logo
Courses Blog GPR Live Batch Blogs Success Stories Q & A Placement Free Resources AI Avatar Login

How Big 4 Firms Audit Listed Companies in India

Learn how Big 4 firms like Deloitte, EY, KPMG, and PwC audit listed companies in India. Understand the complete audit process including engagement letters, risk assessment, walkthroughs, test of controls, materiality, substantive procedures, IFC testing, and audit reporting with practical examples for CA students and professionals.

29 May, 2026

Introduction

So picture this. You've just joined a Big 4 firm — say Deloitte, EY, KPMG, or PwC — and your manager tells you that the team has been engaged to audit a large listed company. Maybe a Nifty 500 company. Maybe a mid-cap with ₹2,000 crore in revenue.

Now what?

A lot of CA students and even fresh articleship trainees think a statutory audit is basically just "vouching and verification." But the reality is far more structured and honestly, far more interesting. Let me walk you through the entire Big 4 audit process the way it actually happens on the ground.

Step 1: The Engagement Letter

Before a single file is opened or a single document is checked, the engagement letter is signed. This is the legal agreement between the audit firm and the company (technically, between the auditor and those charged with governance — the Audit Committee or Board of Directors). Think of it as the contract that says: "Yes, we are your statutory auditor. Here's what we will do, here's what you need to give us, and here's our fee."

No engagement letter = no audit. Simple as that.

Once this is signed, the audit officially begins.

Here is Sample Engagement Letter Format - Click Here

Step 2: Audit Planning — The Most Underrated Phase

Here's something most people outside a Big 4 don't realise: planning takes up a huge chunk of audit time, sometimes even more than the actual fieldwork.

Independence Confirmations

The very first thing that happens is that every single person on the engagement team from the junior associate to the Engagement Partner signs an independence confirmation. This is a declaration that they have no financial interest in the client, no personal relationship that could impair judgment, and no conflict of interest.
For a listed company, the independence rules under SEBI, ICAI, and global firm standards are quite strict. Miss this step, and the entire audit can be questioned.

Engagement Team Discussion

Once independence is confirmed, the whole team sits down often virtually these days for what's called an Engagement Team Discussion or a "brainstorming meeting." The senior auditors and managers share their experience with the client, flag past issues, discuss areas of risk, and brief the juniors on what to watch out for.
This is where you, as a fresher, actually learn the most. You're sitting with people who have audited this company (or similar companies) before, and they're telling you: "Last year, revenue recognition in Q4 was a mess. Watch that carefully."

Step 3: Understanding the Business and Its Environment

Now the team visits the client. And the first job is not to start checking invoices it's to understand the business.

This involves:

  • What does the company do? (Manufacturing? IT services? NBFC?)
  • What laws apply? (GST, FEMA, RBI regulations, SEBI LODR, Companies Act, sector-specific regulations)
  • What licences does it hold? (Import-export licence, environmental clearances, NBFC licence from RBI, etc.)
  • Who are the key customers and vendors?
  • How is the company structured? (Subsidiaries, joint ventures, related parties)
All of this is documented in the audit file under what's called the "Risk Assessment" section. This is required under SA 315 — Identifying and Assessing the Risks of Material Misstatement.

Real example: If you're auditing a pharmaceutical company like Sun Pharma or Cipla, you'd be looking at drug manufacturing approvals, FDA compliance (both Indian and US), export earnings, and R&D capitalization policies. Very different from auditing an FMCG company.

Step 4: Understanding Business Processes

After understanding the big picture, the team drills down into how transactions actually flow inside the company. These are called business processes or process walkthroughs.

The key processes in most listed companies are:

  • Order to Cash (O2C): How does a sale happen? From receiving a purchase order, raising an invoice, to collecting cash — every step is mapped.
  • Procure to Pay (P2P): How does the company buy things? From a vendor, raise a GRN, get invoice, approve payment all mapped.
  • Payroll / Employee Benefits Process: How are salaries calculated, PF deducted, gratuity provided?
  • Financial Close and Reporting Process: How are books closed each month? Who approves journal entries?
The auditor's job here is not just to understand, but to document usually in flowcharts or process narratives and then identify where things could go wrong. These are called risks in the process.

Step 5: Walkthroughs — "Show Me One Transaction"

Once the process is documented, auditors perform a walkthrough. This means: pick one real transaction from beginning to end, and trace it through the entire system.
For example, in the Order to Cash process: pick one sales invoice from a real customer, and trace it all the way from the original purchase order, to dispatch records, to the invoice in the accounting system, to the bank receipt. Does the actual transaction match the process management described? Is there proper approval at each stage?
This is usually done by juniors under guidance, and it's a fantastic learning experience. You're not just reading about processes you're living inside one.

Step 6: Test of Controls

After walkthroughs, auditors perform Test of Controls (TOC). Here, the auditor tests whether the internal controls that management claims are in place are actually working.

For example, if management says: "All payments above ₹10 lakh require CFO approval" — the auditor will pull a sample of 25 payments above ₹10 lakh and check whether each one has a CFO approval email or digital sign-off.
If controls are working well, the auditor can rely on them and reduce the amount of detailed substantive testing later. This is called control reliance — a very important concept in Big 4 audits.

Since control testing, walkthroughs, risk assessment, and process documentation form the backbone of modern audits, many CA students build practical clarity through the Master Blaster of Internal Audit before working on real client assignments.

Step 7: Materiality — Deciding What Actually Matters

Before jumping into substantive testing, materiality is calculated. Materiality is the threshold below which an error or misstatement is unlikely to affect the decisions of shareholders, banks, or investors.

In simple terms: if materiality is ₹5 crore, then a ₹50,000 error in an expense account is not worth losing sleep over. But a ₹6 crore error in revenue? That needs to be corrected. Different benchmarks are used:

  • Revenue (commonly used for companies with thin margins)
  • Profit before tax (most common)
  • Total assets (used for banks and financial companies)
There's also performance materiality a lower threshold used during fieldwork to catch a higher volume of potential misstatements.

Step 8: Substantive Procedures — The Actual "Checking"

This is the part most people imagine when they think of an audit. Substantive procedures involve directly verifying figures in the financial statements.
Auditors check specific assertions for each line item:

For revenue (income statement items):

  • Occurrence — Did the sale actually happen?
  • Accuracy — Is the amount correct?
  • Completeness — Are all sales recorded?
  • Cut-off — Is the sale recorded in the right period?
  • Presentation — Is it disclosed correctly in the financial statements?
For inventory or fixed assets (balance sheet items):
  • Existence — Does it physically exist?
  • Valuation — Is it valued correctly?
  • Rights & Obligations — Does the company own it?
  • Completeness — Is everything recorded?
Practical example: For inventory, auditors attend the physical stock count at the company's warehouse. They count samples, reconcile with the system, and check whether the valuation (FIFO or weighted average) is correctly applied.

For large companies like Tata Steel or Hindustan Unilever, this can span multiple locations across India.

Sampling is a critical part here. Auditors don't check 100% of transactions. They use statistical or judgement-based sampling to select a representative set.

Areas like assertions, sampling, inventory verification, revenue testing, CARO reporting, and financial statement review are exactly the kind of practical concepts covered deeply in the Master Blaster of Statutory Audit for students preparing for real audit work environments.

Step 9: Financial Statement Review and Analytical Procedures

Once all the detailed testing is done, auditors step back and look at the big picture again. They compare:

  • Current year figures vs last year
  • Actual results vs budget
  • Ratio analysis (gross margin, debtor days, inventory turnover)
  • Trend analysis across quarters
If revenue jumped 40% this year but costs only went up 5%, that's a red flag worth investigating. These are called analytical procedures and they're a powerful tool to catch what individual transaction testing might miss.

Step 10: Reporting — The Final Deliverable

After all procedures are done, the partner reviews everything, raises final queries with management, and the team issues the reports:

  • Main Statutory Audit Report under the Companies Act, 2013
  • Report on Internal Financial Controls (IFC/ICFR) — mandatory for listed companies
  • CARO 2020 Report (Companies Auditor's Report Order) — covering specific matters like loans, capital expenditure, fraud, etc.
Once signed, the audit file is archived, locked and stored within the prescribed timeframes under SA 230.

Here is a Sample Independent Auditor's Report - Click Here

A Note for CAs Reading This

If you're CA at a Big 4 or a mid-size firm, here's the real takeaway: every step has a "why" behind it.
Independence confirmation exists because auditors must be objective. Walkthroughs exist because you can't trust what management tells you without verification. Materiality exists so audit effort is focused where it matters most.
The Big 4 audit process is structured, documentation-heavy, and rigorous but once you understand the flow, it becomes logical and even enjoyable. You're not just ticking boxes. You're forming a professional opinion on whether ₹10,000 crore worth of financial statements are telling the truth.
And for a listed company with thousands of shareholders depending on that opinion? That's a serious responsibility and an incredibly valuable one to be part of.

Disclaimer: All images, company names, logos, and financial figures used in this content are purely for representative and educational purposes only. The information presented does not depict any real company data, actual financial records, or factual business transactions.

CA Tushar Makkar
Author - Auditing in real life | Consulting in India, US, Europe and Middle East | Content creator | Ex-PwC | CA AIR 47 Nov' 17 | YouTuber 55k+ | Expertise in manage accounts and Audit

Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
𝕏
CA Tushar Makkar 2026 Privacy policy Terms of use Contact us Refund policy
Bridging Textbooks & Corporate World | Special Offer | ENROLL NOW