Content authored by practitioners with experience at Amazon India, Intuit QuickBooks, and the Tata Group. Meet the team →
ICAI's Peer Review Mandate determines which CA firms can sign listed-entity statutory audit reports — SEBI now requires a valid Peer Review Certificate as a precondition. Mid-tier firms moving from Phase I to Phase II coverage must operationalise the review for the first time: select files, host the reviewer, respond to observations, remediate within the response window, and renew every five years.
The peer review evaluates two layers: the practice unit's overall quality control system under SQC 1 and the application of Standards on Auditing on a sample of completed engagement files. Reviewers are empanelled CAs assigned by the Board with independence safeguards. Findings are logged with materiality grading; the practice unit responds during the response window; the Board issues, refuses, or revokes the Peer Review Certificate based on the reviewer's final report.
Quality control manual aligned to SQC 1, engagement file template with mandatory SA documentation checklist, partner-and-staff rotation policy, file-selection memo identifying engagements likely to be reviewer-selected, response-window project plan for observation remediation, certificate renewal calendar five years out.
Peer Review Certificate enabling acceptance of listed and specified-entity statutory audit appointments, reviewer's observation log with closure status, remediated quality control system, and audit-trail evidence supporting Standards on Auditing compliance across the sample.
A twelve-partner mid-tier CA firm in Mumbai received its Phase II peer review assignment letter in the second week of April. The firm had signed eleven statutory audits the previous year, including three listed entities, two NBFCs above the asset threshold, and a PSU bank branch. The Peer Review Board assigned a reviewer with twenty-three years of practice and listed-entity assurance experience. Over the next fourteen weeks the firm hosted a five-day on-site visit, responded to twenty-six observations across eight engagement files, remediated three quality control system gaps, and received its Peer Review Certificate valid for five years. Two months after the certificate issued, the firm was on the SEBI-approved list to bid for a listed mid-cap statutory audit appointment that had moved away from a Big Four predecessor. This guide is for the firms and engagement teams that will go through that process in the next renewal cycle.
Quick Reference: ICAI Peer Review at a Glance
| Element | Detail |
|---|---|
| Governing body | ICAI Peer Review Board |
| Authoritative document | Statement on Peer Review (latest revision) |
| Phase I applicability | Practice units auditing listed entities (SEBI-linked) |
| Phase II applicability | Specified public-interest entity auditors and firms above defined partner / fee-income thresholds |
| Phase III applicability | Broader rollout to practice units conducting statutory audits |
| Reviewer eligibility | Empanelled practising CA, typically 10+ years in practice |
| Independence cooling-off | Typically 3 years from any engagement or professional link |
| Certificate validity | Typically 5 years from issuance |
| Renewal trigger | Fresh peer review before expiry |
| SEBI linkage | Valid certificate is a precondition for listed-entity audit appointment acceptance |
Why Did ICAI Phase In the Peer Review Mandate?
The Peer Review Board has operated a voluntary peer review framework since 2002, but the post-2018 wave of corporate failures and the subsequent regulatory attention from MCA, SEBI, RBI and NFRA accelerated the move to a mandatory phased framework. Phase I, focused on listed-entity auditors, was operationalised through a SEBI requirement that any statutory auditor of a listed entity must hold a valid Peer Review Certificate. The intent is straightforward: ensure that the audit firm signing a listed-entity report has been independently evaluated for Standards on Auditing compliance and quality control system robustness within the prior five years.
Phase II extends the same evaluation to firms auditing other public-interest entities — public sector banks, certain insurance companies, NBFCs above asset thresholds, public sector undertakings — and to firms above defined size thresholds set by the Peer Review Board. Phase III broadens coverage further toward practice units conducting statutory audits more generally. The exact gates and effective dates evolve through Peer Review Board notifications; the authoritative source is the ICAI Peer Review Board portal.
What is the Scope of the Review?
The peer reviewer examines two distinct layers. First, the practice unit’s overall quality control system under Standard on Quality Control (SQC) 1: leadership responsibilities, ethical requirements (including independence), engagement acceptance and continuance, human resources, engagement performance, monitoring, and documentation. Second, the application of Standards on Auditing on a sample of completed assurance engagement files. The reviewer does not re-audit the underlying client — the review evaluates whether the practice unit followed the applicable Standards.
The file sample typically spans six to twelve engagement files for a Phase II review of a mid-tier firm. The reviewer selects a mix designed to test SA applicability across audit complexity: a listed entity if the firm holds such appointments, a public-interest entity (NBFC, insurance, PSU branch), a private company above the small-company threshold, a smaller assurance engagement, and at least one engagement that involves significant judgement (estimates, related-party transactions, ICFR opinion). The selection is made by the reviewer, not by the firm, to prevent cherry-picking of the cleanest files.
How Are Reviewers Empanelled and Assigned?
A peer reviewer is a practising chartered accountant empanelled by the Peer Review Board after meeting eligibility criteria: a minimum number of years in practice (typically ten or more), specified Standards on Auditing training requirements, no pending disciplinary proceedings, and execution of the Reviewer’s Code of Conduct. Empanelled reviewers indicate availability windows and the Board assigns reviewers to practice units, applying independence safeguards: no engagement, professional or personal link in the prior three years, no partner-firm or alumni connection, and no geographic concentration that would create a perception of dependence.
The practice unit can object to a specific reviewer on independence grounds within the notice window, after which the Board reassigns. Objections on grounds other than independence (for example, the reviewer being perceived as too strict) are not entertained. Reviewers operate under confidentiality undertakings — observations and underlying client information cannot be shared outside the Peer Review Board channel.
How Does the Review Run From Start to Certificate?
The process unfolds across five practical stages: pre-visit questionnaire, on-site inspection, observation logging, response window, and Board decision.
The pre-visit questionnaire is sent within two weeks of reviewer assignment and covers the firm’s quality control system, engagement profile, partner and staff strength, training records, and a list of completed assurance engagements during the review period. The firm has a response window of typically three to four weeks.
The on-site inspection runs three to five working days at the firm’s main office, occasionally extending to a branch office for firms with multi-city operations. The reviewer requests the previously notified files, additional files identified from the engagement list, and live access to the firm’s quality control system documentation.
The observation log is built throughout the visit and finalised within two weeks of on-site closure. Observations are typically graded — high, medium, low materiality — and tied to specific Standards on Auditing or SQC 1 paragraphs.
The response window gives the firm typically four weeks to respond to each observation: accepting and remediating, contesting with documentation, or providing a remediation plan with timelines. The reviewer evaluates responses and finalises the report.
The Board reviews the final report and decides on certificate issuance, refusal, or conditional issuance subject to remediation. The decision is communicated to the firm within the Board’s scheduled meeting cycle, typically four to six weeks after final report submission.
Worked Example: 12-Partner Mid-Tier Firm Under Phase II
A Mumbai-headquartered CA firm with twelve partners, sixty professional staff, two branch offices and an annual assurance practice gross fee of ₹14.5 crore receives a Phase II peer review assignment. The firm has signed eleven statutory audits during the review period: three listed entities, two NBFCs above the ₹500 crore asset threshold, one PSU bank branch concurrent audit, three unlisted public companies, and two private companies above the small-company threshold.
The reviewer’s pre-visit questionnaire surfaces three quality control system gaps: (i) the independence confirmation log for FY26 missing for two engagement teams, (ii) the SQC 1 monitoring file showing no cold-file review for the previous year, (iii) the partner rotation policy not documented in writing for one listed-entity engagement approaching the seven-year tenure limit. The firm provides written responses and remediation plans within the response window.
The on-site visit selects eight engagement files: two of the three listed entities, both NBFCs, the PSU bank branch, one unlisted public company, one private company, and one engagement involving a complex estimate (an expected credit loss assessment for an NBFC). Across the eight files the reviewer logs twenty-six observations.
| Observation grade | Count | Example |
|---|---|---|
| High materiality | 4 | ICFR working papers missing walkthrough documentation for one listed entity revenue process; one NBFC ECL workpaper without independent reviewer sign-off |
| Medium materiality | 14 | SA 230 documentation gaps; SA 540 estimates audit memo brevity; two related-party SA 550 procedures inadequately documented |
| Low materiality | 8 | Filename conventions inconsistent; missing dates on a partner sign-off; engagement letter retention shy of the policy window |
The firm responds within the four-week window. The four high-materiality observations are addressed with re-performed and re-documented procedures by the engagement teams. The medium observations are addressed with a combination of remediation in the current files and a quality control system update — a revised SA documentation checklist, a mandatory partner-review sign-off field, and a refreshed training schedule. The three quality control system gaps from the pre-visit questionnaire are closed with written policies, a backfilled monitoring file (a cold-file review of two engagements completed by an independent partner), and a documented partner rotation policy.
The reviewer’s final report recommends certificate issuance. The Peer Review Board reviews at its next scheduled meeting and issues the Peer Review Certificate valid for five years. Two months after issuance, the firm is invited to bid for a listed mid-cap statutory audit appointment that had been with a Big Four predecessor.
How Does Reconciliation Audit Evidence Affect Peer Review Outcomes?
Reviewers consistently flag inadequate reconciliation audit evidence as a recurring observation theme in mid-tier files. The pattern is familiar: bank reconciliation testing memo records that the auditor “tested BRS” without naming the months sampled or the procedures performed; TDS receivable testing concluded without comparing the trial balance amount to Form 26AS line items; GST input credit testing performed at summary level rather than line level against GSTR-2B. These are not exotic findings — they are mechanical evidence gaps that turn into medium-materiality observations and accumulate. A firm wanting to walk into peer review with clean reconciliation audit files should build the evidence at the time of the audit, not reconstruct it during the response window. The three-way match exception cost calculator is useful as a partner-level pre-read of where reconciliation audit evidence is thinnest in the firm’s portfolio.
For firms where the underlying client environment lacks system-generated reconciliation evidence, the audit file is forced to manually reconstruct preparer, reviewer, aging and exception trails, and the reconstruction is rarely complete enough to withstand a peer reviewer’s targeted question. Clients running reconciliation infrastructure that emits system-generated control evidence — preparer, reviewer, aging, exception log — make the audit file’s reconciliation testing memo straightforward to defend. For TDS receivable testing specifically, clients on TDS reconciliation software continuously synced with Form 26AS remove the most common quarterly-backlog gap that triggers medium-materiality peer review observations. The authoritative framework and current Peer Review Board notifications are published by the Institute of Chartered Accountants of India.
The FAQs below address questions that managing partners most often raise when planning their firm’s first Phase II peer review or their renewal cycle.