AUDIT PROCESS & AUDIT DOCUMENTATION

Secretarial Audit (CS Professional)

Secretarial Audit under Companies Act 2013 aims at evaluating company’s compliances and abidance to statutory compliance as applicable to the company. It is a strategic mechanism that requires an independent examination of compliance requirements under various laws and processes, rules & regulations under Companies Act and other laws.

The importance of Secretarial Audit and need for independent expertise can be unraveled as it is one of the indicator to its stakeholder that the company is abidance with laws in true letter and spirit. An unqualified secretarial audit report, informs the stakeholders of the company on the legitimate approach of the company and its governance processes. It unboxes the ethical values and principles of the company to the statutory and regulatory authorities, promoters, bankers, members, creditors and other stakeholders on the disciplined approach of the company both at propitious and turbulent times.

Having read the applicability of Secretarial Audit often, let us move forward on the Audit Process and Documentation part of the Secretarial Audit

SCOPE OF SECRETARIAL AUDIT

Secretarial Audit process in normal parlance verifies compliance with the provisions of various laws, rules, regulations andstandards procedures and adherence to goodgovernance practices. It ensures that the effective systems and processes are in place for seeking and obtaining appropriate approvals of the Board and/or shareholders, as may be necessary, for the business and other activities of the company. Moreover the evident check on assuring the documentation that the company is carrying out activities in a lawful manner and maintains necessary records is the significance that this audit emphasis on.

The Secretarial Auditor shall act as independent examiner who expresses his opinion as to whether adequate systems andprocesses exist in the company in proportionate to monitorand ensure compliance with applicable laws, rules, regulations and guidelines.

PRE-AUDIT

The pre-audit stage broadly includes the appointment of Secretarial Auditor, preliminary discussion and preparation of an Audit plan. Lets’ have brief understand on the same.

• Appointment of Secretarial Auditor: The Company shall issue a formal letter to the Company Secretary in Practice for appointment as secretarial auditor alongwith the copy of the board resolution for appointment. The secretarial auditor shall confirmacceptance of appointment in writing to the company.

• Preliminary Discussion: The Secretarial Auditor shall ensure to have a preliminary meetingwith the senior management and the staff involved in the audit to gather basic understanding on the business and operations of the company and the manner in which auditactivities shall take place. Post to this discussion the secretarial auditor shall in a position to ascertain the scope and objectives of the audit gather information on important processes, evaluate existing control systems possessing ample information to prepare and finalize the appropriate audit plan and time frame of the Audit.

• Audit Plan: The audit shall be organized in such a manner all aspects of the organization are covered under audit objectives. The audit plan shall comprehensively outline the fieldwork and auditing tools to be used in the audit. The audit plan shall involve briefing the audit staff as to allotment of work and responsibilities.

At the initial stage, verification has to be done with the help of checklists. In the further course detailed checklist for each aspect of secretarial audit should be prepared and sensitized before commencement of audit. More importantly, it is essential that the audit plan adheres to the timelines.

As a part of Audit plan, the Secretarial Auditor is expected to undertake the following :

• Identification of broad audit areas;
• References to previous audit findings and observations from the Management and previous Auditor, if any
• Determination of matters/ areas requiring special attention,
• Assessment of Risk and Materiality
• Auditing techniques to be used
• Allocation of resources for the audit
• Preparation of audit schedule

It is important that an audit procedure should represent the broad framework of the manner of handling the audit,including techniques used for forming an opinion. It should also take into account systems and process activities for compliance of law. Ideally for items that are of event based the trigger test strategy could be applied where the parameters by which applicability of particular enactment, rule,regulation, guideline, provision, etc. is ascertained.

AUDIT PROCESS & AUDIT DOCUMENTATION

Now seeing it in the perspective of Section 204 of the Companies Act, 2013 and essence of this article to give an overview of the Audit Process and Audit Documentation, the following board steps might serve as map for Secretarial Audit purposes.

Step 1: Identification of Applicable Laws

The Secretarial Auditor shall make a list of various laws applicable to the Company as recognized appropriate by the Board of Directors or KMP of the Company in addition to the laws mentioned in the Form No. MR-3, the Secretarial Audit Report. The process shall include:

Identification and collation of Relevant Data

By identifying and collating the basic data and details as indicated below shall be helpful to apply trigger test to identify the applicability of the laws:

• Type or class of company such as Private, Public, Holding, Subsidiary, Foreign, Nidhi, Producer, Section 8, etc.
• Whether the company is listed or unlisted, if listed details of stock exchanges
• Geographic location of registered office, factory, branches, etc.
• Registration with various authorities such as SEZ, Sectoral Regulators, etc.
• Segment such as manufacturing or trading or service and further industry and market wise classification
• Agreements governing rights, obligations of shareholders such as Jointventure, shareholders’ agreements etc.,
• Key financial parameters such as Paid-up share capital,Turnover, Net worth,Borrowings, etc.
• Number, class and category of employees/workers such as women,contractual employees, etc.

Based on the above details collected the Auditor shall apply trigger test to identify and validate the of applicable laws

Segregation of specific, general and other applicable laws

The segregation of laws applicable into Industry specific, Region specific and othercategory is necessary to have a better understanding and approach for carrying out verification under various laws as per the table below:

Step 2: Verification of compliance with Laws

This part turns out to a tedious process wherein deep efforts are given to assess and verify the compliance the same time. This involves:

• Preparation of master checklist/ tracker

The Auditor shall prepare /create an exhaustive master checklist for laws based on his findings and suggestions from the Board. Further, he shall segregate the same into eventbased, periodical and calendar based compliances.

• Identification of Events/Corporate Actions

The Auditor shall identify events/corporate actions that took place in the period for which the audit is performed. Subsequently he will be able to arrive at the even based compliancesfrom the website of the regulators, statutory records, books and papers, interaction with the Company. Such event/action may be considered as having major bearing on Company’s affairs including but not limited to the following situations:

• Events/actions affecting going concern status of the Company
• Events/actions altering the charter documents of the Company
• Capital structure of the company
• Change in the affairs and management of the company
• Change in the licensing or permission for the business operation of the company
• Capacity expansion and utilization of the company.

• Verification of Compliance: The Auditor shall verify all event based and calendar based compliances with masterchecklists, making mention of source documents, records and representations relied for verification.

• Summarizing the examination outcome both Compliance and Non Compliances: On successful completion of above verifications, the Auditor shall create summary of outcome and highlight the non-compliances,if any, for seeking clarifications from management or for reporting the same as an observation of qualification in the Auditreport.

Step 3: Evaluation of Corporate Governance

The importance of Corporate Governance has more awareness on the ensuring below parameters are met by the company

• The Auditor shall verify overall composition of the Board including the minimumand maximum strength of the Board as per provisions of the Companies Act, 2013,SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015, Articles ofAssociation and provisions of other Acts, rules, regulations etc. (hereinafter to as “applicable laws”) as may be applicable tothe Company.

• The Auditorshall ensure optimum combination of Board by verifying the combination of Executive, Non-executive, Independent,Non-independent, retiring, non-retiring, woman, nominee in the Board as perprovisions of the applicable laws.

• The Auditor shall verify the eligibility criteria including qualifications of Directors, independency etc. inaccordance with the provisions/principles laid down in the Eligibility requirements of directorsas per provisions of the applicable laws.

• The auditor shall verify the constitution and composition of mandatory BoardCommitteesas per provisions of the applicable laws.

Step 4: Maintenance of Records, Systems and Processes

• The Auditor needs to check as to whether there is clear demarcation of responsibility and accountabilityfor ensuring various compliances to be done by the Company. In the absence of suchclear demarcation, the ultimate responsibility lies with the Board of Directors of theCompany. The auditor shall perform an assessment tounderstand compliance responsibility centers, control points, matrix, flow ofinformation/non-compliances escalation and the organization chat specifying the delegation of such responsibility.

• The auditor shall perform an assessment of Compliance tracker (manual or software) to understand its extent, coverage and severity mapping. The Auditor mayalso make assessment of Compliance manual/standard operation Procedures(SOP’s), if any, available with the Company.

• The auditor shall identify the non-compliances and instances of Show Cause noticesreceived, reply submitted by the company including the likely impact on theCompany based on provisions in accounts and disclosures in contingent liabilities,Penalty/fine levied to make assessment of compliance mechanism towardscompliances and risk assessment.

• The auditor shall perform an assessment of adequacy and effectiveness of themaintenance of records.

• The auditor shall identify sample size and timing for respective compliance forperforming concurrent audit to assess the adequacy of systems and processes.

• The auditor shall review the Compliance reports submitted to the management/Board at regular interval to assess compliance level as well as systems and process.

• The auditor shall perform an overall assessment of systems and process, based on above verifications andalso making an assessment of adequacy thereof, considering size, no ofunits/branches, severity of compliance shall be performed by the auditor.

Step 5: Audit Documentation

Documentationand Reporting of the events/actions having substantial impact onCompany’s affairs becomes a mandate to support and act as evidence for the Secretarial Audit Report issued by the Auditor.While the extent of checking is a matterof personal judgment; the auditor should safeguard himself against any possible charge of negligence inrespect of inaccurate or incomplete statements certified by him.

• The Auditor is advised to exercise reasonable care & due diligence. If question arises whether the approach to audit should be full or part or sample basis, thenCompany Secretary in Practice is advised to always prefer for complete checking if transactionsare less and if size of the organization is medium or small. However for bigger organization qualitytime need to be given throughout the financial year by frequent visits at regular intervals.

• Adequate enquiries should be made in respect of matters which are capable of direct verification. Mere getting certification from experts and or Management may defeat the purpose of this audit.

• The Auditor should obtain sufficient & appropriate evidences through the verification ofcompliances and other substantive procedures for drawing reasonable conclusions to form an opinion. Audit Documentation of the such information for further references is good practice:

• Working Papers: Working papers are a vital tool of the audit process. They form the basis for expression of the auditopinion. They connect the management’s records and information to the auditor’s opinion. Theyare comprehensive and serve many functions.

• Management Representation Letter: The Company Secretary in Practice may obtain a management representation letter from thecompany. The letter may be signed by Company Secretary/Managing Director/ SeniorManagement who would normally have authority to issue the same.The Secretarial Auditorcan use this letter of representation as part of his audit evidence.

• Submission of Secretarial Audit Report: After considering the clarifications/replies of the management, the secretarial auditor shall preparethe secretarial audit report in Form No.MR-3. The report is addressed to the members but is to besubmitted to the Board. The report shall contain the opinion on the statutory compliancesexamined by the auditor and shall state whether in his opinion the Company is carrying out / notcarrying out due compliances of the applicable provisions of the various laws. The report shall beprovided with or without qualifications.

• Signing of the Secretarial Audit Report: The Secretarial Auditor shall sign the secretarial auditor on whose supervision the secretarial audit was conducted indicating his FCS/ ACS number along withCertificate of Practice Number issued by the Institute of Company Secretaries of India.

In case of PCS firm, the secretarial audit report may be signed by the partner who conducted orunder whose supervision the secretarial audit was conducted indicating his FCS/ACS number alongwith his Certificate of Practice number. The secretarial audit report cannot be signed by anemployee of the PCS firm even if he/she may be a member of the ICSI holding Certificate ofPractice number.

The Companies Act 2013 places the secretarial auditor on the same footing as the statutory auditor in terms of powers, duties and responsibilities while conducting the audit. [Section 143(14)(b)]. This is the importance of the same must be held with high standards.

Learn more CS Professional Blogs here…

CS PROFESSIONAL – INFORMATION TECHNOLOGY AND SYSTEM AUDIT – E-GOVERNANCE IN INDIA

CS PROFESSIONAL – INFORMATION TECHNOLOGY AND SYSTEM AUDIT – ENTERPRISE RESOURCE MANAGEMENT

Want to enhance your knowledge, if yes then visit our Blog Section.

Amid this Corona virus outbreak opt modern way of learning, i.e., E-learning.  Takshila Learning is providing Online classes for Company Secretary, CS Executive Online Classes, CS Professional Online Classes. We also help you in clearing CS Executive Entrance Test (CSEET).  You can watch these CS Online Classes multiple times from anywhere on Any device and on Anytime.