Audit and Assurance Insights
Audit playbooks for Indian engagements — CARO 2020 clause-by-clause, forensic audit under Section 148/211, bank LFAR, concurrent audit, ICFR Section 143(3)(i), peer review.
Indian audit field-work is a reconciliation-heavy engagement before it is anything else. Statutory auditors close out FY-end on branch-by-branch advance ledger tie-ups, vendor-by-vendor 26AS / Form 168 matching, GSTR-2B versus purchase register comparisons, NACH bounce samples, and bank-statement walkthroughs that must reconcile to the trial balance, the cash-flow statement, and the related-party Schedule III disclosures. A single mid-size client generates thousands of variance rows across the TDS rail, the GST rail, the platform-settlement rail and the banking rail, each of which has to be evidenced before the auditor signs the CARO 2020 report. The articles in this cluster cover the operating rails that audit partners and engagement managers actually run during the field-work phase and the documentation phase.
The audience here is the statutory auditor finalising CARO 2020 reporting under the Companies (Auditor's Report) Order, the forensic investigator engaged under Section 148 or Section 211 of the Companies Act 2013 by SEBI, RBI or RoC, the concurrent auditor empanelled with public-sector and private banks for month-on-month branch coverage, the bank-branch auditor pulled from the MEF panel for LFAR (Long Form Audit Report) work, the ICFR specialist signing the Section 143(3)(i) internal-financial-controls opinion, and the ICAI peer reviewer assessing a firm under the phased mandatory peer review framework. Each article names the standard (SA 230, SA 240, SA 315, SA 330, SA 500, SA 580), the regulator (ICAI, RBI, SEBI, MCA), the working-paper template, and the typical exception pattern that triggers a qualification.
The Income Tax Act 2025 tax overlay sits across every audit rail. The cross-era window is the dominant audit-year complication: legacy Sections 194C / 194J / 194H / 194I / 194Q apply to FY 2025-26 invoices booked or paid in the legacy regime, while Section 393 payment codes (including 1006 commission, 1009 rent land/building, 1023 / 1024 contractor, 1026 technical fees, 1027 professional fees, 1031 purchase of goods), Section 394 buyer-side TCS codes and Section 393(2) non-resident codes (e.g., 1057 catch-all) apply to FY 2026-27 transactions. Auditors must verify Form 168 (replacing Form 26AS) tie-ups, Form 131 / 141 challan trails, and the rate-by-date logic on cross-era invoices. The GST overlay is unchanged from CGST 2017 — GSTR-2B versus purchase register matching, Rule 36(4) ITC restriction, Section 16(2)(c) supplier-payment condition, Section 16(4) time-limit, Rule 37 180-day reversal, IMS acceptance / rejection windows, and Section 73 / 74 demand notices — and remains the largest single source of audit-qualification language for FY 2025-26 and FY 2026-27 financial statements.
Bank Statutory Branch Audit (LFAR) in India: Empanelment, Engagement, Execution
Bank statutory branch audit is the single largest audit appointment cycle in India. Empanelment runs through the ICAI Multipurpose Empanelment Form, the allocation list is finalised by the RBI, and the engagement is delivered against the Long Form Audit Report format prescribed by the RBI. The branch auditor's opinion feeds into the bank-level Statutory Central Auditor's report, and the most common qualifications relate to advances ledger reconciliation and NPA classification under the IRAC norms.
CARO 2020 Reporting Companion: Clause-by-Clause Audit Procedures for Indian Auditors
The Companies (Auditor's Report) Order, 2020 — CARO 2020 — applies to the statutory audit of most Indian companies for financial years commencing on or after 1 April 2021. It replaces CARO 2016 with 21 substantive clauses (i to xxi) covering fixed assets, inventory, loans and investments, statutory dues, banking, fraud, internal audit, going concern, and resignation of auditors. The order is a reporting framework, not an auditing standard — the underlying procedures still flow from the Standards on Auditing (SA 200 series) and the ICAI Guidance Note on CARO 2020.
Concurrent Audit of Banks and NBFCs in India
Concurrent audit is the in-flight assurance layer for banks and large NBFCs in India — distinct from statutory audit, which is point-in-time. The RBI mandates that public sector banks cover 60 percent of advances and deposits under concurrent audit; private sector banks must cover 50 percent. NBFC-Upper Layer entities follow a separate concurrent audit framework under the RBI Scale-Based Regulation. The cadence is monthly or quarterly reporting to the Audit Committee, with focus areas spanning loan disbursement compliance, NPA migration, KYC/AML, treasury, and revenue leakage.
Forensic Audit in India under Section 148 and Section 211: Special Investigation Framework
Forensic audit in India is not a single statutory product. It is invoked under three different regimes: by the Central Government under Section 210 read with Section 213 of the Companies Act 2013 (SFIO investigation); by SEBI under Section 11(2)(i) and 11C of the SEBI Act 1992 for listed-company misconduct; and by the Reserve Bank of India under the Master Directions on Fraud Risk Management for banks and NBFCs once an account is classified as fraud. Each regime has its own engagement letter, scope, reporting deadline and professional liability profile.
Internal Financial Control (ICFR) Reporting under Section 143(3)(i): Indian Auditor Guide
Section 143(3)(i) of the Companies Act, 2013 requires the statutory auditor to express an opinion on whether the company has an adequate internal financial control system with reference to financial statements and whether such controls are operating effectively. The decision sequence — design effectiveness, operating effectiveness, deficiency, significant deficiency, material weakness — drives the wording of the opinion paragraph and the consequences for the auditee.
Peer Review Mandate by ICAI: Scope, Process, Reviewer Selection for CA Firms
The ICAI Peer Review Mandate, rolled out by the Peer Review Board in phases since 2022, has materially reshaped which CA firms can sign listed-entity audit reports. SEBI now requires a valid Peer Review Certificate as a precondition for accepting an appointment as statutory auditor of a listed entity. For mid-tier firms, the operational reality of the review — file selection, reviewer assignment, observation log, remediation period — is the practical question that drives engagement-team behaviour for months.
Concurrent Audit of Reconciliation: Daily Verification for Banks and NBFCs
Concurrent audit is the daily shadow of operations in Indian banks and larger NBFCs. Mandated by the RBI for branches above specified thresholds, the concurrent auditor must verify bank reconciliations, nostro balances, suspense accounts, and NACH return files as transactions occur — not after month-end. This guide covers the reconciliation checks a concurrent auditor signs off each day.
ICFR and Reconciliation Controls: Design, Testing, and Reporting Under Section 143(3)(i)
ICFR — Internal Financial Controls over Financial Reporting — is the Indian equivalent of a SOX Section 404 control framework, but it applies to a much wider population of companies. Under Section 143(3)(i) of the Companies Act, 2013, statutory auditors must opine on the adequacy and operating effectiveness of these controls. Reconciliation is the single largest ICFR control domain, and a failing reconciliation control is the most common cause of a material weakness finding.
Internal Audit of Reconciliation in India: Testing, Sampling, and Evidence
Internal audit of reconciliation is no longer a year-end checklist exercise. Under Section 138 of the Companies Act, 2013 and the ICAI Standards on Internal Audit, internal auditors must test the design and operating effectiveness of reconciliation controls across bank accounts, party ledgers, and statutory dues — with documented sample selection, variance analysis, and evidence that stands up to statutory audit review.
SOX Compliance Reconciliation: What Indian Subsidiaries of US-Listed Parents Must Prove
An Indian subsidiary of a NYSE or Nasdaq-listed parent sits inside two overlapping control frameworks: US SOX Section 404 (testable under PCAOB AS 2201) and Indian ICFR under Section 143(3)(i). Reconciliation controls are the most heavily scoped area under both. This guide covers what SOX compliance testing looks like for reconciliation at an Indian entity, how it maps to ICFR, and where the two diverge.
Statutory Audit Reconciliation Checklist: Bank, Party, TDS, and GST Items
Statutory auditors in India follow a standard reconciliation checklist during year-end fieldwork: bank reconciliations, intercompany balances, party confirmations, TDS receivable against Form 26AS, GST input credit against GSTR-2B, and statutory dues. Each item has a specific audit procedure, a documented evidence standard, and a qualification threshold. This guide is the practitioner-level checklist that finance teams can pre-run before the audit arrives.
Tax Audit Form 3CD: Reconciliation Items the Auditor Verifies Under Section 44AB
A tax audit under Section 44AB of the Income Tax Act, 1961 is the single most reconciliation-heavy audit in Indian practice. Form 3CD has 44 clauses, and most of them require the auditor to reconcile reported figures against statutory portals — Form 26AS, GSTR-2B, TRACES, and the MCA filings. With Form 3CD being replaced by Form 26 under the new Income Tax Act 2025, the reconciliation bar has moved higher.
See how TransactIG supports audit field-work
TransactIG produces the variance evidence file CARO, LFAR and ICFR auditors examine — typed variance codes, age buckets, exception classifications, supporting bank-statement + GSTR-2B + 26AS / Form 168 evidence ties.