India’s new audit regulator — National Financial Reporting Authority — is modeled on the Public Company Accounting Oversight Board (or PCAOB) of the US. Both regulators oversee auditors of public companies and were formed after major accounting scandals broke out in their respective countries.
As a consequence of the Satyam accounting scandal over 10 years ago, it was thought that India needed an independent audit regulator. The idea of an independent audit regulator was enshrined in the Companies Act 2013.
However, the NFRA was set up only in 2018 to regulate audit firms that audited “public interest entities” after the Punjab National Bank-Nirav Modi fraud came to light. It took another six months to become operational and was finally set up in October 2018 immediately after IL&FS and its group companies collapsed under a debt burden of Rs 90,000 crore.
NFRA took over the function of regulating audit firms from the Institute of Chartered Accountants of India, the umbrella body that oversees the CA and audit profession. Its jurisdiction has been carved out of ICAI’s domain. After many challenges to its jurisdiction by CAs in courts, the NFRA has got down to business and started its work of reviewing audit quality and punishing erring auditors in the IL&FS Financial Services’ (IFIN) case. BSR & Associates LLP and Deloitte Haskins and Sell LLP were the joint auditors for IFIN in financial year 2017-18.
Let us look at what action the NFRA has taken, and what this means for the future of the audit profession, and how it will have to adapt.
Fixing responsibility
Based on NFRA’s orders and Audit Quality review reports, one thing is certain is that the new audit regulator will not shy away from taking stern action against those responsible for the conduct of audits. It has banned Udayan Sen, who was the former managing partner and chief executive officer of Deloitte India and the engagement partner in the IFIN audit, Rishad Daruvala (audit quality control reviewer in the IFIN audit) and Shrenik Baid (part of the IFIN audit engagement team).
The charges against Sen, Daruvala and Baid are on similar lines. These range from professional misconduct stemming from various counts like not evaluating whether IFIN was a going concern or not, ignoring RBI’s inspection reports that raised concerns about the IFIN not meeting regulatory capital requirements, failing to evaluate the risk of material misstatements creeping into financial statements, and so on.
Auditor’s independence
NFRA seems to have set a standard with these orders and AQRs that audit firms cannot circumvent the law which is meant to ban non-audit services being provided by auditors or entities connected to them. Some multinatioanl audit firms operate with different entities that are connected to the network of firms. These entities provide non-audit services to clients.
Like say Deloitte India has an audit firm called Deloitte Haskins and Sells LLP in its India network and KPMG has BSR & Associates LLP. But these are part of the larger Deloitte India and KPMG India group, respectively.
The NFRA is trying to implement the letter of the law that no connected entities of the audit firm should provide non-audit services while engaged in an audit of financial statements. Also, even if the auditor is not providing non-audit services during the duration of the audit, there can be prohibition on accepting audit engagement in case the auditor and the client had a business relationship before the audit started. In the case of BSR (KPMG), the audit firm’s affiliated entities had provided non-audit services to IFIN before it began the audit for the financial year 2017-18.
NFRA considered BSR’s affiliates having a business relationship with IFIN before it started the IFIN audit engagement, a good enough reason to make the audit firm lose its independence. This might impact many audit firms’ and their ability to generate revenues when they are being mandatorily rotated under the provisions of the Companies Act 2013.
Materiality & audit procedures
The NFRA sifted through the audit files of both BSR and DHS to find that some of the audit procedures that they used were not up to the mark. This was also done even under the older regime where the ICAI’s audit review body would conduct such a review exercise.
What the NFRA is doing through these AQR processes is to try to fix responsibility to design audit procedures in such a way that auditors do not overlook instances of fraud. And as a corollary, to make sure that auditors do not overlook the impact of such a fraud on the financial statements before signing an audit report.
Also, in the case of AQR of BSR, the NFRA has pointed out that the firm’s IFIN audit engagement team set the financial materiality level arbitrarily and without basis. Materiality is used to sift out transactions for conducting a sample audit at a transaction level.
It also pointed out that the auditors failed to identify special classes of transactions for which the financial materiality level needed to be shelved. Considering the level of complexity of the IFIN audit, this needed to be done, and was ignored.
This can mean two things for future audits, auditors will have to change the way they establish materiality before they begin their audit, and a strict materiality level for transactions only works for auditing routine transactions.