NFRA Inspection Report 2023 on MSKA & Associates Audit Quality in Tamil
- Tamil Tax upate News
- January 15, 2025
- No Comment
- 7
- 60 minutes read
National Financial Reporting Authority (NFRA) conducted a comprehensive inspection of M/s MSKA & Associates in early 2024 to assess compliance with auditing standards and firm-wide quality controls. Key findings included governance documentation gaps, inadequate self-review and independence threat analyses, and deficiencies in audit documentation systems. The firm acknowledged these issues and initiated corrective measures. Audit procedures for related party transactions were found inadequate, with incomplete and inaccurate disclosures, potential fraud risks, and non-compliance with statutory requirements. Insufficient controls and documentation in revenue recognition and internal controls over financial reporting (ICFR) were also noted. Specific concerns included deficient testing of IT systems, weak sampling methodologies, and omission of critical controls, especially in high-risk areas like non-performing asset recognition and gold loan rollovers. Furthermore, the inspection revealed significant lapses in evaluating non-financial asset impairments, including goodwill, where key assumptions and third-party valuations lacked scrutiny. NFRA also highlighted weaknesses in client acceptance procedures, sufficiency of audit fees, and resource competency, emphasizing the need for formalized policies. The firm has taken steps to address these issues, such as discontinuing non-audit services for regulated clients and enhancing audit documentation integrity. The report underscores the importance of stricter adherence to auditing standards to ensure the reliability of financial statements and maintain public trust in audit quality.
National Financial Reporting Authority
INSPECTION REPORT 2023
Audit Firm: M/s MSKA & Associates
Firm Registration No. 105047W
Inspection Report No.132.2-2023-03
January 02, 2025
PART A
Executive Summary
Section 132 of the Companies Act 2013 mandates the National Financial Reporting Authority (NFRA) to inter alia monitor compliance with Auditing Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in quality of their services. Under this mandate, NFRA initiated audit quality inspections of the Chartered Accountants firm M/s MSKA & Associates in January 2024. The scope of the inspection included a review of firm-wide quality controls to evaluate Audit Firm’s adherence to SQC-1 and review of selected audit documentation of the annual statutory audit of financial statements for the year ending 31.03.2023. Three significant audit areas were identified in respect of each audit engagement viz., Related Party Transactions, ICFR – Revenue and Impairment of Non-Financial Assets, due to their inherent higher risk of material misstatement. The on-site inspection was carried out between January to February 2024.
During the inspection, the Inspection Team held discussions with the Audit Firm personnel, reviewed policies and procedures and examined documents to arrive at the prima facie observations. These observations were conveyed to the Audit Firm. After examining the replies, NFRA conveyed a draft inspection report to the Audit Firm. The replies and documents submitted by the Audit Firm have been examined and this report is issued. The observations in this report are based on policy documents and/or results of samples tested by the inspection team. The key observations are summarised as follows:
a. Absence of formal documentation regarding the Firm’s governance and management structure indicate non-compliance with first element of SQC 1 – Leadership Responsibilities for Quality within the firm. The Firm acknowledged need of formal documentation in this matter. (Para 11 to 15)
b. The Firm could not adequately demonstrate its analysis of self-review and self-interest threat as required under the Code of Ethics and provisions of the Companies Act before acceptance of non-audit services. Further, the Inspection team observed the need for improvement in the Firm’s internal review of compliance with independence requirements by its personnel. The Firm acknowledged this as an improvement area and started taking necessary action from FY 2023-24 including discontinuing providing non-audit services by its network firms in India to its NFRA regulated audit clients. (Para 16 to 22)
c. The Firm’s control over the creation, changes, and review of Audit Work Paper (AWP) is inadequate since application used for maintaining audit documentation allows for AWP modification after final signing off without mandating the modifier to sign-off after such modification. This flaw in documentation integrity also allows for signing off blank AWPs. This is non-compliance with para 8 & 9 of SA 230 (Audit Documentation) and para 79 of SQC 1. Further, violation of SQC 1 and SA 220 was noticed due to EQCR signing off AWPs after the audit report date. Further, the duality of electronic and physical audit documentation raises concerns about reliability and non-compliance with Standards on Auditing. The Firm intimated about steps taken to enhance audit documentation. (Para 23 to 28)
d. The Firm’s policies and procedures regarding clients acceptance and continuation need to be strengthened in respect of evaluation of non-audit services, sufficiency of audit fees, and sufficiency and competency of resources etc., to maintain audit quality. The Firm acknowledged need of formal documentation in this matter. (Para 30 to 32)
e. In respect of review of related party transactions in one selected company, the firm’s audit procedures were found deficient in evaluating the fraud risk associated with the recognition of provisions for doubtful loans in respect of loans given to overseas joint venture and subsidiaries during FY 2022-23. Similar provisions for loans given to same parties were recognized in previous years and were written off in FY 2021-22. The Engagement Team (ET) was required to assess the fraud risk related to these entries, as per specific auditing standards (SA 240, SA 315, SA 330, SA 540, and SA 550). (Para 39 to 42)
f. The audit procedures performed in respect of Related Party Transactions and Related Party Disclosures across all five selected companies are found to be inadequate; and in respect of four selected companies, Related Party Disclosures were found incomplete, inaccurate, and non-compliant with relevant accounting standards (Ind AS 24) and the Companies Act, 2013 on one or more counts. Key issues include failure to disclose transaction’s terms and conditions, incorrect interest rates, and misrepresentation of balances. In some cases, important transactions and personal guarantees were not disclosed, and audit procedures were inadequate. Errors were also identified in disclosures related to investments, loans, and director information. These deficiencies reflect a lack of diligence, incomplete documentation, and non-compliance with statutory requirements, potentially leading to misleading financial statements. (Para 43 to 63)
g. In respect of all five selected companies, the audit procedures for ICFR revenue showed one or more deficiencies including inadequate testing of ITGC controls, insufficient sample sizes for tests of control (TOC) and insufficient documentation of TOC. Key areas like agreements, pricing, customer creation, invoicing, and collections lacked proper evidence or detailed testing in the audit file. For specific companies, important controls like NPA recognition, evergreening of gold loan through rollover of existing loan (including accrued interest) involving repledge of already pledged gold, dealer approvals, and revenue completeness were inadequately tested or omitted. (Para 64 to 78)
h. In case of two selected companies, the audit of non-financial asset impairment showed significant deficiencies. For one case, no impairment test was conducted for goodwill allocated to a project, and there was a lack of documentation for the ready reckoner rates and land title verification for goodwill. In second case, the valuation by a third-party firm was not evaluated, impairment testing assumptions were unclear, and there was no evidence of approval dates. (Para 79 to 82)
Inspection Overview
1. Section 132 of the Companies Act 2013 (Act) inter alia mandates the NFRA, to monitor compliance with Auditing and Accounting Standards, to oversee the quality of service of the professions associated with ensuring compliance with such standards, and to suggest measures required for improvement in the quality of their services. The relevant provisions of NFRA Rules prescribe the procedures in this regard, which include evaluation of the sufficiency of the quality control system of Auditors and the manner of documentation of their work. Under this mandate, NFRA initiated this year’s audit quality inspections in January 2024. The overall objective of audit quality inspections is to evaluate the compliance of the Audit Firm/Auditor with auditing standards and other regulatory and professional requirements, and the sufficiency and effectiveness of the quality control systems of the Audit Firm/Auditor, including:
(a) adequacy of the governance framework and its functioning;
(b) effectiveness of the firm’s internal control over audit quality; and
(c) system of assessment and identification of audit risks and mitigating measures
2. Inspections involve a review of the quality control policy, review of certain focus areas, test check of the quality control processes, and test check of audit engagements performed by the Audit Firm during the year.
3. Inspections are intended to identify areas and opportunities for improvement in the Audit Firm’s system of quality control. Inspections are not designed to review all aspects and identify all weaknesses in the governance framework or system of internal control or audit risk assessment framework; nor are they designed to provide absolute assurance about the Audit Firm’s quality of audit work. In respect of selected audit assignments, inspections are not designed to identify all the weaknesses in the audit work performed by the auditors in the audit of the financial statements of the selected companies. Inspection reports are also not intended to be either a rating or a marketing tool for Audit Firms.
Audit Quality Inspection Approach
4. Selection of audit firms for the 2024 inspections was based upon public interest involved, as evidenced by the size of the firm, composition and nature, the number of audit engagements completed in the year under review, complexity and diversity of preparer of financial statements (henceforth, Companies) audited by the firm and other such risk indicators. M/s MSKA & Associates (MSKA/Audit Firm) was one of the audit firms selected on the above parameters.
5. The selection of individual audit engagements of the Audit Firm was largely risk-based, based on financial and non-financial risk indicators identified by NFRA. Accordingly, the Audit Files in respect of five Audit Engagements relating to the statutory audit of financial statements for the year ending 31.03.2023 were reviewed during the inspection.
6. The scope of the inspection was as follows:
a. Review of firm- wide quality controls to evaluate the Audit Firm’s adherence to SQC 1, Code of Ethics and the applicable laws and rules. Focus areas for the 2024 inspection relates to critical elements of the Firm’s quality control system viz., leadership responsibilities within the Firm, auditor independence, acceptance and continuation of audit clients, engagement quality control and the Audit Firm’s internal quality inspection program.
b. Review of individual Audit Engagement Files- A sample of five individual audit engagement files pertaining to the annual statutory audit of financial statements for the year ending 31.03.2023 was selected from different sectors like Financial, Real Estate, Petrochemical, Cement, and Packaging. Three significant audit areas were identified in respect of each audit engagement viz., Related Party Transactions, ICFR – Revenue and Impairment of Non-Financial Assets, due to their inherent higher risk of material misstatement.
The selected sample of five individual audit engagements is not representative of the Firm’s total population of the audit engagements completed by the Firm for the year under review.
Inspection Methodology
7. An entry meeting was held with M/s MSKA & Associates on 11.01.2024 at NFRA office. The Firm presented an overview of the Governance and Management Structure, Firm-wide System of Quality Control, their audit approach and methodologies, including IT Systems. The on-site inspection was carried out during January to February 2024. The inspection methodology comprised meetings, walkthroughs, presentations and interviews with members of the leadership team as well as the Engagement Teams of the selected audit engagements.
8. The areas of weaknesses or deficiencies on the part of the Audit Firm, included in the inspection reports, should be viewed as areas of potential improvement and not as a negative assessment of the work of the Audit Firm unless specifically indicated otherwise.
Audit Firm’s Profile
9. M/s MSKA & Associates is a partnership firm with 11 offices in India. It was established in 1978 and has been a member of BDO international since 2013. The Firm comprises 47 partners and 960 staff members. It had 162 NFRA regulated audit clients. The Firm intimated that there are three CA firms and 8 non-CA firms in the BDO network.
Acknowledgement
10. NFRA acknowledges the general cooperation of the Audit Firm during the inspection.
PART B
Review of Firm-Wide Audit Quality Control System
A. Leadership Responsibilities for Quality within the Firm
11. SQC 1 states that “The firm should establish policies and procedures designed to promote an internal culture based on the recognition that quality is essential in performing engagements. Such policies and procedures should require the firm’s chief executive officer (or equivalent) or, if appropriate, the firm’s managing partners (or equivalent), to assume ultimate responsibility for the firm’s system of quality control”. The Inspection team enquired into the Firm’s compliance with the requirements of SQC 1 relating to Leadership Responsibilities for Quality within the Firm, to obtain an understanding of the governance and management structure of the Firm.
12. The Firm informed the inspection team that its governance and management structure includes a national leadership consisting of Head of audit, Chief Operating Officer (COO), Head of audit quality, Head of monitoring & remediation, Head of Ethics & Independence partner, and Head of audit consultation and Professional Practice Group (PPG). The Firm gets functional support from BDO International and BDO India LLP. The Firm also acknowledged that some leaders like COO, Ethics and Independence partners, Head of monitoring and remediation etc. are common for all BDO network entities in India.
13. However, the Firm could not provide any document demonstrating the existence of any policy or procedure for appointment and nomination of national leaders, including the Head of Audit and COO. There is no document to show the constitution of management as defined in the partnership deed. BDO’s Managing Partner/Deputy Managing Partner plays a role in monitoring of client acceptance as client acceptance and continuation policy provides that the report of internal inspection program is to be submitted to Managing Partner/Deputy Managing Partner; there is no such designation in MSKA; and BDO has Managing Partner/Deputy Managing Partner. Further, BDO International also monitors internal inspections of the Firm.
14. For the period under inspection, the Firm could not provide sufficient evidence about its Governance and Management structure to demonstrate compliance with element 1 of SQC 1 regarding Leadership Responsibilities for Quality within the Firm.
15. The Firm acknowledged the need for formal documentation in respect of the above matters and provided details of improvements made following the inspection with respect to implementation of process for maintaining trail of all changes made to roles of various members of the National Leadership, PPG and formal documentation of the policy formulation process. As these developments do not relate to the period covered by the inspection, an evaluation of the sufficiency of the documentation and details provided for meeting requirements of SQC 1 is not a part of this inspection report.
B. Independence requirements –
16. Para 18 of SQC 1 states that “The firm should establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including experts contracted by the firm and network firm personnel), maintain independence where required by the Code”.
Non-Audit Services (NAS) provided by BDO Network firms to audit clients of MSKA & Associates
17. The Firm intimated that evaluation of independence is done by considering non audit services provided by all BDO network entities in India. The Firm uses a tool for performing independence evaluation before acceptance and continuation of its audit clients. During a walkthrough of this tool, it was observed that the non-audit engagements are analyzed in terms of permitted or non-permitted services as per the Act. However, the Firm could not demonstrate how it analyses self-review and self-interest threats as required under the Code of Ethics.
18. On the basis of engagement letters provided to the inspection team in respect of nine sample audit clients, it was observed that BDO network firms were providing to the Firm’s audit clients non-audit services that are restricted u/s 144 of the Companies Act, 2013 and/or had created self-interest/self-review threat. There is no evidence that evaluation of self-interest threat, self-review threat and provisions of the Act was done before acceptance of these non-audit services. On query, NAS Evaluation Memos (MS word files) were submitted to the inspection team for all the below mentioned NAS. However, those memos were created on a later date i.e. 31.01.2024. Creation of such crucial documents at a later stage is treated as an afterthought and not considered appropriate evidence. Some examples are detailed hereunder.
a) BDO India LLP (BDO) provided a valuation service (a NAS), to company ‘A’ in June 2022, related to the purchase of a unit of another company. This valuation was conducted for internal management purposes at company ‘A’, and the report, was issued by the BDO and adopted by the company ‘A’ in June 2022. Subsequently, in the same month, Company ‘A’ approached MSKA for the appointment as a statutory auditor. MSKA issued a consent letter in July 2022, and the appointment was approved by the Company’s Board in August 2022. The purchase of asset evaluated by BDO had materialized during the year under audit.
As per Para R400.30 of the Code of Ethics, Independence, shall be maintained during both: (a) the engagement period; and (b) the period covered by the financial statements. Considering that the Firm was appointed as statutory auditor for audit of financial statements from FY 202223, during which the above referred valuation service was provided by BDO, and the fact that related asset was purchased during the year, resulted in self-review threat, which was not the part of the Firm’s independence evaluation system. This raises question on the independence evaluation system of the Firm.
b) BDO provided a range of NASs to group entities of company ‘B’ (An audit client of the Firm), and the fees for non-audit services exceeded the statutory audit fees. This resulted in a self-interest threat and indicated that the Firm’s evaluation of the self-interest threat was inadequate.
c) BDO provided NAS to company ‘C’ relating to identifying tax/regulatory implications and compliance requirement for the options identified by the management for acquisition of other company. This created a self-review threat as (i) statutory audit requires review of tax and regulatory matters having impact on the financial statements; and (ii) the Firm avails services of tax experts from BDO during statutory audit. The Firm’s evaluation of the self-review threat was therefore inadequate.
d) BDO provided NAS to Company ‘D’ involving the compilation of a list of select ERPs and training to staff on use of ERP. Since an ERP includes a financial information system used for the preparation of financial statements audited by the Firm, provision of this service falls under the category of “design and implementation of any financial information system,” which is prohibited under Section 144 of the Act. Further, this service posed a self-review threat, as the Firm was involved in a process directly related to preparation of the financial statements audited by it.
e) BDO provided NASs to Company ‘E’, which involved sharing the best practices for ERP upgrades and staff training. The fee for these services was 82% of the statutory audit fee. This is a violation of Section 144 of the Act being the NASs related to the preparation of accounts; created a self-interest threat due to significant financial involvement, and created a self-review threat as the ERP is linked to the financial statements audited by the Firm.
19. There were no policies or written documents to ensure that BDO network entities do not provide prohibited services to the audit clients of the Firm M/s MSKA & Associates.
20. Without admitting any non-compliance, subsequent to inspection, the Firm took a decision that non audit services will not be provided by BDO India entities to NFRA regulated audit clients of M/s MSKA & Associates; and all BDO India entities will provide only audit and attest related services to the Firm’s NFRA regulated clients from 30 June 2024.
Personnel independence
21. The Firm has a policy of obtaining engagement specific independent declarations and annual declarations from Engagement Team (ET) members. These declarations quote the guidelines of ISAs & IESBA rules, which are not aligned with Independence requirements of section 141 of the Companies Act, the Code of Ethics, and SA 220 as these declarations do not explicitly cover (a) financial relationships and financial interest in associate company of the auditee company; and subsidiary of the holding company of the auditee company; and (b) do not include ‘relatives’ of the ET members, which are requirements as per Indian laws. Further, Independence declarations of some ET members, normally taken at the start of the audit, are not available in the sample Audit File. There are no guidelines for Independence compliance inspection for experts of BDO network entities used by the Firm. There is no policy or procedure to obtain details of financial holdings from partners and directors of BDO network entities to evaluate auditor’s independence. Thus, the Firm’s policy and procedures do not fully comply with the independence requirement of SQC 1.
22. The Firm intimated the steps taken by it after the inspection, to enhance independence compliance like updating Independence Workbook in APT to comply with Indian laws; updating NAS memo demonstrating conflict management on PIE clients which is now part of mandatory documentation in the APT to evaluate threats according to the Code of Ethics; and updating annual & client wise independence declarations to ensure that they include compliance with Companies Act, 2013 and Indian Statutory provisions. However, an evaluation of these steps taken subsequent to the inspection is not a part of this report.
C. Audit Documentation – Improvement required in APT application- the Audit Work Papers can be modified after being electronically signed off leaving room for blank work papers and modification after signing off the AWPs
23. The Firm maintained Audit Files electronically in an online application of BDO namely APT. The APT application allows the preparer and reviewer to sign off on Audit Work Papers (AWP). The application supports multiple sign-offs by different or the same people. The Application allows for AWP’s modification after signing off of AWP by the reviewer without mandating the modifier to sign-off after such modification. This fundamental flaw in the integrity of the documentation also leaves a possibility of including even a blank AWP which can be filled up and/or audit evidence can be attached at a later date without affecting the earlier signing-off date. Two blank templates relating to impairment testing were signed off by the ET in the Audit file of company- F raising questions about integrity of the Audit documentation.
24. The Inspection team noted that this is non-compliance to paragraphs 8, 9 & 13 of SA 230 (audit documentation) and paragraphs 77 & 79 of SQC 1, as the name of the person who modifies the AWP, and nature & timing of modification are not recorded. It also shows that sufficient appropriate audit evidences are not obtained before issue of the audit report as evidenced from large scale modification of AWPs post issue of audit report which were not signed after such modification (paragraph 48 of SA 700). Hence, the integrity of the audit documentation, as required by SQC 1, is not maintained.
25. In one case, the Inspection team observed that EQCR had signed off the AWPs after the date of the audit report. This is violative of para 61 of SQC 1 and para 19 (c) of SA 220 as there is no evidence of completion of EQCR’s review before the date of the Audit report.
26. No record is maintained for the hours spent on audit engagement by the ET members as observed in one audit file. On this matter, the Firm is not compliant with its own requirement of maintaining time sheets in its system.
27. Audit Documentation of the Firm comprises electronic audit documentation and physical files. This duality of audit documentation and the lack of integration between electronic and paper files poses risks of non-compliance with SQC 1 and other Standards on Auditing (SAs) and raises concerns about the reliability of audit documentation. It is recommended that going forward, all hard copy documents should be stored in the APT application before archival.
28. The Firm intimated the steps taken by it after the inspection to enhance the audit documentation like updating its ‘Data Security & Storage Policy’ for audits in 2023-2024, reducing the archival policy to 15 days, and regular booking of time sheets. However, these steps do not address the issues mentioned above.
D. Policies and procedures for Complaints and Allegations
29. The Inspection team noted that the Firm needs to put in place policies to deal with complaints and allegations about non-compliance with professional standards, regulatory and legal requirements, or the Firm’s system of Quality Control originating from within or outside the Firm to ensure compliance with para 101 and 102 of SQC 1.
The Firm submitted that starting March 30, 2024, it has introduced a whistle blower Policy, allowing employees, consultants, retainers, partners, vendors, or third parties to report allegations of malpractice or wrongdoings. However, an evaluation of the same is not a part of this report.
E. Client Acceptance and Continuance Policy
30. SQC 1 requires that the firm should establish policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide it with reasonable assurance that it will undertake or continue relationships and engagements only where it – a) has considered the integrity of the client and does not have information that would lead it to conclude that the client lacks integrity; b) is competent to perform the engagement and has the capabilities, time and resources to do so; and c) can comply with the ethical requirements.
31. The Firm’s policy and procedure regrading client acceptance and continuance needs to be strengthened in the following areas.
a) Details of engagement fees are not mentioned in the client acceptance and continuation form; no evaluation is done whether the proposed fee will be sufficient to complete the engagement with requisite quality; and there is no evidence that the fee received/receivable on account of other engagement (non- audit service) are evaluated before the acceptance of engagement.
b) The checklist used for client acceptance and continuation is filled incomplete and the information is inadequate. Further, the checklist is physically signed by the preparer, Engagement Partner (EP) and Professional Practice Group (PPG) member on the same day through the scanning of signatures, even when EP and PPG group members are from different locations. This process does not provide reasonable evidence of work performed by the person whose scanned signature is used. The Firm intimated that it had strengthened this process and all approvals will now be done via emails.
c) The capabilities of the Firm having sufficient resource like relevant qualification, experience and expertise is not evaluated before client acceptance. In the Firm’s updated checklist, effective from December 15, 2022, the engagement partner’s and the Firm’s adequacy in expertise and experience to render services to the client is to be answered in ‘yes’ or ‘no’ only. This does not demonstrate qualitative evaluation of sufficiency of resources; and qualifications & experiences thereof. Similarly, response to various other checklist parameters are also answered in ‘Yes’ and ‘No’ without maintaining any supporting documents/details.
d) The conflict of interest was not evaluated before the acceptance of the client for one company as per client acceptance checklist.
e) Some of the documents relating to client acceptance and continuance were ‘Draft’ in nature and final documents were not available.
32. The Firm submitted that the client acceptance and continuity process has been strengthened, and the client acceptance and continuity process is set to be automated by November 2024, involving dedicated teams for review and approval, PMLA, background checks, quality risk parameters, and acceptance conditions. An evaluation of these steps taken subsequent to the inspection is not a part of this report.
F. Assignment of Engagement Partner & other ET members
33. Para 42 of SQC 1 provides that the firm should assign responsibility for each engagement to an engagement partner; and the firm should establish policies and procedures requiring that: (a) The identity and role of the engagement partner are communicated to key members of the client’s management and those charged with governance; (b) The engagement partner has the appropriate capabilities, competence, authority and time to perform the role; and (c) The responsibilities of the engagement partner are clearly defined and communicated to that partner. Further para 44 of SQC 1 further requires the firm to assign appropriate staff with necessary capabilities, competence and time to perform engagement in accordance with professional standards and regulatory and legal requirements, and to enable the firm or engagement partner to issue reports that are appropriate in the circumstances.
34. The Firm informed the inspection team that the Head of Audit decides EP for each engagement. However, there is no document in support of this statement. There is no process to prepare formal document about nomination of EP. Further, the audit engagement teams at the Firm comprised employees from the Firm, BDO network entities, and external entities, even though affiliates were not registered with ICAI. In the audit files on APT, the employer firms of the engagement team members were not specified, and many team members from other BDO network entities were junior staff serving as preparers, rather than experts. There is no documentation in the audit files explaining the selection process for these team members or the assessment of their need, indicating a lack of transparency and potential common control across BDO network entities. Additionally, no records were maintained to evaluate the qualifications or experience of the engagement team, including staff from other network firms. This process is not fully aligned with para 42 to 44 of SQC 1.
35. The Firm acknowledged the need for a formal checklist/document in regard to assignment of EPs, and submitted that it had released a client acceptance form incorporating evaluation of qualifications or proposed team experience. Additionally, they circulated an ‘Audit Team Experience’ template to engagement teams, allowing them to document and evaluate the qualifications, competence, and experience of all team members deployed on the engagement. An evaluation of these steps taken subsequent to the inspection is not a part of this report.
F. Learning and Development
36. The Firm has a policy for Learning and Development which states that “Attendance is compulsory for all Audit Staff and in case the person absents himself from the training without appropriate permission, disciplinary and remediation action will be taken and it may also have an impact on the Annual Appraisal”. During the period covered under inspection, 41% audit staff were non-compliant to Firm’s training requirements; on review of attendance sheet of one training program, it is observed that the trainer was present for almost 1 hour 30 mins, however, many attendees left the training after 30 sec/15 mins/30 mins. These are non-compliances of the Learning and Development policy of the Firm for which no disciplinary action was taken, but only appraisal was impacted for these non-compliances.
Further, the content of the Firm’s PPT used during training namely “Compliance with independence policy and code of conduct for prevention of insider trading” does not cover all aspects related to Independence i.e. the relatives mentioned are not as per Companies Act; and section 141 of the Companies Act is not entirely covered in the PPT.
Therefore, the implementation of the learning and development policy of the Firm needs to be strengthened.
37. The Firm submitted that starting April 2024, non-attendance to trainings will be strictly monitored. A new software will automate attendance tracking, align with HR processes, and provide personalized dashboards for individual progress. However, an evaluation of these steps taken subsequent to the inspection is not a part of this report.
PART C
Review of Individual Audit Engagement Files Focusing on Selected Areas of Audit
38. This section discusses deficiencies observed with respect to five selected audit engagements named as Company – F, Company – G, Company – H, Company – I and Company – J. The inspection focused on three audit areas viz., related party transactions, ICFR revenue, and impairment of non-financial assets, for detailed review. Certain critical audit procedures performed by the Firm’s engagement team in respect of these audit areas were reviewed viz., identification and assessment of risk of material misstatement, internal controls, design and execution of audit procedures in response to assessed risk (test of controls, test of details, sample sizes, and analytical reviews etc.), accounting estimates, accounting policies/disclosures and evaluation of identified misstatements. The observations are listed below.
A. Observations relating to Related Party Transactions (RPT)
Evaluation of fraud risk – Company ‘F’
39. Company – F recognized large amounts of provision for doubtful loans in respect of loans given to its joint venture and subsidiaries in three off-shore jurisdictions, presented as exceptional items. The off-shore joint venture and subsidiaries passed on these loans to subsidiaries of another joint venture company in another (fourth) off-shore jurisdiction. Similar provision for doubtful loans given to overseas subsidiaries and joint venture were recognized in FY 2019-20 and 2020-21, and written off in FY 2021-22. Again in FY 2022-23, the company – F gave fresh loans to one of the off-shore entities, but the purpose and terms & conditions of this loan were neither evaluated by the ET nor disclosed by the company. In view of the unusual nature of these transactions, the ET was required to assess the fraud risk in relation to the above entries (para 32c of SA 240, para 25 & 28 of SA 315, para 5 & 6 of SA 330, para 17 & 18 of SA 540, and paras 18 to 20 of SA 550). However, appropriate audit evidence of the ET’s evaluation of fraud risk was absent. ET relied on the projected cash flows of these off-shore companies provided by the Company -F without performing appropriate audit procedure to check the reliability of the projected cash flows.
40. Further, there were inconsistencies in reporting, as different amounts of provision for doubtful loans were reported at different places in the financial statements. This difference was due to the exchange rate difference between recognition date and reporting date. The inconsistent disclosure of the same transaction across different sections of the financial statements, without clarification, represents a significant reporting deficiency.
41. Further, the disclosure related to the exceptional items is not sufficient and appropriate from the user’s perspective as it does not state the details of the loans (date of loan disbursed, balance outstanding, repayment terms, interest rate, interest accrued); and names of the related parties to whom loans were given.
42. Further, the Audit File does not have a record of verification of the refund of loan amount by the off-shore joint venture to company – F.
Failure to report violation of section 185 of the Act regarding utilization of loans amount for principal business activities of borrower companies
43. Section 185 of the Companies Act 2013 states that a company can give loans to related companies in which directors are interested only if the amount is utilised for principal business activities of the borrower companies. In the case of company -F, the ET did not verify the end use of the proceeds of the loans given by the company to such related parties, they simply relied on management assertions. In the relevant checklist available in the Audit file, compliance to section 185 is written as ‘NA’, which indicates that no audit procedure was performed to verify compliance with section 185 of the companies act. Contrary to that it was reported in para (iv) of the report issued under Companies (Auditor’s Report) Order (CARO) that company F had complied with section 185 of the Companies Act. This is a violation of CARO.
Incomplete and incorrect Related Party Disclosures and inadequate audit procedures in respect of Related Party Transactions in some cases
Company – ‘F’
44. The Related Party Disclosure (RPD) in respect of loans is incomplete. Company – F has simply disclosed the terms & conditions as ‘effective interest rates’ but did not disclose interest rates and repayment terms etc. Further, some of the terms & conditions are scattered at different parts of the financial statements that too without cross referencing of relevant notes.
45. In respect of Related Party Transactions, the Audit file lacks the required documentation of approvals by the Audit Committee as mandated under Section 177 of the Companies Act, 2013, viz., some documents are maintained in limited review file without any referencing in the Audit file; information of the related party wise approval given by the Audit committee is not available; and whether the Audit Committee had reviewed the transactions executed under the omnibus approval, as required under Rule 6A of the Companies (Meetings of Board and its Powers) Rules, 2014.
46. One joint venture entity of company – F became its subsidiary during the year and company – F disclosed the same as subsidiary as well as Joint Venture (w.e.f. 16.12.2021), without mentioning the date when this joint venture became subsidiary resulting in ambiguity in disclosure.
47. The disclosure of Related Party Transactions in the standalone financial statements for FY 2022-23 related to a sale of land to a related party of substantial amount in the previous year FY 2021-22 was incorrectly disclosed as transaction with another entity.
Company ‘G’
48. Para 18(a) of Ind AS 24 (Related Party Disclosures) requires the disclosure of the amount of the transactions with the related parties. However, RPT pertaining to investment in subsidiary companies is incorrect as the outstanding balances are shown as transactions during the year for all subsidiaries and this information is not disclosed under the heading ‘Balance Outstanding As At The Year End’. Further, investment transactions during the year have not been disclosed at all. The Firm admitted this as an inadvertent error and assured us to discuss the same with the management & Joint auditor to ensure that appropriate disclosures in the financial statements are provided in future.
49. As per Para 18(b)(i) of Ind AS 24, entities are required to disclose the amount of outstanding balances, including commitments, along with their terms and conditions, such as security arrangements and the nature of the consideration for settlement. However, the company’s financial statements for FY 2022-23 do not provide necessary disclosures regarding the terms and conditions like sanctioned limits, undisbursed amounts, and security available against the loans given. This omission constitutes non-compliance with the requirements of Ind AS 24. The Firm did not report this non-compliance.
50. There is no evidence in the Audit File that ET had verified the terms and conditions of the loan sanctioned to and availed by a subsidiary with those approved by the Audit Committee. The Audit File has no evidence of Sanction Letters (to verify amount, rate of interest, purpose of loan, repayment terms etc.), and bank statements (to check disbursed amount, interest charged, repaid amount, balance outstanding).
51. The rate of interest on loans given to related parties was incorrectly disclosed as 11.15% as against the correct rate of interest of 8.75% for one loan and 13.25% for another loan. Additionally, it was wrongly disclosed that the above loans were repayable on demand whereas the second loan was for a period of 24 months. The Firm assured to take up the matter with the management for proper disclosure.
Further, based on the audit file, the calculation of interest for the loan does not align with the stated rate of 8.75%, indicating inadequate audit procedures.
52. The personal guarantee, provided by a related party to banks for loans taken by company -G, was released by the banks during the financial year, but the fact of release of guarantee was not disclosed in the Related Party Disclosure. This guarantee should have been disclosed in the financial statements for both the year when the guarantee was in effect and the year when it was released. This omission constitutes non-compliance with the disclosure requirements mentioned in Ind AS 24. The Firm assured us to take up the matter with the management to provide adequate cross reference in related notes.
Company ‘H’
53. Para 18(b) of Ind AS 24 requires disclosure of the amount of outstanding balances, including commitments with the related parties. However, there is no disclosure of balances pertaining to “Investments in related parties”. Further, para 18 (b) (i) of Ind AS 24 requires disclosure of the amount of outstanding balances, including commitments, and their terms and conditions, including whether they are secured, and the nature of the consideration to be provided in settlement. However, the terms and conditions approved for Borrowings and Advances are not disclosed. This is a non-compliance of Ind AS 18. The Firm did not report this non-compliance.
54. As per Section 186(4) of the Companies Act, 2013, a company is required to disclose in its financial statements full particulars of loans given, investments made, guarantees provided, or securities offered, along with the purpose for which these are to be utilized by the recipient. In this case, the company pledged a significant number of equity shares as security against a term loan taken by a related entity. However, the financial statements did not disclose the purpose for which the term loan was availed by the recipient. This constitutes non-compliance with Section 186(4) of the Companies Act, 2013, and was not reported as required under para (iv) of CARO.
Further, the pledge of significant fresh shares by company -H during 2022-23 for loan taken by a related party was not disclosed in Related Party Disclosures; and ET did not verify the approval of Audit Committee and Board of Directors for pledge of fresh shares by the company as the Audit File has no evidence of such verification.
55. Clause (iv) of CARO requires reporting in respect of loans, investments, guarantees, and security, whether provisions of sections 185 and 186 of the Companies Act have been complied with and if not, then details are to be provided. However, in the CARO report, the Firm reported only partial compliance of Section 186 i.e., regarding sub section (1) relating to layering of investment. Compliance with other sub sections of Section 186 was not checked/reported by the EP. This is also a non-compliance with CARO.
56. The company did not disclose the names of some of the directors, CFO and company secretary in the Related Party Disclosures, which is in non-compliance with Ind AS 24. The Firm assured to take the necessary action to ensure that appropriate disclosures are made from next year.
57. As per financial statements of company – H, there is a movement of substantial amount in related parties borrowings from current to non-current. However, the change in terms & conditions of borrowings are not disclosed by the Company in related party disclosure. Further, the Audit file does not have a copy of the approval of the Audit Committee for this change and the reason for the change has not been verified by the Auditor.
58. In respect of Related Party Transactions, the Audit file lacks the required documentation of approvals by the Audit Committee as mandated under Section 177 of the Companies Act, 2013, viz., some documents are maintained in limited review file without any referencing in the Audit file; and information of the related party wise approval given by the Audit committee is not available.
59. Company – H had disclosed that the transactions entered into during the year 2022-23 with Related Parties were in the ordinary course of business and at arm’s length. However, there is no evidence in the Audit File of the audit procedure performed to verify the same (para 24 of SA 550).
Company -‘I’
60. The Audit File has no evidence of the ET’s verification of the Audit Committee (AC) approval for nature of RPTs and party wise transaction limit.
Company ‘J’
61. In RPT disclosures, the company did not disclose transaction wise outstanding balances making it opaque and difficult for the user to find out which outstanding balance pertains to which type of transactions. Further, para 18(b) of Ind AS 24 requires disclosure of the amount of outstanding balances including commitments, their terms and conditions including whether they are secured, the nature of the consideration to be provided in settlement; and details of any guarantees given or received etc., which is not complied with by the company. The Firm has assured us to discuss this matter with management and reassess the same for future.
62. Appropriate audit procedures were not performed to support a claim made in the Audit File that RPTs were conducted at Arm’s Length.
63. The Audit File has no evidence of the ET’s evaluation of existence of control during identification of related parties, which is necessary for understanding the relationships and appropriate disclosures.
B. ICFR – Revenue
Company ‘F’
64. ITGC1 sheet: Four computer dependent controls and four manual controls were identified. The IT team obtained two SOC reports of other Firm appointed by the company for 7 months, according to which change management, logical access controls were found ineffective on SFDC2 and SAP; and other ITGC controls were found ineffective on SFDC system. The IT team decided not to rely on report of other Firm since it covered only 7 months. Despite having a report of ineffective controls for seven months, the IT Team did not perform any alternative procedure for automated testing of computer dependent controls (ITGC). Thereafter, the Engagement Team performed only manual testing of these controls and concluded that these controls were effective. The Firm did not record why the IT team did not perform any Test of Control (TOC) for automated controls despite having evidence of ineffective controls.
65. The ET wrongly selected only 10 samples whereas 14 samples were required to be selected as per the Firm’s own guidance in respect of six TOC for revenue like Pricing; Agreement; Creation of customer; Invoicing; Collection; and Procession and Cancellation. This has made the entire TOC unreliable. Further, out of 10 samples selected for TOC of agreements, one sample was not tested to check whether agreements executed with the customer were in format approved by legal team, which was required to be done during TOC of agreements indicating incomplete testing of samples.
66. TOC on Pricing is found deficient because of the following:-
a) Attribute -1 relates to rate card approved by the pricing committee. It is marked as ‘yes’ for all 10 samples. There is no evidence in the Audit File about the date of approval of the price card by the committee and approved price for each product category.
b) Attribute -2 relates to comparison of sale price with rate card and generation of automated email to sanctioning authority in case of discount. There is no evidence about the actual sale price, discount and generation of automated email to the sanctioning authority, if any.
c) Attribute – 3 relates to approval by authorized personnel. There is no evidence whether transactions of 10 samples were approved by authorized personnel. Further, there was no evidence in the Audit File that ET had checked the authorized personnel.
67. In respect of TOC for creation of customer, five attributes were identified, and all were marked as ‘Yes’ for all ten samples. This testing is found to be deficient due to the following:
a) Attribute 1 relates to verification of authorization matrix for approving the application form/agreement. No detail of authorization matrix is available in the audit file.
b) Attribute 2 relates to agreeing details of customer entered in SFDC with the application form/agreement. The Audit File has no evidence of details agreed by the ET.
c) Attribute 3 relates to verifying the Bank Transfer Receipt in SFDC. It is an H2H transaction. There is no record of the amount received from 10 customers; name of the banks; and date of receipt of the amount.
d) Attribute 4 relates to approval of customer. No test was performed on the basis that samples were selected from the sales order report, which consider only approved customers. Without performing any test, all samples were marked as ‘Yes’, which is not appropriate.
e) Attribute 5 relates to agreeing customer record in SFDC and SAP. There is no evidence of the nature of customer record agreed by ET.
68. Similarly, for other controls (Invoicing, Collection, Procession and Cancellation), there is no record in the Audit File documenting evidence of the control testing for selected samples. Tests to be performed are only mentioned in the Audit File and ‘Yes’ has been written for the 10 samples selected without mentioning details of the procedures performed and documents related to the same. The Firm replied that the ET had performed necessary audit procedures but did not keep all the supporting documents due to voluminous nature and assured that going forward, ET will ensure that control attributes are well documented within the audit file.
69. Revenue (RCM Sheet) – On examination of the Audit File, it has been observed that walkthrough was done based on previous year’s data in respect of ‘Customer/Updation ID creation’, i.e. Sales Order report was used for the period ending December 2021. No test of control was performed to check whether control for customer creation was effective during the audit period i.e. FY 2022-23.
Company ‘G’
70. No test of control was performed to check (a) whether company G recognized interest on NPA loans on cash basis or on accrual basis; and (b) the rebates & discounts provided in respect of gold loans.
71. Company G allows repledge of gold (pledged in existing loan) with a condition that the system will not allow repledge of gold for rollover of existing loan until the due interest is paid. However, testing of the system revealed that repledge can be done without payment of due interest and the amount of new loan can also include the due interest. This is tantamount to refinancing of accrued interest that has already been recognized as revenue. This weakness in internal controls was not reported by the EP. Further, rollover of existing loan is akin to evergreening of loan, thus, ET was required to evaluate whether this practice is in compliance with RBI guidelines, which was not done.
Company ‘H’
72. It is recorded in the Audit File that the marketing finance team creates dealer code in dealer master (SAP) based on dealer approval form approved by Senior Marketing Manager (SMM). Out of 154 total new dealer additions, a sample of 11 dealers was tested for this control. However, testing was inadequate as the column whether approved by SMM’ is blank for all 11 dealers. Further, there is no evidence in the Audit file regarding verification of approval form by the ET. Also, only 4 out of 11 selected dealers were verified through SAP master. Therefore, the conclusion regarding operating effectiveness of this control is based on inadequate testing.
73. TOC on Revenue completeness: This control was identified for the risk that goods are shipped to the customers without generation of invoices. However, no testing was done to verify the reconciliation between dispatch of goods and generation of invoice.
Company ‘I’
74. No audit procedure was performed by the ET to check the approval process of Delegations of Authority (DOA) for price conditions including discount/rebates.
75. As per the company’s policy, credit limits are to be approved by Chief -Sales and Vice President – Finance. Two samples were tested by the ET viz., one normal and another exceptional. The Audit file has evidence of only exceptional sample approved by CFO; and there is ambiguity regarding the specific approval provided by Vice President – Finance. Further, no audit procedures were performed to verify whether the approved credit limits were accurately entered into the system. The lack of documentation supporting the inspection of relevant approval documents in the Audit file raises concerns about the adequacy of the audit procedures conducted.
Company ‘J’
76. While testing the risk of invalid sales orders, the audit team noted that they had ensured that the sales order (SO) matched the purchase order (PO) of the customer. However, there are discrepancies between the PO quantity in the sales register; and SO (as per Firm’s testing) included in the AWP, which shows that the ET only collected statistical information but did not evaluate the data making test of control a mere formality.
77. As per the Audit file, price conditions are approved according to the Delegations of Authority (DOA). However, no audit procedure was performed to check the source who approved the DOA. Further, the audit team did not verify and authenticate the authorization matrix for issuance of Debit note and Credit note.
78. The ET enumerated the TOC requirements for various TOC areas in the Revenue cycle. Afterwards, the ET selected and tested the sample in different TOC areas. However, the ET did not perform procedures in respect of some of the areas as enumerated in TOC requirements, like ‘screen shot of entry made in the system’, ‘Authorization matrix and name of respective divisions/CFO’, and ‘Details of review and approval by respective divisions/CFO’ etc.
C. Impairment of non-financial assets
Company ‘F’
79. No impairment test was conducted for the goodwill allocated to a specific project. It is noted that the carrying value of this project was not included in the assessment of the relevant cash-generating unit. As a result, it cannot be determined whether sufficient headroom existed to support the conclusion that no impairment was required. The absence of this information represents a significant deficiency in the impairment assessment process.
80. Impairment for goodwill allocated to two projects was computed as NIL based on the ready reckoner value of land. However, the basis for the ready reckoner rate applied was not documented in the Audit file. Additionally, no audit procedure was conducted during FY 20222023 to verify whether the company held clear title to the land as of the reporting date. The absence of both the documentation for the ready reckoner rate and the verification of land title indicates deficiencies in the audit process.
Company ‘I’
81. The Firm did not evaluate valuation of Cement division done by BDO India LLP; the Audit File had no basis of assumption made by BDO valuation team and whether the company had assessed any indication of impairment of individual cement plant.
82. In the Audit file, Lookback Testing was performed based on the comparison of actual figures with budgeted figures for FY 2022 and FY 2023. However, no evidence was available to substantiate the correctness of these figures.
PART D
Chronology of events
| Sr. No. | Date | Event/Correspondence |
| 1. | 14.12.2023 | Intimation of On-site Inspection from NFRA to the Audit Firm. |
| 2. | 11.01.2024 | Pre-Inspection Meeting with MSKA held at NFRA office. |
| 3. | 23.01.2024 to 08.02.2024 | On-Site Inspection |
| 4. | 02.02.2024 to 03.05.2024 | Communication of Inspection Team’s Observations to Firm |
| 5. | 01.04.2024 to 21.06.2024 | Response received from the Audit Firm |
| 6. | 22.07.2024 | Draft Inspection Report sent by NFRA to the Audit Firm. |
| 7. | 24.07.2024 | Extension of 30 Days sought by MSKA for submission of reply to Draft Inspection Report |
| 8. | 30.07.2024 | NFRA granted extension of time upto 21.08.2024 to MSKA for submission of reply to Draft Inspection Report |
| 9. | 14.08.2024 | MSKA requested for in person meeting |
| 1. | 27.08.2024 | In person meeting held |
| 2. | 31.08.2024 | Submission of reply by MSKA to Draft Inspection Report. |
| 3. | 19.12.2024 | Communication of final Inspection Report to MSKA |
| 4. | 23.12.2024 | Comments on the final inspection report by MSKA |
| 5. | 02.01.2025 | Publication of Inspection Report on the website of NFRA as per Rule 8 of NFRA Rules 2018. |
Appendix A: The Firm’s response to this inspection report
Pursuant to Section 132(2) of the Companies Act, 2013 and Rule 8 of NFRA Rules, 2018, the Authority is publishing its findings relating to non-compliances with SAs and sufficiency of the Audit Firm’s quality control system. As part of this process, the Audit Firm provided a written response to the draft Inspection Report, which is attached hereto. NFRA based on the request of the Audit Firm has excluded the information from this report which was considered proprietary.
MSKA & Associates
Chartered Accountants
HO
602, Floor 6, Raheja Titanium
Western Express Highway, Geetanjali
Railway Colony, Ram Nagar, Goregaon (E)
Mumbai 400063, INDIA
Tel: +91 22 6238 0519
December 23, 2024
The Secretary,
National Financial Regulatory Authority
7th-8th Floor, Hindustan Times House
18-20 Kasturba Gandhi Marg
New-Delhi – 110001
Respected Madam,
Subject: Response to NFRA Inspection Report 2024 of MS KA Et Associates (FRN No. – 105047W)
On behalf of MIs MS K A Et Associates, I extend our sincere appreciation to the National Financial Reporting Authority (NFRA) for its inspection and for providing us with the opportunity to enhance our audit quality practices. We are committed to continuously improving our adherence to prescribed quality standards and ensuring the highest levels of integrity and competence in our audit engagements, including making efforts to meet the regulator’s expectations.
We have reviewed the observations outlined in the Inspection Report (Report No. 132.2-2024-00) received by us on December 19, 2024, and have carefully considered the recommendations and suggestions presented. We have already communicated our detailed responses to the draft inspection report which contained our explanations to the observations set out in the Inspection Report, and hence have not reiterated the same here. However, we have highlighted certain specific areas in Annexure A (Enclosed), for your consideration, that supplement and provide further clarity to the facts included in the Report. Accordingly, we kindly request NFRA to incorporate these amendments in the final report.
As we continue to improve and develop as an audit practice, we are committed to continually investing in strengthening our quality control framework. We greatly appreciate the observations and recommendations from Hon’ble NFRA and look forward to constructively engaging in evaluating and implementing further improvements to our policies and practices. We will be happy to address any queries or provide additional clarifications as needed.
Yours sincerely,
For MSKA & Associates
Chartered Accountants
ICAI FRN: 105047W
Vishal Divadkar
Partner
Encl. – Annexure A
Annexure A
–
Note:
1 ITGC – Information Technology General Control.
2 SFDC – Sales Force Dot Com
