurisprudence.
7.2 Audit verification involves verification of data and actual verification of documents submitted at the time of desk review, verification of points mentioned in the audit plan.
7.3 Gathering of information of the registered person –
This may be carried out as per the activity of the taxpayer as found out during the Desk Review. The task mentioned herein below may not be relevant in case of all taxpayers. The auditor should evaluate the necessity of carrying out these tasks and mention the relevance in the Working Paper for carrying out or not carrying out the same.
7.4 Evaluation of the Internal Controls.
The objective of review of internal controls is to assess whether the registered person has reliable systems and controls in place that would produce reliable accounting/business records. Most medium to large companies have ERP systems in place, which account for all transactions from entry of raw material to clearance of final products. Auditors must have a look at these systems and more relevantly determine whether software being used exclusively for the transactions related to Goods and Service Tax matters is integrated to the main ERP system or is running parallel to the main ERP. This assessment would be used by the auditor to decide on the extent of verification required and to focus on areas with unreliable or missing controls. It should be noted that this review must be commensurate with the size of operations. A small registered person might have little in terms of internal controls where as a large registered person would have sophisticated internal controls in place. If the internal controls are well designed and working properly, then it is possible to rely on the books maintained by the registered person. The scope and the extent of the audit can be reduced in such a case. The reverse would be true if the internal controls are not reliable. Audit should evaluate the soundness of internal control of sub-systems/areas like sales, purchase tax, accounting etc., and grade them as good, acceptable and poor (refer Part D of working papers).
7.4.1 In this regard, an auditor should normally examine the following:
i. Characteristics of the company’s business and its activities.
ii. System of maintenance of records and accounts.
iii. Identifying the persons handling records for accounting purposes.
iv. Allocation of responsibilities at different levels.
v. System of internal checks.
vi. System of movement of documents having relation to duty/tax assessment.
vii. Inter-departmental linkages of documents and information.
viii. System of own internal audit.
7.5 Techniques for evaluation of the Internal Controls.
(a) Walk-through: This is a process by which the auditor selects any transaction by sampling method and traces its movement from the beginning through various sub systems to the end. The auditor verifies this transaction in the same sequence as it had moved. By this method the auditor can get a feel of the various processes and their inter linkages. It is also a useful method to evaluate the internal control system of a registered person. The auditor can undertake walk through process of sales, purchase, GST, account adjustment systems etc., certain model ‘Walk-through’ routes are given in Annexure-GSTAM-VI. Similarly, key controls may be examined for recording of all cash transactions: these controls may include scrutiny of numbered cash transaction invoices, daily reconciliation of cash invoices, separation of taxes etc. Undertaking a ‘walk-through’ and conducting ABC analysis during this process would help the auditor in evaluating the system of internal controls in a scientific manner.
(b) ABC Analysis: It is a known fact that in any field of activity an enormous data is generated and all data is not equally important. In order to filter out the irrelevant or relatively insignificant data, various techniques are applied. The ABC Analysis is one of such data management techniques. This technique is particularly useful when auditors are required to scrutinise and examine a large volume of data/documents within a limited time. In ABC analysis the whole data population is classified into three categories (i.e. A, B and C categories) based on the importance, as given below:
- A-category is the class of data that is the most important from the point of view of managing and controlling the same.
- B-category is the class of data, which should invariably be controlled, but the degree of control is not as intense as for A-category.
- C-category is the class of data, which has far less revenue-implications and can be controlled by suitable test-checks.
The auditor can apply ABC Analysis especially where the quantum of data/information to be analysed is voluminous. In such a case, the auditor can classify them according to their tendency towards potential risk into A, B and C categories. To give an example, transactions with top five customers/clients of a registered person may alone be taken up for detailed examination by auditors. Similarly, while verifying credit utilization by the registered person, documents relating to the receipt/procurement of major inputs may be examined. The technique of ABC analysis can also be suitably applied for evaluating the systems of internal controls while carrying out verification.
The above steps viz., tour/study or evaluation of internal controls/walk through etc., are required to be carried out during the stage of actual audit verification.
7.6 The auditor should invariably record the findings of the above steps, in the Working Paper (Annexure –GSTAM-VIII).
7.7 Verification of points mentioned in the audit plan:
In view of emphasis on trade facilitation, intelligent enforcement and providing non-intrusive environment to taxpayers, it has been decided to move from the present system of premises based audit to desk-based (office) audit in case of small category of taxpayers. Such desk based audit may be carried out on the basis of information / data made available to them. However in case of non-cooperation by the taxpayers, premises based audit may be carried out after approval by the Commissioner. Further in cases where it is felt at any stage of audit that there are inherent weaknesses in the internal control system of the taxpayers, the officers may switch to premises based audit with the approval of the Commissioner. However, in respect of Large and Medium Category of taxpayers, the premises based audit has to be conducted.
The auditor should conduct the verification in a systematic manner, following the sequence of steps envisaged in the working papers. While conducting audit verification, special care should be taken to examine all those issues pointed out in the audit plan. The auditor should try to determine whether the apparent weaknesses in the internal control system of the manufacturer/service provider have led to any loss of revenue. He should also identify the procedural infractions on part of the registered person, which are recurrent in nature and which may obscure a significant fact. During the process, he must cross check the entries made by the registered person in various records and note discrepancies, if any. In all cases involving discrepancies, the auditor should make detailed enquiries regarding the cause of the discrepancies and their revenue implication.
7.8 The auditor should also examine the documents submitted to various Government departments/ Regulatory Authorities such as Customs, Income Tax, Banks, etc. by the registered person. This should be used in cross verification of the information filed by the registered person for the assessment of GST. Annexure GSTAM-IX gives utility of some of the documents/ registers of the registered person that can be made use of by the auditor during the course of verification. Extensive use of information available with open sources such as electronic and print media, internet etc. should also be resorted to for verification of information filed by the registered person.
7.9 The audit verification gives maximum opportunity to the auditor to go through the registered person’s records in his unit. Therefore, auditor may come across a new set of information or documents, not earlier known, during any of the earlier stages. Further, while examining an issue, the auditor may come across a fresh issue also requiring detailed examination. In such a situation, the auditor should, after obtaining the approval of his Dy. Commissioner/Asst. Commissioner, go beyond the scrutiny envisaged under the Audit Plan and record the reasons for doing so. Despite audit verification being a structured process, it is flexible enough to accommodate needs on the spot. At the end of each entry in working papers, auditor must indicate the findings. If any of the planned verifications is not conducted, the reasons for the same must also be recorded. While the process of verification for each audit would be unique in terms of Audit Plan, it should involve some general steps as discussed below:
8. Physical Verification of Documents: A detailed scrutiny of the financial records of the registered person becomes imperative, if any issue is noticed at the time of Desk Review. The documents to be examined include Annual Financial Accounts containing Director’s Report, Statutory Auditor’s Report, Balance Sheet and Profit & Loss Account. If necessary, the auditor must go into details of the figures mentioned in the Annual Financial Statements and for that he must examine Trial Balance, Ledgers, Journal Vouchers, 26AS Statement, Invoices and E-way bills. He may also examine Cash Flow Statement, Groupings, Cost Audit Report and Tax Audit Report. He should also check whether the registered person is maintaining the statutory records as required under various statutes especially under the Companies Act, 2013.
8.1 Audit objections raised must be fully supported by documentary and legal evidences. This will greatly help in explaining and discussing the objections with the registered person and other follow up action. It needs to be ensured that all audit documentation is complete, accurate and of professional quality. Working Papers are a synopsis of audit operations conducted by the Audit Group. Entry of all items mentioned in the audit plan must be made in the working papers, during Audit Verification.
8.2 The provisions of Section 9(4) of the CGST Act, 2017 specify a class of registered person who shall, in respect of supply of specified categories of goods or services or both received from an unregistered supplier, pay the tax on reverse charge basis as the recipient of such supply of goods or services or both. As such during the course of Audit, the auditors may examine the details of procurements from such un-registered persons.
8.3 For verifying the gap in ITC availment as identified in para 5.5.4, the auditor should carry out a test check of the invoices of such suppliers whose details are not figuring in GSTR 2A and identify some of such suppliers with high tax value and get the particulars of tax payment verified at the supplier’s end.
8.4 In order to verify the correctness of TDS payments, the auditor should check the reconciliation statement showing purchases and prepare a list of all suppliers who have not paid GST. Some of these suppliers may either be unregistered or registered. In case of unregistered suppliers, details of payment of GST in terms of Section 51 of CGST Act, 2017 may be verified and in case of registered suppliers the reasons for non-payment of GST may be ascertained in test cases.
9. Working Papers (Annexure – GSTAM-VIII):
i. The working papers form the basis of audit objection. They also show the detailed steps undertaken by the auditor during the preparation and conduct of the audit. Therefore, they should be filled carefully, giving observations and conclusions of the auditor duly supported by evidences/documents, wherever required.
ii. Each part of the working papers should be filled up on completion of the relevant audit step. The date on which such part is completed and working paper filled in should be mentioned. The working papers should be filled in by the auditors themselves and in no case should be handed over to the registered person for filling them up.
iii. The completed working papers must be submitted by the Audit Group with the draft audit report.
iv. Copies of supporting documents/records/evidences referred to in the working papers must be annexed at the end. Each copy should have a cross-reference to the relevant entry in the working paper.
10. Working papers should support the audit effort and results. They should:
i. Be clear, concise, legible, organized, indexed, and cross-referenced;
ii. Disclose the audit trail and techniques used in the examination of each significant item;
iii. Support the conclusions reached and cover all queries raised;
iv. Include audit evidence (e g., copy of a financial statement, an invoice, a contract, a bank statement, etc.) to support the assessment;
v. Link results to supporting working papers e.g. the objections identified in the working papers must agree with the summary of audit results or statement of audit objections and the audit report;
vi. See that audit reports are clear and disclose all material and relevant information; and
vii. Take follow up action.
11. Apparently, the financial and other documents maintained by the registered person for his private use and in compliance of other statutes are of great importance which may reveal substantial short/non-payments of duty. Annexure-GSTAM-IX provides an illustrative list of such records/ documents, as also the relevant information that can be gathered from them. The auditor may take note of the same during ‘Gathering information about the registered person and the system followed by him’, and go through them during ‘Audit Verification’.
12. In case it is not possible to conduct Audit within three months period as prescribed under Section 65 of CGST Act, Circle DC/AC is to submit proposals for extension of time limit for completion of audit well in advance preferably at-least one week in advance to the Commissioner explaining the circumstances under which the Audit could not be completed within three months period. In case extension of time period for completion of audit is granted by Commissioner, the fact of such grant of extension by Commissioner is to be intimated to the registered person.
13. Apprising the registered person of irregularities noticed and ascertaining his view point
It is important that the auditor discusses all the objections with the registered person before preparing draft audit report. The registered person should have the opportunity to know the objections and to offer clarifications with supporting documents. This process will resolve potential disputes at an early stage and avoid unnecessary litigation.
14. The ultimate aim of conducting an audit is to increase the level of tax compliance of registered person. Therefore, no audit can be considered to be complete unless the auditor has made all efforts to ensure maximum recovery of short levy before leaving the premises of the registered person. As the Audit system adopts a transparent methodology, it is necessary that all the audit objections noticed by the Audit Group are conveyed to the registered person with a view to ascertain his point of view before preparing the Draft Audit Report. Accordingly, the audit objections should be intimated in writing to the registered person, clearly stating that the same is not in the nature of any show cause notice and is only a part of participative and fact-finding audit scheme under which even the preliminary and tentative audit observations are being shared with the registered person for ascertaining his point of view. Where satisfactory explanation or evidence is submitted to the auditor, the findings should be revised as necessary after placing the same before Circle DC/ AC and obtaining his approval. However, if a response from the registered person is not forthcoming, draft audit paras should be prepared on the basis of available records after citing the lack of cooperation on part of the registered person, in the Audit Report.
15. It is the auditor’s responsibility to explain all the objections to the registered person and to make all attempts to resolve any disagreements before those are finalised. It is also the auditor’s responsibility to make sure that the senior officers are aware of potential disagreement and the position taken by the registered person.
16. Suggestions to Registered person for future compliance
16.1 Before leaving the registered person’s premises, the auditor must discuss future compliance issues with the senior management of the registered person. The auditor should also discuss the steps that management can take to reduce specific errors detected during the audit and to improve compliance by suggesting improvements in the accounting systems etc. Written or verbal assurances as given by registered person should be recorded in the Audit Report.
17. If, in any way, the department can assist the registered person to reduce errors and improve compliance, such offer of assistance should be made.
