Content authored by practitioners with experience at Amazon India, Intuit QuickBooks, and the Tata Group. Meet the team →
Forensic audit in India is invoked under three different regimes — SFIO investigation under Companies Act Sections 210/211/213, SEBI investigation under SEBI Act Sections 11(2)(i) and 11C, and RBI fraud audit under the Master Directions on Fraud Risk Management. Each has distinct triggers, timelines, evidence standards and reporting endpoints. The engagement letter and scope must be drafted to the regime, not to a generic forensic template.
The forensic auditor maps every procedure to one of three evidence standards: admissibility under the Bharatiya Sakshya Adhiniyam for SEBI/SFIO referrals; lender recovery and CRILC reporting for RBI cases; or internal board discipline for company-commissioned engagements. Reconciliation work — bank, related-party, statutory dues, vendor — anchors the evidence chain. Every transaction in the period under review is reconciled bank-to-ledger-to-counterparty to isolate diversion, round-tripping or false invoicing.
Engagement letter template per regime (SEBI, RBI, SFIO co-opted, company-commissioned), evidence-vault with chain-of-custody logs, reconciliation pack covering bank, related-party, statutory dues and vendor balances for the period under review, and a reporting framework aligned to FAIS 330.
Forensic audit report with admissible-evidence chain, transaction-level diversion or round-tripping map, recovery quantum estimate for lender consortium, and adjudication-ready exhibits for SEBI, RBI or NCLT proceedings.
A SEBI-empanelled forensic audit firm received an appointment order on a small-cap listed company at the start of February. The order, issued under Section 11C of the SEBI Act 1992, set a 14-week deadline and listed seven allegations: round-tripping of ₹47 crore through three related entities, inflation of revenue by ₹62 crore through circular trading, misclassification of ₹18 crore of capital expenditure as repairs, undisclosed promoter loans of ₹23 crore, vendor payments routed to shell entities for ₹11 crore, GST input credit claimed on bogus invoices for ₹4.3 crore, and TDS short-deduction on professional fees for ₹1.2 crore. The final report shaped a SEBI adjudication order and a debarment of the promoter from accessing the securities market for five years. This guide covers the three regimes under which forensic audit is commissioned in India, the engagement structure and the reporting deadlines.
Quick Reference — Three Forensic Audit Regimes
| Regime | Triggering Authority | Statutory Basis | Typical Deadline | Reporting Endpoint |
|---|---|---|---|---|
| SFIO investigation | Central Government on Registrar of Companies report | Companies Act Sections 210, 211, 212, 213 | 6 to 12 months | NCLT prosecution, Section 447 fraud charges |
| SEBI forensic audit | SEBI Whole-Time Member order | SEBI Act Sections 11(2)(i), 11C | 12 to 16 weeks | SEBI adjudication, SAT appeal, debarment |
| RBI fraud audit | Lender consortium post-fraud classification | RBI Master Directions on Fraud Risk Management 2024 | 90 to 120 days | Wilful defaulter declaration, CRILC, recovery |
| Company-commissioned | Audit Committee or Board resolution | Section 177(4) and ICAI FAIS series | 8 to 20 weeks | Board action, ADT-4 if applicable, recovery suit |
How Is the Engagement Letter Drafted for Each Regime?
For a SEBI-ordered forensic audit, the engagement letter is the SEBI appointment order itself — it lists the allegations, the period under review, the deadline and the reporting protocol. The firm signs an acceptance letter referencing the order. The scope cannot be widened or narrowed by the firm; any change requires SEBI’s consent.
For an RBI-mandated audit, the engagement is between the lender consortium (or the lead bank under a Joint Lenders’ Forum) and the forensic audit firm from the RBI-empanelled list. The engagement letter must cover: the period under review (typically three years prior to the fraud classification date and the year of classification); the allegations as recorded in the fraud monitoring return (FMR-1) filed with RBI; the reporting deadline; and the cost-sharing protocol among lenders.
For a company-commissioned engagement, the engagement letter follows ICAI FAIS 110 (Nature, Objectives and Scope of Forensic Accounting and Investigation Assignments) and must record: the precise allegations, the reporting line (Audit Committee, Board or specific officer), the period under review, the access rights, and the indemnity clause covering professional liability.
What Does Section 211 of the Companies Act Cover?
Section 211 of the Companies Act 2013 establishes the Serious Fraud Investigation Office (SFIO) as the multi-disciplinary investigation arm of the Ministry of Corporate Affairs. SFIO investigates company affairs assigned to it by the Central Government under Section 212. The investigators have powers under Sections 217 to 220 that include arrest powers under Section 212(8) for offences under Section 447 (fraud).
For private forensic audit firms, Section 211 is relevant in two ways. First, where a company-commissioned engagement uncovers a fraud meeting the Section 447 threshold (gain or loss exceeding ₹10 lakh, or 1% of turnover whichever is lower, with intent), the auditor must file Form ADT-4 under Section 143(12) read with Rule 13 of the Companies (Audit and Auditors) Rules 2014, which triggers an SFIO referral. Second, SFIO officers may co-opt the forensic auditor as an expert witness if the matter proceeds to NCLT under Section 447.
How Does a 14-Week SEBI Forensic Audit Run? A Worked Example
Take the small-cap listed company scenario from the opening paragraph. The SEBI order is dated 1 February with a final report due 9 May. The firm’s week-by-week plan looks like this.
Weeks 1 to 2: Data acquisition. The firm calls for general ledger extracts for the three-year period under review, bank statements for 17 operating accounts across four banks, GST returns (GSTR-1, 2A, 2B, 3B, 9, 9C) for 36 months, TDS returns and Form 26AS, vendor and customer master, related-party register, share transfer register, board minutes and audit committee minutes. The data acquisition closes with a chain-of-custody log entered against each file.
Weeks 3 to 5: Transaction reconciliation. Every bank credit and debit over ₹5 lakh in the period under review is reconciled to the ledger, to the counterparty bank statement (where the counterparty is related), and to the underlying contract or invoice. The reconciliation surfaces three patterns: ₹47 crore moved in a closed circle through three related entities and returned within 11 to 22 days (round-tripping); ₹62 crore of customer invoices where the customer’s bank account is funded by the company within 60 days of the invoice (circular trading); and ₹11 crore paid to four vendor entities whose GST registrations were cancelled within the period (shell-vendor payments).
Weeks 6 to 8: Specific-allegation drill-downs. Capex misclassification is examined by re-classifying ₹18 crore of “repairs” on the basis of nature (asset life extension vs maintenance) and tracing to physical evidence at the plant. Promoter loans of ₹23 crore are traced from the promoter’s personal bank account to the company’s working capital account. GST input credit on ₹4.3 crore of bogus invoices is identified through reconciliation between ITC claimed in GSTR-3B and ITC available in GSTR-2B for the cancelled vendor entities.
Weeks 9 to 10: Interim observation memo to SEBI with the seven allegations status — five confirmed, one partially confirmed, one not supported by evidence.
Weeks 11 to 13: Draft report to the company for management response. The company’s response is incorporated into the final report with the firm’s view on each point.
Week 14: Final report to SEBI with exhibits. The total quantum is ₹166.5 crore across the confirmed allegations.
Where Does Reconciliation Drive the Forensic Audit?
Across all three regimes, the bulk of the forensic evidence chain rests on reconciliation work: bank-to-ledger, ledger-to-counterparty, vendor-master-to-GSTN status, TDS deducted to Form 26AS, statutory dues to challan trail. For a three-year period under review on a mid-sized company, this typically means 8,000 to 25,000 bank transactions reconciled at line level, 200 to 600 vendor master entries verified, and 36 months of GST and TDS returns reconciled to the underlying ledger.
Manually reconciling at this scale within a 14-week SEBI deadline or a 90-day RBI deadline is the principal pressure point on forensic engagements. TransactIG’s reconciliation infrastructure closes bank-to-ledger reconciliation for high-volume periods with a full exception log, which is the evidence the forensic auditor needs to isolate diversion and round-tripping patterns. For the TDS and Form 26AS leg of the engagement, TDS reconciliation software produces the deduction-to-deposit-to-26AS trail that supports the short-deduction and bogus-vendor findings.
Want to estimate the hours and exception-handling cost of a forensic reconciliation pack for a given transaction volume? The three-way match exception cost calculator translates exception count and resolution time into auditor hours and firm cost — useful when scoping a fixed-fee engagement.
What Is the Professional Liability Exposure?
Three layers of liability attach to the forensic auditor in India. Professional misconduct under the Chartered Accountants Act 1949 is adjudicated by the ICAI Disciplinary Committee with sanctions ranging from a fine to removal from the Register of Members. Civil liability flows from negligence — the company, lender or regulator can sue for damages where the report is later shown to be negligent or fraudulent. Criminal liability arises under Section 447 (fraud, with imprisonment from six months to ten years and a fine that may extend to three times the amount of fraud) and Section 448 (false statements) of the Companies Act 2013, where the auditor is shown to have colluded with the company.
The principal defence is documented compliance with the ICAI FAIS series — FAIS 110 (engagement objectives), FAIS 220 (quality control), FAIS 330 (evidence) and the related standards. A forensic audit file that maps every conclusion to documented evidence under FAIS 330 is the practical safeguard against subsequent civil and disciplinary proceedings.
For Indian forensic auditors and audit committees commissioning special investigations, the practical move is to start every engagement with regime-mapped scoping (SEBI, RBI, SFIO co-opted, or company-commissioned), a transaction-level reconciliation pack for the period under review, and an evidence chain mapped to FAIS 330 admissibility. The SEBI orders index and current empanelment notifications are published on the SEBI website. The FAQs below cover credentialling, timelines, RBI triggers and professional liability exposure.