How to do Statutory Audit

1. Introduction to Statutory Audit in India

A statutory audit is a mandatory audit required by Indian law for companies incorporated under the companies act to verify that financial statements are true and fair and compliant with relevant statutes, primarily the Companies Act, 2013. Conducted by independent auditors (who should be a practicing CA), it provides a comprehensive review of the company’s financial health, internal controls, and compliance standards

2. Step-by-Step Process for Statutory Audit

a. Pre-Audit Phase: Bidding and Engagement

1. Understanding Audit Scope
   The auditor first understands the scope of the audit by reviewing the company’s industry, operational size, and specific compliance needs. This phase involves a deep dive into any special requirements under the Companies Act or additional laws relevant to the company.
2. Submitting a Proposal
   The audit firm submits a proposal or bid that details their approach to the audit, estimated timeline, and fee structure. This proposal also highlights the firm’s experience and qualifications, which are crucial for winning the bid.
3. Signing the Engagement Letter
   Upon selection, both parties sign an engagement letter, which formally outlines the audit scope, fees, responsibilities, and audit timeline. This agreement solidifies the relationship and clarifies roles for both the auditor and company management.

b. Planning the Audit Process

1. Conducting a Walkthrough
   The walkthrough is an essential step in which the auditor reviews the company’s control processes by following a transaction (For Ex : order to cash process) through each step of the internal control system. This includes observing and documenting how key transactions are recorded, authorized, and reviewed.
• Key Outcomes: Understanding of internal control processes and identification of possible weaknesses that may introduce risk.
2. Identifying and Assessing Risk
   The auditor conducts a risk assessment on the basis of the understanding of walkthrough to pinpoint areas with a high likelihood of misstatements or compliance issues. Risks are categorized as inherent, control, or detection risks and help the auditor identify areas that need further scrutiny.
3. Setting Materiality Levels
   Materiality helps in defining the significance level for errors or omissions that would influence users of the financial statements. The auditor sets materiality thresholds (% of Profit, Revenue, assets etc.) based on the company's size, complexity, and risk levels to determine sample sizes and areas.
4. Developing the Audit Plan
   Based on the risk assessment and materiality levels, the auditor creates an audit plan that details specific procedures for testing each identified risk area. The plan specifies resources, sample sizes, and timeframes, ensuring a targeted and efficient audit.

c. Conducting the Fieldwork

Fieldwork involves performing substantive tests and control testing to gather evidence on the accuracy of the company’s financial records and controls.

1. Testing Controls
   Auditors test the effectiveness of the company’s internal controls which impact the company financial statement by selecting sample transactions and reviewing whether controls are applied correctly, such as approvals and authorizations.
2. Substantive Procedures
   Substantive procedures are direct tests of financial statement balances and disclosures:
• Profit and loss items : Auditor ensures the assertions of profit and loss account as follows

a. Occurrence: Ensures that recorded transactions and events actually took place and are genuine.

b. Completeness: Verifies that all relevant transactions and events have been recorded in the financial statements.

c. Accuracy: Confirms that amounts and data related to transactions are correctly recorded.

d. Cutoff: Ensures transactions are recorded in the correct accounting period.

e. Classification: Assesses that transactions are recorded in the proper accounts based on their nature.

• Balance sheet items : Examining underlying documents to verify transactions.

a. Occurrence: Ensures that recorded transactions and events genuinely took place.

b. Rights & Obligations: Confirms that the company has legal rights to assets and obligations for liabilities reported.

c. Completeness: Verifies that all relevant transactions, accounts, and disclosures are fully included in the financial statements.

d. Valuation & Allocation: Assesses that assets, liabilities, and equity interests are reported at appropriate values and properly allocated in the accounts.

• Analytical Procedures: Comparing ratios and trends with industry benchmarks to identify unusual variances.
  
  3. Materiality in Fieldwork : Materiality guides the auditor on the extent of sampling and helps focus on accounts with the highest impact on financial accuracy. Materiality levels set during planning influence the size of samples, thresholds for discrepancies, and investigation requirements for misstatements.

d. Review and Finalization

1. Internal Control over Financial Reporting (ICFR)
   ICFR is a critical evaluation of a company’s internal controls related to financial reporting. The auditor assesses whether the company’s controls are capable of preventing or detecting material misstatements in financial reports. Weaknesses or failures in ICFR indicate a higher risk of misstatements and may require the company to implement control improvements.
2. Main Audit Report
   The main audit report includes the auditor’s opinion on whether the financial statements present a true and fair view of the company’s financial statement. If the auditor identifies material misstatements or issues with internal controls, they may issue a qualified, adverse, or disclaimer of opinion.
3. Companies (Auditor’s Report) Order (CARO)
   CARO is a statutory requirement for certain types of companies, which mandates specific comments on areas like loans, fixed assets, and statutory dues. CARO ensures the auditor addresses certain compliance aspects, and any deviations or red flags must be highlighted in the report, impacting stakeholders’ understanding of company compliance and governance.

e. Presentation to the Audit Committee

1. Preparing for the Presentation
   The final report and significant audit findings are presented to the audit committee. This includes a summary of key findings, ICFR assessments, and CARO observations.
2. Addressing Questions and Feedback
   During the presentation, auditors respond to queries from the audit committee regarding findings, risk areas, and the adequacy of controls. Ensuring clarity and addressing any concerns helps the audit committee fully understand the audit scope and findings.
3. Issuing the Final Report
   After obtaining the audit committee’s feedback, the auditor finalizes and issues the statutory audit report, which is submitted to regulatory authorities as per legal requirements.

3. Compliance and Reporting Standards

Statutory audits in India must adhere to various regulations and standards:

• Companies Act, 2013: Sets requirements for statutory audits, auditor qualifications, and reporting standards.
• Indian Accounting Standards (Ind AS): Establishes formats and standards for financial statements.
• Institute of Chartered Accountants of India (ICAI): Regulates auditing standards and guidelines.

4. FAQs on Statutory Audits in India

• What is a statutory audit?
  It is a legally mandated audit to verify financial statement accuracy and regulatory compliance.
• Who can conduct a statutory audit?
  Only practicing Chartered Accountants registered with ICAI can perform statutory audits.
• What is CARO in statutory audits?
  CARO is a set of specific reporting requirements for auditors in areas like loans, fixed assets, and statutory dues.