Traditionally, the expectation from an auditor has been to comment if the financial statements of a company presented a true and fair view of its financial position and not necessarily to detect fraud. The Guidance Note on the Companies (Auditors Report) Order reinforced this expectation and clarified the role of the auditors to report frauds ‘noticed or reported’ during the course of the audit; however, it did not require auditors to discover frauds.
Recent action by regulators indicates a potential shift in expectations. The National Financial Reporting Authority basis, the landmark judgement of Union of India and Another vs. Deloitte Haskins and Sells LLP & Another, released a circular and clarified that the statutory auditor is duty bound to report fraud to the central government, even in cases where the statutory auditor is not the first person to identify the fraud/suspected fraud ('NFRA Circular').
The NFRA, in its order dated Oct. 10, 2024, against the auditors of Coffee Day Enterprises Ltd., slapped a hefty penalty on the audit firm and debarred two of its partners for ignoring numerous red flags, failure to exercise professional scepticism and failure to evaluate fraud risk. The auditors failed to allegedly report the fraudulent diversion of funds despite having enough evidence that public money was moved to a promoters' entity, which had no business connection with the listed company.
These actions have created confusion regarding the legislative framework for discovery and reporting of frauds by statutory auditors.
Ambiguity In Legislative Framework
The Companies Act, 2013 vests the responsibility to report instances of fraud on auditors. Although, prima facie, these reporting obligations appear clear cut, there are certain nuances which lead to ambiguity.
The CA 2013 provided for a statutory obligation on auditors to report to the central government about any fraud committed against the company if they have "reason to believe" that a fraud has been committed. An amendment to CA 2013 in 2015 replaced the expression "against the company" with "in the company", thereby widening its purport. However, para 4.1 of NFRA Circular issued in 2023 used the erstwhile language "against the company".
To amplify the ambiguity, the 2015 amendment to Rule 13 of the Companies (Audit and Auditors) Rules, 2014 introduced a threshold for report frauds involving or expected to involve "individually" an amount of INR 1 crore or above.
Since offences of fraud almost always involve a series of deliberately complex and fragmented transactions, it may be difficult to understand whether each "individual" fragmented instance of fraud should cross the threshold or whether the cumulative instance of fraud made up of these fragmented instances should be considered an "individual" instance as a whole. Further, if fraudulent transactions orchestrated by the same person/employee span across different financial years and different parties, would the total amount of fraud across all years be calculated to reach the threshold, or would each transaction with each different party be required to meet the threshold? These issues still remain unanswered.
Recent NFRA Orders: Raising The Bar Or Crossing Line?
Auditors have long been guided by the principle of providing reasonable assurance and not undertaking forensic investigations trying to unearth complex fraudulent schemes. However, recent NFRA orders have potentially blurred this line.
In the CDEL case, the NFRA appears to extend auditors' responsibility beyond their traditional scope. While some critics argue that this sets unrealistic expectations from auditors, others believe that we will likely see an increase of forensic methodologies being used during audits, resulting in a decline of undetected financial frauds.
Way Forward: A Dire Need For Clarity
All stakeholders are increasingly recognising the importance of transparent financial reporting as an integral component of corporate responsibility. The misalignment of expectations poses significant challenges for the auditing profession.
If auditors are held liable for not detecting and reporting complex frauds, it places an additional burden on them. While the intent appears to strengthen the financial reporting, which is beneficial, such ambiguous reporting obligations upon an auditor are likely to cause auditors to err on the side of caution and choose to over-report instances, simply to avoid regulatory backlash. This may result in unjustified negative impact on the Company being audited.
The legislative framework surrounding an auditor’s responsibility to identify and report frauds should be clear.
Sara Sundaram and Sahil Kanuga are partners at Cyril Amarchand Mangaldas, while Somesh Lund is consultant at Cyril Amarchand Mangaldas.
Disclaimer: The views expressed here are those of the authors and do not necessarily represent the views of NDTV Profit or its editorial team.