By Kanakprabha Jethani | Executive

Kanak@vinodkothari.com

Background

ICSI has recently issued four Auditing Standards[1] (‘Standards’) for the members in practice namely:

• CSAS-1 – Auditing Standard on Audit Engagement
• CSAS-2 – Auditing Standard on Audit Process and Documentation
• CSAS-3 – Auditing Standard on Forming of Opinion
• CSAS-4 – Auditing Standard on Secretarial Audit

in order to enable them to carry out the audit engagements more effectively. The first three Standards will be applicable to all kind of audit engagements and the fourth one will specifically be applicable for the Secretarial Audit under Section 204 of the Companies Act, 2013. In terms of ICSI’s own language, the Standards shall be mandatorily effective from the audit engagements accepted on or after 1^st April, 2020.

Objective of the Standards

Seemingly, ICSI is seeking to promote best auditing practices, uniformity and consistency in conduct of the audits by the members in practice. These are expected to strengthen the audit process and corporate governance practices. Since, varied audit practices are being carried over by different auditors, monitoring of audit process becomes cumbersome and troublesome at the same time. These Standards are expected to harmonise the audit practices among the auditors all over the country. The objective is to streamline and enable members to effectively undertake secretarial audit and ensure compliance. It is also expected that these Standards will enhance the quality of compliance.

Applicability of Standards

These Standards shall be effective and recommendatory to be accepted by the auditors on or after 1^st July 2019. However, the same shall be mandatorily applicable to the audit assignments obtained on or after 1^st April 2020.

Whether these Standards are statutorily required?

In order to be statutorily applicable and binding, legal backing to the provision is required. For example, for the Secretarial Standard-1 and secretarial Standard-2 have a backing of legal provision i.e. Section 118 of the Companies Act 2013. Section 118(10) provides that every company shall observe secretarial standards with respect to general and Board meetings specified by the Institute of Company Secretaries of India. In compliance of aforesaid section, companies follow these two secretarial standards. The same is not the case for other secretarial standards issued by ICSI such as, Secretarial Standard -3 relating to Dividend or Secretarial Standard-4 relating to maintenance of registers and records and hence purely voluntary.

Likewise, the Auditing standards issued by ICSI also do not carry a legal backing as of now though the same is being brought in by ICSI with an intent to make it mandatory.

What are the various audits a PCS can undertake?

A Practising Company Secretary is authorised to undertake various audits as prescribed under the Companies Act 2013, SEBI regulations and other applicable laws, some of which are as under:

• Secretarial Audit as per provisions of Section 204 of the Companies Act 2013;
• Half-yearly certificate certifying that all share certificates were issued by Share transfer Agent/ Registrar and transfer Agent within 30 days of lodgement of transfer as provided under regulation 40(9) of SEBI(Listing Obligations and Disclosure Requirements) Regulations;
• Annual Secretarial Compliance Report as per SEBI Listing Regulations;
• Half-yearly certification of maintenance of 100% asset cover for non-convertible debt securities as per regulation 56(d) of SEBI(Listing Obligations and Disclosure Requirements) Regulations;
• Certificate regarding compliance of conditions of corporate governance as per SEBI Listing Regulations;
• Share Reconciliation Certificate as per SEBI (Depositories and Participants) Regulations, 2018 etc.

These Standards shall be applicable to all these audits along with any other audit required to be done by PCS. Thus, for the purposes of these Standards, ‘Auditor’ shall mean a Practising Company Secretary undertaking any of such audits.

The list of TO DO’s for auditors

CSAS-1 – AUDITING STANDARD ON AUDIT ENGAGEMENT

This deals with roles and responsibilities of Auditor undertaking audit engagement. They also elaborates procedures and principles for entering into agreement with appointing authority.

Eligibility to take audit engagement

• Auditor shall not hold, singly or along with partners, spouse, parent, sibling, and child of such person or of the spouse, any of whom is either dependent financially on such person, more than 2% in the paid up share capital or shares of nominal value of Rs. 50,000, whichever is lower or more than 2% voting power in the Auditee, as the case may be.
• Auditor shall not be indebted to the Auditee for an amount of five lakh rupees or more except if such indebtedness is arising out of ordinary course of business.
• If an Auditor was in employment of the Auditee, its holding or subsidiary company and 2 (two) years must have lapsed from the date of cessation of employment.

Things to do pursuant to CSAS-1:

• Ensure that appointment is made as per provisions of Companies Act 2013 and rules made thereunder.
• Submit eligibility certificate to appointing authority.
• Obtain audit engagement letter and copy of resolution passed by appointing authority and provide acceptance thereto.
• Ensure audit engagement letter includes:

1. The objective and scope of the audit; if the same has been established by law, reference to relevant provisions must be stated.
2. The responsibilities of the Auditor and the Auditee;
3. Written representations provided and/or to be provided by the Management to the Auditor, including particulars of the Predecessor or Previous Auditor;
4. The period within which the audit report shall be submitted by the Auditor, along with milestones, if any;
5. The commercial terms regarding audit fees and reimbursement of out of pocket expenses in connection with the audit;
6. Limitations of audit, if any.

• Intimate previous auditor about such engagement, in writing.
• Ensure that such engagement is within the limits prescribed by ICSI from time to time.
• Maintain confidentiality of information obtained during the course of audit unless there is a legal obligation to disclose such information. Also, ensure that employees, staff and other team members also be bound by duty of confidentiality.
• Do not agree to change in terms of engagement unless there is reasonable justification for doing so.
• If terms of appointment are changed resulting in lower level of assurance, it shall be accepted only after considering the appropriateness of the same.
• Any changes in terms of engagement must be agreed by way of supplementary or revised engagement letter.

CSAS-2 AUDITING STANDARD ON AUDIT PROCESS AND DOCUMENTATION

This Standard deals with the roles and responsibilities of Auditor with respect to maintenance of proper audit records that provides-

• sufficient and appropriate record to form the basis for the Auditor’s Report; and
• evidence that the audit was planned and performed in accordance with the applicable Auditing Standards and statutory requirements.

Things to do pursuant to CSAS-2

• Formulate an audit plan as per terms of audit engagement.
• Ensure adherence to audit plan.
• Conduct risk assessment of auditee considering business, environmental and organisational structure and compliance requirements.
• Evaluate high-risk areas relating to internal control systems, transparency, prudence, probity, changes in compliance team etc.
• Obtain sufficient information of the auditee for conduct of audit.
• Make use of systematic and comprehensive checklists.
• Obtain necessary evidence and evaluate the same so as to support the opinion. This shall be adequately documented in audit working papers.
• Obtain third-party confirmations wherever required.
• Document discussions with management of the auditee in significant matters.
• Collate the documentation for records within 45 days of date of signing of auditor’s report.
• Maintain documentation in physical or electronic form for a period of 8 years from date of signing of auditor’s report.

Features of audit plan

• The audit shall be planned in a manner which ensures that qualitative audit is carried out in an efficient, effective and timely manner.
• Audit planning shall ensure that appropriate attention is accorded to crucial areas of audit and significant issues are identified in a timely manner.
• Audit plan should be based on professional scepticism, so that it is possible to exercise professional judgment in an objective manner.

CSAS-3 – Auditing Standard on Forming of Opinion

This Standard provides details about the manner of evaluation of conclusions derived out of audit evidence which leads to formation of Auditor’s opinion.

Things to do pursuant to CSAS-3

• Consider materiality while forming opinion.
• Consider all relevant audit evidence before issuing audit report.
• Apply professional judgement and scepticism to ensure evidence is factually correct.
• Prepare audit report within the agreed time-frame.
• Verify accuracy of facts and responses from concerned persons.
• Adhere to generally accepted principles and practices in relation to audit process.
• Indicate if any third-party report or opinion is being relied on.
• Indicate if third-party report is provided by the auditee and also consider important findings of third party.
• Carry out a supplemental test to check veracity of third-party report.
• Express unmodified opinion if satisfied that applicable laws have been duly complied with and relevant records are free from misstatement.
• Express modified opinion in bold or italic letters. Modified opinion is to be issued if:
  • non-compliance of applicable laws is found,
  • relevant records aren’t free from misstatement,
  • sufficient and appropriate audit evidence to ensure the above is not available.

• Ask auditee to remove any such limitation on scope of audit which is likely to make the Auditor give modified opinion or disclaimer.
• Give unmodified opinion, if in case of absence of sufficient and appropriate evidence, Auditor can conclude that effects of unavailability of such evidence will be non-material. However, if the effects are likely to be material, the auditor shall express disclaimer of opinion.

Format of audit report

• The report shall be addressed to appointing authority unless the terms of engagement provide otherwise.
• Report must be detailed. Specific formats, if any, must be followed.
• Provide annexures for detailing of certain aspects, wherever necessary.
• Include a section named Auditor’s responsibility in the audit report.
• This section shall state that the audit was conducted in accordance with applicable Standards.
• The report shall state that due to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements or material non-compliances may not be detected, even though the audit is properly planned and performed.
• Signature block shall mention name of auditor/firm, certificate of practice number/registration number and membership number of the auditor.
• Mention clearly the date and place of signing audit report.

CSAS-4 – Auditing Standard on Secretarial Audit

This Standard lays down the manner of evaluation of statutory compliances and corporate conduct in the process of doing secretarial audit u/s 204 of the Companies Act, 2013. It gives a broad structure to the audit process.

Things to do pursuant to CSAS-4

• Take note of laws applicable to the auditee. This includes specific laws as well as general laws.
• Review Memorandum of Association, Articles of Association, statutory books, disclosure by the auditee etc.
• Identify events and corporate actions that took place in the audit period by reviewing website of the auditee, disclosures made to stock exchanges, statutory records of the auditee etc.
• Verify event based as well as calendar compliances of the auditee.
• Verify composition of Board of directors is in compliance with applicable rules and regulations i.e. optimum combination and strength is maintained and directors are not disqualified.
• Ensure formation of required committees and proper composition of such committees.
• Ensure decisions by board of directors are taken in compliance with the law i.e. in properly constituted meeting or by circulation.
• Ensure that systems of compliance are adequate and effective.
• Analyse instances of receipt of show cause notices, prosecutions initiated, fee or penalty levied etc.
• Collect further evidence and conduct in-depth checking if a fraud is suspected.
• If there is a sufficient reason to believe that a fraud has been committed, the same shall be reported to Audit Committee/Board/Central Government as per the process laid down under the Companies Act, 2013. Also, the same shall be included in Secretarial Audit Report.
• Verify the comments received on reporting fraud.
• Include fraud detected by other auditor in the audit report.
• Report all the events that affect auditee’s going concern or alters the charter or capital structure or management or business operation or control, etc.

Conclusion

These Standards provide a broad structure to the audit process and direction as to proceeding the audit. Having a direction to proceed will make the audit more systematic. To establish these structures and systems would initially require plenty of clerical nature work. However, this is a one-time labour to be put in for structuring all the future audits.

These Standards are issued with a motive to enhance the level and quality of compliance and at the same time harmonise the audit practices being followed by various auditors. Unity of procedures ensures clarity to the auditee which enables them to ensure systematic compliance. Application of these Standards is believed to be beneficial for the Auditors as well as the companies and regulators in the long run.

[1] https://www.icsi.edu/media/webmodules/ICSI_Auditing_Standards.pdf