In the last decade, the Indian banking industry witnessed multiple frauds and scams. Some of the frauds and scams have been so big in scale and amount that they received attention from all the other stakeholders in the economy. Specifically, in PNB and Yes Bank crisis, the role of auditors came under question. The auditors were accused of either not performing their functions diligently or intentionally not detecting and disclosing the irregularities present in the banks. Many of the times, like in the Satyam case, the cozy relationship of auditors with the management was considered to be the prime reason behind the compromised quality of audit. This article highlights the importance of different types of audits in maintaining good corporate governance in Indian Banks. The article also attempts to bring out regulatory development in the audit industry through the introduction of the National Financial Reporting Authority (NFRA) and possibilities of regulatory coordination in ensuring fair and transparent audit functions in the banking industry.
Importance of Audit
Auditors work as an intermediary whose primary responsibility is to bring out the true picture of the company’s financial position to the public. Investors and other stakeholders like suppliers, business partners, shareholders, etc. are highly dependent on the financial statements of the company to assess the true financial strength of the company. The audit function is based on the concept of Principal-Agent relationship wherein shareholders are the principal and the auditor is an agent who functions on behalf of them. This becomes more important and critical in the case of banks because banks are the custodian of people’s money, and if the audit does not bring out the true picture of the banks’ financial position, a common person’s savings can be at risk. This is what happened in the PNB scam and Yes Bank crisis. The quality of the audit was compromised in both cases. In PNB bank scam, the auditors were not able to detect some fraudulent transactions which were in practice for seven long years (Mangaiyarkarasi 2018). In the Yes bank crisis, the bank’s real non-performing assets (NPA) levels were not reported in the audited financial statements. The bank was able to hide rising NPAs and thus continue its operations without making additional provisions corresponding to the actual NPA levels (The Hindu 2020).
The inherent dilemma of Audit
Auditors have always maintained that they are dependent on the management of the entity being audited for the complete information and documents. In case the management hides information and does not produce all the required documents, they cannot ensure the quality of the audit. Apart from this, there is another inherent dilemma in the audit function. The audit firms are also engaged in performing non-audit work for the clients. To get such assignments, they need to maintain good relationships with clients. So the auditors who are supposed to be the agent of shareholders and other stakeholders in ensuring the correct financial position of the clients, happen to find themselves working for the same clients for future business opportunities. This dependence of auditors on clients for future business has resulted in compromised audit quality (Ministry of Corporate Affairs 2018).
Type of Audits in Banks
For the interest of our study, there are primarily three types of audits that banks are subjected to. They are – internal audit, concurrent audit and statutory audit. The Reserve Bank of India (RBI) regulates these three audits with different regulatory mechanisms and control measures. The detailed comparison of these audits are given below.
|Parameter/ Types of audit||Internal Audit||Concurrent Audit||Statutory Audit|
|Auditors||Mostly employees of the bank.||External audit firm or retired employees||External|
|Selection of Auditors||Audit Committee||Audit Committee||Banks select them from list of auditors provided by RBI|
|Periodicity||Once a year.||Continuous||Every Quarter, End of the financial year|
|Purpose||Internal control||To reduce the time of transaction taking place and its checking||NPA levels and financial position of the bank|
|Methodology||Risk-based||All transactions daily.||Scrutiny of large accounts, potential NPA accounts and financial statements|
|Outcome||Branch wise audit report||Daily audit report||Audited financial statements for public|
|Level of regulation by RBI||Low||Moderate||High|
Source: RBI (2008, 2015, 2016)
From the above table we find that statutory audit is the most important as the outcome of the audit is the audited financial statements of the bank. All other stakeholders ranging from the investors to regulators are dependent on these financial statements to ascertain the financial health of the bank. External audit firms are engaged for the statutory and concurrent audits in the banks (RBI 2015, 2016). So internal and concurrent audits are kind of a compliance audit while the statutory audit is a kind of a financial audit.
Internal audit is also another important pillar of the internal control system in the banks. Largely, internal audit focuses on transaction testing, KYC compliance, reliability of accounting records, loan documentation, etc. Internal audit plays an important role in providing feedback to the higher management about the risk management mechanism in the banks. RBI has introduced a risk-based internal audit which includes selective transaction testing and reliability of banks’ operations from a risk management perspective (RBI 2008).
Audit Committees of Board (ACB)
The role of audit committees at the bank is very critical in maintaining the independence and credibility of the audit function. The main responsibility of the audit committee is to adhere to all regulatory and statutory norms and ensure that the integrity of accounts is in place so that balance sheets present the true and fair financial position of the banks. So an independent and efficient audit committee can ensure good corporate governance in banks and deter frauds. Clause 49 of the listing agreement prescribes the constitution of audit committees in all the listed companies as part of the corporate governance framework (SEBI 2003). But for banking companies, RBI advised banks to constitute an audit committee of their board back in 1994 (RBI 1994). The role of audit committees in banks has been expanding since then. The Audit Committee of the Board (ACB) is supposed to review around 25 broad parameters at various periodic meetings. RBI has placed great importance and confidence in the efficient functioning of ACBs. Some of the reviews by ACBs in banks are –
- Review of KYC/AML compliances.
- Review of compliance with observations made by RBI in an annual inspection.
- Review of the audit plan.
- Review of fraud cases.
- Review of quarterly and annual results.
- Review of regulatory requirements of foreign countries for overseas branches.
In the case of banks, ACBs are expected to have a close watch on asset quality, restructuring of accounts, provisioning made, etc. ACBs are entrusted to develop sound accounting standards in the banks. The ACB must have proper monitoring over the audit function so that the instances of divergence in NPA reporting are reduced. The CEO of the bank is not allowed to be on the audit committee to ensure the independence of the same. The audit committee would be chaired by the independent director who is a Chartered Accountant. The executive director and the Chairman can be members of the audit committee of the board. In RBI’s annual inspections, a huge divergence in NPA reporting has been noticed in the audited financial statement of many banks (Kagade 2018).
Role of ICAI and its limited powers
Institute of Chartered Accountants of India (ICAI) is a statutory body established by Chartered Accountants Act, 1949 for regulating the profession of accountancy in India. The functions of ICAI are as follows-
- Regulate the profession of accountancy
- Continuing professional education of members
- Formulations of accounting standards.
- Monitoring quality through peer review.
- Exercise disciplinary jurisdiction.
Over time it was realised that ICAI did not possess the necessary disciplinary jurisdiction over the auditing firms. It lacked teeth in carrying out investigations and penalising the auditors. ICAI established the Peer Review Board and Quality Review Board (QRB) to conduct limited reviews of the audit practices in the country. The self-regulatory mechanism through Peer Review Board and QRB was not effective in ensuring the quality of audit practice (Kumar 2018). Under self- regulation, the industry practitioners use their expert knowledge to set the industry standards and carry out disciplinary actions. The administration cost of self-regulation is also born by the industry members thus removing the financial burden from the government.
Establishment of NFRA
Post Satyam fraud, it was felt that an independent auditor regulator should be set up to bring more transparency and accountability in the audit function. A provision for setting up of an independent regulator for audit practice was introduced into the Companies Act, 2013. Despite this, in 2018, PNB scam worth Rs. 11,400 crore was unearthed and audit irregularities were reported. Post PNB scam, it was again felt that setting up of an independent regulator to carry out an investigation against the auditors and impose penalties on them for any lapses was needed. Hence, in 2018, the National Financial Reporting Authority (NFRA) was set up with the motive to regulate the profession of auditors.
For example in the USA, Sarbanes Oxley Act, 2002, established an independent regulator Public Company Accounting Oversight Board (PCAOB) to inspect the auditors of the public companies. In the year 2004, the Financial Reporting Council (FRC) became the independent regulator for the public oversight of the statutory auditors in the UK (Ministry of Corporate Affairs 2018b). NFRA has been entrusted with functions of standard-setting, monitoring, ensuring compliance, review, overseeing the quality of audit and enforcement. NFRA has the regulatory control on the audits of following types of corporates –
- All listed companies.
- Companies with paid-up capital of equal or more than Rs 500 crores or companies with a net worth of equal or more than Rs 500 crores or companies with turnover equal or more than Rs 1000 crores.
- Companies having securities listed outside India.
ICAI will continue to perform the general regulatory functions for all its members as auditors. As far as audits are concerned, it will have regulations for audits of private limited companies and public unlisted companies below the threshold levels.
NFRA, SEBI and RBI – Possibility of Regulatory coordination
RBI debarred audit firm SR Batliboi (Ernst & Young) in the year 2019 for their alleged role in under reporting of NPAs in YES bank annual results. The audit firm was also the auditor of Axis bank. After RBI debarring them, they would not be able to audit banks for the next one year. But the catch here is that the same firm is the auditor of other 150 listed companies including Reliance and Tata Power. So even if the RBI debarred the firm, the firm was able to continue its business as auditors in sectors other than banking. RBI and SEBI do not have the power to sue the auditors. It is outside their jurisdiction (Arora 2019). Hence we needed a regulator for auditors which can impose penalties on them and debar them from audit practice.
There is a provision of one – one representative from CA&G, SEBI and RBI as part-time members in NFRA (Ministry of Corporate Affairs 2018a). This would ensure that there would be coordination among the regulators while fixing the accountability of the auditors across sectors. If banking regulator RBI or capital market regulator SEBI finds anomalies in the audit of any auditor, NFRA can conduct the investigation and penalise the auditor based on the findings by other sectoral regulators. So the auditor or audit firm shall be cautious to face consequences from NFRA based on the quality of the audit conducted by them across sectors. Thus the strong coordination among the sectoral regulators and NFRA can result in an effective and fair audit practice. Also, NFRA should publish its annual reports publicly which includes authorities’ findings of auditors from its inspection and investigation. The public disclosure about the malpractices of audit firms will further strengthen the NFRA and serve as a deterrence for adherence to industry standards by auditors.
Vishal Katara is an MPP candidate at the National Law School of India University, Bangalore. An Engineering graduate from HBTI Kanpur, Vishal has worked in IT, Education and Banking & Finance industries before joining MPP. He is interested in the domains of development finance, school education, and banking. He can be reached at firstname.lastname@example.org
Arora, Mannu. 2019. “One Year of NFRA: Auditing the Super Audit Regulator!” Economictimes.com, October 18: 1. https://bfsi.economictimes.indiatimes.com/news/industry/one-year-of-nfra-auditing-the-super-audit-regulator/71642139.
Hindu. 2020. “Yes Bank crisis explained.” Thehindu.com, March 10: 1. https://www.thehindu.com/business/yes-bank-crisis-explained/article31030273.ece#:~:text=Close%20X-,A%20video%20explaining%20the%20Yes%20Bank%20crisis,5%20lakh.
Kagade, Rajesh Chakrabarti and Mandar. 2018. “Corporate Governance— Evolution And Challenges In the New Companies Act.” SSRN 1-23.
Kumar, Anil. 2018. “Auditing the Auditors: An Indian Perspective.” International Journal of Accounting and Financial Reporting 8 (4): 1-15.
Mangaiyarkarasi, S. Gayathri and T. 2018. “A Critical Analysis of the Punjab National.” International Journal of Pure and Applied Mathematics 119 (12): 14853-14866.
Ministry of Corporate Affairs. 2018a. NFRA Rules. Notification, Delhi: Ministry of Corporate Affairs. https://nfra.gov.in/sites/default/files/Appointment%20Rules%20of%20Chairperson.pdf.
Ministry of Corporate Affairs. 2018b. Findings and Recommendations on Regulating Audit Firms & Networks. Committee of Experts, New Delhi: Ministry of Corporate Affairs, Government of India. Accessed June 08, 2020.
Ministry of Corporate Affairs. 2018c. NFRA Rules. Notification, Delhi: Ministry of Corporate Affairs. https://nfra.gov.in/sites/default/files/NFRARules2018_13112018_0_0.pdf.
RBI. 2015. Concurrent Audit System in Commercial Banks – Revision of RBI’s Guidelines. Guidelines, Mumbai: RBI. https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=9949&Mode=0.
RBI. 2008. Guidance note on risk-based internal audit. Circular, Mumbai: RBI. Accessed June 11, 2020. https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=1021#:~:text=The%20Internal%20Audit%20Department%20should,other%20accounting%20or%20operational%20functions.
RBI. 2016. Norms on eligibility, empanelment and selection of Statutory Branch Auditors in Public Sector Banks from the year 2016-17 and onwards. Circular, Mumbai: RBI. Accessed June 13, 2020. https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=946.
RBI. 1994. Setting up of Audit Committee of Boards. Circular, Mumbai: RBI.
SEBI. 2003. Clause 49 – Corporate Governance. circular, Mumbai: SEBI. https://www.sebi.gov.in/sebi_data/commondocs/cir2803an1_p.pdf.
The opinions expressed in this article are those of the author(s). They do not purport to reflect the opinions or views of NLSIU, Lokniti or its members.