Subscribe to BCA Journal Know More

December 2021


By Zubin Billimoria
Chartered Accountant
Reading Time 17 mins
(This is the fifth article in the CARO 2020 series that started in June, 2021)


In the recent past regulators and other stakeholders have been increasingly concerned with the increase in frauds by companies and the perceived lack of attention by the auditors in respect thereof. This trust deficit is attempted to be bridged by CARO 2020 by significantly increasing the reporting responsibilities for auditors with regard to fraud and unreported transactions.


The scope of reporting can be analysed under the following clauses:

Clause No.


Nature of change, if any

Clause 3(xi)(a)

Frauds noticed or reported:

Enhanced Reporting

Whether any fraud by the
company or any fraud on the company has been noticed or reported during the
year; if yes, the nature and the amount involved is to be indicated

Clause 3(xi)(b)

Reporting on Frauds:

New Clause

Whether any report under
sub-section (12) of section 143 of the Companies Act has been filed by the
auditors in Form ADT-4 as prescribed under rule 13 of the Companies (Audit
and Auditors) Rules, 2014 with the Central Government

Clause 3(xi)(c)

Whistle-Blower Complaints:

New Clause

Whether the auditor has
considered whistle-blower complaints, if any, received during the year by the company

Clause 3(viii)

Unrecorded Transactions:

New Clause

Whether any transactions
not recorded in the books of accounts have been surrendered or disclosed as
income during the year in the tax assessments under the Income-tax Act, 1961
(43 of 1961); and if so, whether the previously unrecorded income has been
properly recorded in the books of accounts during the year


Frauds noticed or reported [Clause 3(xi)(a)]:
* The scope has been widened by removing the words ‘officers or employees’.

The reporting requirements outlined above entail certain practical challenges which are discussed below in respect of the Clause where there is enhanced reporting as well as the new Clauses:

Frauds noticed or reported [Clause 3(xi)(a)]:
a) Conflict with responsibilities under SA 240:
For complying with SA 240, the auditor is primarily concerned with frauds which cause material misstatements to the financial statements, which are intentional and broadly cover misstatements from fraudulent financial reporting and misappropriation of assets. This is in conflict with the CARO requirements whereby the terms ‘noticed or reported’ are very wide. Accordingly, the auditor is required to report not only the frauds noted or detected by him pursuant to the procedures performed in terms of SA 240 and reported by him u/s 143(12), but also frauds detected by the management whilst reviewing the internal controls or internal audit or whistle-blower mechanism or Audit Committee and brought to the auditor’s notice.
b) Concept of materiality: Once a fraud is noticed, it appears that it needs to be reported irrespective of the materiality involved. Whilst there is no clarity in respect thereof in the Guidance Note under this Clause, para 37 of the Guidance Note specifies that whilst reporting on matters specified in the Order, the auditor should consider the materiality in accordance with the principles enunciated in SA 320. Accordingly, the auditors should apply appropriate judgement whilst reporting under this Clause. It may be noted that even the FRRB and QRB in the course of their review reports have not been favourably inclined to the concept of taking shelter under the garb of materiality for reporting under this Clause.
c) Challenges in detection: An auditor may find it difficult to detect acts by employees or others committed with an intent to injure the interest of the company or cause wrongful gain or loss, unless these are reflected in the books of accounts; examples include receiving payoffs from vendors and tampering with QR codes during the billing and collection process. In such cases the auditors would need to corroborate their inquiries based on their knowledge of the business / industry coupled with the results of the evaluation of the internal controls, the robustness of the code of conduct and ethics policies, instances of past transgressions in respect thereof, etc.

Reporting on Frauds [Clause 3(xi)(b)]:
Before proceeding further, it would be pertinent to note the following statutory requirements:

Section 143(12) of Companies Act, 2013
Notwithstanding anything contained in this section, if an auditor of a company, in the course of the performance of his duties as auditor, has reason to believe that an offence involving fraud is being or has been committed against the company by officers or employees of the company, he shall immediately report the matter to the Central Government within such time and in such manner as may be prescribed.

Rule 13 of the Companies (Audit and Auditors) Rules, 2014 deals with reporting of frauds by auditor and other matters:
(1) If an auditor of a company, in the course of the performance of his duties as statutory auditor has reason to believe that an offence of fraud, which involves or is expected to involve, individually an amount of rupees one crore or above, is being or has been committed against the company by its officers or employees, the auditor shall report the matter to the Central Government.

(2) The auditor shall report the matter to the Central Government as under:
(a) the auditor shall report the matter to the Board or the Audit Committee, as the case may be, immediately but not later than two days of his (acquiring) knowledge of the fraud, seeking their reply or observations within forty-five days;
(b) on receipt of such reply or observations, the auditor shall forward his report and the reply or observations of the Board or the Audit Committee along with his comments (on such reply or observations of the Board or the Audit Committee) to the Central Government within fifteen days from the date of receipt of such reply or observations;
(c) in case the auditor fails to get any reply or observations from the Board or the Audit Committee within the stipulated period of forty-five days, he shall forward his report to the Central Government along with a note containing the details of his report that was earlier forwarded to the Board or the Audit Committee for which he has not received any reply or observations;
(d) the report shall be sent to the Secretary, Ministry of Corporate Affairs in a sealed cover by Registered Post with Acknowledgement Due or by Speed Post followed by an e-mail in confirmation of the same;
(e) the report shall be on the letterhead of the auditor containing postal address, e-mail address and contact telephone number or mobile number and be signed by the auditor with his seal and shall indicate his Membership Number; and
(f) The report shall be in the form of a statement as specified in Form ADT-4.

(3) In case of a fraud involving lesser than the amount specified in sub-rule (1), the auditor shall report the matter to the Audit Committee constituted  u/s 177 or to the Board immediately but not later than two days of his knowledge of the fraud and he shall report the matter specifying the following:
(a) Nature of fraud with description;
(b) Approximate amount involved; and
(c) Parties involved.

(4) The following details of each of the frauds reported to the Audit Committee or the Board under sub-rule (3) during the year shall be disclosed in the Board’s Report:
(a) Nature of fraud with description;
(b) Approximate amount involved;
(c) Parties involved, if remedial action not taken; and
(d) Remedial actions taken.

(5) The provision of this rule shall also apply, mutatis mutandis, to a Cost Auditor and a Secretarial Auditor during the performance of his duties  u/s 148 and  u/s 204, respectively.

Form and content of Form ADT-4
a) Full details of suspected offence involving fraud (with documents in support),
b) Particulars of officers / employees who are suspected to be involved in the offence,
c) Basis on which fraud is suspected,
d) Period during which the suspected fraud has occurred,
e) Date of sending report to BOD / Audit Committee and date of reply, if any, received,
f) Whether auditor is satisfied with the reply / observations of the BOD / Audit Committee,
g) Estimated amount involved in the suspected fraud,
h) Steps taken by the company, if any, in this regard, with full details of references.

Guidance Note issued by ICAI
The ICAI has also published a Guidance Note on Reporting of Frauds u/s 143(12) of the Companies Act, 2013 to assist the auditors in discharging their responsibilities. Some of the main issues addressed by the Guidance Note are as under and which need to be kept in mind whilst discharging the responsibilities for reporting under this Clause:
* The requirement is to report only on frauds in the course of performance of duties as an auditor.
* Only frauds committed against the company by its officers or employees are required to be reported. Thus, frauds committed by vendors and outsourced service providers are not required to be reported. The requirements of SA 240 need to be kept in mind. Accordingly only frauds involving financial reporting or misappropriation of assets are covered Thus, the scope for reporting under this Clause is much narrower than under sub-clause (a) discussed earlier.
* If any frauds are detected during the course of other attest / non-attest functions like quarterly reporting and they are likely to have a material effect on the financial statements, the same would also need to be reported.
* There is no responsibility to report frauds if the same are already detected. However, in such cases the auditor should apply professional scepticism as to whether the fraud was genuinely detected through vigil / whistle-blower mechanism and review the follow-up in respect thereof. This could have an impact on reporting under sub-clause (c) discussed subsequently.
* Reporting is required only when there is sufficient reason to believe and there is sufficient knowledge (i.e., evidence) of occurrence. Mere suspicion is not sufficient.

Keeping in mind the above reporting requirements, the following are some of the practical challenges that could arise in reporting under this Clause:

a) Reporting by predecessor auditor: The requirement for reporting pertains to any report which has been filed during the financial year under audit. Accordingly, if the auditor has been appointed for the first time, he would need to consider whether the predecessor auditor has reported to the Central Government during the financial year prior to his term being concluded before the AGM. In such cases it is better that the incoming auditor seeks a specific clarification from the predecessor auditor and also obtains a management representation and makes a mention accordingly in his report.
b) Post-balance sheet events: If the auditor has identified the fraud and initiated the communication procedures outlined earlier before the year-end but has filed his report with the Central Government subsequent to year-end till the date of the report, he would need to report on the same specifically under this Clause. In such cases, he should also consider the impact on the financial statements and disclosures of Events subsequent to the balance sheet date under AS 4 and Ind AS 10, as applicable.
c) Monetarily immaterial frauds: Monetarily immaterial frauds below Rs. 1 crore have to be reported by the auditor to the Audit Committee constituted u/s 177. In cases where the Audit Committee is not required to be constituted u/s 177, then the auditor shall report monetarily immaterial frauds to the Board of Directors. In either case, a disclosure needs to be made in the Board Report as outlined earlier. Though there is no specific reporting responsibility under this Clause, it would be a good practice to make a reference to the same under this Clause.
d) Cost audit and secretarial audit: Reporting on fraud u/s 143(12) is required even by the cost auditor and the secretarial auditor of the company and it is possible that a suspected offence involving fraud may have been reported by them even before the auditor became aware of the fraud in the course of his audit procedures under SA 240. In such cases, if a suspected offence of fraud has already been reported by the cost auditor and the secretarial auditor, he need not report the same to the Audit Committee u/s 177 or the Board of Directors and thereafter, where applicable, to the Central Government, since he has not per se identified the suspected offence of fraud. It is, however, advisable that the report factually clarifies the position.

Whistle-Blower Complaints [Clause 3(xi)(c)]:
The establishment of a whistle-blower mechanism is mandatory for certain class of companies and therefore the auditor should consider the requirements prescribed in the Act and in SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (SEBI LODR Regulations) in this regard. Section 177(9) of the Act requires certain class of companies to establish a vigil mechanism for their Directors and employees to report their genuine concerns or grievances:

Requirements under Companies Act, 2013
Section 177(9) read with Rule 7 of the Companies (Meetings of Board and its Powers) Rules, 2014 provides for establishment of a vigil mechanism.

(1) Every listed company and the companies belonging to the following class or classes shall establish a vigil mechanism for their Directors and employees to report their genuine concerns or grievances:
(a) the companies which accept deposits from the public;
(b) the companies which have borrowed money from banks and public financial institutions in excess of fifty crore rupees.
(2) The companies which are required to constitute an Audit Committee shall oversee the vigil mechanism through the committee and if any of the members of the committee have a conflict of interest in a given case, they should recuse themselves and the others on the committee would deal with the matter on hand.
(3) In case of other companies, the Board of Directors shall nominate a Director to play the role of an Audit Committee for the purpose of vigil mechanism to whom other Directors and employees may report their concerns.
(4) The vigil mechanism shall provide for adequate safeguards against victimisation of employees and Directors who avail of the vigil mechanism and also provide for direct access to the Chairperson of the Audit Committee or the Director nominated to play the role of Audit Committee, as the case may be, in exceptional cases.
(5) In case of repeated frivolous complaints being filed by a Director or an employee, the Audit Committee or the Director nominated to play the role of Audit Committee may take suitable action against the Director or employee concerned, including reprimand.

Requirements under SEBI LODR
Regulation 4(2)(d) of the SEBI LODR Regulations also mandates all listed entities to devise an effective whistle-blower mechanism enabling Directors, employees or any other person to freely communicate their concerns about illegal or unethical practices.

Regulation 46(2)(e) of SEBI LODR Regulations requires a listed company to disseminate on its website details of establishment of its vigil mechanism / whistle-blower policy. Further, the role of the Audit Committee also includes review of the functioning of the whistle-blower mechanism.

Keeping in mind the above reporting requirements, the following are some of the practical challenges that could arise in reporting under this Clause:
a) Anonymous complaints:
The auditor needs to consider every complaint received by the company including anonymous complaints while deciding the nature, timing and extent of audit procedures. The auditor should also evaluate whether such complaints are investigated and resolved by the company in an appropriate and timely manner. Further, in case of anonymous complaints he needs to exercise greater degree of professional scepticism to ascertain whether they are frivolous or motivated. Also, any other information which is available in the public domain should also be considered.
b) Companies not covered under the Regulatory Framework: The reporting requirements under this Clause do not distinguish between listed, public interest entities and other entities, including those in the SME sector where there is no regulatory requirement to establish a formal whistle-blower / vigil mechanism. In such cases the auditor needs to make specific inquiries and obtain appropriate representation which needs to be corroborated for adequacy and appropriateness based on the understanding obtained about the entity and its operating and governance environment. Finally, any information which is available in the public domain should also be considered.
c) Forensic investigations: In case a forensic audit /investigation has been initiated pursuant to a whistle-blower complaint, the auditor needs to check the reports issued and discuss the observations and conclusions with the auditor / investigation agency if required and report accordingly.
d) Outsourcing arrangements: The auditor should perform independent procedures, including getting direct confirmation for whistle-blower complaints received which are managed by a third party like an external internal audit firm.

Unrecorded Transactions [Clause 3(viii)]:
Before proceeding further, it would be pertinent to note the following statutory requirements:

Undisclosed income under the Income-tax Act, 1961
‘Undisclosed income’ as per section 158B includes any money, bullion, jewellery or other valuable article or thing or any income based on any entry in the books of accounts or other documents or transactions, where such money, bullion, jewellery, valuable article, thing, entry in the books of accounts or other document or transaction represents wholly or partly income or property which has not been or would not have been disclosed for the purposes of this Act, or any expense, deduction or allowance claimed under this Act which is found to be false.

Vivad Se Vishwas Scheme
The Union Budget 2020 was presented by the Finance Minister on 1st February, 2020 with an underlying objective to support the Government’s target of making India a $5 trillion economy by 2025. Several policy and tax-related announcements were made with primary focus on improving the ease of living and the ease of doing business in India. One of the key proposals was introduction of a direct tax dispute resolution scheme, namely, Vivad Se Vishwas Scheme which translates to ‘From Dispute towards Trust’, i.e., trust as the basis of partnering with the taxpayers towards building the nation. The Scheme proposes to settle direct tax disputes relating to personal income tax and corporate tax between taxpayers and the tax Department. The Government of India enacted the Direct Tax Vivad Se Vishwas Act, 2020 (‘the Act’) on 17th March, 2020 to give effect to this Scheme.

An overview of the Scheme:
* If a taxpayer elects to take recourse under the Scheme, a proportion of the total tax along with interest and penalty needs to be paid (depending on the type of the pending dispute) for full and final settlement.
* The scheme confers immunity from prosecution, penalty and interest in respect of proceedings for which the taxpayer has opted to avail the Scheme.
* The Act also provides that the tax disputes so settled cannot be reopened in any other proceeding by the Income Tax Department or any other designated authority.

Keeping in mind the above reporting requirements, the following are some of the practical challenges that could arise in reporting under this Clause:
a) Scope: The emphasis is on the words surrendered or disclosed which implies that the company must have voluntarily admitted to the addition of such income in the income tax returns filed by the company. What constitutes voluntary admission poses several challenges especially where the company has pending tax assessments which have been decided up to a particular stage and the company chooses not to file an appeal. In such cases, the auditor needs to review the submissions and statements filed in the course of assessment to ascertain whether the additions to income were as a consequence of certain transactions not recorded in the books. This would involve use of professional judgement and consideration of the materiality factor.
b) Submissions under the Vivad Se Vishwas Scheme: In case the company has opted for disclosures under the said Scheme, a view can be taken that the same constitutes voluntary surrender and disclosure and hence needs to be reported under this Clause with appropriate factual disclosures.

Frauds are now an inherent part of corporate life and the auditors will have to live with them. The reporting requirements outlined above will hopefully provide them with the necessary tools to cope with them and provide greater comfort to the various stakeholders. In conclusion, life will never be cushy for the auditors and they would always be on the razor’s edge!

You May Also Like