Statutory Audit Checklist — Complete Advanced Guide 2025-26

The Statutory Audit Framework

A statutory audit under the Companies Act, 2013 is a mandatory independent examination of a company's financial statements. The auditor must form an opinion on whether the financial statements give a true and fair view in accordance with applicable financial reporting frameworks.

📋

Engagement

Appointment, independence check, engagement letter

🔍

Planning

Risk assessment, materiality, audit strategy

🏛️

Control Testing

Walkthrough, test of controls, ICF evaluation

📊

Substantive

Vouching, verification, analytical procedures

✅

Completion

ROMM, going concern, subsequent events, review

📝

Reporting

Auditor's report, CARO, UDIN generation

Legal Mandate: Section 139–147 of the Companies Act, 2013 governs statutory audit appointments, qualifications, disqualifications, and auditor's duties. Every company must have its accounts audited by a Chartered Accountant appointed under Section 139. Non-compliance attracts penalties under Section 147.

Applicable Standards on Auditing (SAs)

SA / SRE	Title	Phase	Applicability
SA 200	Overall Objectives of the Independent Auditor	Planning	All audits
SA 210	Agreeing on Terms of Audit Engagement	Planning	All audits
SA 220	Quality Control for an Audit of Financial Statements	Planning	All audits
SA 230	Audit Documentation	All phases	All audits
SA 240	Auditor's Responsibilities relating to Fraud	Risk	All audits
SA 250	Consideration of Laws and Regulations	Risk	All audits
SA 260	Communication with Those Charged with Governance	Reporting	All audits
SA 265	Communicating Deficiencies in Internal Control	Reporting	All audits
SA 299	Responsibility of Joint Auditors	Planning	Joint audits
SA 300	Planning an Audit of Financial Statements	Planning	All audits
SA 315	Identifying and Assessing Risk of Material Misstatement	Risk	All audits
SA 320	Materiality in Planning and Performing an Audit	Planning	All audits
SA 330	Auditor's Responses to Assessed Risks	Risk	All audits
SA 402	Audit Considerations Relating to an Entity Using a Service Organisation	Risk	Where applicable
SA 450	Evaluation of Misstatements Identified During the Audit	Completion	All audits
SA 500–580	Audit Evidence Standards	Fieldwork	All audits
SA 600	Using the Work of Another Auditor	Planning	Group audits
SA 700–720	Auditor's Report Standards	Reporting	All audits

Phase 1: Engagement Acceptance & Pre-Audit

Before commencing audit work, the auditor must confirm independence, assess competence to take on the engagement, and formalise terms with the client.

✅ Legal Basis: SA 210 (Engagement Letter), SA 220 (Quality Control), SA 300 (Audit Planning). Section 141 of Companies Act, 2013 governs eligibility and disqualifications of auditors.

Engagement Acceptance Checklist

Verify the auditor/firm is qualified under Section 141(2) — practicing CA or firm of CAs.
Confirm no disqualification under Section 141(3) — not a relative of director, not an employee, no financial interest, no indebtedness exceeding ₹5 lakh.
Check rotation compliance — Section 139(2) mandates mandatory rotation every 5 years for individual auditors and 10 years for firms (for certain class of companies). Confirm last appointment date.
Assess ICAI Code of Ethics independence threats — self-interest, self-review, familiarity, intimidation, advocacy threats must be evaluated.
Perform KYC of the entity — obtain last 3 years' audited financial statements, list of directors, group structure.
Assess engagement risk — consider fraud history, regulatory scrutiny (SFIO, SEBI, MCA actions), litigation exposure, complexity of transactions.
Agree on and issue an Engagement Letter per SA 210 — scope, responsibilities, limitations, fee arrangement.
File Form ADT-1 with MCA within 15 days of appointment (Section 139(1)).
Ensure UDIN (Unique Document Identification Number) registration is active on ICAI portal.
Identify key engagement team members — Engagement Partner, Manager, Seniors. Document team's competence to handle sector-specific matters (banking, manufacturing, listed entity, etc.).

⚠ Common Omission: Failure to check related-party connections at engagement acceptance leads to Section 141(3)(f) violation. Specifically check whether the auditor (or family member) holds securities in the auditee company.

Phase 2: Audit Planning & Risk Assessment

Planning is the backbone of an efficient audit. An inadequate planning phase is the most common reason for audit failures and regulatory findings under SA 300 and SA 315.

Materiality Determination

Benchmark	Typical % Range	When Used
Profit Before Tax (PBT)	5% – 10%	Profit-making companies with stable margins
Revenue / Turnover	0.5% – 2%	Low-margin businesses, start-ups, trading companies
Total Assets	1% – 2%	Asset-heavy entities; financial institutions, real estate
Net Assets / Equity	1% – 5%	Holding companies, investment entities
Gross Profit	1% – 2%	Entities where GP is primary driver of performance
Performance Materiality	50% – 75% of Overall Materiality	Always set — reduces detection risk; used for testing
Trivial / Clearly Inconsequential	3% – 5% of Overall Materiality	Misstatements below this need not be accumulated

SA 320 Requirement: Materiality is not a fixed formula — it requires professional judgment. Always document the rationale for choosing the benchmark and the percentage applied. Revise materiality downwards if information during the audit suggests the original figure was too high.

Risk Assessment — SA 315 (Revised 2021)

Obtain understanding of the entity — business model, industry, regulatory environment, ownership structure, governance, accounting policies.
Conduct Preliminary Analytical Procedures — compare current year balances with prior year, budget, industry benchmarks. Identify unusual fluctuations.
Identify and assess Risks of Material Misstatement (ROMM) at financial statement level and assertion level (Completeness, Accuracy, Existence, Cut-off, Rights & Obligations, Valuation, Presentation).
Identify Significant Risks — risks requiring special audit consideration: fraud risks, complex/unusual transactions, highly judgmental areas (impairment, fair value, provisions), related-party transactions.
Document Entity-Level Controls (ELC) — control environment, risk assessment process, information systems, monitoring activities.
Perform Fraud Risk Assessment per SA 240 — brainstorm with team, consider incentives/pressures, opportunities, rationalizations (fraud triangle).
Assess Going Concern risks under SA 570 — review net worth, current ratio, cash flow projections, loan covenants, pending litigation.
Prepare and document Overall Audit Strategy and Detailed Audit Plan per SA 300.
Identify related parties per SA 550 — list all related entities and key management persons (KMP). Obtain management's representation on completeness.
If entity uses a service organization (payroll processor, data center), evaluate per SA 402 — obtain SOC 1 / ISAE 3402 report.

🔴 High Risk Areas

Revenue recognition, Related-party transactions, Inventory valuations, Management estimates, Goodwill impairment, Complex financial instruments

🟡 Medium Risk Areas

Fixed assets additions/disposals, Employee benefits (gratuity, leave), Deferred tax, Contingent liabilities, Foreign currency transactions

🟢 Lower Risk Areas

Routine bank reconciliations, Stable statutory dues, Prepaid expenses, Standard payroll, Share capital (established companies)

Phase 3: Internal Control Evaluation

Evaluating the design and operating effectiveness of internal controls helps the auditor calibrate the nature, timing, and extent of substantive procedures. For listed entities, ICFR (Internal Controls over Financial Reporting) must be separately reported under Section 143(3)(i).

ICFR Mandate: Section 143(3)(i) of Companies Act, 2013 requires the statutory auditor to state whether the company has adequate internal financial controls with reference to financial statements and whether such controls are operating effectively — for all companies except OPCs and small companies.

Internal Control Evaluation Checklist

Revenue Cycle: Verify order-to-cash controls — authorization of price lists and discounts, sales order approval, dispatch against approved orders, independent invoicing, credit limit controls, collection and receipt recording.
Purchase Cycle: Check procure-to-pay controls — vendor approval, three-way match (PO vs GRN vs invoice), payment authorization matrix, segregation of duties between purchase and payment functions.
Payroll Controls: Verify HR-to-payroll linkage — joiner/leaver controls, salary change authorization, independent payroll preparation and approval, bank mandate controls, statutory deduction (PF, ESI, PT, TDS) reconciliation.
Fixed Assets Controls: Check capex authorization thresholds, capitalization policy adherence, physical verification schedule, disposal authorization, depreciation calculation review.
Treasury Controls: Verify bank account opening/closure authorization, cheque signatory limits, payment controls (dual authorization for high-value), bank reconciliation timeliness and independent review.
IT General Controls (ITGC): Access controls (user provisioning/deprovisioning, privileged access), change management (application and infrastructure changes), backup and recovery procedures, system availability and incident management.
Month-End Close Controls: Verify journal entry controls — JE approval, restricted posting access, completeness of period-end accruals, reconciliation sign-off process.
Perform walkthrough tests for significant transaction cycles — trace one transaction end-to-end through the system and controls.
For high-risk controls, test operating effectiveness — select sample of control executions and verify evidence of operation (timestamps, approvals, signatures, system logs).
Document control deficiencies per SA 265 — distinguish between significant deficiency and material weakness. Communicate to TCWG and management in writing.
If IT-dependent controls are key — consider engaging an IT audit specialist. Reliance on manual controls in a highly automated environment is a red flag.

Phase 4: Substantive Audit Procedures

Substantive procedures provide direct audit evidence about whether financial statement assertions are materially misstated. These are performed irrespective of the results of control testing.

Revenue & Receivables

Test revenue recognition against Ind AS 115 / AS 9 — check 5-step model compliance (identify contract, performance obligation, transaction price, allocation, recognition at point/over time).
Vouch a sample of sales invoices with dispatch records, customer POs, and delivery confirmations. Check cut-off — ensure no revenue is pre-booked or deferred inappropriately.
Perform debtors aging analysis — stratify by age bands. Critically examine debts over 180 days. Assess adequacy of provision for doubtful debts.
Send independent balance confirmations to major debtors per SA 505. Reconcile differences; investigate non-responses.
Examine credit notes issued after year-end — potential returns/rebates that affect revenue recognition.
Check related-party sales — price at arm's length? Disclosed in notes per Ind AS 24 / AS 18?
Analyze unusual journal entries to revenue accounts — especially large round-figure credits, entries by IT administrators, entries posted on weekends/holidays.
GST reconciliation — reconcile sales as per books with GSTR-1 and GSTR-3B filed. Material differences must be investigated and adjusted.

Inventory

Attend or observe physical stock-taking per SA 501 — mandatory for significant inventory balances. Document quantities counted; test count selected items.
Verify inventory valuation at lower of cost and net realisable value (Ind AS 2 / AS 2) — check cost formula applied (FIFO / WA), consistency with prior year.
Identify slow-moving, damaged, or obsolete stock — scrutinize provision for write-down. Obtain management's NRV assessment with supporting data.
Perform cut-off tests — check GRNs and sales invoices around year-end. Goods in transit — confirm ownership (FOB terms).
For manufacturing entities — verify WIP valuations, stage of completion, allocation of overheads per costing policy.
If physical verification was not attended — document the impact and consider qualification of audit opinion if significant.

Fixed Assets (PPE)

Reconcile fixed asset register to general ledger — trace opening balance to prior year audited accounts.
Vouch a sample of additions against purchase invoices, capex authorization, and capitalization date. Verify capital vs revenue treatment.
Verify depreciation — check useful lives applied under Schedule II of Companies Act, 2013 or Ind AS 16 component accounting. Recalculate for selected assets.
Verify physical verification of assets — has management conducted it? Review physical verification report. Identify discrepancies and how they were handled.
Check impairment indicators per Ind AS 36 / AS 28 — idle assets, significant decline in value, restructuring plans. If indicators exist — verify formal impairment testing.
Examine disposals — authorization, proceeds received, gain/loss computation, removal from register.
Verify title documents for land and buildings — registered sale deed, mutation, property tax receipts, encumbrance certificate.
For leased assets — confirm Ind AS 116 / AS 19 treatment: Right-of-Use asset recognition, lease liability, discount rate applied.

Investments & Financial Instruments

Obtain investment schedule — reconcile to general ledger. Verify classification (FVTPL / FVOCI / Amortised Cost under Ind AS 109 / AT cost under AS 13).
Obtain third-party confirmations from depositories (NSDL/CDSL), demat accounts, fund houses, or banks for investment balances.
Verify fair valuations — quoted securities at market price; unquoted at DCF/NAV. Assess reasonableness of valuation models used. Engage auditor's expert if complex.
Check impairment of investments in subsidiaries/associates — review net worth of investee, business plan, market conditions.
Verify inter-corporate loans — review loan agreements, interest accrual, FVTPL/EIR adjustments under Ind AS 109. Check compliance with Section 186 (loan limits, Board approval, register).

Loans, Borrowings & Finance Costs

Obtain borrowing schedule — reconcile outstanding balances with loan statements from banks/NBFCs. Obtain independent bank confirmations per SA 505.
Verify interest expense calculation — cross-check with EIR method under Ind AS 109. Verify classification between current/non-current based on repayment schedule.
Check loan covenants — DSCR, leverage ratios, net worth requirements. Any breach? If so, assess reclassification to current liability and disclosure.
Verify creation and satisfaction of security (charge) with MCA — check ROC records, Form CHG-1/CHG-4 filings.
Examine new borrowings during the year — Board resolution, shareholders' approval (Section 180), end-use of funds.
Verify foreign currency borrowings — ECB compliance (RBI master direction), hedge accounting if applicable.

Provisions, Contingent Liabilities & Commitments

Verify employee benefits — obtain actuarial valuation report for Gratuity (AS 15 / Ind AS 19). Check assumptions: discount rate, attrition, salary escalation. Verify funding status with LIC/trust.
Review legal cases — obtain management representation and legal counsel confirmations (lawyer's letters per SA 501). Assess probability of outcome. Ensure appropriate provision/disclosure.
Check warranty provisions — methodology consistent with historical claim data? Sufficient?
Verify income tax provisions — reconcile advance tax paid, TDS receivable, self-assessment tax. Obtain status of assessments from management.
Review GST/indirect tax matters — pending SCNs, appeals, disputed credits. Obtain legal opinion for significant matters.
Ensure disclosures in notes are complete — contingent liabilities, commitments (capital and other), guarantees given.

Cash & Bank

Obtain bank confirmation letters directly from all banks — balances, facilities, security, guarantees, undisclosed borrowings.
Verify Bank Reconciliation Statements (BRS) for all accounts as of year-end — check for old outstanding cheques (over 6 months), stale deposits, timing differences. Vouch independently.
Physical cash count at year-end if material cash balance exists — conduct surprise cash count. Match with cashier's books.
Check cash transactions — PMLA compliance for large cash transactions. Section 40A(3) — cash payments over ₹10,000 to same person in a day (₹35,000 for transport) — income tax disallowance risk.
Review petty cash — check advance register, expense vouchers, physical balance.

Equity & Share Capital

Verify share capital — reconcile issued/subscribed/paid-up capital with Register of Members, RoC filings (MCA21).
Check any new share issuances — rights issue, private placement (Section 42), ESOPs (ESOP trust, SEBI SBEB regulations for listed entities), allotment against conversion of instruments.
Verify reserves and surplus — appropriation of profits, dividend declarations and payments, buy-back of shares (Section 68).
Verify capital reduction / forfeiture — court/NCLT order, compliance with procedure.

Analytical Procedures (Final)

Compare final trial balance with prior year — ratio analysis: gross profit margin, net margin, current ratio, debt-equity ratio, inventory days, debtor days, creditor days.
Flux analysis — identify line items with more than materiality-level change unexplained by known business events.
Compare audited balances with management accounts/budget — large variances need investigation.
Review overall financial statement presentation — is classification appropriate between current/non-current? Any reclassification from prior year? Corresponding previous year figures restated if required?

CARO 2020 — All 21 Clauses Checklist

The Companies (Auditor's Report) Order, 2020 (CARO 2020) applies to all companies except banking, insurance, and Section 8 companies. For small companies and OPCs, certain clauses are exempt.

⚠ Effective Date: CARO 2020 is applicable for financial statements for FY 2021-22 onwards (with some relaxations for 2020-21). The order has significantly expanded reporting requirements compared to CARO 2016.

#	Clause	Key Reporting Requirement	Evidence Required
i(a)	Property, Plant & Equipment	Proper records maintained? Physical verification conducted — discrepancies reported?	Fixed asset register, physical verification report
i(b)	Intangible Assets	Proper records maintained? Physical verification conducted?	Intangible asset schedule, amortisation workings
i(c)	Title Deeds	Title deeds of immovable properties in company's name? Held by others — details required.	Copies of registered title deeds, mutation records, property tax receipts
i(d)	Revaluation	Was any PPE/intangible revalued? If yes, valuer's name, registration, revaluation amount vs book value.	Valuation report from registered valuer under Companies Act
i(e)	Loans on Assets	Any proceedings initiated / pending against the company for holding benami property?	Management representation, legal counsel confirmation
ii(a)	Inventory	Physical verification conducted by management? Frequency? Discrepancies > 10% or ₹1 lakh per item — reported in financials?	Physical verification report, reconciliation to books
ii(b)	Working Capital Limits	Working capital limits ≥ ₹5 crore from banks — quarterly statements submitted? Variances with books reported?	Quarterly stock statements, bank acknowledgements, reconciliation
iii	Investments / Guarantees / Loans	Loans/advances/guarantees/investments given by company — Section 185/186 compliance? Register maintained? Terms? Overdue amounts?	Section 186 register, Board minutes, loan agreements
iv	Deposits / Deemed Deposits	Any deposits accepted from public? Compliance with Sections 73–76 and Companies (Acceptance of Deposits) Rules 2014.	Deposit register, DPT-1 filings, trustee appointment
v	Cost Records	Maintenance of cost records under Section 148 — applicable or not? If applicable, records maintained?	Cost audit applicability check, cost records, cost audit report
vi(a)	Statutory Dues — Regularity	Regular deposit of PF, ESI, income tax, GST, customs duty, sales tax, service tax, cess, and other statutory dues.	Statutory payment challans, Form 26AS, TDS returns, GST return reconciliation
vi(b)	Statutory Dues — Disputes	Dues not deposited due to disputes — amount, forum (AO / CIT(A) / ITAT / High Court / Supreme Court), period to which relates.	Demand notices, appeal orders, lawyer's certificates, management representation
vii	Cash Losses	Cash losses during the current and immediately preceding year?	P&L account, cash flow statements, management clarification
viii	Lenders / Investors	Any transactions with struck-off companies under Section 248 of Companies Act?	Vendor/debtor list cross-referenced with MCA struck-off list
ix(a)	Default to Lenders	Any default in repayment of loans/dues to financial institutions, banks, or debenture holders? Details of default, period, amount.	Loan statements, bank certificates, sanction letters, Board minutes on defaults
ix(b-f)	Funds Utilisation	Funds raised via public offer/term loans applied for intended purpose? Short-term funds used for long-term purposes? Funds given to subsidiaries/associates — end-use?	IPO/rights offer documents, fund utilisation certificates, loan drawdown records
x(a)	Fraud — Reported	Any fraud by the company or on the company noticed/reported during the year? Nature and amount.	Internal audit reports, forensic reports, police complaints, Board reports
x(b)	Fraud — Section 143(12)	Any report under Section 143(12) filed with Central Government? Details.	Auditor's internal records, correspondence with SFIO/government
xi(a)	Managerial Remuneration	Paid/provided in accordance with Section 197 — MCA approval obtained if excess?	Remuneration details, Board/shareholders' resolutions, MCA approval letters
xi(b)	Nidhi Companies	Applicable only to Nidhi companies — net owned fund, deposits, ratio compliance.	Nidhi return, balance sheet
xii	Related Party Transactions	RPTs in compliance with Sections 177 and 188 — Audit Committee approval, shareholders' approval, Form AOC-2 disclosure.	Audit Committee minutes, Board minutes, AOC-2, RPT register
xiii	Internal Audit	Internal audit system commensurate with the size and nature of business? Internal audit reports considered by management?	Internal audit reports, audit committee minutes, management action taken reports
xiv(a)	Undisclosed Income	Any transactions not recorded in books of account that were surrendered as undisclosed income during search/survey?	IT search/survey reports, undisclosed income returns, management representation
xv	Non-Cash Transactions	Any non-cash transactions with directors or related parties — Section 192 compliance?	Board resolutions, valuation reports, disclosures
xvi	Registration — RBI	Is the company required to be registered under Section 45-IA of RBI Act? If yes, registered?	RBI certificate of registration, investment portfolio, asset-liability structure
xvii	Cash Losses (repeat/related)	Cash losses in current year and immediately preceding year — amounts.	P&L account
xviii	Resignation of Auditors	Any auditor resigned during the year? Issues highlighted in resignation letter taken into account?	Resignation letter, ADT-3 filing, incoming auditor's consideration
xix	Going Concern	Based on financial ratios, ageing, trend analysis — material uncertainty about going concern?	Financial projections, cash flow forecasts, management plans
xx	CSR Transfers	Unspent CSR amount — transferred to Fund specified in Schedule VII / Unspent CSR Account?	CSR committee report, bank transfer receipts, Form CSR-2
xxi	Qualifications — Subsidiary Reports	Qualifications / adverse remarks in CARO reports of subsidiary, associate, joint venture companies — adverse impact on consolidated financial statements?	CARO reports of all subsidiaries/associates/JVs, group auditor assessment

Phase 5: Audit Completion Procedures

Completion procedures bring together all audit evidence and allow the auditor to form a final opinion. These are equally critical as substantive testing.

Going Concern Assessment

Assess going concern indicators per SA 570 — review management's assessment. Consider financial (negative equity, net current liabilities, fixed-term borrowings approaching maturity), operating, and other indicators.
If going concern doubt exists — obtain management's detailed business plan and cash flow projections. Test key assumptions (revenue growth, cost cutting, asset sales, refinancing).
Evaluate likelihood of plans succeeding — consider whether events or conditions and management's plans mitigate the going concern doubt.
Material uncertainty about going concern — ensure prominent disclosure in financial statements. If not adequately disclosed — qualified or adverse opinion.

Subsequent Events

Perform subsequent events review per SA 560 — inquire of management about events between balance sheet date and auditor's report date that could require adjustment or disclosure.
Read Board minutes, Audit Committee minutes, and Shareholders' minutes up to the date of audit report.
Review management accounts and interim financials (if available) for material events.
Specific inquiries — any litigation, regulatory actions, major contracts, going concern events, material asset disposals after year-end?

Written Representations

Obtain Management Representation Letter per SA 580 — signed by CEO/MD and CFO.
Key assertions in MRL: financial statements are complete and accurate; all related parties disclosed; all known actual or possible litigation included; post-balance sheet events disclosed; entity is a going concern; all assets belong to the company; all liabilities recorded; no fraud known to management; compliance with laws and regulations.
CARO-specific representations — benami property, struck-off company transactions, undisclosed income.
An unsigned or delayed MRL prevents issuance of the audit report. Do not sign the report without receiving the MRL.

Summary of Unadjusted Misstatements

Prepare a Schedule of Unadjusted Differences (SOUP) — list all factual, judgmental, and projected misstatements identified.
Evaluate whether individually or in aggregate, unadjusted misstatements are material — per SA 450.
Communicate unadjusted misstatements to management — request correction. Document management's reasons for not adjusting.
If uncorrected misstatements are material — modify audit opinion accordingly.

Engagement Quality Control Review (EQCR)

For listed entities and other engagements requiring EQCR per SA 220 — appoint an independent EQCR reviewer before sign-off.
EQCR reviewer to check: significant risks and responses, significant judgments and conclusions, consultations on contentious matters, appropriateness of proposed audit opinion.
EQCR completed before audit report is signed. Document EQCR reviewer's concurrence.

Phase 6: Auditor's Report — Types & Requirements

The audit report is the auditor's public communication of findings. SA 700–720 govern the form and content. For listed companies, the format prescribed by ICAI under SA 701 (Key Audit Matters) is also applicable.

Report Type	When Issued	Impact	SA Reference
Unmodified (Clean) Opinion	Financial statements give true and fair view; no material misstatement	No qualification	SA 700
Qualified Opinion	Material but not pervasive misstatement / limitation of scope	Except for…	SA 705
Adverse Opinion	Misstatement is material AND pervasive — financial statements as a whole misleading	Do not present true & fair view	SA 705
Disclaimer of Opinion	Limitation of scope is material AND pervasive — auditor unable to obtain sufficient audit evidence	Unable to express opinion	SA 705
Emphasis of Matter	Matter properly presented and disclosed but fundamental to users' understanding	Unmodified + EOM paragraph	SA 706
Key Audit Matters (KAM)	Listed companies — matters most significant in the audit of the financial statements	Enhanced reporting	SA 701

Auditor's Report Checklist — Companies Act 2013

Report addresses to the Members of the Company (shareholders) — not to the Board of Directors.
Title clearly states "Independent Auditor's Report".
Introductory paragraph — identifies financial statements audited, management's responsibility, auditor's responsibility.
Basis for Opinion paragraph — conducted audit per SAs, ICAI ethical requirements, planned and performed to obtain reasonable assurance.
Key Audit Matters section (listed companies) — for each KAM: describe the matter, why considered significant, how it was addressed in the audit.
Information Other than the Financial Statements — responsibility for and on other information (Annual Report, Directors' Report).
Management's Responsibility — preparation per applicable financial reporting framework, internal controls.
Auditor's Responsibility — express opinion, consider materiality, perform risk-based procedures.
Opinion paragraph — clear statement of opinion (unmodified/qualified/adverse/disclaimer). If modified — specific description of the matter.
Report on Other Legal and Regulatory Requirements (ROLRR) — Section 143(3) requirements: books of accounts maintained, branch visits, directors' report consistency, ICFR adequacy, disqualification of directors (Section 164(2)), pending litigations disclosed.
CARO 2020 Annexure — if applicable, attach CARO report covering all 21 clauses.
Signature — engagement partner's name and membership number, firm name and registration number, UDIN, place, and date.
UDIN must be generated on the ICAI portal within 15 days of signing the report. Failure to generate UDIN is treated as professional misconduct.

₹25,000

Minimum Penalty

Minimum penalty on auditor for contravention under Section 147 of Companies Act, 2013.

₹5 Lakh

Maximum Penalty

Maximum penalty on auditor (if not acting with intent to deceive). Imprisonment up to 1 year if acting fraudulently.

₹1 Cr

NFRA Maximum

NFRA may impose penalty of up to ₹1 crore and debar auditor from practice for up to 10 years for professional misconduct.

3x

Fraudulent Audit

If audit resulted in fraud — auditor liable to refund remuneration and pay damages equivalent to 3x the remuneration received.

Phase 7: Special Audit Areas

Advanced audit situations require specialized checklists beyond routine substantive testing. Below are high-risk areas demanding extra professional skepticism.

Auditing Revenue — Key Risks (Ind AS 115)

Multiple Performance Obligations: Does the entity sell bundled products/services? Verify allocation of transaction price using standalone selling price (SSP). Check if each element is distinct.
Variable Consideration: Are rebates, discounts, volume incentives, or penalties estimated correctly? Is the constraint on variable consideration appropriately applied (highly probable not to be significantly reversed)?
Contract Modifications: How are mid-term changes to contracts treated — as new contracts or modifications? Accounting treatment correct?
Bill-and-Hold Arrangements: Are bill-and-hold sales genuine? Customer-specific request? Risk transferred? Goods separately identified? Verify physical existence.
Channel Stuffing: Check for unusual spike in sales to distributors near year-end. Review returns and credit notes post year-end. Confirm right of return terms.
Long-Term Contracts (PoC Method): Verify stage of completion methodology — input method (costs incurred) or output method (survey). Recalculate estimated total contract costs and revenue.

Auditing Related Party Transactions

Obtain complete list of related parties from management — verify against Register of Directors' Interests, shareholders' list, group company list.
Search for undisclosed related parties — check payment beneficiaries, common directors across companies, shareholding patterns.
For each significant RPT — verify arm's-length pricing, Audit Committee and Board approval (Section 177/188), shareholder approval if required.
Ensure notes disclosures per Ind AS 24 / AS 18 are complete — nature of relationship, description of transaction, outstanding balances, impairment provisions.
SA 550 requires the auditor to remain alert for RPTs not identified by management. Consider confirmation with counterparties and reviewing bank statements for unexplained transactions.

Auditing Management Estimates

Identify all significant accounting estimates — impairment of assets, fair value measurements, expected credit loss (ECL), provisions, deferred tax asset recognition, pension/gratuity, warranty provisions, contingent liabilities.
Per SA 540 (Revised) — assess whether the method, data, and assumptions used are appropriate. Test mathematical accuracy.
Evaluate management's bias — has management consistently over/under-estimated in the past? Review prior year estimates vs outcomes.
For complex estimates (ECL models, actuarial valuations, DCF models) — consider engaging an auditor's expert per SA 620.
Document the point estimate or range and assess whether the financial statement amount is reasonable.

Group Audit Considerations

Identify group structure — subsidiaries, associates, JVs, branches. Assess significance of each component per SA 600.
For significant components — perform full audit or specific audit procedures. For insignificant components — apply analytical procedures.
Issue Group Audit Instructions to component auditors — reporting deadlines, materiality, specific procedures required, group accounting policies.
Review component auditor's work — assess competence and independence. Consider visiting component auditor if high-risk component.
Consolidation audit — verify elimination entries (inter-company transactions, unrealised profits, investments vs equity), consistency of accounting policies, currency translation (Ind AS 21), goodwill and purchase price allocation (Ind AS 103).

Interactive Audit Progress Tracker

Use this real-time tracker to mark audit procedures as completed. Track your audit progress dynamically.

Audit Risk Analytics

Visual overview of key audit metrics, common qualification areas, and audit risk distribution patterns observed in Indian statutory audits.

Audit Qualification Sources

Most common reasons for modified opinions in India

CARO 2020 — Clause-wise Reporting Frequency

% of auditors reporting adverse/qualified remarks by clause

Audit Risk Distribution

Typical risk allocation across financial statement areas

Time Allocation Across Audit Phases

Recommended time split for an efficient statutory audit

Frequently Asked Questions

Common queries from audit practitioners on statutory audit compliance and reporting.

CARO 2020 is applicable to all companies including foreign companies, except: banking companies, insurance companies, Section 8 companies (non-profit), and private companies meeting all of these criteria simultaneously — paid-up capital and reserves ≤ ₹1 crore, total borrowings from any bank or financial institution ≤ ₹1 crore at any point during the financial year, and total revenue ≤ ₹10 crore as per financial statements for the year. Note that the MCA may issue notifications modifying exemptions — always verify the latest position.

A Material Weakness in ICFR is a deficiency, or combination of deficiencies, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented, or detected and corrected, on a timely basis. A Significant Deficiency is a deficiency, or combination of deficiencies, that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. Both must be communicated in writing to management and TCWG. A material weakness requires an adverse report on ICFR (or qualification in the main audit report if affecting the financial statements).

An auditor who has reason to believe that an offence of fraud involving an amount of ₹1 crore or above is being or has been committed by officers or employees of the company, must report it to the Central Government (Ministry of Corporate Affairs) within 60 days. Below ₹1 crore, the auditor must report to the Board or Audit Committee within 2 days, and the Board must disclose it in the Board's report. Failure to report as required under Section 143(12) is itself a criminal offence under Section 143(15) — punishable with imprisonment up to 1 year and fine between ₹1 lakh and ₹25 lakh.

Key Audit Matters (KAMs) per SA 701 are matters that, in the auditor's professional judgment, were of most significance in the audit of the financial statements of the current period. KAMs are selected from matters communicated to TCWG. They are required for audits of financial statements of listed entities. For unlisted entities, SA 701 is not mandatory but may be applied voluntarily. Typical KAMs include: revenue recognition (complex contracts), impairment of goodwill, expected credit loss provisioning, going concern assessment, and major acquisitions or disposals.

No. Section 144 of the Companies Act, 2013 provides a specific list of services that a statutory auditor (or its network firm) cannot provide to the auditee company or its holding/subsidiary company. Prohibited services include: accounting and bookkeeping, internal audit, design and implementation of financial information systems, actuarial services, investment advisory services, investment banking services, rendering of outsourced financial services, management services, and any other service as may be prescribed. Providing these services creates a self-review threat that fundamentally compromises independence.

Professional skepticism is an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence (SA 200). It means not accepting management's explanations at face value but corroborating them with independent evidence. SA 240 specifically requires the audit team to maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist even when prior audit experience suggests management integrity. High-risk areas requiring heightened skepticism include: management estimates, related-party transactions, revenue recognition near year-end, and unusual or complex transactions.

Statutory Audit Checklist— Complete Advanced Guide