Scope This Auditing Standard is applicable to Auditor undertaking any audit engagement under the Companies Act, 2013 or SEBI Act, 1992 or any other law for the time being in force. The Standard deals with Auditor’s roles and responsibilities in agreeing to the terms of audit engagement and entering into an understanding/agreement with the Management for the purpose of audit.
Effective Date The Standard is effective for audit engagements accepted by the Auditor on and after.
Objective The objective of this Standard is to prescribe for an Auditor to accept or continue with an Audit Engagement by agreeing to the terms of engagement with the Management or any changes .
Definitions For the purpose of this Standard, the following terms have the meaning attributed below:
i. Auditor Auditor means a Member of the Institute of Company Secretaries of India undertaking the Audit.
ii. Auditee An Auditee includes a person subject to audit under any law for the time being in force.
iii. Management Management includes the Board of Directors, those charged with governance and Compliance, KMPs or any other person authorised by the Auditee.
iv. Predecessor or Previous Auditor The term means an Auditor who has reported on the most recent audit assignment or was engaged to perform, but did not complete an audit assignment and has resigned, declined to stand for reappointment, or otherwise his services as such Auditor have been terminated.
Requirements:- Audit Engagement Process- An Auditor shall undertake the following steps with respect to his engagement as follows:-
Auditor Overview:- An Auditor may be appointed either as a result of one to one communication between the Auditor and the Auditee or through a tendering process.The provision of this Standard shall apply mutatis mutandis to offer for services of technical and financial bids to the extent applicable.
The following steps shall be taken care of by the Auditor:- Conducting a pre-engagement meeting with the Auditee, in case the Auditor is to be appointed by the Auditee on one to one basis or participating in a pre-bid meeting with the Auditee in case of tendering,to discuss about the terms of engagement, prior year audit results, appropriateness of reporting framework, understanding Auditee’s business and environment including internal control system, design & operation, audit process, periodicity of audit, determining nature and conflict of interest.
Selection or screening of prospective Auditee based on following risk /assessment:-
a. Client acceptance and engagement risk
b. Performance Risk – capacity and resources
c. Engagement Contract Risk
d. Reputation Risk
e. Commercials Communication of the willingness to take up the audit assignment after considering the aforesaid underlying process, periodicity and nature of audit including commercials, if any. Signing the engagement letter with the Management.
Appointing Authority:- The appointment of Auditor shall be made in a manner prescribed in the applicable Act, Rules, Regulations and Guidelines or in case where no such manner has been prescribed, it shall be made under the authority of the Auditee.
Rule 8 of the Companies (Meetings of Board and its Powers) Rules, 2014 provides that that the appointment of Auditor for undertaking Secretarial Audit shall be done by means of resolution passed at a duly convened Board meeting.
Similarly, Company Secretaries in Practice are authorised to conduct the internal Audit of credit rating agencies (CRAs) on half yearly basis and are also authorised to conduct internal audit of stock brokers/trading members/ clearing members on half yearly basis. Company Secretaries in Practice are authorised to conduct internal audit of Portfolio managers under SEBI (Portfolio Managers) Regulations, 1993.
National Securities Depository Ltd. (NSDL) and Central Depository Services (India) Limited (CDSL) have authorised Practising Company Secretary to undertake internal audit of the operations of Depository Participants. Both Depositories have also authorised Practising Company Secretary to carry out concurrent audit of Depository Participants which covers audit of the process of demat account opening, control and verification of Delivery Instruction Slips (DIS).
The Auditor shall ensure that the Auditee files the resolution appointing the Auditor with the prescribed authority, if law requires for the same. The Auditor shall obtain engagement letter and a copy of the resolution, if any, of the appointing authority and keep the same in his audit file for record and reference.
Audit Engagement Letter:- The Auditor shall obtain an audit engagement letter before the commencement of the audit clearly specifying the terms of engagement. Wherever the objective and scope of the audit and responsibilities of Management and of the Auditor have been sufficiently established by law, the engagement letter may give a reference of the provisions of the relevant law and also a statement that the Management acknowledges and understands its responsibilities for preparation and maintenance of records and for devising proper systems to ensure compliance with the provisions of applicable laws, Rules Regulations and Standards.
The terms and conditions of the engagement letter may be reviewed to meet the requirements of the Auditor, Auditee or subsequent changes in applicable law. The Auditor in such case shall obtain a supplementary/ revised engagement letter.
Communication to Predecessor or Previous Auditor:- The Auditor shall accept the assignment only after communicating with the Predecessor or Previous Auditor, if any, in writing at least seven days in advance.
Acceptance of the Engagement The Auditor shall give his formal written acceptance for audit engagement.
Audit Engagement Terms The principal terms of the audit engagement shall be documented in writing in the audit engagement letter or in other suitable form in writing and shall include the following:-
a. The objective and scope of the audit
b. The responsibilities of the Auditor
c. The responsibilities of Auditee and its Management
d. A statement that because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material non-compliance may not be detected, even though the audit is properly planned and performed in accordance with Standards.
e. Reference to the expected form and content of any reports to be issued by the Auditor and a statement that circumstance may arise in which a report may differ from its expected form and content.
f. Written representations to be provided by the Management to the Auditor.
g. The responsibility of the Management to make available to the Auditor adequate records, reports and other information in timely manner to allow the Auditor to complete the audit in accordance with the proposed time schedule.
h. Period within which (with Milestones) audit report shall be submitted by the Auditor.
i. Commercial terms regarding audit fees and reimbursements for expenses in connection of the audit.
Audit fees and expenses Audit Engagement Letter shall clearly specify commercial terms regarding audit fees and reimbursements in connection with the audit.
Audit Fees and expenses may depend on several factors including:-
- Size of the organization
- Location of Business and its branches
- Type of company (Listed/Unlisted)
- Nature of business
- Internal Controls mechanism
- Scope of audit engagement
- Frequency of audit, whether monthly, quarterly, yearly or concurrent audit
- Estimated man hours required to complete the assignment
Audit fees shall not be contingent or dependent on a particular finding or outcome. However, any fees prescribed by any court or judicial or quasi-judicial body or any other competent authority shall not be considered as success or contingent fees. Auditor is not permitted to charge or accept a fee for professional work which is calculated on a percentage basis except where that course is authorized by statute or has been approved by a member body as generally accepted practice for certain work. Auditor shall not pay a commission to obtain a client nor should he accept a commission for referral of a client to a third party.
Limits on Audit Engagements:- An Auditor(PCS) shall not accept audit engagement beyond the limits of number of audits, if any, as may be specified under applicable laws or by ICSI. Independence and Disclosure on Conflict of Interest by an Auditor:-An Auditor shall be independent in his role as Auditor and there shall not be any actual or even perception of conflict of interest. Any potential perception of conflict of interest must be disclosed by the Auditor before accepting the audit assignment or as soon as he becomes aware of the same, as the case may be.
Conflict of Interest may arise in the following situations:-
a) Ownership:- where an Auditor holds more than 2% in the paid-up share capital or ownership capital of the Auditee, there may be a perception of conflict of interest. In such cases, the Auditorshall make disclosure before accepting the audit assignment or as soon as he becomes aware of the same, as the case may be. There may also be a situation where the Auditor holds more than 10% in the paid-up share capital or ownership capital of the Auditee, which may seriously impair the independence of the Auditor. In such cases, the Auditor shall not accept the Audit Engagement.
b) Financial Interest:- where an Auditor is indebted to the Auditee for an amount, as may be prescribed by ICSI, the Auditor shall disclose the same before accepting the audit assignment or as soon as he becomes aware of the same, as the case may be. There may also be a situation where the indebtedness may seriously impair the independence of the Auditor. In such cases, the Auditor shall not accept the Audit Engagement.
c) Relationships:- where a Relative (as defined under the Companies Act, 2013) of the Auditor is the Owner, Director or KMP of the Auditee, the independence of the Auditor may be perceived to be seriously impaired. In such cases, the Auditor shall not accept the Audit Engagement.
d) Past Employment Relationship:- where an Auditor was in employment of the Auditee during the immediately past 3 (three) years, there may be a perception of impairment of Auditor’ independence. An Auditor shall not accept any Audit assignment unless 3 (three) years have lapsed from the date of acceptance of Audit Assignment.
i. The Auditor shall not disclose to outsiders, the information acquired as a result of audit engagement without proper and specific authority or unless there is a legal or professional right or duty to disclose;
ii. The Auditor shall refrain from using information acquired as a result of audit engagement to their personal advantage or the advantage of third parties.
iii. The Auditor shall maintain confidentiality even in a social environment. The Auditor should be alert to the possibility of inadvertent disclosure, particularly in circumstances involving long association with a business associate or a relative.
iv. The Auditor shall also maintain confidentiality of information disclosed by a prospective Auditee.
v. The Auditor shall also consider the need to maintain confidentiality of information within the firm or employing organization.
vi. The Auditor shall take all reasonable steps to ensure that employees, staff and other team members under the Auditor’s control and persons, from whom advice and assistance is obtained, shall adhere to the Auditor’s duty of confidentiality.
Limitations of Audit The fact that because of the inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some material misstatements or material non-compliance may not be detected, even though the audit is properly planned and performed in accordance with the Standards.
Internal control, no matter how effective, can provide an Auditee with only reasonable assurance about achieving the entity’s reporting objectives or compliance objectives due to the inherent limitations of internal control. Such Internal control systems and processes are responsibility of the Management. Accordingly an engagement letter shall include a statement that because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material non-compliance may not be detected, even though the audit is properly planned and performed in accordance with Standards. An independent audit conducted in accordance with the standards does not act as a substitute for the maintenance of internal control mechanism in the organisation which is the primarily responsibility of the Management.
Changes in Engagement terms:- An Auditor who, before the completion of the engagement, is requested by the Management to change the engagement to one which provides a lower level of assurance, shall consider the appropriateness of doing so. Besides, the reason or rationale behind the request for revisions must be thoroughly scrutinised.
Any request from the Auditee to the Auditor to change the terms of engagement may result from a change in circumstances affecting the need for the service originally requested or a restriction on the terms of the engagement, whether imposed by Management or caused by circumstances.
The Auditor shall consider carefully the reason given for the request, particularly the implications of a restriction on the scope of the engagement.
A change in circumstances that affects the Auditee’s requirements or a misunderstanding concerning the nature of service originally requested shall ordinarily be considered a reasonable basis for requesting a change in the engagement.
In contrast a change shall not be considered reasonable if it appeared that the change relates to information that is incorrect, incomplete or otherwise unsatisfactory. Before agreeing to change an audit engagement to a related service, the Auditor who was engaged to perform an audit in accordance with the Standard shall consider, in addition to the above matters, any legal or contractual implications of the change. If the Auditor concludes that there is reasonable justification to change the engagement and if the audit work performed complies with the Standards applicable to the changed engagement, the report issued would be as per the revised terms of engagement.
LIST OF AUDITS WHICH MAY BE UNDERTAKEN BY A COMPANY SECRETARY UNDER VARIOUS STATUES:-
1 SECRETARIAL AUDIT (COMPANIES ACT 2013) (COMPANY)
2 SECRETARIAL AUDIT ( SEBI LODR 2015 REGULATIONS) (LISTED ENTITIES) 3 INTERNAL AUDIT (COMPANIES ACT 2013) (COMPANY)
4 AUDIT OF DEPOSITORY PARTICIPANTS (SEBI) (FIRM, PARTNERSHIPS LLP COMPANIES)
5 INTERNAL AUDIT OF STOCK BROKERS (SEBI ) (FIRM, PARTNERSHIPS LLP COMPANIES)
6 INTERNAL AUDIT OF INVESTMENT ADVISORS (SEBI) (FIRM, PARTNERSHIPS LLP COMPANIES)
7 INTERNAL AUDIT OF PORTFOLIO MANAGERS (SEBI) BODY CORPORATE 8 INTERNAL AUDIT OF CREDIT RATING AGENCIES (SEBI) PUBLIC FINANCIAL INSTITUTIONS,SCHEDULE COMMERCIAL BANKS ETC
9 INTERNAL AUDIT OF RESEARCH ANALYSTS (SEBI) (FIRM, PARTNERSHIPS LLP, COMPANIES)
Limits for the issue of Secretarial Audit Reports:
- 10 Secretarial Audits per partner/PCS, and
- An additional limit of 5 Secretarial Audits per partner/PCS in case the unit is peer reviewed.
- The limits will be applicable for the Secretarial Audit Reports issued for the FY 2016-17 onwards)235th meeting of the Council held on 11th February, 2016
- Number of Annual Secretarial Compliance Reports to be issued by PCS are 5 (five)
- Reports individually / per partner in each financial year w.e.f. 1st April, 2020 and an
- Additional limit of 5 (five) ASCR individually/ per partner in case the unit has been Peer Reviewed.260th meeting of the Council held on 4-5 May, 2019
In case of the following:-Secretarial Audit/ Secretarial Compliance Report to be done by Peer Reviewed Units only:-
- Top 100 companies as per market capitalization w.e.f. April 1, 2020
- Top 500 companies as per market capitalization w.e.f. April 1, 2021
- All listed companies w.e.f. April 1, 2022
- All companies w.e.f. April 1, 2023 259th meeting of the Council held on 16th March, 2019