Mr. N.P. Sarda, Past President of the ICAI and a
well-known teacher to many in the profession, delivered a remarkable speech at
the BCAS on 9th January, 2019. BCAJ received requests from many
members to publish some of the key points of that talk. We are publishing this
summary just in time before the audit season for unlisted entities commences. A
summary cannot convey the full import of his presentation but we hope this
piece will enable the professionals to get a bird’s-eye view of the changing
landscape of the audit profession. We would recommend that you also watch the
two-hour-long talk on the BCAS You Tube channel.
In the last couple of years, the frequency and scale of
frauds revealed to stakeholders and the public at large has been astonishing.
Many would have thought that post-Satyam scandal lessons were learnt and proper
governance practices put in place. However, with irregularities at Punjab
National Bank (PNB), Infrastructure Leasing & Financial Services
(IL&FS), amongst others, coming to the fore, the burning questions about
loopholes in the system, accountability, risk management, etc., are again up
for debate in the corporate world.
In the aftermath of the scams, the National Financial
Reporting Authority (NFRA) was formed to tighten the regulatory aspects and
monitor the quality of audit. This led to issues such as overriding powers of
the NFRA over the ICAI, questioning auditors about the professional work, etc.
In this article, we provide various aspects of this development, the issues
therein and their impact. The following broad headings cover the key aspects
dwelt upon by Mr. Sarda.
INCREASING RISKS AND CHALLENGES
Economic and regulatory changes are taking place at a rapid
pace. We have witnessed substantive reforms, viz., the Companies Act, 2013, Ind
AS and Auditing standards that are aligned with International frameworks,
Income Computation and Disclosure Standards and Corporate Governance
requirements to enhance transparency and certainty. In the wake of these
developments across various regulations and rising incidents of frauds, the
risks and challenges in auditing are also increasing. This is on account of the
following:
- Increasing size and spread of business
entities and groups (locations, subsidiaries, geographies, SPVs, number of
transactions, frauds);
- Multiple investments and special purpose
entities;
- Multiplicity of inter-entity transactions and
transfer of funds;
- Rise in the volume and amount of transactions
and of frauds;
- Complex nature of business transactions (complex
instruments and contracts);
- Rapid changes and volatility (what took a
decade now takes less than a year);
- Need for valuation and making provisions
(towards pending demands and litigations) based on estimates at year end;
- Stress on fair value (subjective concept) as
against historical cost;
- Increasing
component of intangible assets and challenges in valuing them (wide variation
in methodologies; valuation may not be valid over a period of time);
- Various risk factors such as market risk,
credit risk, risk due to emerging technologies;
- Failure of business entities / industries;
- Technology tools in audit becoming a priority
– checking controls / processes designed through computers, integration of
different business softwares of an organisation, use of data analytics;
- Lack of practice of reconciliation,
confirmations and certifications of ledger balances (through internal and
external sources);
- Various checks and balances built for proper
governance and prevention of frauds (such as concurrent audits, inspections by
regulators, Audit Committee, Risk Management Committee, whistle-blower policy)
may fail due to neglect or oversight and ineffectiveness of respective roles,
leaving the statutory auditor to face all the criticism and blame;
- Need for investigations and forensic audit
for a wide range of frauds involving falsification or fabrication of documents
and records, frauds by collusion, management override of controls, frauds
perpetrated by management;
- Society expects the auditor to unearth all
frauds, while the auditors believe that such expectations are unrealistic and,
therefore, the gaps in expectations, promises and actual performance. Though
the primary responsibility of discovering frauds lies with the governance and
management teams, the auditors will have to upgrade their standard of
performance to detect all the material frauds by designing suitable audit
programmes and procedures;
- Every time a scam is reported, instant
judgements are passed in media as to why auditors did not report them. Without
proper examination of the factual situation, audit documentation, etc. (were
any financial statements during the period of fraud certified by the auditor,
was it bona fide error or gross negligence, was it a planned collusion?)
there is presumption of audit failure;
- Other risks like unrecorded and unusual
transactions, significant related party transactions, doubts about going
concern assumption, revenue recognition issues, off balance sheet items;
- Temptation and pressure to show improved
results vis-à-vis last quarter, lack of emphasis on long-term
sustainability;
- Frauds disguised through fraudulent reporting
and misappropriation of assets.
SPECIFIC INSTANCES OF FRAUDS, SCAMS AND FAILURES
There have been several
financial scams causing distress, including with famous and reputed corporates.
The list of ten biggest corporate frauds includes Enron, World Com, sub-prime
mortgage crisis, Satyam Computers, Daewoo, Fannie Mae and Freddie Mac, AIG,
Phor-Mor, Bernie Madoff and Barlow Clowes. The findings reveal that these were
management-driven frauds wherein fraudulent financial reporting was resorted
to, in order to cover misappropriation of assets or a deteriorating financial
position. This requires increased professional scepticism from audit.
Let us look at some instances of fraud and the modus
operandi followed:
1. The Harshad Mehta fraud – bank funds used to finance stock
exchange transactions using portfolio management;
2. Sub-prime mortgage crisis – the model of giving loans
solely on mortgage of immovable properties, without any requirement of
repayment of loan by borrowers, failed as the values of the mortgaged
properties declined;
3. Satyam Computers – this involved manipulation of computer
systems, generation of fake invoices, overstating figures of revenue, profits,
bank balances. To cover up, forged bank statements, deposit receipts and
confirmations were produced by the management;
4. Kingfisher Airlines – the consortium of public sector
banks lent huge amounts of money to the airlines as part of a restructuring
exercise, after the loan account was classified as a non-performing asset.
This was questioned in the backdrop of the situation wherein the company was
reporting huge losses, the absence of adequate collateral securities, etc. The
loan funds were diverted out of India through financial transactions;
5. PNB – Letter of Undertaking to secure overseas credit from
other lenders was issued without cash margin through SWIFT system that was
not linked with Core Banking Solution. Due to this loophole, the
undertakings issued remained outside the books and, thus, remained undetected;
6. IL&FS – short-term borrowings were used for financing
long-term projects resulting in liquidity crisis. Due to long recovery
period from large infrastructure projects, it defaulted in repayment of
short-term loans (asset-liability mismatch).
NFRA
To ensure greater reliability of financial statements,
section 132 of the Companies Act, 2013 introduced the provisions relating to
NFRA. These were notified on 13th November, 2018.
Applicability
The classes of companies and body corporates governed by NFRA
(Rule 3) include:
(a) Companies whose
securities are listed on stock exchange in / outside India
(b) Unlisted public
companies
– paid up capital not less
than Rs. 500 crores
– annual turnover not less
than Rs. 1,000 crores
– loans, debentures,
deposits not less than Rs. 500 crores
(monetary thresholds – as
on 31st March of the preceding year)
(c) Insurance, banking,
electricity companies, etc.
(d) A subsidiary or
associate company outside India having income or net worth exceeding 20% of the
consolidated income or net worth of the Indian company.
Functions
The main functions of NFRA (Companies Act read with NFRA
Rules, 2018) are:
a. Make recommendations on Accounting and Auditing Policies
and Standards (after receiving recommendations from the ICAI);
b. Monitor and enforce compliance with Accounting Standards:
– may review financial statements of company / body corporate
– may require them to produce further information /
explanation
– may require presence of officers of company / body
corporate and its auditor
– based on inquiry, any fraud above Rs. 1 crore will be
reported to government;
c. Monitor and enforce compliance with Auditing Standards:
– may review working papers and audit communications
– may evaluate sufficiency of the quality control system and
manner of documentation
– may perform other testing of audit supervisory and quality
control procedures
– may require an auditor to report on its governance
practices and internal processes designed to promote audit quality and reduce
risk
d. Oversee the quality of service of the profession
associated with ensuring compliance with such standards and suggest measures
for improvement in quality of service; may refer cases to Quality Review Board
constituted under the Chartered Accountants’ Act and call for information, and
/ or a report from them;
e. Maintenance of details of auditors of companies specified
in Rule 3;
f. Promote awareness on compliance of accounting and auditing
standards;
g. Co-operate with national and international organisations
of independent audit regulators.
Powers
NFRA is entrusted with powers to investigate either suo
motu or on a reference made to it by the Central Government (for prescribed
class of companies) into matters of professional or other misconduct (as
defined in the Chartered Accountants Act). As per the Supreme Court decision in
the case of Gurvinder Singh, other misconduct will include any act that brings
disrepute to the profession, whether or not related to his professional work
and not necessarily done in his capacity as a CA. It is also provided that
where NFRA has initiated the investigation, no other institute or body can
initiate or continue any proceedings in such matters.
Where professional or other misconduct is proved, the
consequences are two-fold:
a. Penalty: For individuals – Rs. 1 lakh, may extend to 5
times the fees
For firms – Rs. 10 lakhs, may extend to 10 times the fees
b. Debarring the member or the firm from practice for a
minimum period of 6 months, not exceeding 10 years, applicable even to company
/ body corporate not governed by Rule 3.
NEED OF NFRA – ARGUMENTS
Several perceptions had led to the constitution of the NFRA.
We have analysed them below with valid arguments:
1. Frauds like Satyam and PNB – the disciplinary
mechanism of the ICAI being a creation of its own members, is ‘not independent’
The ICAI functions under the Ministry of Corporate Affairs,
the disciplinary procedure is laid down in the Act itself and government
nominees are present in every proceeding. As against the earlier practice of
involvement of Council members twice (at stages of prima facie and final
decision), after amendment to the Chartered Accountants Act in 2006, the
Director of Discipline (not a member of the Council) reports cases to the Board
of Discipline (Schedule I cases) and the Disciplinary Committee (Schedule II
cases). The government nominees are present in all the 3 bodies.
No allegation of bias has ever been raised – that the process
is not carried out judiciously. Rather than creating a separate body, the NFRA,
the government can appoint more nominees in the disciplinary mechanism of the
ICAI.
No other institute or body has taken such strict disciplinary
action against its own members as has been done by the ICAI. This is evidenced
by the fact that in the Satyam case various members have been debarred for
life, while in the PNB case the ICAI started suo motu action, without a
formal complaint. As for the member, such disciplinary proceedings are a
punishment in itself and result in loss of reputation. The ICAI has made
tremendous efforts to formulate and spread knowledge of compliance with standards
as part of CPE. QRB, FRRB and Peer Review are some other mechanisms that have
been working effectively.
2. Delay in disciplinary proceedings of ICAI
While this was true earlier, through amendments to the
Chartered Accountants Act in 2006, appointment of multiple Directors of
Discipline or Disciplinary Committees was allowed in order to avoid delays.
During the process, requests for adjournments and stay (for
proceedings ongoing with other regulatory authorities or Courts) caused delays
as this is a judicial process. Against this, the NFRA rules provide for a
summary procedure within 90 days where an opportunity for personal hearing may
or may not be given. It is important to strike a balance between the two
extremes – that the opportunity granted for hearing may be misused, but a
contrary stand can be harsh on the member.
3. With amounts and frequency of corporate and bank
frauds rising, the authorities had to take drastic action
It is assumed that all problems will be solved once NFRA sets
in. However, what kind of action is envisaged under it? Prevention and
detection of fraud is a very large area. NFRA provisions don’t address the
aspect of prevention of fraud; they are restricted to limited areas of action
against statutory auditors for gross misstatement in financial statements on
account of non-compliance of accounting and / or auditing standards. The
consideration is that there was something wrong in the accounting and auditing
standards and that was the reason of misconduct by the members.
It is presumed that if action is taken against the member,
frauds will not take place. But there are no steps for the detection of fraud
until certification of the financial statements by the auditor (exception fraud
noticed during search, later reported to government). The functions of NFRA do
not include aspects of deterrent action on perpetrators of fraud and / or other
checks and balances for prevention of fraud. In short, the focus of NFRA is
on the police and not on the thief!
4. Non-detection of
fraud by an auditor considered as fraudulent act and a case of professional
misconduct. Strict regulation could reduce such instances
In the backdrop of failure
to report frauds, fingers are pointed at auditors with allegations that the
auditors colluded with management and it is an intentional act involving gross
negligence. However, it is not prudent to draw any conclusion without examining
the facts. It could be a bona fide omission (not part of audit sample
selection), or an error of judgement, or that the time available to auditor was
not commensurate with the volume of business. May be, the skills of the auditor
have not kept up with those of the fraudster! The presumption that
non-detection of fraud is a fraudulent act or is professional negligence / misconduct
and that frauds can be reduced by a strict regulation like NFRA is far-fetched.
Importantly, enough stress has to be placed on relevant
internal controls, internal checks and balances required in the management and
governance of large entities. If they are not adequate, the statutory audit, on
its own and on a standalone basis, will not be effective. If negative
presumptions about the role of auditors continue, then new talent may hesitate
to enter the auditing profession.
NFRA AND OTHER REGULATORS – A TUSSLE
The question arises whether
it was necessary to have a separate disciplinary mechanism when ICAI already
has one. The ICAI had urged the Central Government against setting up the NFRA
(a legal fight is not possible because the ICAI functions under the Ministry of
Corporate Affairs). This, in fact, is the legal opinion of Mr. Mukul Rohatgi,
former Attorney General, that the NFRA encroaches on the powers of the ICAI.
Under the Constitution, if any institution has specific powers (ICAI in this case
regarding disciplinary mechanism), other institutions cannot have the same
mandate.
In a case filed before the
Delhi High Court by the Chartered Accountants’ Association, the Court has
granted stay on initiation of disciplinary action by NFRA. The final verdict is
pending on the matter of SEBI debarring PwC for 2 years (stay by the Supreme
Court).
The overlap and conflict between NFRA and other bodies gives
rise to the following issues:
1. Where NFRA has not initiated the proceedings, can ICAI do
it (different language in Act and Rules)?
2. Whether NFRA’s jurisdiction would apply to every act of
misconduct of a chartered accountant, or only relating to financial statements?
3. Would NFRA apply to the auditor of every branch of all
banks?
4. If an auditor is debarred by NFRA, the impact will extend
to his every audit appointment including for companies not covered by Rule 3.
5. There is no provision in the NFRA rules for complaints by
any stakeholder against Rule 3 companies. It is restricted to cases referred by
government or suo motu action. Even ICAI would not have jurisdiction to
address such complaints.
While the guilty must be punished, it is equally important
that innocents are not harassed.
ROLE OF ICAI POST-NFRA
The ICAI will make recommendations on Accounting and Auditing
Standards to NFRA. The role of Quality Review Board to oversee the quality of
audit service rendered would continue. Towards this, an effective role can be
played by having efficient structure and process of inspection. The aspect of
improving and strengthening the expertise and quality of work of internal
auditors, experts in designing and implementing internal controls, computer
controls, etc. also needs be seen.
There is no change in
jurisdiction and powers of ICAI over auditors, other than those of Rule 3
entities. The ICAI ought to regulate over matters not governed and administered
by NFRA provisions, as discussed above.
ACTION FOR AUDITORS
The change in the regulatory environment and expectations
demands that auditors develop and deliver high-quality service to reinforce the
relevance of audit. The skill sets and manner of executing audit need to
evolve. We have highlighted below the perspective for the auditors about what
they need to do.
a. Focus on upgrading
professional skills (including industry specialisation);
b. Audit firms to devise
and implement quality controls and best practices;
c. Appropriate audit
planning considering industry, client, nature of business, controls in place,
systems and procedures, accounting policies followed;
d. Undertake risk
assessment on the basis of evaluation of internal controls and computer
controls;
e. Design audit procedures
based on findings of risk assessment (e.g. special procedures may be required
for unusual transactions and evaluation of uncertainties and estimates;
f. Apply audit techniques
including computer-aided tools;
g. Develop expertise on
Accounting and Auditing Standards and strictly adhere to them;
h. Have a trained and
talented audit team for execution;
i. Stress on detailed
documentation;
j. Exercise
professional scepticism;
k. Quality control in
Audit Firms;
l. Consultation with other
experts, wherever required;
m. Constructive
discussions and communication with management and with those charged with
governance on internal controls, risk management and provide valuable insights;
n. Giving value-added
insights;
o. Appropriate reporting
of Key Audit Matters.
CONCLUDING REMARKS
The success of NFRA would depend upon the constitution of its
members, the experts appointed, their expertise and approach, its finance and
infrastructure, the effectiveness of coordination with ICAI in respect of
Accounting and Auditing Standards and assistance of the Quality Review Board.
Risks are becoming the focal point. The
responsibilities of the auditor are increasing. With public sentiment turning
negative and some lowering of confidence in the independent auditor’s work,
there is a fear that professionals may stay away from the audit domain.
