Guidance Notes On Auditing Standards CSAS1 To CSAS4

GUIDANCE NOTES
ON ICSI
AUDITING STANDARDS
(i)
December, 2020
Price : Rs. 200/- (excluding postage)
Issued by :
THE INSTITUTE OF COMPANY SECRETARIES OF INDIA
ICSI House, 22, Institutional Area, Lodi Road,
New Delhi 110 003
Phones : 011-4534 1000, 4150 4444 • Fax +91-11-2462 6727
E-mail info@icsi.edu • Website www.icsi.edu
(ii)
PREFACE
ICSI Auditing Standards aims to support the Company

Secretaries in developing auditing acumen, techniques and
tools and inculcate best auditing practices while conducting
the audit and promote standardisation and uniformity in the
professional arena. The ICSI has issued the first four Auditing
Standards, i.e (i) Auditing Standard on Audit Engagement
(CSAS-1) ;(ii) Auditing Standard on Audit Process and
Documentation (CSAS-2) ;(iii) Auditing Standard on Forming
of Opinion (CSAS-3) and (iv) Auditing Standard on Secretarial
Audit (CSAS-4), which are applicable mandatorily on the
audit assignments accepted by the auditor on or after 1st
April, 2021.
The adoption of Auditing Standards will bring substantial

impact on the quality of audits performed by Company
Secretaries and bring uniformity and consistency.
The Institute has formulated the Guidance Notes on

Auditing Standards to set out the explanations, procedures
and practical aspects of various provisions contained in
ICSI Auditing Standards [CSAS-1 to CSAS-4] to facilitate
compliance thereof by the stakeholders.
Further, these Guidance Notes are prepared on the basis

of relevant provisions of the applicable, laws, act, rules,
regulations, guidelines, standards etc. and if due to any
subsequent changes in the same, the Guidance Notes or
any part thereof becomes inconsistent, then the provisions
of such laws, act, rules, regulations, guidelines, standards etc.
shall prevail.
The text of the Guidance Notes is written in italics, while the

text of the Standards is in normal font.
(iii)
PREFACE
I place on record my sincere thanks to CS Vineet K. Chaudhary,

Council Member and Chairman, Auditing Standards Board
(ASB), CS Devendra V. Deshpande, Vice Chairman, and all
the members of the ASB for their tireless efforts in preparation
and finalisation of the Guidance Notes.
I also commend the dedicated efforts put in during the

preparation of the Guidance Notes by CA Hema Babbar,
Assistant Director and CS Surbhi Jain, Consultant under the
leadership of CS Banu Dandona, Joint Director, Directorate
of PMQ, Boards and Certificate Courses under the overall
guidance of CS Asish Mohan, Secretary of the ICSI.
Furthermore, inevitably, in any publication, there is always

scope for further improvement. I would personally be grateful
to users and readers for offering the suggestions/comments
for further refinement of the contents of the publication.
Date: 18th December, 2020 CS Ashish Garg
Place: Indore President, ICSI
(iv)
CONTENT
Pg.
GUIDANCE NOTE ON AUDIT ENGAGEMENT

Scope 1
Effective Date 4
Objective 5
Definitions 5
Audit Engagement Process 9
Limits on Audit Engagements 19
Conflict of Interest 21
Confidentiality 29
Changes in terms of engagement 31
Annexure A 34
Annexure B 35
GUIDANCE NOTE ON AUDIT PROCESS

AND DOCUMENTATION
Scope 38
Effective Date 38
Objective 39
Definitions 40
Audit Planning 41
Risk Assessment 47
Information about the Auditee 48
Audit Check-lists 49
Collection and Verification of Audit Evidence 50
Third Party Confirmation 52
Analysis of Audit Evidence 52
(v)
CONTENTS
Pg.
Documentation 54
Record Keeping and Retention 57
GUIDANCE NOTE ON FORMING OF OPINION

Scope 59
Effective Date 59
Objective 60
Definitions 60
Process for forming of Opinion 64
Precedence and Practices 71
Third Party Report or Opinion 72
Form of an Opinion 74
Auditor’s Responsibility 79
Format of Report 80
GUIDANCE NOTE ON
AUDITING STANDARD ON SECRETARIAL AUDIT
Scope 83
Effective Date 84
Objective 84
Adherence to other Auditing Standards 84
Definitions 85
Identification and segregation of applicable laws 87
Verification of corporate conduct and compliance 91
of laws
Board Composition 93
Board Processes 99
System and Process 100
Detection of Fraud 101
Reporting of Fraud 104
Identification and Reporting of the events/ actions 105
having major bearing on Auditee’s affairs
(vi)
1
Guidance Note on Audit Engagement
The Auditing Standard on Audit Engagement (CSAS-1),

formulated by Auditing Standards Board (ASB) of the Institute
of Company Secretaries of India (ICSI) and issued by the
Council of the ICSI, is effective from 1st July, 2019 on a
recommendatory basis and mandatory with effect from 1st
April, 2021.
This Guidance Note sets out the explanations, procedures and

practical aspects in respect of the provisions contained in
CSAS-1 to facilitate compliance thereof by the stakeholders.
Scope
This Auditing Standard (‘the Standard’) is applicable to the

Auditor undertaking Audit Engagement under any statute.
The Standard deals with the Auditor’s roles and responsibilities
with respect to an Audit Engagement and process of entering
into an understanding/agreement with the Appointing
Authority for the purpose of audit.
The Auditing Standard on Audit Engagement (CSAS-1) is

applicable to the Practicing Company Secretaries (PCS) as
defined in the Company Secretaries Act, 1980, who undertake
the audit assignment envisaged under the Companies Act,
2013 or Securities and Exchange Board of India Act, 1992 or
any other law prevailing in India.
CSAS-1 is not applicable for Audits entrusted on a voluntary

basis by the Auditee to the Auditor. However, adherence to
the Standard is recommended in respect of Audits entrusted
on voluntary basis also.
1
2 GUIDANCE NOTE ON AUDIT ENGAGEMENT
In case of appointment by Court, Tribunal or Regulatory

Authority, CSAS-1 shall apply to the extent possible, since the
manner of appointment and terms of engagement in such
cases shall be as per the directions of the Court, Tribunal or
Regulatory Authority.
Following is an illustrative list of Audits which may be

undertaken by a Company Secretary under various
Statutes:
Type of Audit Act/ Section/ Auditee

Regulation Regulation
Secretarial Companies 204 Company

Audit Act, 2013
Secretarial SEBI (LODR) 24A Listed Entities

Audit
Regulations
2015
Internal Audit Companies 138 Company

Act, 2013
Audit of SEBI 76 Sole

Depository (Depositories Proprietorship,
Participants and Partnership
Participants) Firm, LLP,
Regulations Company
2018 read with
SEBI circular
no. SEBI/
HO/MRD/
DOP2-DSA2/
CIR/P/2019/22
dated
January 23,
2019
GUIDANCE NOTE ON AUDIT ENGAGEMENT 3
Internal Audit SEBI (Stock SEBI circular Sole

of Stock and sub- no. MIRSD/ Proprietorship,
Brokers broker) DPSIII/ Cir-26/ HUF,
Regulations 08 Partnership
1993 Firm, LLP,
Company
Internal SEBI (In- 19(3) Sole Pro-
Audit of vestment prietorship,
Investment Advisors) Partnership
Advisors Regulations Firm, LLP,
2013 Company
Internal SEBI SEBI circular Body

Audit of (Portfolio no. IMD/PMS/ Corporate
Portfolio Managers) CIR/1/21727/
Managers Regulations 03 dated
1993 November 18,
2003
Internal SEBI SEBI circular Public
Audit of (Credit no.MRD/ Financial
Credit Rating CRA/ CIR- Institution,
Rating Agencies) 01/2010 Scheduled
Agencies Regulations dated Commer-
1999 January 06, cial Bank,
2010 Foreign Bank
operating
in India with
RBI
approval,
Foreign
Credit Rat-
ing Agency
recognised
by or under
any law,
Company,
Body Cor-
porate
Internal SEBI (Re- 25(3) Sole

Audit of search Proprietor-
Research Analysts) ship,
Analysts Regulation Partnership
2014 Firm, LLP,
Company
While auditing under any of the statutes, the Auditors

are required to examine the Records, documents and
information from the Auditee to express an independent
opinion. Therefore, it becomes very important to understand
the scope of audit.
This Guidance Note on CSAS-1 deals with the Auditor’s

responsibilities while agreeing to the terms of Audit
Engagement and entering into an agreement with the
Management or those charged with governance. This
includes principal contents of an Audit Engagement Letter
and also the duties and responsibilities of the Auditor and
the Auditee in case of a change in terms of engagement,
if any.
Effective Date
The Standard is effective and recommendatory for Audit
Engagements accepted by the Auditor on or after 1st July,
2019 and mandatory for Audit Engagements accepted by
the Auditor on or after 1st April, 2020.
In view of the developments arising due to the spread

of Covid-19 pandemic, the effective date of mandatory
applicability of ICSI Auditing Standards CSAS-1 to CSAS-4
has been extended for Audit Engagements accepted by
an Auditor on or after 1st April, 2021. Members are advised
to follow the Institute’s communications/ guidelines, which
may be issued from time to time, for the date of mandatory
applicability of ICSI Auditing Standards CSAS-1 to CSAS-4.
Objective
The objective of the Standard is to prescribe for the Auditor,

principles and procedures to be followed while accepting
or continuing with an Audit Engagement by agreeing to the
terms of engagement with the Appointing Authority or any
changes therein and matters relating thereto.
This Standard is applicable on the Auditor in all of the

following situations:
New Audit Engagement – Covers an audit being conducted

first time and therefore the appointment of the Auditor is an
initial appointment. It will also cover the situations where the
audit for the previous period was conducted by another
Auditor.
Recurring Audit Engagement – Covers the situation where

the Auditor had conducted the audit for the previous period
and is requested to conduct the audit for the subsequent
period as well. In such a case, the Auditor should obtain
fresh Audit Engagement Letter if the period of engagement
has expired, including revised terms if the circumstances
so require Auditor shall adhere to the Standard even if the
Audit Engagement is a continuing one.
Changes in terms of Audit Engagement – Whenever there is

a change in the terms of Audit Engagement in the middle of
an ongoing audit, the Auditor shall adhere to the Standard
and initiate a revised Engagement Letter in terms of this
Standard.
Definitions
For the purpose of Auditing Standards (CSAS) issued by The
Institute of Company Secretaries of India (ICSI), the following
terms shall have the meaning attributed as below, unless
specified otherwise:
(1) “Appointing Authority” means any person having

authority to appoint the Auditor.
The Auditee under the Statute could be a company or
any other form of entity. Appointing Authority will depend
upon the type of the Auditee. In case the Auditee is a
company, the Appointing Authority would be the Board of
company and in other cases, it would be the persons who
have been entrusted with the responsibility of governance
and compliances of the Auditee. Further, the Appointing
Authority may also include Court, Tribunal or Regulator or
any officer thereof.
For example, in case of Secretarial Audit under Section 204
of Companies Act, 2013 or Clause 24A of the SEBI (LODR)
Regulations, 2015 and Internal Audit under Section 138 of
Companies Act, 2013 , the Appointing Authority would be
the Board of the Company.
In case, the Auditee is under Corporate Insolvency Resolution
Process, the Appointing Authority shall be the Resolution
Professional.
In case of Audit of Depository Participants, the Appointing
Authority may depend upon the type of Auditee, e.g. if the
Depositary Participant is a company then the Appointing
Authority will be the Board or in case of an LLP it could be
the designated partner or any other partner as may be
authorised to appoint the Auditor. Similarly in case of Internal
Audit of Stock Brokers, Internal Audit of Investment Advisors,
Internal Audit of Portfolio Managers, Internal Audit of Credit
Rating Agencies and Internal Audit of Research Analysts,
the Appointing Authority would depend upon the type of
Auditee.
(2) “Audit Engagement” means detailed terms of reference

of appointment including scope of audit, remuneration and
limiting conditions, if any.
(3) “Auditee” means a person subject to audit.
(4) “Auditor” means a Company Secretary who is deemed

to be in practice under sub-section (2) of Section 2 of the
Company Secretaries Act, 1980 and includes a firm or Limited
Liability Partnership (LLP) registered with ICSI, undertaking
the Audit.
Auditor means a member of the ICSI who holds a valid

Certificate of Practice under Section 2(2) of the Company
Secretaries Act, 1980. It includes a firm or Limited Liability
Partnership (LLP) registered with ICSI and whose partners are
members of the ICSI.
(5) “Management” includes Board of Directors and

persons who have been entrusted with the responsibility of
governance and compliances of the Auditee.
In case of Companies
The term “persons who have been entrusted with the

responsibility of governance and compliances of the
Auditee” include the Key Managerial Personnel as defined
under Section 2(51) of the Companies Act, 2013 and senior
Management as defined under SEBI (LODR) Regulations,
2015 and the explanation given in Section 178 of the
Companies Act, 2013.
As per Section 2(51) of Companies Act, 2013: “Key Managerial

Personnel”, in relation to a company, means –
(i) the Chief Executive Officer or the Managing Director

or the Manager;
(ii) the Company Secretary;
(iii) the whole-time Director;

(iv) the Chief Financial Officer;
(v) such other officer, not more than one level below
the directors who is in whole-time employment,

designated as Key Managerial Personnel by the Board;
and
(vi) such other officer as may be prescribed
As per Regulation 16(1)(d) of SEBI (LODR) Regulations, 2015
: “Senior Management” shall mean officers/personnel of
the listed entity who are members of its core management
team excluding board of directors and normally this
shall comprise all members of Management one level
below the Chief Executive Officer/Managing Director/
whole time Director/ Manager (including Chief Executive
Officer/Manager, in case they are not part of the board)
and shall specifically include Company Secretary and
Chief Financial Officer.
Explanation to Section 178 of the Companies Act, 2013,
describes that ”Senior Management’’ means personnel of
the company who are members of its core Management
team excluding Board of Directors comprising all members
of Management one level below the Executive Directors,
including the functional heads.
In case of Auditee other than companies, the term
“persons who have been entrusted with the responsibility
of governance and compliances of the Auditee” shall
include any person or employee of the Auditee as may be
authorised. For example, in case of an LLP, Management
includes the partners or designated partners or any officer
of the LLP entrusted with such responsibility.
In case of a Proprietorship, Management means the
proprietor or any officer authorised by him.
(6) “Predecessor or Previous Auditor” means an Auditor
who has conducted the most recent audit assignment
of the Auditee and submitted report thereon prior to the
incumbent Auditor or was engaged but did not complete
the audit assignment due to his resignation, termination or

otherwise.
An Auditor who has completed the assignment and has not

been reappointed or an Auditor who had been appointed
but has not completed the assignment due to resignation,
termination or otherwise, shall be deemed to be a
“Predecessor or Previous Auditor” for the same assignment.
1. Audit Engagement Process

The Auditor shall undertake the following steps with respect
to the Audit Engagement:
Pre-Engagement Meeting
Before accepting the Audit Engagement, the Auditor should

have a pre-engagement meeting with the Auditee. The
meeting may inter-alia include discussion about the terms
of engagement, prior year audit findings and conclusions,
appropriateness of reporting framework, understanding
Auditee’s business operations and environment including
internal control system, commercial terms of the audit and
the timelines and milestones, if any, for conducting the Audit
and submission of the Audit Report. Auditor shall disclose in
the pre-engagement meeting conflict of interest, if any, with
the Auditee.
The Auditor shall be under Confidentiality obligation

with respect to the information obtained during the pre-
engagement meeting.
1.1 Appointment
1.1.1 The appointment of Auditor shall be made in the manner

prescribed in the applicable laws, act, rules, regulations,
standards and guidelines and in case no such manner has
been prescribed, such appointment shall be made in the
manner determined by the Appointing Authority.
Illustration:
Section 179(3)(k) of Companies Act, 2013 read with Rule

8(4) of Companies (Meeting of Board and its Powers) Rules,
2014 requires that the Internal Auditor and Secretarial
Auditor of the company shall be appointed by passing a
resolution at a duly convened meeting of the Board.
Therefore, the appointment of Internal Auditor/Secretarial

Auditor cannot be made by passing a resolution by
circulation.
Further, the said appointment cannot be made by Key

Managerial Personnel or Senior Management, even if
authorised by the Board in this regard.
1.1.2 The Auditor shall submit a Certificate to the Appointing

Authority confirming eligibility for appointment as Auditor.
Before accepting an audit, the Auditor shall furnish a

certificate to the Appointing Authority that:
a. The number of audits are within the ceiling prescribed

by the ICSI as specified in para 2 of CSAS 1.
b. No substantial conflict of interest as defined in para 3

of CSAS-1 exists with the Auditee.
c. There is no restriction to render the professional services

under ICSI Guidelines.
d. He is not debarred to undertake such audit under any

law or under the disciplinary mechanism of the ICSI.
A Specimen Eligibility Certificate is placed at Annexure A
1.1.3 The Auditor shall obtain an Audit Engagement Letter

along with a copy of the resolution, if any, passed by the
Appointing Authority and shall provide acceptance to the
Appointing Authority.
The Auditor may give his acceptance to undertake the

audit either on the copy of the Audit Engagement letter
or through a separate letter. The acceptance may also be
communicated through an email.
1.2 Audit Engagement Letter
The Audit Engagement Letter shall inter alia include:
a. The objective and scope of the audit;
b. The responsibilities of the Auditor and the Auditee;
c. Written representations provided and/or to be

provided by the Management to the Auditor,
including particulars of the Predecessor or Previous
Auditor;
d. The period within which the audit report shall be

submitted by the Auditor, along with milestones, if any;
e. The commercial terms regarding audit fees and

reimbursement of out of pocket expenses in connection
with the audit; and
f. Limitations of audit, if any.
Where the objective and scope of the audit and responsibilities

of the Management and of the Auditor have been established
by law, the Audit Engagement Letter shall give a reference
to the provisions of the relevant law along with a statement
that the Management acknowledges and understands its
responsibilities for preparation and maintenance of records
and for devising proper systems to ensure compliance with
the provisions of applicable laws, act, rules, regulations and
standards for the time being in force.
The Auditor shall agree upon the terms of Audit Engagement

with the Appointing Authority which shall be documented in
an Audit Engagement letter.
The engagement letter provides the opportunity to detail

the scope of the Audit Engagement and to define the
responsibilities between the Auditor and the Auditee.
It clarifies under which laws, act, rules and regulations the

audit is being carried out and provides the reference of the
format of the report, if any, specified by the statute or by
ICSI.
It documents the terms of Audit Engagement agreed

between the Auditor and the Appointing Authority with
reference to scope of audit, responsibilities of Auditor and
Auditee, remuneration and limiting conditions, if any.
The Responsibilities of Auditor inter alia include the following:
• To take up the audit as per the terms of the

engagement.
• To depute personnel who have the knowledge of the

laws under which the audit is being carried out, subject
to his overall supervision.
• To observe and ensure observance of highest standards

of ethics and maintain utmost professionalism at
all times by the employees, staff and other team
members involved in the Audit and persons engaged
by him to provide advice or assistance for the conduct
of audit.
• To maintain and ensure confidentiality by the

employees, staff and other team members involved
in the audit and persons engaged by him to provide
advice or assistance for the conduct of audit as
mentioned in Para 4 of this Standard.
• To not trade in securities relating to which unpublished
price sensitive information has come to his/her
knowledge during the course of audit, which
responsibility shall extend to the employees, staff and

other team members involved in the audit and persons
engaged by him to provide advice or assistance for
the conduct of audit also.
Responsibilities of Auditee inter alia include:
• To provide access to premises of the Auditee and

timely access to Records, documents, legal opinions,
show cause notices, inspection reports and other
information, explanations and reports as may be
necessary in connection with the audit.
• To identify and depute a responsible official to

timely provide relevant documents, information and
explanations required by the Auditor.
• To provide written Management representations, if

any, to the Auditor during the course of audit, which
shall provide the Auditor a substantive evidence of
important assertions and the Management’s primary
responsibility for the assertions and its accuracy.
• To provide details of the Predecessor or Previous

Auditor, so as to enable proposed Auditor to
communicate with the Predecessor or Previous
Auditor.
Audit remuneration and expenses may depend on several

factors including:
– Size of the organisation;
– Location of business and its branches;
– Type of company (Listed/Unlisted);
– Sector to which company belongs

– Nature of business;
– Internal control mechanism;
– Scope of Audit Engagement;
– Frequency of audit, whether monthly, quarterly, yearly
– Type of audit, whether sole, joint or concurrent audit
– The experience of the Auditor in conducting audits;
– Estimated man-hours required to complete the

assignment;
– Guidance/Advisory issued by the ICSI, if any
– Any other term or a combination of any of the above.
Audit fees should be a fair reflection of the value of the work

performed for the Auditee, considering the above factors.
Quantum of fees, billing arrangement and terms of payment

shall be mentioned in the Audit Engagement letter.
The Audit fee shall not be contingent upon findings or results

of the audit. However, fees shall not be regarded as being
contingent if fixed by a court or other public authority.
The Auditor is not permitted to pay a commission to obtain

an audit nor shall he accept a commission for referral of an
Auditee to a third party. He shall not accept a commission
for the referral of the products or services of others.
As per Clause 2 of Schedule I of the Company Secretaries

Act, 1980: A Company Secretary in Practice shall be
deemed to be guilty of professional misconduct, if he pays
or allows or agrees to pay or allow, directly or indirectly, any
share, commission or brokerage in the fees or profits of his
professional work to any person, other than a member of
the Institute or a partner or a retired partner or the legal
representative of a deceased partner.
As per Clause 9 of Schedule I of the Company Secretaries

Act, 1980 : A Company Secretary in Practice shall be

deemed to be guilty of professional misconduct, if he
charges or offers to charge, accepts or offers to accept,
in respect of any professional employment, fees which are
based on a percentage of profits or which are contingent
upon the findings, or result of such employment, except as
permitted under any regulation made under this Act.
Auditor should include a statement in the Audit Engagement

Letter that because of inherent limitations of an audit,
inherent limitations of internal control, an unavoidable risk
exists that some material non-compliance may not be
detected, even though the audit is properly planned and
performed in accordance with the applicable Auditing
Standards.
Audit Engagement Letter should also specify that

arrangements concerning the involvement of third party
and experts in some aspects of the Audit.
If the Appointing Authority has imposed a limitation on the

scope of the Auditor’s work in the terms of engagement
and the Auditor believes that such limitation will result in
lower level of assurance than what is required under law,
the Auditor shall not accept such an engagement, unless
required by law or regulation to do so.
Specimen Audit Engagement Letter is placed at Annexure B
1.3 Communication to the Predecessor or Previous Auditor
The Auditor shall communicate in writing to the Predecessor

or Previous Auditor, if any, before accepting the Audit
Engagement.
There should be an effective communication with the

Predecessor or Previous Auditor, if any. Auditor should
communicate with the Predecessor or Previous Auditor in
such manner as to retain positive evidence of the delivery
of the communication. Communication by a letter sent by

Registered Acknowledgement Due or by courier or by hand
against the written Acknowledgement or through an email
would be in the normal course provide such evidence. The
Auditor shall wait for a period of 7 days from the date of
communication before accepting the audit.
In case any information is provided by the Predecessor

Auditor, the Successor Auditor shall take cognizance of the
same. The information obtained from the Predecessor may
be useful in undertaking the audit. Such information shall
remain confidential.
The Council of the Institute has resolved that it shall be

mandatory for every Company Secretary in Practice,
before accepting any of the following assignments, to
communicate to the previous incumbent, in terms of terms
of clause (8) of part I of the First Schedule to the Company
Secretaries Act, 1980 :
(i) Signing of Annual Return in Form MGT-7 under Section

92(1) of the Companies Act, 2013 and rule 11(1) of the
Companies (Management and Administration) Rules,
2014.
(ii) Certification of Annual Return in Form MGT-8 under

Section 92(2) of the Companies Act, 2013 and
rule 11(2) of the Companies (Management and
Administration) Rules, 2014.
(iii) Issuance of Secretarial Audit Report in terms of Section

204 of the Companies Act, 2013.
(iv) Issue of Secretarial Audit Report to material unlisted

subsidiaries of Listed entities (whose equity shares
are listed) under Regulation 24A of SEBI (LODR)
Regulations, 2015.
(v) Issue of Annual Secretarial Compliance Report to

Listed entities (whose equity shares are listed) under

Regulations 24A of SEBI (LODR) Regulations, 2015.
(vi) Certification under SEBI (Listing Obligations & Disclosure

Requirements) Regulations, 2015 that none of the
directors on the board of the company have been
debarred or disqualified from being appointed or
continuing as directors of companies by the Board/
Ministry of Corporate Affairs or any such statutory
authority under Schedule V, Part C, Clause (10)(i).
(vii) Certification under Regulation 40(9) of SEBI (LODR)

Regulations, 2015 certifying that all certificates have
been issued within thirty days of the date of lodgement
for transfer, sub-division, consolidation, renewal,
exchange or endorsement of calls/ allotment monies.
(viii) Conduct of Internal Audit of Operations of the

Depository Participants registered with NSDL & CDSL
under the provisions of the Depositories Act, 1996 read
with SEBI (Depositories and Participants) Regulations,
1996.
(ix) Certificate of Reconciliation of Share Capital Audit

Vide Circular No. D & CC/FITTC/CIR-16/2002 Dated
December 31st 2002 (Amended Vide Circular No. CIR/
MRD/DP/30/2010 Dated 06-09-2010) Issued By SEBI.
(x) Acting as Compliance Auditor under Third Party

Certification/ Audit Scheme (Amendment), 2018 in
the State of Haryana.
(xi) Issuance of Audit Report as provided under Regulation

76 the SEBI (Depositories and Participants) Regulations,
2018, by the unlisted public companies, to be
submitted on a half-yearly basis to the ROC, under
whose jurisdiction the registered office of the company
is situated, under the provisions of the Rule 9A(8) of
the Companies (Prospectus & Allotment of Securities)

Rules, 2014.
(xii) Diligence Reporting for Banks in case of multiple

banking/consortium lending arrangements in terms
of the circular issued by RBI.
(xiii) Conduct of Internal Audit of Depositary Participants.
(xiv) Conduct of Internal Audit of stock brokers/sub brokers

under SCRA, 1956 and Rules and Regulations made
thereunder.
Further, Council of ICSI has prescribed the following format

to be issued by Company Secretaries under Clause 8 of the
First Schedule of the Company Secretaries Act, 1980 :
CS...........
Address .......... Dear Sir / Madam,
Sub.: Intimation in terms of Clause 8 of the First Schedule

to the Company Secretaries Act, 1980
I, CS ………… /We, M/s.............., Company Secretary

in Practice / Firm of Company Secretaries have been
approached by the Management of M/s................ Limited
to................. (list of professional services) for the FY .........
vide their letter No. ........... dated ...... We understand that
earlier the abovementioned professional services were
being rendered by your goodself/ firm to M/s. ...........
Limited during the Financial Year .............
I / We request you to kindly take this communication as

an intimation to be given to the previous incumbent in
terms of Clause 8 of the First Schedule to the Company
Secretaries Act, 1980.
Regards,
CS ....... Membership No. ACS ............ / FCS ................ CoP

No..................
For ............... & Co./ & Associates, Company Secretaries

Firm Unique Code ......................Date: ……...
Place: ……………
Illustration
Mr. P was appointed as the Secretarial Auditor of ABC

Ltd. for the F.Y. 2019-20. However, during the course of
audit, he intimated the Appointing Authority his inability
to complete the audit of ABC Ltd. and therefore cannot
give audit report thereon. ABC Ltd. accepted the request
of Mr. P and approached Mr. Q to become the secretarial
Auditor for F.Y. 2019-20.
In such case, Mr. Q has to first communicate to the

Predecessor Auditor i.e. Mr. P of his intention to accept
the secretarial audit assignment of ABC Ltd. and wait
for 7 days from the date of intimation to Mr. P, before
accepting the secretarial audit of ABC Ltd. for F.Y. 2019-
20.
2. Limits on Audit Engagements

The Auditor shall accept Audit Engagements within the limits
of number of audits, if any, as may be prescribed under any
law for the time being in force or by the ICSI from time to
time.
To uphold the quality of services rendered by members

of the Institute, the Institute has issued the following
guidelines:
Guidelines Guidelines
Issued at
Limits for the issue of Secretarial Audit 235th

Reports: meeting of
the Council
• 10 Secretarial Audits per partner/
held on 11th
PCS, and
February,
• an additional limit of 5 Secretarial 2016
Audits per partner/PCS in case the
unit is peer reviewed.
The limits will be applicable for the Secretarial

Audit Reports issued for the FY 2016-17
onwards)
Number of Annual Secretarial Compliance 260th

Reports to be issued by PCS are 5 (five) meeting of
reports individually / per partner in each the Council
financial year w.e.f. 1st April, 2020 and an held on 4-5
additional limit of 5 (five) ASCR individually/ May, 2019
per partner in case the unit has been Peer
Reviewed.
In case of the following, Secretarial Audit/ 259th

Secretarial Compliance Report to be done meeting of
by Peer Reviewed Units only: the Council
held on 16th
• Top 100 companies as per market
March, 2019
capitalization w.e.f. April 1, 2020
• Top 500 companies as per market

capitalization w.e.f. April 1, 2021
• All listed companies w.e.f. April 1,

2022
• All companies w.e.f. April 1, 2023

3. Conflict of Interest
The Auditor shall not have any substantial conflict of
interest with the Auditee. Any conflict of interest, other than
substantial conflict of interest, must be disclosed by the
Auditor before accepting the Audit Engagement or as soon
as the Auditor becomes aware of the same, as the case
may be.
The term conflict of interest term is defined below. It is

expected that the Auditor shall not have any conflict of
interest with the Auditee. If the Auditor has any such interest,
it is the duty of the Auditor to disclose such interest/ conflict
of interest to the Auditee before accepting the Audit
Engagement.
The conflict of interest with the Auditee explained below

shall not be construed as a substantial conflict of interest:
• Auditor holding not more than 2% paid up share

capital or shares of nominal value of Rs. 50,000
• Auditor indebted to the Auditee for an amount not
exceeding Rs. 5,00,000
• Auditor was in employment of the Auditee more than

2 year ago
In above cases, the Auditor shall be eligible for undertaking

the Audit Engagement only if he discloses such fact in writing
before accepting the Audit Engagement or as soon as he
becomes aware of the same, as the case may be.
In following cases, it shall be construed that the Auditor has

a substantial conflict of interest with that of the Auditee
and he shall not accept any Audit Engagement from the
Auditee:
• Auditor holds more than 2% paid up share capital or

shares of nominal value of Rs. 50,000
• Auditor indebted to the Auditee for an amount

exceeding Rs. 5,00,000
• Indebtedness that may seriously impair the independence

of the Auditor, irrespective of the amount.
• Auditor was in employment of the Auditee during

immediately preceding 2 years
In above mentioned cases, the Auditor is debarred from

accepting such Audit Engagement.
Explanation:
Substantial Conflict of Interest means:
Holding of more than 2% in the paid up share capital or

shares of nominal value of rupees fifty thousand, whichever
is lower or more than 2% voting power, as the case may be,
by the Auditor singly or along with partners, spouse, parent,
sibling, and child of such person or of the spouse, any of
whom is dependent financially on such person.
Before accepting the audit, the Auditor shall disclose that

there is no conflict of interest of ownership as specified in this
Standard or prescribed in any law, act, rules and regulations
under which the audit is being carried on.
Where there exists a substantial conflict of interest in the

Auditee organisation, the Auditor cannot accept the Audit
Engagement.
The limit of holding of more than 2% in the paid-up share

capital or shares of nominal value of rupees fifty thousand,
whichever is lower or more than 2% voting power shall
be applied based on combined holding of the Auditor
along with partners, spouse, parent, sibling, and child of
such person or of the spouse, any of whom is dependent
financially on such person.
Illustration 1
Mr. A, Mr. B and Mr. C are partners in ABC, LLP, a firm of
Practicing Company Secretaries. Mr. B holds 1% paid-up
share capital in a company XYZ Ltd. Wife and daughter
of Mr. A, who are financially dependent on him hold 1%
paid-up share capital in XYZ Ltd. each.
Mr. A has been offered the Secretarial Audit of XYZ Ltd.
In this case, Mr. A is not directly holding any interest in
XYZ Ltd. However according to para 3.1 of CSAS-1, Mr.
A is having a substantial conflict of interest in XYZ. Ltd. as
the aggregate value of paid-up share capital held by his
wife, daughter and partner in XYZ Ltd. is 3%. Hence, he is
not eligible to become Secretarial Auditor of XYZ Ltd.
Illustration 2
Practicing Company Secretaries . Mr. A holds 1% paid-
up share capital in a company XYZ Ltd. and Mr. B holds
shares of nominal value of Rs. 60,000 in XYZ Ltd.
Mr. A has been offered the Secretarial Audit of XYZ Ltd.
In this case, though Mr. A holds only 1% of the paid up
share capital in XYZ Ltd. But according to para 3.1 of CSAS-
1, he is having a substantial conflict of interest in XYZ. Ltd.
as his partner Mr. B is having a share capital of nominal
value of more than Rs.50,000 in XYZ Ltd. and therefore Mr.
A is not eligible to become Secretarial Auditor of XYZ Ltd.
Illustration 3
Mr. A, Mr. B and Mr. C are partners in ABC, LLP, a firm
of Practicing Company Secretaries. Mr. A & Mr. B each
holds 0.5% paid-up share capital in a company XYZ Ltd.
Nominal value of such shares held by each of them is Rs.
20,000. Mr. A has been offered the Secretarial Audit of XYZ
Ltd.
In this case, though Mr. A is having a conflict of interest in

XYZ Ltd. The same will not be considered as a substantial
conflict of interest. Therefore, Mr. A can accept the
Secretarial Audit of XYZ Ltd. In this case he shall disclose to
the Appointing Authority the fact that he has a conflict of
interest with the company, but the same is not substantial
conflict of interest in accordance with CSAS-1.
Illustration 4
Practicing Company Secretaries. Mr. A holds 1% of the
paid- up share capital in company XYZ Ltd. Nominal
value of such shares is Rs. 60,000. The market value of the
shares held by Mr. A is Rs. 40,000. Mr. A has been offered
the Secretarial Audit of XYZ Ltd.
In this case, there will be a substantial conflict of interest
between Mr. A and the company XYZ Ltd. as the nominal
value of shares held by Mr. A is more than Rs. 50,000,
therefore he cannot accept the Secretarial Audit of
XYZ Ltd. The market value of the shares is irrelevant while
deciding the conflict of interest based on ownership in
accordance with CSAS-1.
Illustration 5
Practicing Company Secretaries. Mr. A holds 1% of the
paid- up share capital in company XYZ Ltd. Nominal
value of such shares is Rs. 60,000. XYZ Ltd. wants to give its
Internal Audit assignment to ABC, LLP.
In this case, there exists a substantial conflict of interest of
ABC, LLP with the company XYZ Ltd. due to the fact that
one of the partners of the LLP is holding shares of a nominal
value of more than Rs. 50,000 in XYZ Ltd. Therefore, it will
not be eligible to undertake the internal audit assignment
of XYZ Ltd. as per CSAS-1.
Indebtedness of the Auditor for an amount exceeding

rupees five lakh other than that arising out of ordinary course
of business of the Auditee:
Provided that any indebtedness that may seriously impair

his independence shall also be considered as substantial
conflict of interest.
Before accepting the audit the Auditor shall disclose that

there is no conflict of financial interest as specified in this
standard or prescribed law under which the audit is carried
on.
The limit of rupees five lakh as specified shall be applicable

to the combined indebtedness of the audit firm including
indebtedness by the partners in their individual capacity.
The term “ordinary course of business” has not been defined.

An assessment of whether a transaction is in “ordinary course
of business” can be subjective and may vary on case-to-
case basis.
For example, a banking company which in ordinary course

of business provides loan or gives guarantees/ securities for
the due repayment of any loan and in respect of such loans
an interest is charged at a rate not less than the prevailing
lending rate , may extend loan to its Auditor as per the terms
and conditions of the company and such loan shall not be
treated as conflict of financial interest.
Illustration 1
Mr. A is a Practicing Company Secretary. He has taken a

personal loan of Rs. 5,00,000 from a XYZ LLP wherein Mr.
B, who is the designated partner is friend of Mr. A. The
payment of such loan is still outstanding in full. Mr. A has
been offered to undertake the Internal Audit of XYZ, LLP.
In the given case, Mr. A has a conflict of interest in XYZ

LLP, but it doesn’t debar Mr. A from undertaking the
Internal Audit of XYZ LLP. Mr. A shall disclose the fact to
the Appointing Authority before accepting such Audit.
Illustration 2
Mr. A is a Practicing Company Secretary. He had taken
a personal loan of Rs. 5,00,000 from XYZ Ltd. wherein his
uncle is Managing Director. Mr. A has been offered to
undertake the Secretarial Audit of XYZ Ltd.
In the given case, Mr. A has conflict of interest with the
Auditee, as the amount of indebtedness is Rs. 5,00,000,
but the same is not considered as substantial conflict of
interest. In this case, he is required to make disclosure of
the fact to Appointing Authority.
Illustration 3
Mr. P is a Practicing Company Secretary and is offered
to conduct the Secretarial Audit of ABC Ltd. Mr. P is
indebted to the Director of the company for an amount
Rs. 6,00,000. Whether he can accept the Secretarial Audit
Engagement of ABC Ltd.
In the given case, Mr. P has a substantial conflict of
interest in ABC Ltd. And therefore he can’t accept the
secretarial audit assignment.
Illustration 3
Mr. A is a Practicing Company Secretary. He had taken a
personal loan of Rs. 25,00,000 from XYZ Ltd.. He has used
such loan towards purchase of his house which has been
mortgaged with XYZ Ltd. Due to some financial crisis,
Mr. A has not been able to repay any amount towards
the loan since past 2 years. Mr. A has been offered to
undertake the Secretarial Audit of XYZ Ltd.
The circumstances of the case suggest that indebtedness

of Mr. A towards XYZ Ltd. is such that , if he accepts
the Audit of XYZ Ltd., it may substantially impair the
independence of Mr. A while forming an opinion on the
basis of his audit findings and therefore considered as
substantial conflict of interest . Therefore in this case, Mr.
A shall be debarred from accepting the Secretarial Audit
assignment of XYZ Ltd.
Where an Auditor was in employment of the Auditee, its

holding or subsidiary company and 2 (two) years have not
lapsed from the date of cessation of employment, the same
shall be considered as substantial conflict of interest.
A PCS or member/partner of a PCS firm cannot undertake

the audit of that undertaking where the member was in
employment prior to holding the Certificate of Practice,
unless two years have lapsed from the date of cessation
of employment. The PCS shall disclose the fact that two
years have not lapsed from the date of cessation of his
employment to the Auditee.
Holding and Subsidiary company shall have the same

meaning as defined under section 2 (46) and 2(87) of the
Illustration 1
Mr. A was the Company Secretary of PQR Ltd. from 1st

October, 2015 till 31st May, 2018. He left the job w.e.f. 31st
May, 2018 and joined in ABC and Associates (CS Firm) as
a partner. On 1st January 2020, ABC and Associates has
been offered to conduct Secretarial Audit of ST Ltd. for
the F.Y. 2020-21. ST Ltd. is the wholly owned subsidiary of
PQR Ltd.
According to para 3 of CSAS-1, Mr. A or ABC and

Associates, in which he is a partner cannot undertake any
audit assignment in PQR Ltd. and/or its holding or subsidiary
companies till 31st may, 2020, i.e. two years from the date
of cessation of his employment in PQR Ltd. Therefore, ABC
and associates cannot undertake the Secretarial Audit
assignment of ST Ltd. for the F.Y. 2020-21.
Illustration 2
Mr. A was the Company Secretary of PQR Ltd. from 1st

October, 2015 till 31st May, 2018. He left the job w.e.f. 31st
May, 2018 and joined ABC and Associates (CS Firm) as an
employee. On 1st January 2020, ABC and Associates has
been offered to conduct Secretarial Audit of ST Ltd. for the
F.Y. 2020 -21. ST Ltd. is the wholly owned subsidiary of PQR

Ltd.
Since Mr. A has joined ABC and Associates in the capacity

of an employee, ABC and associates can undertake the
Secretarial Audit assignment of ST. Ltd. for the F.Y. 2020-21.
More than 2% of Paid-up

Capital/Rs.50000 Nominal
Value – Whichever Lower
Ownership
2% of Voting Power
Indebtedness >Rs. 5 Lakh
Financial Interest
Ordinary Course of Business

- Exempted
Past Employment Within last two years with

Relationship holding/subsidiary
4. Confidentiality
4.1 The Auditor shall not disclose the information obtained
during the course of Audit without proper and specific
authority or unless there is a legal obligation or duty to
disclose.
Clause (1) of Part I of the Second Schedule to the Company

Secretaries Act, 1980 provides that a Company Secretary
in practice shall be deemed to be guilty of professional
misconduct, if the member – “discloses information
acquired in the course of professional engagement to any
person other than the Auditee so engaging him, without the
consent of the Auditee, or otherwise than as required by
any law for the time being in force.”
The word ‘information’ here implies any information which is

not available in public domain.
During the course of audit, Auditor receives, verifies and

inspects various audit documents, evidence, representation
etc. to form an opinion or to give a report. These may be
confidential and privileged information that remain in
possession of the Auditor and shall not be disclosed without
the express authority of the Auditee.
Herein the term proper and specific authority implies the

Appointing Authority or any other person or committee as
may be entrusted by the Appointing Authority to look after
the conduct of Audit. It is the inherent duty of the Auditor
to maintain the confidentiality of any information about the
Auditee or his business that came to his knowledge as a result
of performing the audit work. However, if permitted by the
Auditee, Auditor may disclose or share such information with
any other person as may be specifically allowed by Auditee.
Since there may be different types of Auditee, the authority to
give such permission to the Auditor may be different in each
case. For example, in case of a company, the Secretarial

Auditor is appointed by the Board and therefore it may be
authorised by the Board whether the Auditor can disclose
any confidential information to anyone. In another case, it
may be possible that the Board has authorised a director in
this regard to give such authorities and permissions to the
Auditor and therefore that director will become the specific
authority. Likewise in case of an LLP, it may be a designated
partner or any other person as may be authorised by the LLP
in this regard.
4.2 The Auditor shall not use or share with any person any
information obtained except for the purposes of audit.
An Auditor shall maintain confidentiality even in a social

environment. The Auditor shall be alert to the possibility
of inadvertent disclosure, particularly in circumstances
involving long association with a business associate or a
relative or friends etc.
However, if the Auditor gives any reference of the audit

evidence or documents while forming the opinion in
the audit report, it will be deemed to be the disclosure
of information under the legal obligation or in the
performance of the duty.
If during the course of audit and forming opinion, the

Auditor uses the decisions of the judicial authority, it will not
be treated as use or sharing of confidential information.
4.3 The Auditor shall take all reasonable steps to ensure that
employees, staff and other team members of the Auditor
and persons engaged by the Auditor to provide advice or
assistance during the conduct of audit, shall also adhere to
the Auditor’s duty of confidentiality.
The Auditor shall educate his employees, staff and other

team members about the importance of the confidentiality
of the information available to them during the course of

audit. The Auditor shall ensure that reasonable procedures
have been followed to maintain the confidentiality of the
information. The Auditor shall also take a duly signed Non
Disclosure Agreement (NDA) from such personnel who may
have access to such confidential information.
The Auditor shall also ensure that reasonable procedures

and safeguards are being followed to prevent unauthorised
access to such confidential information.
5. Changes in terms of engagement

5.1 The Auditor shall not agree to a change in the terms of the
Audit Engagement where there is no reasonable justification
for doing so.
5.2 If before completion of the assignment, the Auditor is

requested by the Appointing Authority to change the scope
of engagement, resulting in a lower level of assurance, the
Auditor shall consider the appropriateness of carrying out
the same.
5.3 If the terms of the Audit Engagement are changed, the

Auditor and the Appointing Authority shall agree on the new
terms of the engagement by way of a supplementary/revised
engagement letter or any other suitable form in writing.
A request from the Appointing Authority to change the

terms of Audit Engagement may result from a change
in circumstances affecting the need for the service or a
restriction on the scope of Audit Engagement, whether
imposed by Management or caused by other circumstances.
The Auditor shall consider the justification given for the
request, particularly the implication of a restriction on the
scope of the Audit Engagement.
A change in circumstances that affects the Auditee’s

requirements may be considered a reasonable basis for

requesting a change in the Audit Engagement.
A change may not be considered reasonable if it appears

that the change relates to information that is incorrect,
incomplete or otherwise unsatisfactory. For example,
where the Auditor is unable to obtain sufficient appropriate
audit evidence regarding labour law compliance by the
company and the Appointing Authority asks for the Audit
Engagement to be changed to a review engagement to
avoid a modified opinion or a disclaimer of opinion.
With mutual consent the terms of the Audit Engagement may

be changed. When such changes are there, the Auditor shall
obtain the supplementary/revised engagement letter with
a justification for the change and it shall be duly signed by
the Appointing Authority. The impact of such change on the
level of assurance shall be ascertained before accepting
the same. If such change is likely to result in a lower level
of assurance, then the Auditor may accept such change
only if such change can adequately be covered by way of
modified report.
However, the Auditor should take the following precautions

while accepting the change:
1. The Auditor should not agree to a change in the terms

of the Audit Engagement which restricts the scope of
audit provided under any statutes.
2. If the term of the Audit Engagement is changed

when it is expected that Auditor may have to issue
a modified report, such type of changes should be
resisted.
3. Any request to change to avoid or circumvent
unfavorable Auditor’s report is also unjustified and
should not be accepted.
4. If the terms of the Audit Engagement are changed

before the completion of the audit, the Auditor should
not disregard the evidences obtained prior to the
change in scope of audit.
Annexure A
Specimen Certificate of Eligibility as Secretarial Auditor
Date:
To
The Board of Directors, Dear Sir,
Sub: Proposed Appointment as Secretarial Auditor
I/We thank you for your communication dated 2019

seeking my/our consent to act as the Secretarial Auditor
of your company for the financial year . I/We give my/
our consent for being appointed as Secretarial Auditor of the
company.
I/we hereby confirm that:
1) I am/we are eligible for appointment and not

disqualified for appointment as per the Companies
Secretaries Act, 1980 and rules and regulations made
thereunder and ICSI Auditing Standards;
2) The proposed appointment is within the limits, if any
laid down by ICSI ;
3) I/We do not have any substantial conflict of interest in

terms of ICSI Auditing Standard on Audit Engagement
(CSAS 1)
4) I/We do not have any conflict of interest in terms of ICSI

Auditing Standard on Audit Engagement (CSAS 1)
Or
I/We do have conflict of interest other than substantial

conflict of interest which are as below :
Thanking you,
Yours sincerely,
Annexure B
Specimen Audit Engagement Letter
To,
ABC & Associates (name of Audit firm)

Company Secretaries (Address)
Dear Sir,
This engagement letter is provided in connection with (type

of audit) of XYZ Ltd.
I. Scope of work
The scope of the Audit shall include............................................

(For example, in case of Secretarial Audit , the scope of
audit shall be as specified in Section 204 of the Companies
Act, 2013)
II. Responsibilities of Auditor
The Auditor shall carry out the audit with utmost integrity
in terms of this Audit Engagement Letter adhering to the
highest level of ethics and standards. The Audit shall be
conducted in accordance of the requirements of the
Act.
III. Duties of Auditee
Auditee acknowledges its responsibility for maintenance of

Records and compliances under the applicable laws, acts,
rules and regulations.
Auditee acknowledges its responsibility to provide the

Auditor access to Records and documents of the Auditee,
reports of third party and information as may be sought
by the Auditor. The Auditee shall be responsible for the
correctness and appropriateness of the Records, documents
and information of the Auditee.
IV. Timeline
The Auditor shall submit the Audit Report for the F.Y. 20XX-XX
within days of the end of the financial year.
Auditor may also submit a quarterly/half-yearly review report

in which the audit observations of the Auditor made during
the quarter for timely redressal.
V. Commercial Terms
Audit fees for the F.Y. 20XX-XX is fixed at Rs. XXXXXXX plus
applicable taxes. Fees will be billed as the work progresses.
Out–of-pocket expenses by the Auditor shall be reimbursed

on actual basis.
VI. Confidentiality
The Auditor shall not disclose the information obtained during

the course of Audit without proper and specific authority or
unless there is a legal obligation or duty to disclose.
VII. Indemnity
During and after the term of this Engagement, both Parties

agree to protect, indemnify, defend and hold harmless
other Party, and to extent required from time to time non
defaulting party, its officers, agents, and employees, from
and against any and all expenses, damages, claims , suits,
losses, actions, judgments, liabilities, and costs whatsoever
(including legal fees on a full indemnity basis) arising out
of, connected with, or resulting from, defaulting Party’s
negligence, misrepresentation or the breach of any
obligations to be performed by the other party and/or its
representatives under this Engagement. In no event will
either party’s liability towards other party arising from the
terms of this Engagement exceed the total sum of fees paid
under this Engagement.
VIII. Any other term as may be agreed between the Auditor

and the Auditee, if any
For XYZ Limited Date
Place Director Director
*****
38
Guidance Note on Audit Process and

Documentation
The Auditing Standard on Audit Process and Documentation
(CSAS-2), formulated by Auditing Standards Board (ASB)
of the Institute of Company Secretaries of India (ICSI) and
issued by the Council of the ICSI, is effective from 1st July,
2019 on a recommendatory basis and shall be mandatory
with effect from 1st April, 2021.
This Guidance Note sets out the explanations, procedures

and practical aspects in respect of the provisions contained
in CSAS-2 to facilitate compliance thereof by the Auditor.
Scope
Auditor undertaking Audit under any statute. The Standard
deals with responsibilities and duties of the Auditor with
respect to Audit Process in conducting audit and maintaining
proper Audit documents.
The Auditor has the responsibility to plan and perform the

audit to obtain reasonable assurance as to the compliances
by the Auditee with the applicable laws or processes as may
be covered under the scope of audit, based on the relevant
records. The Audit process includes planning, execution and
documentation.
Effective Date
38
GUIDANCE NOTE ON AUDIT PROCESS AND DOCUMENTATION 39

Objective
The objective of the Standard is to prescribe principles for
an Auditor:
(i) to conduct audit as per the specified audit process;
(ii) to maintain documentation that provide:
(a) sufficient and appropriate record to form the

basis for the Auditor’s Report; and
(b) evidence that the audit was planned and

performed in accordance with the applicable
Auditing Standards and statutory requirements.
The Auditor must plan and perform audit procedures to

obtain sufficient and appropriate audit evidence to have a
reasonable basis for Auditor’s opinion.
Sufficiency is the measure of the quantity of audit evidence

and depends on various factors including internal controls
systems and risk involved. As the risk increases, the amount
of evidence that the Auditor should obtain also increases.
However, as the quality of the evidence increases, the
need for additional corroborating evidence decreases.
Increase in the quantum of poor quality of evidences
cannot compensate for the requirement of sufficiency of
evidence.
40 GUIDANCE NOTE ON AUDIT PROCESS AND DOCUMENTATION
Appropriateness is the measure of the quality of audit

evidence, i.e. its relevance and reliability. To be appropriate,
audit evidence must be relevant and reliable in providing
support for the conclusions on which the Auditor’s opinion
is based.
Definitions
For the purpose of Auditing Standards (CSAS) issued by
the Institute of Company Secretaries of India (‘ICSI’), the
following terms shall have the meaning attributed as below,
unless specified otherwise:
(1) “Audit Documents” means the working papers

prepared or records obtained by the Auditor in
connection with the audit.

The audit documents may be in physical and/or
electronic mode.

Working papers include the audit plan, letters of
representation and/or confirmation, abstracts of
Auditee’s documents, records kept by the Auditor
of the procedures applied, the tests performed, the
information obtained, analyses and the conclusions
reached in the process of audit.
(2) “Audit Evidence” refers to relevant information and

documents gathered in the course of the audit for
arriving at the conclusion on which the Auditor’s
opinion is based.

The audit evidence is fundamental and important part
in the audit process. The auditors need audit evidence
to form and conclude their audit opinion.
The sources of the audit evidence may be internal

to the auditee or from external sources. These may
include the company’s record, data, disclosures in
financial statements, company’s website, website of

various Govt. authorities like SEBI, Stock Exchange, etc.
(3) “Management” as defined in CSAS-1.
“Management” includes Board of Directors and
persons who have been entrusted with the responsibility
of governance and compliances of the Auditee.
1. Audit Planning
1.1 The Auditor shall make audit plan to conduct audit as per
the terms of Audit Engagement.
Audit plan is very crucial and should be designed with due
care. Audit plan addresses the specifics of what, where,
who, when and how : Such as.
• What are the audit objectives?
• Where will the audit be done?
• Whether there will be audit visits to other locations of
the company?
• When will the audit(s) occur? (how long?)
• Who constitute the audit team?
• How will the audit be done?
The Auditor should prepare an audit plan, which shall
include detailed layout for conducting audit procedures,
timing, sample sizes, basis of selection of sample, etc.
The basic purpose of an audit plan is:
• to develop an audit process which ensures that
sufficient and appropriate evidence is gathered to
support the audit opinion;
• the audit should be planned in a manner which
ensures that the audit is carried out in an efficient and
effective way in a timely manner;
• the audit plan should be documented and kept as

audit working paper;
• the audit planning process should be framed on a

thorough understanding of the Auditee, its business,
sector in which it functions and its operation;
• to determine the materiality for the audit.
1.2 Audit planning means establishing and developing an

overall audit process, including but not limited to:
a. Identification of broad audit areas;
b. Seeking previous audit findings and observations from

the Management and the Predecessor or Previous
Auditor, in case of change of Auditor;
c. Determination of subject matters and audit areas

requiring special attention, when considered
necessary;
d. Risk Assessment and Materiality;
e. Audit technique;
f. Allocation of audit resources for the audit; and
g. Preparation of audit schedule.
Audit planning involves establishing the overall audit

strategy for the engagement and development of audit
plan. Adequate Audit planning benefits the Auditor in
several ways, which includes the following:
• identification of audit area requiring special attention;
• identification and timely resolution of potential

challenges;
• organising and managing the audit process to perform

audit in an effective and efficient manner;
• selection of audit team with appropriate levels

of capabilities and competence to respond to
anticipated challenges and allocating responsibilities;
• direction and supervision of audit team and the review

of their work, and
• coordination of work done by third party and

specialists.
The overall audit process can be depicted as under:
Understanding the Auditee and its Operations
Understanding the Legal Requirements and Applicability of Law, Rules, Regulations.
Overview and Assessment, Internal Control Mechanism and Identification of

Material Event and Risk Areas
Risk Assessment considering the existing Internal Control Mechanism
Deciding the Audit Approach considering Reliance on the Internal Control

and Procedures to be Adopted for Audit
Identification of the Audit Evidences
Designing the detailed Audit Procedure for various Transactions & Events based on
the Materiality, Value and Nature.
Perform Audit Procedures
Audit Conclusions based on the Audit Evidence
Forming of Opinion
The audit approach may be a reliance or systems-based

approach where the preliminary assessment has shown
that controls are robust and proper procedures have been
followed; or a substantive approach where the preliminary
assessment shows controls to be poor, or where testing
shows that the controls have not operated continuously
and effectively during the period being audited, or where
controls (even if deemed to be good or excellent) are not
tested (whether due to lack of resources, expertise, etc.)
Materiality, together with the Auditor’s assessment of

inherent risks and the Auditor’s preliminary assessment of
internal controls, provide the basis for the appropriate audit
approach. The combined assessment of inherent risk and
evaluation of internal control helps to determine the nature
and extent of the audit procedures to be designed and
performed.
1.3 The audit shall be planned in a manner which ensures

that qualitative audit is carried out in an efficient, effective
and timely manner. Audit planning shall ensure that
appropriate attention is accorded to crucial areas of audit
and significant issues are identified in a timely manner.
Benefits of Audit Plan

• It helps the Auditor obtain sufficient and appropriate
evidence for the circumstances.
• It helps to keep audit costs at a reasonable level.
• It helps to avoid misunderstandings with the Auditee.
• It helps to ensure that potential problems are promptly

identified.
• It helps to carry out the audit work smoothly and in a

well defined manner.
However, the audit plan should not be followed rigidly and

it should be changed according to the circumstances to
effectively conduct the audit.
Developing the Audit Plan

The Auditor establishes the overall audit strategy, which sets
out the scope, timing and direction of the audit and guides
the development of the more detailed audit plan which
should include the following:
Introduction – a short introduction about the audit;
Audit field – A description of the audit field, including the

regulatory framework for the audit where relevant and
recent significant changes and developments that may
affect the audit;
Audit objectives – The audit objectives depend on the type

of audit to be conducted;
Audit coverage – The audit coverage periods to be covered

and locations to be visited; control systems to be tested and
sample to be audited;
Materiality – Identification of materiality in terms of value,

nature and context;
Risks – A preliminary assessment of risks (e.g. changes in

the regulatory environment or internal control systems and
evaluation of inherent and control risk);
Audit approach – The audit approach, including the

audit procedures to be carried out in order to provide
the necessary audit evidence. This identifies the extent
of planned reliance on control systems and the extent of
substantive procedures;
Organisation – Organisation of audit work: resources

(including recourse to the work of other Auditor and experts),
timetable (including the reporting objectives of the audit),

documentation in electronic audit support system.
1.4 The Auditor shall plan the audit with professional scepticism
so that it is possible to exercise professional judgment in an
objective manner.
It is the duty of the Auditor to maintain professional

scepticism throughout the audit. A belief that Auditee
and those charged with governance are honest and
have integrity does not relieve the Auditor of the need to
maintain professional scepticism or allow the Auditor to
be satisfied with less than persuasive audit evidence when
obtaining reasonable assurance. He should observe things
closely and take on record anything which is contradictory
or contravenes the provisions contained in the law under
which the audit is being carried out.
While making risk assessment an Auditor should be sceptical

and should not completely rely on Management’s
explanations at face value, but should obtain corroboratory
evidence for the explanations offered. While obtaining
audit evidence the professional scepticism requires an
Auditor to challenge Management, especially on complex
and subjective matters and matters where a degree of
judgement has been exercised by Management. There may
also be specific issues arising during an audit which impacts
on professional scepticism. For example, if management
refuses the Auditor’s request to obtain evidence from a third
party. The Auditor will have to consider how much trust can
be placed on evidence obtained from management – for
example, evidence in the form of enquiry with management
or written representations obtained from management.
Similarly, while evaluating audit evidences, the Auditor
should critically assess audit evidence and be alert for
contradictory evidence that may undermine the sufficiency
and appropriateness of evidence obtained. The Auditor

should also apply professional scepticism when forming the
opinion, by considering the overall sufficiency of evidence
to support the audit opinion, and by evaluating whether
the records as a whole are a fair presentation of underlying
transactions and events.
The application of professional scepticism enhances the

effectiveness of applied audit procedures and reduces the
risk and possibility that the Auditor will reach an inappropriate
conclusion when evaluating the results of audit procedures.
1.5 The Auditor shall adhere to the audit plan. The audit plan
may be modified, if circumstances so warrant.
The audit plan should be documented in audit file, including

significant changes made during the course of the audit
and the reasons for such changes. The audit plan should
be updated and modified as may be necessary during the
course of the audit, whether due to unexpected events,
changes in conditions or audit evidence obtained. This may
have an impact on the planned nature, extent and timing
of planned audit procedures.
Updation of audit plan may be carried out in the

circumstances such as change in business plan, changes in
the regulatory environment, changes in management, etc.
2. Risk Assessment
2.1 Risk assessment of the Auditee with respect to and
connected/relevant to the Audit Engagement shall be done
considering industrial & business environment, organisational
structure and compliance requirements.
The industrial & business environment includes the regulatory

changes & judicial orders, compliance and disclosure
requirements, etc.
2.2 The Auditor shall evaluate high risk areas and activities of
the Auditee relating to:
a. Internal control systems and processes of the Auditee
for adherence to the constitutional documents,
applicable laws, act, rules, regulations and standards;
b. Transparency, prudence and probity; and
c. Changes or Attrition in the compliance team and
frequency of such changes and attrition.
The Auditor shall endeavor to make assessment of risk and
shall identify critical and high risk areas; the risk assessment
by Auditor can be made:
• by considering the underlying risk assessed by
Management or internal and/or specific expert/
agencies and analysis thereof;
• by reviewing policies and procedures put in place to
mitigate risk;
• by having insight into the objectives, key performance
indicators, risks and control measures, holding
meetings with key executives of the Auditee.
3. Information about the Auditee

The Auditor shall obtain sufficient information about the
Auditee that is relevant for conduct of audit and forming an
opinion and its expression.
It should inter-alia cover the following details:
• Nature of the business of the Auditee;
• Sector in which the Auditee operates and how
Government / Regulatory policies have evolved
specific to such sector;
• Size of the business of the Auditee including
geographical locations;
• Organisation structures including Directors and KMPs;
• Corporate structure, associates, joint ventures,

subsidiaries;
• Laws applicable to business of the Auditee;
• Registrations and permissions obtained;
• Court & regulatory orders enforced;
• Media Reports.
4. Audit Check-lists
The Auditor shall use systematic and comprehensive
audit checklists for carrying out the audit and to verify the
compliance requirements.
The Auditor shall compile and validate the checklists for use
in the audit process on the basis of information gathered
about the Auditee and scope of the audit. It is a useful tool
to ensure that no compliance point is missed or omitted
while conducting audit. The Audit checklist should provide
structure and continuity to an audit. Checklists provide a
means of communication and a place to record data for
use for future reference.
Ideally checklists should:
• promote overall planning and timelines of the audit;
• ensure comprehensive, consistent and focussed audit

approach;
• avoid duplication of data verification and information;
• ensure that audit scope is being followed;
• serve as a memory aid and provide a repository for

notes collected during the audit process.
Audit checklists should be developed to provide assistance

to the audit process and should be reviewed and updated
from time to time to meet the scope of audit and its
effectiveness. Audit team should be trained in the use of a
particular checklist and be shown how to use it to obtain
optimal information.
5. Collection and Verification of Audit Evidence

5.1 The Auditor shall verify compliance with applicable
laws,act, rules, regulations and standards. Deviation, if any,
shall be recorded.
The Auditor shall satisfy himself about compliance of the

Auditee with the applicable laws, rules and regulations. If
any deviation is observed, then the appropriate noting of
the same shall be made.
5.2 The Auditor shall obtain complete, relevant and necessary

evidence to support the opinion.
Audit evidence is obtained using a variety of techniques

such as the following:
Documents/Records Scrutiny
This is predominant mode of obtaining audit evidence and
involves scrutiny of a wide variety of documents e.g. board
resolutions, agenda and minutes, notices, registers, records,
procedure manuals, reports, etc.
In auditing, it is often not possible, due to limited resources,

to check every document or record. The Auditor, wherever
necessary, may choose to sample a statistical representative
number of documented results, such as monitoring big data
or incident reports. An appropriate sampling method will
manage any uncertainty to an acceptable level.
Testing, Interviews and Analysis

The Auditor should determine whether the controls identified
during the preliminary review are operating properly and in
manner described by the Auditee. Fieldwork typically consists
of interviewing the staff of the Auditee whether formally or
informally, reviewing procedure manuals and processes,
testing and analyzing compliance with applicable policies
and procedures and laws, rules, regulations and assessing
the adequacy of controls. This exercise may result in
significant findings, which the Auditor should consider while
preparing the audit report.
Questionnaires
This involves seeking information from relevant persons within
the Auditee through issue of a formal questionnaire to elicit
further information and gather relevant audit evidence.
Third Party Confirmation

Third party confirmation is a type of inquiry and involves
obtaining, independently of the Auditee, a reply from a
third party with regard to some particular information – for
example Registrar and Transfer Agents or other third party
agencies.
Analytical Procedures
Analytical procedures involve comparing data, or
investigating fluctuations or relationships that appear
inconsistent in various records.
5.3 The process of gathering and evaluating evidence

shall continue until the Auditor is satisfied that sufficient and
appropriate evidence exists to provide a basis for formation
of the Audit Opinion.
Audit evidence collected through above mentioned audit

procedures is to be evaluated against the relevant, already

identified criteria. This involves consideration of evidence
collected vis-a-vis the subject matter information, as well as
the written responses obtained from responsible officers of
the Auditee under the scope of audit.
6. Third Party Confirmation

The Auditor shall obtain confirmations from third party(ies),
wherever required, with respect to information which is
related to such party(ies).
During the course of audit, if circumstances warrant, the
Auditor shall obtain the information from the third parties. In
such cases, a written request should be made to obtain the
information.
An external confirmation is audit evidence obtained as
a direct written response to the Auditor from a third party
in paper form, or through electronic or other medium.
Requesting external confirmations is a commonly used audit
procedure in an audit. It can be useful in obtaining audit
evidence about significant transactions outside the normal
course of business, and related party transactions.
Circumstances may exist where it may be difficult to obtain
responses to external confirmation requests. The auditor
should plan alternative or additional procedures.
7. Analysis of Audit Evidence

7.1 The Auditor shall evaluate the Audit Evidence to arrive
at the conclusion.
The Auditor shall verify compliance with applicable laws,
rules and regulations and highlight deviations, if any.
Further, the Auditor has to obtain competent, relevant and
reasonable evidence to support his judgment as well as
conclusions relating to the audit.
The evidence gathering and evaluation is a simultaneous,

systematic and an interactive process and involves:
• Gathering evidence by performing appropriate audit
procedures;
• Evaluating the evidence obtained as to its sufficiency
(quantity) and appropriateness (quality);
• Re-assessing risk and gathering further evidence as
necessary.
The evidence gathering and evaluation process should
continue until the Auditor is satisfied that sufficient and
appropriate evidence exists to provide a basis for the
Auditor’s conclusion.
Audit evidence should be evaluated against the identified
criteria. This involves consideration of evidence collected
vis-à- vis the subject matter information as well as the written
responses obtained from responsible officers of the Auditee.
Auditor should check that the audit evidence is relevant
and reliable.
7.2 While evaluating evidence, if the Auditor finds that Audit
Evidence is conflicting, the Auditor shall assess the extent
and credibility of conflicting evidence in order to reach a
conclusion or collect more evidence to resolve the conflict.
After evaluating the evidence and considering its materiality,
the Auditor should decide how best to conclude in the light
of the evidence collected, which would be the supporting
key documents and arrive at audit conclusions. While
evaluating evidence, Auditor can find that audit evidence
is conflicting i.e. while some evidence supports the subject
matter information other evidences seem to contradict it. In
such circumstances, the Auditor needs to assess the extent
and credibility of conflicting evidence, undertake alternate
audit procedure to corroborate the evidences in hand for
forming an appropriate opinion.
8. Documentation
8.1 The Auditor shall adequately document the Audit
Evidence in working papers, including the basis and extent
of planning, work performed and the findings of audit.
Documentation of audit evidence supports audit conclusions

and confirms that the audit was carried out in accordance
with scope of audit.
The Audit documentation is important for several reasons

including:
• Confirm and support the Auditor’s opinion and reports;

• Increase the efficiency and effectiveness of the audit;
• Serve as a source of information for preparing reports
and or answering any enquiries from the Auditee or
from any other party;
• Serve as evidence of the Auditor’s compliance with
applicable standards;
• Facilitate planning and supervision;
• Help the Auditor’s professional development;
• Help to ensure that delegated work has been
satisfactorily performed;
• Provide evidence of work done for future reference;
• The user of the audit report rely upon the audit report
with proper documentation
• It confirms that the Auditor’s report is in conformity with
the applicable laws, rules, regulations and standards,
etc.
8.2 The Audit Documents shall contain sufficient information
to enable an Auditor, having no previous connection with
the audit, to ascertain from such documents the significant
findings and conclusions of the Auditor.
Audit documents should be comprehensive, understandable

with ease and contain all the significant information related
to the scope covered under the audit.
8.3 Audit Documentation shall take place throughout the

audit process. Working papers shall be complete and
appropriately detailed to provide a clear trail of the audit.
Audit Documents shall be properly indexed, referenced with
and supplemented by the set of working papers.
Some of the broad characteristics of Audit Documentation

are set out below :
• Completeness and accuracy: Provide support to audit

conclusions.
• Clarity and conciseness: Facilitates understanding
the entire audit process without need for any
supplementary examination.
• Legibility and neatness: Applies particularly to
photocopies.
• Relevance: Working papers should be restricted to
matters, which are important, pertinent and useful for
the intended purpose.
• Ease of reference: Working papers may be organised
in volumes in a manner that facilitates easy reference.
An omnibus, easy to follow, index may be created
for all the volumes with a proper narration to broadly
explain their contents. Each of the volumes may further
be internally indexed.
• Ease of review: Working papers should contain cross
references to audit plan, discussion papers, audit
observations, field audit report and the compliance
audit report, as the case may be, to enable Auditor
to link the working papers to audit findings and
conclusions.
• Complete audit trail of analysis: Working papers should

provide a complete trail of the audit procedures
performed, evidence that were gathered and
evaluated, audit findings and conclusions that were
drawn.
Audit documentation may be divided into two categories:
Static and Current

Static audit documentation includes:
 Auditor appointment letter;
 Record of communication with the previous Auditor

and his resignation letter;
 Information pertaining to the legal aspects of the

Auditee;
 Constitutional Documents - MOA, AOA, LLP Agreement,

JV Agreement, Share Purchase Agreement etc.;
 Complete details of the management (list of directors,

partners etc.);
 Copies of audited financial statements of the previous

years;
 Details of holding, subsidiary, associate companies

and joint ventures.
Current audit documentation should cover:
 Evidence that the work performed was supervised and

reviewed;
 Audit review points and highlights;
 Major weakness in the internal control systems, if any;
 Confirmations, if sought, received from the Auditee

 Communication with the third parties
 Evidence of the audit planning process
8.4 The Auditor shall also document discussions with the

Management with respect to significant matters in respect
of which written record is not available.
Relevant discussions with the Management should

be recorded and documented. The Confirmations, if
sought, received from the Auditee should be taken on
record. Documentation of audit evidence supports audit
conclusions and confirms that the audit was carried out in
accordance with the scope of the audit. The Auditor should
adequately document the audit evidence, including the
basis and extent of planning, work performed and the
findings of audit.
9. Record Keeping and Retention

9.1 The Auditor shall establish policies and procedures for
retention of Audit Documents.
A well established policies and procedures should be in

place for the documentation. Audit Documentation is
essential for the following purposes:
1. To comply with legal duties and requirements, either

statutory or regulatory;
2. To avoid liability, the improper destruction or alteration

of documents in a litigation situation;
3. To support or oppose a position in an investigation or

litigation;
4. To protect from unnecessary expense and time during

discovery;
5. To maintain control over discovery and e-discovery;

and
6. To keep documents confidential and avoid leakage

to attackers or competitors.
9.2 The Audit Documents shall be collated for records within

a period of 45 days from the date of signing of Auditor’s
Report.
The documents should be maintained in a manner which is

safe, secure and retrievable as and when required.
9.3 The Audit Documents shall be maintained in physical or

electronic form and retained for a period of 8 years from the
date of signing of Auditor’s Report.
******
59
Guidance Note on Forming of Opinion
The Auditing Standard on Forming of opinion (CSAS-3),

formulated by Auditing Standards Board (ASB) of the
Institute of Company Secretaries of India (ICSI) and issued
by the Council of the ICSI, is effective from 1st July, 2019 on a
recommendatory basis and shall be mandatory with effect
from 1st April, 2021.
This Guidance Note sets out the explanations, procedures

and practical aspects in respect of the provisions
contained in CSAS-3 to facilitate compliance thereof by the
stakeholders.
Scope
Auditor undertaking Audit under any statute. The Standard
deals with basis and manner for forming Auditor’s opinion on
subject matter of the audit.
This standard aims to promote consistency in opinion

forming and reporting thereof to enable users of the report
to identify the audit findings.
Effective Date
59
60 GUIDANCE NOTE ON FORMING OF OPINION

Objective
The objective of the Standard is to enable the Auditor to lay
down the basis and manner for evaluation of the conclusions
drawn from the Audit Evidence obtained and express the
opinion through written report.
The objective is to standardise the process of analysis and

evaluation of audit conclusions made during the audit
process to form an opinion and express it in writing. The
Standard lays down the principles that need to be applied
while forming an opinion and expression thereof.
The evaluation under CSAS-2 refers to the evaluation of Audit

Evidence to reach a conclusion, whereas this Standard
deals with evaluation of conclusion(s) reached during audit
process. This Standard also deals with the manner in which
the opinion formed by the Auditor will be expressed in writing
and circumstances and manner to disclaim the opinion and
the reporting format.
Definitions
For the purpose of Auditing Standards (CSAS) issued by
The Institute of Company Secretaries of India (‘ICSI’), the
following terms shall have the meaning attributed as below,
unless specified otherwise:
(1) “Audit Evidence” as defined in CSAS-2.
“Audit Evidence” refers to relevant information and

GUIDANCE NOTE ON FORMING OF OPINION 61
documents gathered in the course of the audit for

arriving at the conclusion on which the Auditor’s
opinion is based.
(2) “Misstatement” means any information or statement

which is false, incorrect, incomplete, misleading or
misrepresents, omits or suppresses a material fact.

Misstatement means when any written statement is
found to be false, incorrect, incomplete, misleading,
or which misrepresents or omits or suppresses any
material fact from the given meaning of the stated
sentence or paragraph or otherwise from the whole
document, which in turn fails to portray a clear, true
and fair meaning of the titled subject and ultimately
purpose of the given statement is not attained or
understood in its correct sense.
Causes of misstatement may include :
(a) an inaccuracy in gathering or processing data

or information;
(b) an omission of a disclosure;
(c) an incorrect or clear misinterpretation of the

facts; or
(d) Management’s judgments that the Auditor

considers unreasonable,
For Example:
1. XYZ an Auditee company has stated in its

Annual Report that company has complied with
all regulations of SEBI during the Financial Years
whereas the material non-compliances were
not reported which impacts the Goodwill of the
company , which can mislead the investors.
2. Company undertook a material related

party transactions but it is not disclosed in the
company’s Annual Report.
(3) “Materiality” is the threshold above which missing or

incorrect information is considered to have an impact
on the decision making of the Auditor. Information is
considered as material if its omission or misstatement
could influence the opinion of the Auditor. Materiality
can also be construed in terms of net impact.

The concept of Materiality is applied by the Auditor
both in planning and performing the audit, and
forming the opinion.
Materiality consists of both quantitative and qualitative

factors. Determining Materiality is a matter of
professional judgment and depends on the Auditor’s
interpretation of the user’s needs. A matter can be
judged material if knowledge of it is likely to influence
the decisions of the intended users.
Materiality is a relative concept. In practice, Auditors

evaluate materiality on a standalone basis. What is
material for one Auditee may not reach the Materiality
threshold for another. Materiality is a matter of
professional judgment of the Auditor and its teams’
experience.
As mentioned above, Materiality is important while

conducting the audit process and also while forming
the audit opinion based upon the evaluation of
conclusions drawn on the basis of the audit process.
The parameters for application of Materiality could be
different in forming of audit opinion when compared
to application of Materiality while evaluating the Audit
Evidences in accordance with CSAS-2. While CSAS- 2
deals with collection and evaluation of Audit Evidence

to draw conclusions, CSAS-3 deals with evaluation of
such conclusions to form the opinion.
(4) “Records” include:
(i) Memorandum and Articles of Association, bye-

laws or any other constitutional documents;
(ii) Minutes, returns, forms, index and Registers;
(iii) Books and papers include books of accounts,

deeds, vouchers;
(iv) Agreements, Memorandum of Understanding;
(v) Other documents maintained by the Auditee

either in physical or electronic form; and
(vi) Correspondence.
Generally the Records means the Records for the

audit period, however if an opinion forming warrants
the review of prior period Records, the same may also
be considered as Records.

Further, the Records means the Records of an Auditee,
however if an opinion forming warrants the Records
of regulators, authorities and third parties may also be
considered as Records.
(5) “Third Party” means any person who does not have
a direct connection with the audit but whose inputs
or opinion might influence the audit conclusion and
includes an expert.
Third party may include any person who has given inputs
and opinion of the expert relevant for forming an opinion.
1. Process for forming of Opinion

Process for forming of Opinion
Forming of opinion based on the audit observations is an

important part of any audit, as through this process the
outcome of audit are presented in the form of Audit Report
to the intended users. Audit inter alia involves reporting
compliance of or deviations from the applicable laws.
1.1 The Auditor shall consider Materiality while forming his

opinion and adhere to:
a. The principle of completeness that requires the Auditor

to consider all relevant Audit Evidence before issuing
a report;

It requires that the Auditor should gather sufficient
and appropriate Audit Evidences to provide the basis
for the conclusion or opinion. An Auditor may collect
evidences regarding accuracy, completeness and
validity of data. Through compliance procedure,
Auditor may collect evidences regarding internal
control system as used in the Auditee’s organisation.
Auditor should not be selective in using the available

evidence before forming opinion. Auditor cannot use
the evidence that supports his surmises and discard
other evidence. Auditor should use all the available
evidence available to him, and only discard the
contradictory information, if any, after applying
principle of contradiction process.
b. The principle of objectivity that requires the Auditor to

apply professional judgment and skepticism in order to
ensure that all reports are factually correct and that
findings or conclusions are presented in a relevant and
appropriate manner;

The Auditor must remain objective throughout the
whole process, such that his integrity must not allow
any malpractice in the audit process. Objectivity
is essential for any professional person exercising
professional judgment. Objectivity is the state of mind
which has regard to all considerations relevant to the
task in hand but no other. It is sometimes described as
‘independence of mind’.
The need for objectivity is particularly evident in the

case of the Auditor for carrying out an audit or some
other reporting roles where their professional opinions
can affect rights between parties and the decisions
they take.
Professional skepticism is considered as corner stone

of good auditing. Professional skepticism requires
an Auditor to have an enquiring mind. Whatever
documents and information are produced before
the Auditor by Management/Auditee should not
be relied on the face of it. An Auditor should see to
it that documents and information are reasonable,
appr o pr iat e , in c o n so n an c e wit h at t e n din
g circumstances and knowledge of the Auditor from
other sources as well. Auditor must obtain sufficient
evidence from Auditee to support what Auditee says.
Threats to objectivity

Threats to objectivity can arise in a number of ways,
some general in nature and some related to the
specific circumstances of an assignment or role.
Auditor should identify the threats and consider them
in the light of the environment in which he is working;
he should also take into account the safeguards
which assist them to withstand threats and risks to their
objectivity.
The easiest way of avoiding such threats would be for

Auditor to decline to act in any circumstances where
the slightest threat to objectivity might exist.
Threats to objectivity might include the following:
Self-interest threat – A threat to the Auditor’s objectivity

stemming from a financial or other self-interest conflict.
This could arise, for example, from a direct or indirect
interest in Auditee or from a fear of losing an audit
work.
Self-review threat – The apparent difficulty of

maintaining objectivity and conducting what is
effectively a self-review, if any product or judgment of
a previous audit assignment or a non-audit assignment
needs to be challenged or re-evaluated in reaching
audit conclusions.
Advocacy threat – There is an apparent threat to the

Auditor’s objectivity, if he becomes an advocate for
(or against) the Auditee’s position in any adversarial
proceedings or situations. Whenever the Auditor takes
a strongly proactive stance on the Auditee’s behalf,
this may appear to be incompatible with the special
objectivity that audit requires.
Familiarity or trust threat – A threat that the Auditor

may become over-influenced by the personality
and qualities of the directors and Management,
and consequently too sympathetic to their interest.
Alternatively, the Auditor may become too trusting of
Management representations so as to be inadequately
rigorous in his testing of them – because he knows the
Auditee too well or the issue too well or for some similar
reason.
Intimidation threat – The possibility that the Auditor

may become intimidated by threat, by dominating
personality, or by other pressures, actual or feared,

by a director or manager or by some other party.
Each of the above threats may arise either in relation to

the Auditor’s own person or in relation to a connected
person such as a member of his family or a partner or
a person who is close to him for some other reason,
such as past or present association or obligation or
indebtedness.
Auditors should always consider the use of safeguards

and procedures which may negate or reduce threats.
An exhaustive list of countervailing factors is not

possible, but Auditors should strive to develop the
following characteristics in their audit firms, wherever
possible to provide safeguards against these threats :
– Auditors should behave with integrity in all their

professional and business relationships and
to strive for objectivity in all professional and
business judgments. These factors rank highly in
the qualities that Auditors have to demonstrate
the same. They should therefore be well used to
setting personal views and inclinations aside.
– Within every audit firm there should be strong

peer pressure towards integrity. Reliance on one
another’s integrity should be the essential force
which permits partners to entrust their public
reputation and personal liability to each other.
– Audit Firms of all sizes should establish strong

internal procedures and controls over the
work of individual Auditors, so that difficult
and sensitive judgments are reinforced by the
collective views of other Auditors, thereby also
reducing the possibility of litigation.
c. The principle of timeliness that implies preparing the

report in due time;

Auditor must adhere to timeline agreed at the time of
engagement for issuing the report and milestones to
be achieved, if any. Deviations, if any, from agreed
timeline must be recorded with reason for such
deviation.
d. The principle of a contradictory process that implies

checking the accuracy of facts and incorporating
responses from concerned persons.

When two contradictory facts emerge on same
subject matter of audit, Auditor must strive to find
additional evidence/material which supports or
negates one of the facts. This process of finding
additional evidence/material must continue till one
of the facts is eliminated. In case Auditor is unable
to find further evidence/material and contradiction
continues to persist, Auditor should bring out that fact
clearly in his report and if circumstances warrants,
disclaim opinion on that particular subject matter.
The Principle of contradictory process also implies

checking the accuracy of facts with the Auditee and
incorporating responses from responsible officials as
appropriate. The Auditor should consider relevant
evidential matter regardless of whether it appears to
corroborate or to contradict the assertions. Thus, during
the conduct of an audit, the Auditor should consider
all relevant evidential matter even though it might
contradict or be inconsistent with other conclusions.
Audit documentation must contain information or
data relating to significant findings or issues that are
inconsistent with the Auditor’s final conclusions on the
relevant matter.
After completing the audit procedures the Auditor

reviews the Audit Evidence in order to draw a
conclusion, issue an opinion or describe the findings.
The Auditor should evaluate whether the evidence
obtained is sufficient and appropriate so as to
reduce audit risk to an acceptably low level. The
evaluation includes considerations of evidence
that both supports and seems to contradict the
audit report, conclusion or opinion on compliance/
non-compliance. The evaluation further includes
considerations of Materiality. After evaluating the
sufficiency and appropriateness of evidence to
determine the assurance level of the audit, the Auditor
should consider which conclusion is appropriate in light
of the evidence obtained. After evaluation, Auditors
need to weigh the extent and credibility of conflicting
evidence in order to reach a conclusion or collect
more evidence to resolve the conflict in such situations,
Auditors need to weigh the extent and credibility of
conflicting evidence in order to reach a conclusion
or collect more evidence to resolve the conflict.
Audit conclusion should clearly bring out the nature

and extent of non-compliance, cause of such non-
compliance, its Materiality and also the effect of
non-compliance, if possible. The audit conclusions in
case of regularity issues should also indicate whether
non-compliance is a solitary one-off case, or wide
spread systemic issue in the Auditee.
1.2 Judgment, Clarification and Conflicting Interpretation
The Auditor may consider various judgments, clarifications

and opinion, conflicting interpretations while framing the
opinion to the best of his professional acumen.
While forming an Audit opinion the Auditor may consider

or refer the decided case laws or judgments, clarifications

issued, opinions formed in similar type of audits while framing
the final audit opinion.
Judgments
For example, while interpreting the issue of loans given by
the Auditee company in terms of Section 185, the Auditor
may refer to the decided case laws in this respect, e.g in Dr.
Fredie Ardeshir Mehta v. Union of India, the terms “indirectly”
and “loans”, has been explained as below :
– The word “indirectly’ means providing loan through

agencies or any other medium but does not include
converting anything which does not qualify to be
loan or loan represented by book debt or security or
guarantee into loan, any loan represented by book
debt or guarantee or security.
– The word “Loan” was defined by the court as ‘a thing

lent; something the use of which is allowed for a time,
on the understanding that it shall be returned or an
equivalent given; esp., a sum of money lent on these
conditions and usually with interest’. The essential
requirement of a loan is the advance of money (or of
some article) upon the understanding that it shall be
returned, and it may or may not carry interest.
– The phrase “any loan represented by book debt” is

inserted in order to plug the loophole used in the case
of “Dr. Fredie Ardeshir Mehta v. Union of India” where
court took the view that book debt can’t be treated
as loan and since the earlier Section 295 of Companies
Act, 1956 does not explicitly include the phrase “any
loan represented by book debt” hence any kind of
credit facility extended by company to directors will
not cover under the “Loan to director”.
Therefore, while auditing, the Auditor may refer to the

interpreted words given in court judgments so as to interpret
the meaning of the legal terms correctly and in their
true sense and can frame the opinion accordingly and
accurately.
Clarifications in respect of forming the audit opinion implies

that in case the true or clear sense of law cannot be
interpreted by the Auditor or if it was so interpreted, then
contradictory interpretations amongst various Auditors or
professionals seem to exist; in such a case Auditor may refer
to the clarifications issued by various authorities e.g. Ministry
of Corporate Affairs, Institute of Company Secretaries of
India, CBDT, or any other Govt. body etc., to frame a reliable
and accurate opinion.
Opinions formed by other Auditors, in similar types of Audits

may also be referred by the Auditor to form a judgment and
frame its opinion. Similar type of Audit may also depend on
nature of business, transactions occurred and operation of
scale of Auditee, etc.
Conflicting Interpretations may be sorted out by again

referring to the decided judgments, clarifications issued by
the Govt. Authorities, Regulators, etc.
2. Precedence and Practices

The Auditor shall adhere to generally accepted precedence
and practices in relation to forming of an opinion as may be
available from historical perspective of any kind of audit.
Precedence and Practice in context of Auditing implies

that Auditor shall evaluate on the basis of general or
ongoing practices or procedures that whether the Records
maintained, statements prepared in all material respects,
in accordance with the requirements of the applicable
laws, rules and regulations. This evaluation shall include
consideration of the qualitative aspects of the Auditee’s

compliance practices, including indicators of possible bias
in Management’s judgments.
The Practices and precedence used by Auditor for forming

the Audit opinion may be as per the historical perspective
i.e., methods used hitherto or generally used methods or
practices or procedures be implemented for framing the
opinion. Like, one of the method involves selecting a sample
size of total work and activities of a firm for conducting the
audit process, which simultaneously depends upon the
firm’s size, operation of work and no. of branches, etc., or
another practice includes having an unbiased approach
while conducting the audit process in order to frame the
honest and unbiased opinion.
3. Third Party Report or Opinion

Sometimes due to circumstances like geographical
constraints or want of expertise on any specific subject
matter an Auditor may be required to rely on the Third Party
reports. The Third Party reports may be arranged by the
Auditee or Auditor directly. Third Party Report or Opinion is
used as one of the external source of obtaining the Audit
Evidences that would help in building the strong and quality
Audit Opinion.
The Auditor shall adhere to the following while forming an

opinion based on Third party reports or opinions:
a. The Auditor shall indicate the fact of use of Third

party report or opinion and shall also record the
circumstances necessitating the use of Third party
report or opinion;
b. The Auditor shall indicate the fact if Third party report

or opinion is provided by the Auditee;
c. The Auditor shall consider the important findings/

observation of Third party;
d. The Auditor shall, if necessary and feasible, carry out a

supplemental test to check veracity of the Third party
report or opinion.
While using the work of Third Party, the Auditor should:
 Consider the independence and objectivity of the

Third Party;
 Take account of the Third Party’s professional

competence for the specific audit;
 Consider the scope of the Third Party’s work;
 Determine the cost-effectiveness of using such work;
 Perform procedures to obtain sufficient appropriate

Audit Evidence that the work of the Third Party is
adequate in the context of the specific audit (which
may require access to the Third Party’s working
papers); and
 Consider the significant findings of the other Auditor

when analysing and interpreting the results of that
work. Where these findings are significant to the
opinion, Auditor should discuss these findings with the
Third Party and consider whether it is necessary to carry
out additional audit testing him.
 When using the work of Third Party, Auditor should

carefully consider that, the Third Party may only
recognise a duty of care to the addressee of the audit
report.
4. Form of an Opinion
4.1 Unmodified Opinion
The Auditor shall express an unmodified opinion when based

on Audit Evidence, the Auditor concludes that:
a. there is due compliance with the applicable laws in

terms of timelines and process; and
b. the Records as relevant for the audit verified by him as

a whole are free from Misstatement and maintained
in accordance with applicable laws.
An unmodified opinion is an audit report that has been

issued with no reservations or qualifications regarding the
state of compliances of all the applicable laws, rules and
regulations of the Auditee’s business activities, documents, or
statements etc. In this opinion, the Auditor follows a standard
opinion format to state that all the statements, documents
or other business procedures are a fair representation of the
condition of the Auditee’s business, and in accordance with
the applicable Laws.
In order to form unmodified opinion, Auditor shall conclude

as to whether he has obtained reasonable assurance about
whether the documents, books or statements as a whole
are free from material misstatement, whether due to fraud
or error.
An unmodified opinion is formed when based on all the Audit

Evidences the Auditor states that there is due compliance of
all the applicable laws, or any other law for the time being
in force, or any rule or regulation in terms of timelines and
process.
Compliance in terms of timelines: Compliance in terms of
timelines implies that when the adherence of the applicable
laws, act, rules or regulations are made within the specified
time limits as provided in the law for the particular task or

completing any business procedure etc.
For Example: As per law the due date of filing the Annual
returns, say, MGT-7 of the company with Registrar of
Companies is given as sixty days from the date of Annual
General Meeting of the company and company has also
filed the said return within the prescribed limit of 60 days,
that means company has adhered to the applicable laws
properly and within the given timelines.
Compliance in terms of process: Compliance in terms

of process means that, when the business activities, say
documentation, or any other transaction has been made,
complying with the applicable laws and as per the procedure
or process given for performing that activity/procedure or
transaction etc,. The process of doing or performing the task
as per the given procedure in the applicable laws is known
to be compliances made in “in terms of process”.
Example: If a company is required to shift its registered office

from one place to another within same state and RoC, then
a whole set of procedures given in Companies Act, 2013 is
required to be followed e.g conducting a Board Meeting
for approval of shifting of Registered office, intimation to
Registrar of Companies in Form INC-22 along with various
documents as attachment within 15 days of passing the
Board Resolution.
4.2 Modified Opinion
4.2.1 The Auditor shall express modified opinion when the

Auditor concludes that:
(a) based on the Audit Evidence obtained, there

is non- compliance with the applicable laws in
terms of timelines or process; or
(b) based on the Audit Evidence obtained,

the Records as a whole are not free from

misstatement; or are not maintained in
accordance with applicable laws; or
(c) he is unable to obtain sufficient and appropriate

Audit Evidence to conclude that there is due
compliance with the applicable laws in terms
of timelines and process; or
(d) he is unable to obtain sufficient and appropriate

Audit Evidence to conclude that the Records
as a whole are free from misstatement; or are
maintained in accordance with applicable
laws.
4.2.2 Whenever the Auditor expresses a modified opinion

or disclaims an opinion, the text of the opinion shall
be either in italics or bold letters.
When the Auditor expresses a modified opinion, the Auditor

shall state in opinion paragraph that, in Auditor’s opinion,
because of the significance of the matter(s) described in
the basis for modified opinion paragraph and then continue
with the opinion and describe reasons in the basis for
modified opinion paragraph.
When the Auditor disclaims an opinion, he shall state in the

opinion paragraph that the opinion is disclaimed because
of the matter(s) described in the basis for disclaimer of
opinion paragraph and then continue with the opinion
and describe reasons in the basis for disclaimer of opinion
paragraph.
4.3 Limitation
4.3.1 If, after accepting the Audit Engagement, the

Appointing Authority imposes a limitation on the scope
of the audit which, in the opinion of the Auditor, is likely
to result in the need to express a modified opinion or
to disclaim an opinion, the Auditor shall request the

Appointing Authority to remove the limitation.
4.3.2 If the Appointing Authority refuses or fails to remove the

limitation, the Auditor shall communicate the matter to
the Management and determine whether it is possible
to perform alternative procedure to obtain sufficient
and appropriate Audit Evidence.
4.3.3 If the Auditor is unable to obtain sufficient and

appropriate Audit Evidence, the Auditor shall
determine the implications as follows:
a. If the Auditor concludes that the possible effects of

unavailable Audit Evidence could be non-material,
the Auditor shall modify the opinion; or
b. If the Auditor concludes that the possible effects of

unavailable Audit Evidence could be material, the
Auditor shall express disclaimer of opinion.
Limitation on the scope of audit means when the Auditor

appointed for performing the Audit will not be able to
obtain appropriate or complete Audit Evidences due to the
restrictions or limitations imposed on the process of Audit
which ultimately affects the Auditor’s opinion.
The Auditor’s inability to obtain sufficient and appropriate

Audit Evidence (also referred to as a limitation on the scope
of the audit) may arise from:
(a) Circumstances beyond the control of the Auditee;
(b) Circumstances relating to the nature or timing of the

Auditor’s work;
(c) Limitations imposed by Management.

An inability to perform a specific procedure does not
constitute a scope limitation if the Auditor can obtain sufficient
appropriate Audit Evidence by performing alternative

procedures. Limitations imposed by Management may
have other implications for the audit, e.g. for the Auditor’s
assessment of fraud risks.
If after obtaining the Audit engagement, the Appointing

Authority imposes a limitation on the scope of Audit, which is
likely to affect the Auditor’s opinion, the Auditor shall request
the Authority to remove the limitation.
If Management refuses the Auditor’s request to remove a

limitation that Management has imposed on the scope of
the audit, the Auditor should communicate the matter with
those charged with governance. When a limitation on the
scope of the audit imposed by Management is not removed,
the Auditor should determine whether it is possible to perform
alternative procedures to obtain sufficient appropriate Audit
Evidence on which to base an unmodified opinion.
If the Auditor is unable to obtain sufficient appropriate Audit

Evidence, the Auditor should determine the implications as
follows:
• if the possible effects of the scope limitation are

material but not pervasive to the business procedures,
documents, or underlying transactions, the Auditor
should modify the opinion;
• if the possible effects of the scope limitation are

both material and pervasive to the compliance of
laws, rules and regulations or underlying transactions
or other business procedures/activities so that a
qualification of the opinion would be inadequate to
communicate the gravity of the situation, the Auditor
should disclaim an opinion.
5. Auditor’s Responsibility
5.1 The Auditor’s Report shall include a section with the
heading “Auditor’s Responsibility”. Auditor’s Report shall state
that the responsibility of the Auditor is to express the opinion on
the compliance with the applicable laws and maintenance
of Records based on audit. The Auditor’s Report shall also
state that the audit was conducted in accordance with
applicable Standard. The Auditor’s Report shall also explain
that those Standards require that the Auditor comply with
statutory and regulatory requirements and plan and perform
the audit to obtain reasonable assurance about compliance
with applicable laws and maintenance of Records.
5.2 Auditor’s Report shall state that due to the inherent

limitations of an audit including internal, financial and
operating controls, there is an unavoidable risk that some
Misstatements or material non-compliances may not be
detected, even though the audit is properly planned and
performed in accordance with the Standards.
The Auditor has a responsibility to perform procedures
to identify, assess and respond to the risks of material
misstatement or non-compliance arising from the Auditee’s
failure appropriately to account for or disclose an event or
transaction.
Auditor’s Report includes a separate section with heading

“Auditor’s Responsibility” that will state or express the opinion
of the Auditor about the following:
– Whether the audit has been conducted as per the

applicable Auditing Standards.
– Whether the Auditor has obtained reasonable

assurance about whether the statements prepared,
documents or Records maintained by the Auditee are
free from misstatement.
– That Auditor has the responsibility to only express

his opinion on the evidences collected, information
received and Records maintained by the Auditee or
given by the Management.
– Whether the Auditee has followed applicable

laws, act, rules or regulations in maintaining their
Records, documents, statements, or have complied
with applicable laws or rules while performing any
corporate action
6. Format of Report
6.1 The report shall be addressed to the Appointing Authority
unless otherwise specified in Audit Engagement Letter or
provided in the applicable law. The report shall be detailed
enough to serve its intended purpose. Where specific formats
are prescribed, those formats shall be followed for reporting.
If any information cannot be appropriately placed within
the paragraphs of the report, it shall be given in form of
annexure(s).
6.2 Signature block shall mention the name of the audit firm
along with the registration number, if any, the name of the
Auditor, certificate of practice number, the membership
number of the Auditor specifying whether associate or fellow
member, as applicable. The Auditor shall clearly mention date
and place of signing the report, in case report is signed by
two different persons on different dates or different places;
same shall be mentioned in the report.
Audit report is the result of the audit performed in as per its

scope and objectives. It includes a summary of information
and can consist of further observation. In case of an audit
of compliances, Audit Report may point out areas of
compliance and non-compliance, as well as areas for
improvement. The report is addressed to the Appointing
Authority or otherwise, as may be prescribed in applicable

law, acts rules or regulations. The Appointing Authority
would be the Board of company, in case Auditee is a
company and in other cases, it would be the persons who
and compliances of the Auditee. Further, the Appointing
Authority may also include Court, Tribunal or Regulators or
any officer thereof, depending upon the type of Auditee’s
entity as explained in the Guidance Note on CSAS-1.
The Audit Report must be prepared in detail so that the

purpose of preparing the report and showcasing the true
state of affairs of the Auditee can be attained. Furthermore,
the Audit Report prepared must be precise, accurate, clear
and should be unbiased with suggestions and opinions. The
detailed Audit Report means that Auditor must try to explain
and point out each and every minute compliance, non-
compliance or any improvement in the business procedures,
documents, statements or any transactions or any other
area that has been audited so as to form an accurate audit
opinion and in case the provided format of Audit report as
per the laws, rules or regulations is not enough to provide
detailed statement, the Auditor shall attach additional
annexures or pages to give full disclosures and opinions
thereon.
The Audit Report must be signed by one or more Auditors as

the case may be at the end of the audit report along with the
name of their Firm, Firm’s Registration No., Designation of the
Auditor in the Firm (like partner, proprietor etc.), Certificate
of Practice No. and Membership No. of the Auditor, whether
the Auditor is a Fellow or Associate member of the Institute.
The report must mention the correct date and place of
signing and if two Auditors are signing the same report at
different date and place then, the same shall be mentioned.
Further, as per Peer Review Guidelines of the ICSI, it is

mandatory to mention the Peer Review Certificate Number
in Secretarial Audit Report/Annual Secretarial Compliance
Report and the signature of the PCS should be in following
format :
For XYZ & Associate
Company Secretaries
Name ..........................
FCS ..............................
Date:………………………. CP................................
Place:……………… PR 123/2018
*****
83
Guidance Note on Auditing Standard

on Secretarial Audit
The Auditing Standard on Secretarial Audit (CSAS-4)

formulated by Auditing Standards Board (ASB) of the
Institute of Company Secretaries of India (ICSI) and issued
by the Council of ICSI, is effective from 1st July, 2019 on
recommendatory basis and mandatory with effect from 1st
April, 2021.
The Guidance Note sets out the explanations, procedures

and practical aspects in respect of the provisions contained in
CSAS-4 to facilitate compliance thereof by the stakeholders.
Scope
Auditor undertaking Secretarial Audit under Section 204 of
the Companies Act, 2013 and rules made thereunder.
The Standard shall apply to Secretarial Audit undertaken under

Section 204 of the Companies Act, 2013 and Regulation 24A
of The SEBI (Listing Obligations and Disclosure Requirements)
Regulations, 2015.
However, the application of this Standard is not mandatory for:
A. Annual Secretarial Compliance Report issued in terms

of SEBI Circular No. CIR/CFD/CMD1/27/2019 dated 8th
February, 2019; and
B. Secretarial Audit entrusted on a voluntary basis by

an Auditee to an Auditor. However, adherence to
the Standard is recommended in respect of Audits
entrusted on voluntary basis also.
Note: This Standard is not applicable in case the Secretarial

Audit is mandated by any third party or regulatory authority.
83
84 GUIDANCE NOTE ON AUDITING STANDARD ON SECRETARIAL AUDIT
However, if the Auditor has followed the Auditing Standards

issued by the ICSI while performing the Audit, he should state
the fact that he has followed the Auditing Standards (CSAS
1 to CSAS 4) issued by the Institute of Company Secretaries
of India.
The Standard deals with basis and manner for carrying out
the Secretarial Audit
The Guidance Note on CSAS-4 deals with basis and manner

for carrying out the Secretarial Audit and provides standards
for evaluation of statutory compliances and corporate
conduct in relation thereto.
Effective Date
The Standard is effective and recommendatory for Secretarial
Audit accepted by the Auditor on or after 1st July, 2019 and
mandatory for Secretarial Audit accepted by the Auditor on
or after 1st April, 2020.

Objective
The objective of the Standard is to lay down the principles for
evaluation of statutory compliances and corporate conduct
in relation thereto.
Adherence to other Auditing Standards

The Auditor shall adhere to the Auditing Standards on – (a) Audit
GUIDANCE NOTE ON AUDITING STANDARD ON SECRETARIAL AUDIT 85
Engagement (CSAS-1), (b) Audit Process and Documentation

(CSAS-2) and (c) Forming of Opinion (CSAS-3).
How adherence to other standards has to be ensured

while complying with CSAS-4?
An Auditor while accepting Secretarial Audit, shall also
comply with the principles laid down in CSAS-1to CSAS 3.
For example., M/s. ABC & Associates, a practicing company

secretaries firm, accepts an audit assignment on 20th April,
2021 for the FY 2021-2022. The firm should adhere to the
principles laid down in the CSAS-1 (Audit Engagement) while
accepting the audit assignment, the Auditor should plan,
proceed and perform the audit assignment as per the CSAS-
2 (Audit Process and Documentation) and give his opinion
based on the Audit Process performed by him in line with the
principles given in CSAS-3 (Forming of Opinion).
Definitions
For the purpose of Auditing Standards (CSAS) issued by The
Institute of Company Secretaries of India (‘ICSI’), the following
terms shall have the meaning attributed as below, unless
specified otherwise :
(1) “Management” as defined in CSAS-1
“Management” includes Board of Directors and persons who

and compliances of the Auditee.
The term “persons who have been entrusted with the

responsibility of governance and compliances of the
Auditee” includes the Key Managerial Personnel as defined
under Section 2(51) of the Companies Act, 2013, Senior
Management as defined under SEBI (LODR) Regulations, 2015
and the explanation given in Section 178 of the Companies
Act, 2013.
As per Section 2(51) of Companies Act, 2013: “Key Managerial

Personnel”, in relation to a company, means:
(i) the Chief Executive Officer or the Managing Director
or the Manager;
(ii) the Company Secretary;
(iii) the whole-time Director;
(iv) the Chief Financial Officer;
(v) such other officer, not more than one level below
the directors, who is in whole-time employment,
designated as Key Managerial Personnel by the Board;
and
(vi) such other officer as may be prescribed.
Explanation to Section 178 of the Companies Act, 2013,
describes that “Senior Management” means personnel of
the company who are members of its core management
team, excluding Board of Directors, comprising all members
of management one level below the Executive Directors,
including the functional heads.
As per Regulation 16(1)(d) of SEBI (LODR) Regulations, 2015:
“Senior Management” shall mean officers/ personnel of the
listed entity who are members of its core management team
excluding board of directors and normally this shall comprise
all members of management one level below the Chief
Executive Officer/ Managing Director/ whole time Director/
Manager (including Chief Executive Officer/ Manager, in
case they are not part of the board) and shall specifically
include Company Secretary and Chief Financial Officer.
(2) “Records” as defined in CSAS-3
“Records” include:
(i) Memorandum and Articles of Association, bye-laws

or any other constitutional documents;
(ii) Minutes, returns, forms, index and Registers;
(iii) Books and papers include books of accounts, deeds,

and vouchers;
(iv) Agreements, Memorandum of Understanding;
(v) Other documents maintained by the Auditee either

in physical or electronic form; and
(vi) Correspondence
Correspondence may include:
• Relevant Internal correspondence within the auditee

company
• Correspondence between the auditee and the

regulators, or authorities like Stock Exchanges, income
tax department etc, and/or third parties
Generally the Records means the Records for the audit

period, however if an opinion forming warrants the review
of prior period Records, the same may also be considered
as Records.
Further, the Records means the Records of an Auditee,

however if an opinion forming warrants the Records
of regulators, authorities and third parties may also be
considered as Records.
1. Identification and segregation of applicable laws

The Auditor shall take note of the industry specific laws and
other laws as may be applicable to the Auditee based on
the identification/ segregation by the Management and his
own verification.
What are Industry specific laws?
Identification of all laws applicable to the Auditee, as well

as industry specific laws and the segregation thereof, is the
primary responsibility of the Auditee. Auditor’s role is to verify

that the laws identified and segregated by the Management
are appropriate and sufficient having regard to the business
of the Auditee and the auditee should communicate the
same to the secretarial auditor. The Auditor shall exercise
his professional judgment to verify that the identification
and segregation of the laws made by the Management,
as may be applicable specifically to the Auditee, is correct.
In case, the Auditor is not satisfied by the identification
and segregation made by the Management, or no such
identification and segregation has been made, he should
seek explanation from the Management to form the opinion
and accordingly report.
The Institute of Company Secretaries of India vide

communication dated 22nd December, 2014 and 15th May,
2015 has clarified regarding the scope of Secretarial Audit
with regard to industry specific and other laws as under:
(1) Reporting on the compliance of ‘other laws as may

be applicable specifically to the company’ include
all the laws which are applicable to specific industry,
For example, for Banks - all laws applicable to Banking
Industry; for insurance companies - all laws applicable
to insurance industry; likewise, for a company in
petroleum sector - all laws applicable to petroleum
industry; similarly, for companies in pharmaceutical
sector, cement industry, etc. - all laws specifically
applicable to them;
(2) Examining and reporting whether the adequate

systems and processes are in place to monitor and
ensure compliance with general laws like labour laws,
competition laws, and environmental laws.
(3) The provisions relating to audit of accounts and
financial statement of a company are dealt in the
Statutory Audit, and that relating to taxation is dealt

in Tax Audit. Hence, the Secretarial Auditor may rely
on the reports given by statutory auditors or other
designated professionals.
What are other Applicable Laws?
“Other laws as may be applicable specifically to the

company” shall mean all the laws, rules and regulations that
are applicable specifically to the Company. The Secretarial
Auditor may take note of all such laws, rules and regulations
identified by the management of the company;
For example for Banks - all laws applicable to Banking Industry;

for insurance company - all laws applicable to insurance
industry; likewise, for a company in petroleum sector - all laws
applicable to petroleum industry; similarly, for companies in
pharmaceutical sector, cement industry, etc.
Principles for making such segregation
Segregation of laws applicable on the Company into the

industry specific and general is essential for Secretarial Audit.
Based on the following factors auditor should verify the
correctness of the segregation of the laws:
• Registration with various authorities such as SEZ,

Sectoral Regulators, etc.
• Segments such as Manufacturing/ Trading/ Service/

E-commerce and Industry classification thereof
• Status of company such as listed/ unlisted
• Geographic location of registered office, units/

divisions/ plants/ branches, etc.
However, for identification of laws applicable on the

company, in addition to above following factors shall also
be considered:
• Key financial parameters such as Turnover, Paid-up

Share Capital, Net Worth, Borrowings, etc.
• Type/Class of company such as Private, Public,

Holding, Subsidiary, Foreign, Nidhi, Producer, Section
8, etc.
• Agreements governing rights, obligations of

shareholders such as Joint venture agreements,
shareholders agreements etc.
• Number, class and category of employees/ workers

such as women, contractual employees, etc.
It is important to note that certain laws which may fall in the

category of General Laws may also become specific laws
for particular industries.
Illustrations for various Industries Specific Laws

Illustration 1: For a food & beverages manufacturing &
processing unit, industry specific laws includes National Food
Security Act, 2013, Food Safety and Standard Act, 2006 and
State specific laws, if any .
Illustration 2 : For a Coal Mining company, industry specific
laws includes Mines Act, 1952, Indian Explosives Act, 1884,
Colliery Control Order, 2000 and rules & regulations made
thereunder, Coal Mines Pension Scheme, 1998, Coal
Mines Conservation & Development Act, 1974, The Mines
Vocational Training Rules, 1966, The Mines Creche Rules,
1961, The Mines Rescue Rules, 1985 etc.
Illustration 3: For a Print Media company, industry specific
laws includes: The Broadcasting Act 1997, The Press and
Registration of Books Act, 1867 & rules made thereunder,
Press Council Act, 1978, The Registration of Newspaper Rules
1956, The Indian Telegraph Act 1885, Working Journalists and
other Newspaper Employees (Conditions of Service) and
Miscellaneous Provisions Act, 1955, Delivery of Books and
Newspapers (Public Libraries) Act 1954, Wage Board along

with rules and regulations w.r.t. Newsprint and Electronic
Media, etc.
2. Verification of corporate conduct and compliance of

laws
2.1 Identification of Events/ Corporate Actions
The Auditor shall identify events/ corporate actions that took
place during the audit period. The identification shall be
made by reviewing the website of the regulators, website
of the Auditee, statutory records including books and
papers, interaction with the Management and in any other
appropriate manner.
What are events/ corporate action?
A corporate action is an event initiated by a company that
brings or could bring an actual change to the working of the
company, such as the investment made during the period
under audit, change in the borrowing limits, issuance of the
securities--equity or debt, appointment of the KMPs, etc., as
approved by its board of directors and/or shareholders.
An action based event may be defined as any activity that
amends the functioning of an organization and impacts
its stakeholders, including Shareholders, both common
and preferred, as well as Lenders. These events are
generally approved by the company’s board of directors
or shareholders of the company, some of the examples are
given below for reference:
• Events/ actions altering the Charter documents of the

company
• Changes in the Capital structure of the company
• Change in the Affairs/ Management of the company

• Change in the Licensing or permission for the business

operation of the company
• Casual Vacancy of statutory auditor/ director/ KMP
• Borrowing in excess of limits specified in Section 180 of

the Companies Act, 2013
How to identify events/ corporate actions?

The Auditor is expected to identify the Corporate Actions
from which a compliance requirement may arise. Corporate
actions may primarily be identified from the following:-
• Financial statements;
• Agenda and Notes on Agenda of Board/ Committee/

Members’ Meetings;
• Minutes of the Board/ Committees/ Members’

Meetings;
• Reporting and Filing to the regulators;
• Annual Report;
• Statutory Disclosures on website of the company,

website of the Ministry of Corporate Affairs and on
any other platform such as Stock Exchange;
• Third party sources which may include registrar and

transfer agents, banks, financial auditor, stakeholders
etc.
2.2 Verification of Compliance
The Auditor shall verify all event and calendar based

compliances from the Records of the Auditee, database or
website of the regulators and other relevant sources.
How to verify the compliances?
The Auditor shall use systematic and comprehensive audit

checklists for carrying out the audit and verifying the

compliance requirements. The Auditor shall compile and
validate the checklists for use in the audit process on the
basis of information gathered about the Auditee and scope
of the audit. It is a useful tool to ensure that no compliance
point is missed or omitted while conducting the audit. The
audit checklist should provide structure and continuity to an
audit. Audit checklists should be reviewed and updated from
time to time to meet the scope of audit and its effectiveness.
The Auditor should verify the compliances of applicable laws

and rules based on the information gathered by the Auditor.
3. Board Composition
The Auditor shall verify compliance of the Companies Act,
2013, SEBI (Listing Obligations and Disclosure Requirements)
Regulations 2015, Agreement with Lenders/ Investors, Articles
of Association and provisions of other Acts/ Rules/ Regulations,
Guidelines and Policies, board decisions, shareholders
decisions, as may be applicable to the Auditee with regard to:
3.1 Overall composition of the Board including the minimum

and maximum strength of the Board.
Various provisions mandating Board Composition
There are certain companies which are governed by

Specific Acts and legislations, as applicable in addition to the
Companies Act, 2013 with certain exemptions, for example.,
Banking Companies, Insurance Companies, State Financial
Corporations, Public Sector Undertakings, in such cases the
Auditor shall ensure the Board Composition is as per the
requirements of the applicable laws and acts to the Auditee.
A few examples of special situations are given below for
reference:
Illustration 1: In case the Auditee is a non-scheduled flight

operator, then it will require prior approval of the Ministry of
Civil Aviation for appointment of new member in its Board.
Illustration 2: The board composition in the State Bank of

India (SBI) is regulated by the State Bank of India Act, 1955.
Role of Auditor in verification of Board Composition
The Auditor should identify the laws and rules that govern
the company and check the compliances of the Board
Composition in accordance with those applicable laws and
rules. For example., Banking Company is regulated by the
Banking Regulation Act, 1949, therefore, the Auditor should
ensure that the Board Composition is in compliance of Banking
Regulation Act, 1949 or any other law specifically applicable
to the Auditee in addition to the basic governing laws
enumerated under the Companies Act, 2013 or SEBI (Listing
Obligations and Disclosure Requirements) Regulations, 2015.
In case of audit of any nationalized bank, the Auditor should

check the Board Composition in line with The New Bank of
India (Amalgamation and Transfer of Undertakings) Scheme,
1993.
The Auditor should examine the applicability of the various

laws and regulations applicable to the Auditee to verify the
requirement of minimum and maximum number of directors
on the Board of the Auditee. In case of specific categories of
companies to which special Acts apply such as Insurance Act,
1938, Banking Regulation Act, 1949 and Electricity Act, 2003,
different rules are prescribed w.r.t minimum and maximum
number of the Board of Directors and accordingly the auditor
should consider the compliances envisaged under those
laws, Articles of Association and arrangements as may be
appropriate in the context.
3.2 Optimum Combination of the Board including proportion
of executive, non-executive, independent, non-independent,

retiring, non-retiring, woman and nominee director.
Various provisions mandating optimum combination
The optimum combination of the Board should be as per
the provisions laid down in various Statutes such as the
Companies Act, 2013, SEBI (Listing Obligation and Disclosure
Requirement) Regulations, 2015, the Banking Regulation Act,
1949, the Insurance Act, 1938, etc., as may be applicable to
the company.
For example, provisions of the Companies Act, 2013 w.r.t the
Board Composition is given as under:
• As per section 149 (2), every company shall have at
least one director who stays in India for a total period
of not less than one hundred and eighty-two days
during the financial year.

Provided that in case of a newly incorporated
company the requirement under this sub-section shall
apply proportionately at the end of the financial year
in which it is incorporated.
• As per section 149(3), every listed public company
shall have at least one-third of the total number of
directors as independent directors and the Central
Government may prescribe the minimum number of
independent directors in case of any class or classes
of public companies.
Explanation — for the purposes of this sub-section, any fraction
contained in such one-third numbers shall be rounded off
as one.
An independent director in relation to a company, means

a director other than a managing director or a whole-time
director or a nominee director.
As per second Proviso to Section 149(1) read with Rule 3 of

The Companies (Appointment and Qualification of Directors)
Rules, 2014 of the Companies Act, 2013, the following classes
of companies are required to appoint at least one Woman
Director:
(i) every listed company;
(ii) every other public company having –
(a) paid–up share capital of 100 crore Rupees or

more; or
(b) turnover of 300 crore Rupees or more.
For appointment of Women Director, paid up share capital

or turnover, as the case may be, as on the last date of latest
audited financial statements has to be taken into account.
Similarly, as per Regulation 17 of SEBI (Listing Obligation and

Disclosure Requirements) Regulations, 2015 provides Board
Composition as under:
1) The composition of Board of Directors of the listed entity

shall be as follows:
(a) Board of Directors shall have an optimum combination

of executive and non-executive directors with at least
one woman director and not less than fifty percent of
the Board of Directors shall comprise of non-executive
directors;
Provided that the Board of Directors of the top 500

listed entities shall have at least one independent
woman director by April 1, 2019 and the Board of
Directors of the top 1000 listed entities shall have at
least one independent woman director by April 1,
2020;
Explanation: The top 500 and 1000 entities shall be

determined on the basis of market capitalization, as

at the end of the immediate previous financial year.
(b) Where the Chairperson of the Board of Directors is a

non-executive director, at least one-third of the Board
of Directors shall comprise independent directors and
where the listed entity does not have a regular non-
executive Chairperson, at least half of the Board of
Directors shall comprise independent directors:
Provided that where the regular non-executive

chairperson is a promoter of the listed entity or is related
to any promoter or person occupying management
positions at the level of Board of Directors or at one
level below the Board of Directors, at least half of the
Board of Directors of the listed entity shall consist of
independent directors.
(c) The Board of Directors of the top 1000 listed entities

(with effect from April 1, 2019) and the top 2000 listed
entities (with effect from April 1, 2020) shall comprise
of not less than six directors.
Explanation: The top 1000 and 2000 entities shall be

determined on the basis of market capitalization as
at the end of the immediate previous financial year.
(d) Where the listed company has outstanding Superior

Voting Rights (SR) equity shares, at least half of the
Board of Directors shall comprise of independent
directors.
Role of Auditor in verification of optimum combination
Laws specifically applicable to the company may also

mandate to have optimum combination of directors. The
Auditor should also verify the compliance thereof and report
deviations, if any.
3.3 Eligibility criteria including disqualifications of directors.

Various provisions mandating qualifications/ disqualification
The conditions for qualifications/ disqualification of a director
prescribed in the Companies Act, 2013 or any other industry
specific Act or law, need to be checked while verifying the
Board Composition of the company. For example, Section
164 of the Companies Act, 2013 lays down the provisions for
disqualifications for the appointment as Director on the board
of the company. Further, the Auditor also needs to check the
eligibility criteria including disqualifications of the directors as
may be prescribed in any other industry specific Act or laws
applicable to the company.
3.4 The constitution and composition of Committees of the
Board.
Various provisions mandating Board Committees
The constitution of various Committees and the terms of
reference of the Committees can be as per various regulatory
requirements.
For example, for banking companies, stipulated Committees
shall mean committees constituted in compliance with
Banking Regulation Act,1949, Circulars issued by Reserve
Bank of India (RBI) and Government of India (GOI) from time
to time;
Other than Banking companies or other specific companies
to which special Acts apply, there are certain mandatory
committees which are required to be constituted by certain
class or classes of companies as per the Companies Act,
2013, SEBI (Listing Obligation and Disclosure Requirement)
Regulations, 2015 and certain industry/ sector specific laws.
Such mandatory committees include:
• Audit Committee
• Nomination and Remuneration Committee
• Stakeholders Relationship Committee

• CSR Committee
• Risk Management Committee
• Internal Committee constituted under PoSH Act.
Role of Auditor in verification of Board Committees
The Auditor needs to check whether the constitution of
committees, as constituted by the auditee, is as per the
laws, act, rules, regulations and standards applicable to the
Auditee.
4. Board Processes
The Auditor shall verify that the decisions of the Board and
its Committees are taken and recorded in compliance with
applicable laws, rules, regulations, guidelines, standards and
defined internal processes, if any.
Various provisions mandating Board Processes
Provisions w.r.t Board processes may include:
• Meetings of Board and Committees
• Meetings of Committees which exercising powers of
the Board under Section 179 of Companies Act, 2013
• Meeting of Members
• Board’s performance evaluation and training
• Appointment and Resignation of the members of the
Board.
Role of Auditor in verification of Board Processes
The Auditor shall verify notice of the meetings, minutes and

supporting records, including agenda, to satisfy himself
whether the Auditee has complied with the applicable laws,
rules, regulations, guidelines, standards and defined internal
processes (defined internal processes to be explained). Many

corporates have manuals for Board Processes, in such cases,
the Auditor should verify whether the Auditee has complied
with the policy and processes laid down in the manual of
the Auditee.
Deviations, if any, observed during the course of audit from
the policies and processes laid down in the manual adopted
by the Board.
5. System and Process

System and process broadly refers to the framework of legal
and procedural compliances of the Auditee including but
not limited to internal regulations, control, guidance and
governance.
The Auditor shall assess the efficacy and adequacy of the
system and processes of the Auditee commensurate with its
size and operation for verifying compliance of applicable
laws, rules, regulations, standards, guidelines and defined
internal processes, if any by:
5.1 Reviewing records maintained by the Auditee.
5.2 Understanding compliance responsibility centres,
control points, matrix, flow of information, escalation of
non-compliances to different levels, reporting of any non-
compliance.
5.3 Assessing compliance mechanism and understanding its
extent, coverage and severity mapping. The Auditor shall also
assess compliance manual/ standard operating procedures,
if any, available with the Auditee.
5.4Analysing instances of show cause notices received,
prosecution initiated, fine or penalties levied, imprisonment
ordered, qualification, adverse remark or observations in the
statutory, internal or industry specific audit, orders passed by
regulatory bodies or judicial/ quasi-judicial authorities.
What is the meaning of systems and processes?
A system is the core element, that company management

has and/or implements in its business. It’s something that helps
the business run. The processes are all the things that company
management do in order to make any given system work most
efficiently. In other words, systems are designed to connect all
of an organization’s intricate parts and interrelated steps to
work together for the achievement of the business strategy.
System and process in the context of Secretarial Audit includes
internal policies, decisions or procedures, etc. laid down by
the Auditee for ensuring the compliance of the various laws,
rules, standards and guidelines as may be applicable to the
company. The Auditor should verify those policies, decisions,
procedures, etc. of the Auditee to verify the adherence
thereof and ascertain that the systems and processes are
adequate and commensurate to its size and operations to
ensure compliance with applicable laws, rules, regulations,
standards, guidelines and defined internal processes.
6. Detection of Fraud
6.1 The Auditor shall exercise professional judgment and
maintain professional scepticism throughout the planning
and performance of the audit to detect and report the
fraud envisaged under the provisions of Section 143(12) of
the Companies Act, 2013 read with Companies (Audit and
Auditors) Rules, 2014.
Here, professional scepticism means, an attitude that includes

a questioning mind, being alert to conditions which may
indicate possible misstatement due to error or fraud, and a
critical assessment of audit evidence.
Professional scepticism includes being alert to, for example:
• Audit evidence that contradicts other audit evidence

obtained.
• Information that brings into question the reliability of

documents and inquiries to be used as audit evidence.
• Conditions that may indicate possible fraud.
Many factors influence the level of professional scepticism
shown by auditors which include the following:
• personal attitudes and ethical values;
• levels of education, training and experience, and
therefore overall competence;
• the actions of the firm’s leadership and the engagement
partner;
• the culture, incentives and business environment of
the audit firm.
Following are the factors that re-enforce the professional
scepticism:
• Have the self-conﬁdence and strength of character
to maintain an enquiring mind.
• Suspend trust: rationally and logically consider all the
likely options, not just the one that is being put in front
of you.
• Resist the temptation to just accept the easy answer.
Go beyond simply providing evidence to support disclosures.
Consider alternative disclosures or viewpoints as well.
Professional Judgement means, the application of the
accumulated knowledge and experience gained through
a relevant accounting or auditing training, by making use of
the ethical standards, resulting in making informed decisions
about the courses of action that are appropriate in specific
circumstances.
6.2 During the course of the audit, if the Auditor suspects
commission of any fraud, he shall endeavour to collect further
evidence for the same. The suspicion may arise on perusal

of internal control systems, complaint under whistle blower
mechanism and reports of the other auditors, etc.
6.3 The Auditor shall ensure to collect sufficient evidence

which substantiates his suspicion of the commission of the
fraud against the Auditee by its employees and officers.
Here ‘Suspicion’ is a state of mind more definite than

speculation, but falls short of knowledge based on evidence.
It must be based on some evidence, even if that evidence is
tentative – simple speculation that a person may be engaged
in fraud is not sufficient grounds to form a suspicion. Suspicion
is a slight opinion but without sufficient evidence.
• Examples of information which could be classified as

suspicion are provided below: Recurring negative
cash flows from operations or an inability to generate
cash flows from operations while reporting earnings
and earnings growth.
• The practice by management in maintaining or

increasing the entity’s stock price or earnings trend.
• Significant, unusual, or highly complex transactions,

especially those close to period end that pose difficult
“substance over form” questions.
• Significant related party transactions which appear

to be not in the ordinary course of business or with
related entities not audited or over which the Auditor
does not have information.
If suspicion of fraudulent activity arises during the audit, the

Auditor notifies the appropriate levels of management and
those charged with governance, where appropriate, unless
they may be implicated.
If Auditor has received report of other Auditor and it indicates

a fraud, then that will be considered by the Auditor as a basis

of his suspicion of the fraud.
Pursuant to the reply of the Auditee disagreeing with the initial

belief of the Auditor that a suspected offence involving fraud
is being or has been committed, if the auditor is convinced
that his initial suspicion was incorrect, the need for reporting
the matter to the Central Government would not be
applicable. This situation would arise only if the Auditor did
not have the evidence or information that is now provided
as part of the reply or additional information has now been
provided to the Auditor and there is persuasive evidence
now available to convince the Auditor that the suspected
offence involving fraud does not exist.
7. Reporting of Fraud
7.1 If the Auditor has sufficient reason to believe that there
is commission of fraud and have justifiable grounds for the
same, he shall report to Audit Committee/ Board/ Central
Government as per the process laid down under the
Companies Act, 2013 and include the same in Secretarial
Audit Report.
7.2 The Auditor shall verify whether the Audit Committee/

Board has given any comments on the fraud reported by
the auditors in their report in terms of the provisions of the
7.3 The Auditor shall verify if the fraud detected by other

Auditor has been reported to the Audit Committee/ Central
Government and report the same in the Secretarial Audit
Report.
Reporting of fraud - Auditor will take note of and mention

the fact about reporting of fraud by the other Auditor for
example, Statutory Auditor under Companies (Auditor’s
Report) Order [“CARO”], or by Cost Auditor or Internal Auditor.
While the reporting responsibility under Section 143(12) is to the

Audit Committee or the Board of Directors of the Company
and/ or to the Central Government, the Auditor would also
need to consider whether such matter also needs to be
disclosed in the Auditor’s Report under Section 143(3)(f) which
requires the auditor to state his/her observations on financial
transactions/ matters, which have any adverse effect on the
functioning of the company to the extent it relates to the
non-compliance of applicable laws, act, rules, regulations
and guidelines covered under MR-3. It may be noted that
Section 143(12) includes only fraud by officers or employees
of the company and does not include fraud by third parties
such as vendors and customers.
8. Identification and Reporting of the events/ actions

having major bearing on Auditee’s affairs
8.1 It shall be the duty of the Auditor to identify and report in
the Secretarial Audit Report all events/ actions having major
bearing on the Auditee’s affairs in pursuance of the applicable
laws, act, rules, regulations, guidelines, standards, etc.
8.2 An event/ action shall be considered as having major

bearing on Auditee’s affairs if it affects its going concern
or alters the charter or capital structure or management or
business operation or control, etc.
Events having a major bearing on Auditee’s Affairs
1. The Auditor shall assess and identify the material action or

events having bearing on the Auditee’s affairs in pursuance
of the applicable laws, act, rules, regulations, guidelines,
standards, etc. and report accordingly.
2. The identification of the corporate actions or events having

bearing on the Auditee’s affairs in terms of applicable
laws, act, rules, regulations, guidelines, standards, etc. is a
subjective matter and needs to be concluded keeping in
mind various parameters. Such parameters may include the

following:
a. The consideration involved in the transaction as a

percentage of the consolidated turnover, net worth
or profit;
b. The transaction whether or not in the ordinary course

of business;
c. The transaction representing a significant shift from the

company’s strategy;
d. The omission of an event or information is likely to result

in significant market reaction if the said omission came
to light at a later date.
3. Further, following are indicative actions and/or events may

be considered to have a bearing on the Auditee’s affairs:
a. Future plans of Merger or Amalgamation.
b. Revision in Rating(s).
c. Fraud/ defaults by promoter or key managerial

personnel or by listed entity or arrest of key managerial
personnel or promoter.
d. Agreements [viz. shareholder agreement(s), joint

venture agreement(s), family settlement agreement(s)
(to the extent that it impacts management and
control of the listed entity), agreement(s)/ contract(s)
with media companies)], which are binding and not in
normal course of business, revision(s) or amendment(s)
and termination(s) thereof.
e. Corporate Debt Restructuring.

4. The Auditor shall disclose the material non-compliances
and transactions as observed during the course of Audit.
*****

Guidance Notes On Auditing Standards CSAS1 To CSAS4

Uploaded by

Copyright:

Available Formats

Guidance Notes On Auditing Standards CSAS1 To CSAS4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Guidance Notes On Auditing Standards CSAS1 To CSAS4

Uploaded by

Copyright:

Available Formats

GUIDANCE NOTES

Price : Rs. 200/- (excluding postage)

ICSI Auditing Standards aims to support the Company

The adoption of Auditing Standards will bring substantial

The Institute has formulated the Guidance Notes on

Further, these Guidance Notes are prepared on the basis

The text of the Guidance Notes is written in italics, while the

I place on record my sincere thanks to CS Vineet K. Chaudhary,

I also commend the dedicated efforts put in during the

Furthermore, inevitably, in any publication, there is always

Date: 18th December, 2020 CS Ashish Garg

Place: Indore President, ICSI

GUIDANCE NOTE ON AUDIT ENGAGEMENT

GUIDANCE NOTE ON AUDIT PROCESS

GUIDANCE NOTE ON FORMING OF OPINION

Guidance Note on Audit Engagement

The Auditing Standard on Audit Engagement (CSAS-1),

This Guidance Note sets out the explanations, procedures and

This Auditing Standard (‘the Standard’) is applicable to the

The Auditing Standard on Audit Engagement (CSAS-1) is

CSAS-1 is not applicable for Audits entrusted on a voluntary

In case of appointment by Court, Tribunal or Regulatory

Following is an illustrative list of Audits which may be

Type of Audit Act/ Section/ Auditee

Secretarial Companies 204 Company

Secretarial SEBI (LODR) 24A Listed Entities

Internal Audit Companies 138 Company

Audit of SEBI 76 Sole

Internal Audit SEBI (Stock SEBI circular Sole

Internal SEBI SEBI circular Body

Internal SEBI (Re- 25(3) Sole

While auditing under any of the statutes, the Auditors

This Guidance Note on CSAS-1 deals with the Auditor’s

In view of the developments arising due to the spread

The objective of the Standard is to prescribe for the Auditor,

This Standard is applicable on the Auditor in all of the

New Audit Engagement – Covers an audit being conducted

Recurring Audit Engagement – Covers the situation where

Changes in terms of Audit Engagement – Whenever there is

(1) “Appointing Authority” means any person having

(2) “Audit Engagement” means detailed terms of reference

(3) “Auditee” means a person subject to audit.

(4) “Auditor” means a Company Secretary who is deemed

Auditor means a member of the ICSI who holds a valid

(5) “Management” includes Board of Directors and

The term “persons who have been entrusted with the

As per Section 2(51) of Companies Act, 2013: “Key Managerial

(i) the Chief Executive Officer or the Managing Director

(ii) the Company Secretary;

(iii) the whole-time Director;

the directors who is in whole-time employment,

the audit assignment due to his resignation, termination or

An Auditor who has completed the assignment and has not

1. Audit Engagement Process

Before accepting the Audit Engagement, the Auditor should

The Auditor shall be under Confidentiality obligation

1.1.1 The appointment of Auditor shall be made in the manner

Section 179(3)(k) of Companies Act, 2013 read with Rule

Therefore, the appointment of Internal Auditor/Secretarial