Coming soon: Dos and don’ts to keep auditors in lane

The NFRA had, in its audit quality review, stated that the appointment of SRBC & Co. Llp and its continuation as the statutory auditor of IL&FS for FY18 was in breach of auditor independence norms. The regulator argued that the network SRBC is part of—Ernst & Young Global Ltd, or EY—provided “prohibited” non-audit services indirectly to IL&FS group, and was earning “significant non-audit revenues” from IL&FS when SRBC took up the FY18 audit assignment.

Non-audit services include a range of advisory and consultancy services. Of them, eight are prohibited as they would lead to a conflict of interest for the statutory auditor. They are: accounting and bookkeeping services; internal audit; design and implementation of any financial information system; actuarial services; investment advisory services; investment banking services; rendering of outsourced financial services; and management services.

SRBC has denied any breach and believes it is firmly in compliance with all applicable norms, according to an industry executive aware of its position. The firm, in its response to the NFRA, asserted that other independent member firms of EY Group operating in India are not related to it in a way that is against the law. That is, they are not covered by the Companies Act provision prohibiting an auditor from offering eight non-audit services to clients indirectly. There is no commonality of ownership, control, management or trademark between SRBC and any of the other independent members of the EY Group that may show they are related in such a way, the audit firm informed the regulator. But the NFRA found this argument unacceptable, and stated as much in its audit quality review report.

An email sent to an EY spokesperson remained unanswered at the time of publishing.

The NFRA and the industry are unable to see eye to eye on two major points. One is over services rendered by an auditor’s affiliates to its client’s group entities. The other is what constitutes a ‘management service’, which an auditor is prohibited from offering, both directly and indirectly.

The NFRA report on IL&FS, in essence, questions practices in the audit industry and the business model of some of the audit firms. That business model is set to change as the government is planning a series of legislative changes to overhaul the audit framework to bring complete clarity on what auditors can and cannot do. A Bill to amend the Companies Act is expected soon, according to a government official who spoke on condition of anonymity.

Why NFRA was set up

After every large-scale fraud or collapse of a systemically important business, auditors— considered the gatekeepers of good governance—face tough questions from regulators, both in India and in other markets. India has over 2,000 auditors—firms and individuals included— signing off on the financial statements of more than 6,800 public interest entities, including listed and unlisted companies, banks and insurers. At the same time, much of the auditing business is concentrated in a few hands— 70% of the 1,800 or so companies that trade on the National Stock Exchange are audited by firms affiliated to the Big Four accounting firms, according to a ministry of corporate affairs discussion paper from 2020, citing Delhi-based Prime Database.

The Companies Act of 2013 sought to establish the NFRA as an independent regulator to oversee the auditing profession in the wake of a series of accounting scandals, the most prominent of which was the Satyam scam.

Test case

The failure of IL&FS expedited the setting up of the NFRA, which started its work on 1 October 2018, the day the National Company Law Tribunal allowed the Centre to supersede the board of directors at IL&FS. The IL&FS case thus became the NFRA’s first case.

The new regulator made it a priority to examine the audit quality of the systemically important non-bank lender. It has so far issued reports on IL&FS and its subsidiaries IL&FS Transportation Networks Limited (ITNL) and IL&FS Financial Services Ltd (IFIN), both for FY18.

NFRA’s critique in the IL&FS case echoed sentiments it had earlier expressed in its audit review report for IFIN, which was jointly audited by BSR & Associates Llp and Deloitte Haskins and Sells LLP.

The watchdog had in 2020 said the appointment of BSR & Associates Llp as the statutory auditor for IFIN for FY18 was illegal and void under two auditor disqualification provisions in the Companies Act.

The watchdog had also said in December 2019 that IFIN’s statutory audit by Deloitte Haskins & Sells Llp had violated the law in directly or indirectly offering certain prohibited services to the group entities of the audit client.

Emails sent to Deloitte Haskins and Sells, BSR & Associates and the NFRA remained unanswered at the time of publishing.

The law

The NFRA’s orders have put the spotlight on how the ‘indirect’ rendering of prohibited services to an audit client is interpreted differently by the auditing industry and by the regulator.

Under the Companies Act, an audit firm gets disqualified from auditing a company under two circumstances—if it directly or indirectly has a business relationship with any of the group entities of the audit client, or when it directly or indirectly provides the audit client or any of its group entities any prohibited non-audit service.

In its report on IL&FS, the NFRA said that the non-audit services provided by any firm in the network to which the audit firm belonged amounted to the latter “indirectly” providing such services.

The audit regulator sought to draw parallels between the brand, name, email domain and policy documents of firms in a network to argue that they are affiliates and are in breach of independence norms. An auditor’s affiliate allegedly making “significant” non-audit revenues from the audited company’s group entities was a red flag for the regulator.

The worry is that if the fee for a non-audit service is higher than the fee charged for an audit, it can influence the auditor’s opinion, a point that an expert panel highlighted in recommending sweeping changes to the statutory audit framework.

Revenues from audit and non-audit services vary from firm to firm. But in many cases, non-audit fees can be significant in terms of the impact they can have on a firm’s topline, and therefore, they can influence its independence, says a senior industry executive. In 2002, after the Enron scandal, the Institute of Chartered Accountants of India (ICAI) had mandated that the non-audit service fees earned by an auditor along with its associate entities cannot exceed the aggregate audit fee. There have been discussions within the government to lower this cap to 50% of the audit fee.

Industry response

According to a senior industry executive, who spoke on condition of anonymity, there are contractual arrangements between certain large firms with international firms. “(Under) these contractual arrangements (they) do not call themselves a network because there is no common ownership, control, significant influence or sharing of a trademark or brand,” said the person.

“There is a contractual arrangement between KPMG and BSR. This is to share certain methodology, tools, software and training, for which BSR pays. BSR is a very independent firm. There is no network relationship with KPMG that involves ownership, control or significant influence as defined in section 144 of the Companies Act,” said the person.

“BSR’s position is to continue to provide permissible non-audit services to audit clients within the parameters of the domestic guidelines and contractual arrangements,” said the person.

SRBC’s position also is that it will provide only services that are allowed under law. “If the law does not allow it, the firm will not provide that service,” the first person quoted above said.

The industry executives also claim the regulatory response after IL&FS is unduly falling on the audit industry. The IL&FS failure was due to its asset-liability mismatch, not due to an auditing failure, they say.

The first industry executive quoted above, who is aware of the IL&FS FY18 audit quality report, said that the regulator had considered non-audit services rendered several years prior to the auditor’s appointment in assessing its independence. “There is no single precedent of such a thing in any jurisdiction. There is no requirement under the Companies Act to go into past years. If that is the case, then auditors would be doing no work except waiting for audits,” said the executive, who sought anonymity to speak freely.

“In some jurisdictions, there is a cooling-off period. But in the Companies Act, that is not there. Besides, the audit fee of one year has been compared with the non-audit fee of multiple years prior to the year to which the audit relates to. This is also unprecedented,” said the person.

“If the government wants to introduce a cooling-off period before audits are taken up, then everyone can follow that,” the person added.

But some audit firms appear to have seen the writing on the wall, Grant Thornton Bharat Llp, Deloitte Haskins and Sells, and Price Waterhouse Network of Firms in India (PW India) have stopped offering non-audit services to audit clients.

“GT Bharat Llp was the first to make the announcement that non-audit services will not be offered to listed audit clients from 1 July 2019. I would go to the extent of saying that it makes sense for all audit firms to not offer even permitted non-audit services to audit clients in order to show auditor independence is paramount,” CEO Vishesh Chandiok said in an interview. Deloitte and PW India made their announcements in 2020.

Overhaul coming

Clarity on what services an auditor can and cannot offer is expected to come from the government soon in an amendment to the Companies Act. A Company Law Review committee has proposed that in the case of companies having an inherent public interest, statutory auditors should not be allowed to offer non-audit services of “any kind, directly or indirectly, to either the company, its holding, subsidiary or associate companies”. The committee submitted its report to union finance and corporate affairs minister Nirmala Sitharaman last March.

“The committee made this recommendation to make it absolutely explicit that no kind of non-audit service could be offered to audit clients. In the case of non-audit clients, they are free to offer any service,” explained Amarjeet Chopra, former president of ICAI and a member of the committee.

“The way scams and corporate failures have happened in the past, we need to protect the audit profession from any sort of conflict of interest,” said Chopra.

Not taking up non-audit services from audit clients does not come in the way of offering multi-disciplinary services to clients.

“The only thing we are saying is that in the case of a public interest entity, if you are the auditor, do not give any non-audit service to that client. You can render non-audit services to other clients, but not to your audit client,” explained Chopra.

For now, these firms and the regulator are slugging out the issue of auditor independence before the Delhi High Court.

Complementary services?

The regulator and the industry are also at loggerheads over what constitutes a “management service”, which an auditor is prohibited from offering directly or indirectly.

According to the NFRA, in the absence of a definition in the Companies Act, “management services” have to be understood in their literal meaning as services performed by the statutory auditor for the management.

Industry executives allege that this would amount to treating every non-audit service as a management service, noting that there is no common understanding globally or in India about what constitutes management services as they are not defined by law. “If policymakers want an absolute prohibition of any non-audit service to the audit client, let it be so, but it should be clarified,” said another senior industry executive, on condition of anonymity.

But why should an auditor offer any other service at all in the first place? Audit industry representatives say that many businesses today are large conglomerates with complex operations and financial transactions and have sophisticated IT and accounting systems. If an auditor has to play his role the right way, he needs to have these specialized skills in the non-audit segment, they say.

“An audit firm has to be proficient in tax provisioning, diligence services and IT reviews to issue an audit opinion. These are complementary services,” said a senior industry executive, who also spoke on condition of anonymity.

At times, audit firms provide non-audit services such as tax compliance services. These services are complementary to the audit service, said the executive.

Accounting rule maker ICAI has also recommended to the government that tax audits and tax compliance services rendered to a company by its statutory auditor should not be interpreted as a management service, Mint had reported on 23 September.

But the regulator and the government want a clear red line to demarcate auditor independence and uphold corporate governance. As a government official put it, “Auditors should not only be independent but also be seen to be independent.”