An audit refer to a systematic and independent examination of books, accounts, statutory records, documents and vouchers of an organization to ascertain that how far the financial and non-financial statements and disclosures present a true and fair view of the company.
Broadly, the audit can be classified into two types of audit i.e. the Financial Audit and the Compliance Audit :
- The Financial Audit covers the Statutory Audit, Cost Audit and Internal Audit
- Whereas the Compliance Audit cover the Secretarial Audit, CSR Audit, and Corporate Governance Audit, Take over Audit, Insider trading Audit, Labour law Audit, Cyber Audit, System Audit, Social Audit and Forensic Audit, Related Party Audit etc.
The company as a part of the internal review periodically conduct the audits of other functions of the organization like Stock Audit, HR Audit, Branch Audit, Performance Audit, IT Audit and Environment Audit etc which helps in the development of the internal function of the company.
Sections 139 to 147 under chapter X of the Companies Act, 2013 along with the Companies (Audit and Auditors) Rules, 2014 contain provisions regarding audit and auditors covering the appointment, removal, resignation of auditors, eligibility, qualifications and disqualifications of auditors, remuneration of auditors, powers and duties of auditors etc. for the statutory auditors of the company.
According to the section 143(12), the provision of the Section 143 i.e. power and duties of the Auditors are mutatis mutandis applicable to the cost accountant conducting cost audit under section 148 and the company secretary in practice conducting secretarial audit under section 204 of the Companies Act, 2013.
The Companies Act, 2013 contains the provisions relating to the following Audits
- Internal Audit (Section 138)
- Statutory Audit (Section 139 to 147)
- Cost Audit (Section 148)
- Secretarial Audit (Section 204)
(1) CORPORATE GOVERNANCE AUDIT
Corporate Governance Audit is a strategic audit to ensure that all processes including the requirement under laws, policies, procedures that are necessary for directing and controlling a business enterprise are implemented effectively.
Audit of corporate governance processes provides assurance to the various stakeholders that all the required governance activities have been accomplished and what remains otherwise thereby assisting stakeholders in making an informed decision.
Stakeholders don't like to receive surprises and audit of corporate governance activities shall ensure and effective check mechanism on the supervisory and managerial layers of a business enterprise.
Corporate Governance Audit mechanism works primarily through Audit Committee and the Auditor. Scope of Audit of Corporate Governance Activities The scope of Corporate Governance Audit is wide and generally boundary less, as the subject covers:-
- Financial and Non-Financial Stakeholders.
- Boards of Directors (Composition, Mix, Independence).
- Committees of the Boards and terms of References.
- Control Environment (Accounting, Controls, Internal and External Audit).
- Risk Management.
- Transparency and Disclosure of financial information and executive compensation.
- Strategic plans, programs and guidance on social responsibilities.
In India, the Companies Act, 2013 and the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 are the principle governing laws on corporate governance.
(2) CORPORATE SOCIAL RESPONSIBILITY (CSR) AUDIT
A Corporate Social Responsibility audit aims at identifying environmental, social or governance risks faced by the organization and evaluating managerial performance in respect of those.
Corporate Social Responsibility ("CSR") is a broad term, however, for the purpose of addressing the scope of a CSR Audit, CSR is about managing and taking into consideration organization's operational, processes and behavioral impact on society and stakeholders from a broad perspective. Contrary to common belief CSR is more than basic legal compliance and is highly connected with and affects organization's bottom line.
Purpose of CSR Audit
- To ensure compliance with the provisions of Companies Act, 2013 with respect to constitution of the Committee, adoption of policy and appropriate spending towards CSR activities.
- To facilitate transparent monitoring mechanism and a mentor for the Company's CSR activities and implementation of CSR policy.
- To evaluate internal control and governance framework.
- To assess the project life cycle.
- To conduct financial review of projects to confirm the utilization of budgets for achieving desired outcomes.
- Though the Companies Act, 2013 does not prescribe for the CSR Audit, but the companies act voluntarily undertake the CSR Audits to measure effectiveness of the CSR Programmes of the company.
(3) INSIDER TRADING AUDIT
In India the SEBI (Prohibition of Insiders Trading) Regulation, 2015 is the primary regulation which covers the insider trading activities. Insider trading issues have resulted in significant importance in listed companies in the last few years.
The directors, agents and other officers were found to be using insider information for profitably speculating in securities of their own company.
The insider trading occurred due to:-
- the possession of information by these people;
- before everybody else;
- regarding the changes in the economic condition of companies and particularly, regarding the size of dividends to be declared, or issue of bonus shares etc.
- The SEBI (Prohibition of Insider trading) Regulations, 2015 provides that the board may appoint a qualified auditor to investigate into the books of account or the affairs of the insider or any other person as may be directed by the board.
- The auditor so appointed shall have the same powers of the inspecting authority as stated in insider trading regulations.
- Also, SEBI has put in place a mechanism for preventing and controlling insider trading by putting primary responsibility to monitor and regulate insider trading activities on the company through the compliance officer and audit committee.
- For the purpose of ensuring compliance with the insider trading regulations, the following would be some of the essential inputs to enable review and to report the status Code of conduct, framed in the lines of model code specified in the schedule I of Insider Trading
Regulations
- Appointment of compliance officer: -l Responsibility discharged by the compliance officer, preservation of price sensitive information, closing of specific trading window; l Prior approval of trading;
- Reporting requirement by the directors / officers / designated employees;
- Restricted list for trading; l Disclosure by any person holding more than 5% of shares or voting rights and promoter or promoter group, code of corporate disclosure policy.
(4) LABOUR LAW AUDIT
Labour law audit is a process of facts findings and it is a continuous process. Labour law audit ensures a win - win situation for all the stakeholders.
Audit under the labour and employment laws is an effective tool for compliance management of labour, employment and industrial laws.
Audit helps to detect non - compliance of labour and employment laws applicable to a business and take corrective measures to avoid any unwarranted legal actions by the regulators against the business and its management.
Though labour law audit is not compulsory, but it is highly recommendatory to conduct this audit.
Audit helps to detect non-compliance of labour and employment laws applicable to a business and take corrective measures to avoid any unwarranted legal actions by the regulators against the business and its management.
Labour audits seek to determine employee attitudes toward the employer and to identify possible areas of vulnerability to a union organizing drive.
Labour audit cover all labour legislations applicable to an industry/business or any other commercial establishment, wherein audit is being conducted by the labour law auditor.
Scope of labour law audit will certainly differ from business to business.
For example, if the business does not have a factory, the provisions of Factories Act, 1948 and any rules/regulations made there under won't be applicable on such business. Similarly, certain factories in remote areas may not have the facilities of Employees State Insurance Corporation. In such cases, there is no need to ensure compliance of ESI Act.
(5) CYBER AUDIT
In Cyber Audit team of professional conducts an organizational review to ensure that the correct and most up to date cyber and IT processes and infrastructure are being applied.
A cyber audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization.
The cyber security management audit/assurance review will provide management with an assessment of the effectiveness of the information security management function evaluate the scope of the information security management organization and determine whether essential security functions are being addressed effectively, It is not designed to replace or focus on audits that provide assurance of specific configurations or operational processes.
In Cyber Audit the Internal auditors and risk management professionals have key roles to play in the Information Management function of the company. In the era of global digital economy it is critical to protecting enterprise information from the insider as well as the outsider hackers.
The internal audit department plays a vital role in cyber security auditing in many organizations, and often has a dotted-line reporting relationship to the audit committee to ensure an independent view is being communicated to the board on the Data Security.
Audit helps enterprises with the challenges of managing cyber threats, by providing an objective evaluation of the controls and making recommendations to improve them as well as assisting the senior management and the board of directors understand and respond to cyber risks.
Organizations, especially within the public sector, also contract for the services of external auditors to provide independent assurance of the financial and operational controls primarily to ensure the controls design is effective and the needs of the organization are being met.
Effective risk management is the product of multiple layers of risk defense. Internal Audit should support the board's need to understand the effectiveness of cyber security controls.
A cyber security assessment drives a risk-based IT internal audit plan. Audit frequency should correspond to the level of risk identified, and applicable regulatory requirements/expectations.
An assessment of the organization's cyber security should evaluate specific capabilities across multiple domains.
(6) ENVIRONMENT AUDIT
Environmental Audit is a general term that can reflect various types of evaluations intended to identify environmental compliance and management system implementation gaps, along with related corrective actions and it has a wide variety of meanings.
Environmental Audit refers to verification and assessment of environmental measures in an organisation.
There are generally two different types of environmental audits: -
Compliance Audits and Management Systems Audits.
These audits are intended to review the site's/company's legal compliance status in an operational context. Compliance audits generally begin with determining the applicable compliance requirements against which the operations will be assessed.
This tends to include Central Law, State Laws, permits and local laws. In some cases, it may also include requirements within legal action.
Need for Environment Audit
- Business can assess the environmental impact of their operations.
- To ensure that the corporate decisions are not spoiling company's market for its products, destroying the source of essential supply, damaging or polluting the very infrastructure that makes usage and demand of the product grow.
- It highlights areas of inefficiencies in process e.g. Where the amount of resources used are out of proportion to the amount of saleable items/ services produced.
- It highlights excessive wastes.
- It provides opportunity for business to decrease its wastes output and reduce the cost of waste treatment or waste disposal.
(7) FORENSIC AUDIT
Forensic Audit is a dynamic and strategic tool in combating corruption, financial crimes and frauds through investigations and resolving allegations of fraud and embezzlement.
It may be conducted to determine negligence. Forensic is the application of science to crime concerns. Forensic science is science which is applied to legal matters especially criminal matters.
Recent corporate accounting scandals at various corporates forensic auditing has now considered as new area of auditing to detect the frauds in companies that suspected fraudulent transactions.
A Forensic Audit is a comprehensive and systematic process involving a series of activities and tasks undertaken for establishing the accuracy and authenticity of the transactions under review.
The term Forensic Audit refers to the specific guidance carried out in order to produce evidence. Forensic Audit task involves an investigation into the financial affairs of the entity and is often associated with investigation into the alleged fraudulent activity.
The object of forensic auditing is to relate the findings of audit by examining and gathering legally tenable evidence and producing it to the Court. In the process the corporate veil is lifted in case of corporate entities to identify the fraud and the persons responsible for it.
Forensic auditing involves application of audit skills to legally determine whether fraud has actually occurred.
The entire process includes planning, gathering evidence, reviewing the evidence and reporting of the same.
In the process it aims at naming the persons involved in the fraud with a view to take legal action. Forensic Audit Report is statement of observation gathered & considered while proving conclusive evidence.
It is a medium through which an auditor expresses his opinion under audit after the forensic audit investigation is completed.
(8) SOCIAL AUDIT
A Social Audit is a way of measuring, understanding, reporting and ultimately improving an organization's social and ethical performance.
A social audit helps to narrow gaps between vision/goal and reality, between efficiency and effectiveness. It is a technique to understand, measure, verify, report on and to improve the social performance of the organization. Social auditing creates an impact upon governance.
It values the voice of stakeholders, including marginalized/ poor groups whose voices are rarely heard. Social auditing is taken up for the purpose of enhancing local governance, particularly for strengthening accountability and transparency in local bodies.
Social audit is a process of reviewing official records and determining whether the reported expenditures reflect the actual money spent on the ground.
A social audit is a formal review of a company's endeavours in social responsibility.
The key difference between development and social audit is that a social audit focuses on the neglected issue of social impacts, while a development audit has a broader focus including environment and economic issues, such as the efficiency of a project or programme.
A social audit is an official evaluation of an organization's involvement in social responsibility projects or endeavours.
For example, a local family store makes a clothing donation to a NGO that has a homeless shelter for women and children. The store makes a similar donation three times a year. This is something that a social audit might uncover.
Factors examined by a social audit include records of charitable contributions, volunteer events, and efficient utilization of energy, transparency, work environment, and employees' wages.
Implication of Social Audit:- Social auditing creates an impact upon governance. It values the voice of stakeholders, including marginalized/poor groups whose voices are rarely heard. Social auditing is taken up for the purpose of enhancing local governance, particularly for strengthening accountability and transparency in local bodies. Social Audit makes it sure that in democracy, the powers of decision makers should be used as far as possible with the consent and understanding of all concerned.
(9) TAKEOVER AUDIT
To provide the desired results to an investor and to ensure that the acquisition is executed in the most effective manner, the concept of the takeover audit has been evolved, the takeover audit provides a cost benefit analysis to suggest a strategic plan for the long term investment strategy.
The audit provides for the Acquisition Audit as well as the Inter se Transfer performed by the acquire Takeover audit for merger/acquisition/ takeover could be done as three parts:-
- Pre-acquisition,
- Post-acquisition and
- Sell-side.
Internal auditors or professionals with this domain expertise can contribute significant value by ensuring that a vibrant due diligence process is in place and operating as intended.
A rigorous audit vide due diligence process help companies take advantage of legitimate new business opportunities, while at the same time help minimize the risks.
A strong audit cum due diligence process is critical to ensure that the acquirer is fully aware of all aspects of the proposed transaction and provides access to vital intelligence that is used to negotiate the final price and integrate the new subsidiary more effectively.