YKPA
Book
Service

Audit & Assurance

Audit and assurance at Y.K. Purohit & Associates covers statutory audit under the Companies Act 2013, internal audit under Section 138, cost and special audits, bank-mandated stock audits, agreed-upon procedures under SRS 4400, and statutory and lender-facing CA certifications.

Our audit work follows the ICAI Standards on Auditing end to end — risk assessment under SA 315, response design under SA 330, evidence gathering and review, through to reporting under SA 700/705/706 including CARO 2020 where applicable. We run clean, well-documented engagements with minimal surprises at year-end — the audit narrative and the return should tell the same story if scrutiny follows.

Audit & Assurance

From statutory audits and CARO 2020 reporting to bank stock audits, compliance audits and regulatory certifications — engagements are scoped to the entity, the statute, and the stakeholder who actually needs the assurance.

Statutory audit (Companies Act, 2013)

Every company registered in India must have its financial statements audited by a Chartered Accountant under Sections 139–143 of the Companies Act, 2013, with reporting in the format prescribed by CARO 2020 where applicable.

We conduct statutory audits following ICAI Standards on Auditing — SA 200 (overall objectives), SA 230 (documentation), SA 240 (fraud), SA 315 / SA 330 (risk identification and responses), SA 500 (audit evidence), SA 570 (going concern), and SA 700 / 701 / 705 / 706 (auditor's report and key audit matters).

  • Appointment & acceptance — Section 139 appointment, written representations, independence confirmation under Section 141, engagement letter per SA 210.
  • Risk-based planning — entity understanding, materiality, risk of material misstatement, and tailored audit programmes.
  • Fieldwork — substantive procedures, tests of controls where effective, third-party confirmations, physical verification, and inventory observation.
  • Reporting — true-and-fair opinion under SA 700, CARO 2020 clauses, reporting of fraud under Section 143(12), and communication of key audit matters for listed entities.
  • Sign-off — review by engagement partner + engagement quality review where required under SQC 1.

Engagements are concluded on a timeline that leaves real room for pre-close adjustments and board review — we avoid the industry norm of "audit wrap in the last week of September" wherever the client's books allow.

Internal audit (Section 138)

Internal audit is mandatory under Section 138 of the Companies Act 2013 read with Rule 13 for listed companies, unlisted public companies and private companies crossing prescribed turnover, borrowing or deposit thresholds.

Applicability under Rule 13 of the Companies (Accounts) Rules 2014 covers:

  • Every listed company.
  • Unlisted public companies with paid-up share capital ≥ ₹50 crore, turnover ≥ ₹200 crore, outstanding loans from banks / PFIs ≥ ₹100 crore, or outstanding deposits ≥ ₹25 crore.
  • Private companies with turnover ≥ ₹200 crore, or outstanding loans from banks / PFIs ≥ ₹100 crore.

We design internal audit in collaboration with the Audit Committee — risk-based, cycle-based or a hybrid, depending on the business. The scope typically includes:

  • Effectiveness review of internal financial controls (IFC) over financial reporting, as required under Section 143(3)(i).
  • Process audits across procure-to-pay, order-to-cash, inventory, treasury, HR / payroll, and IT general controls.
  • Compliance audits for sector-specific regulations — SEBI LODR, FEMA remittance controls, labour-law compliance.
  • Fraud risk reviews and whistle-blower / vigil mechanism effectiveness.
  • Quarterly reporting to the Audit Committee with a dashboard of findings, root causes, agreed management actions and target closure dates.
Cost, compliance and management audits

Special audits are targeted assurance engagements — cost audit under Section 148, compliance audits for sector-specific regulations, and management audits of defined operational areas.

  • Cost audit — Section 148: mandatory for companies in specified regulated and non-regulated sectors above prescribed turnover thresholds under the Companies (Cost Records and Audit) Rules 2014; reporting in Form CRA-3 and CRA-4.
  • Compliance audit: independent review of adherence to GST, income tax, FEMA, labour, SEBI LODR, factories act and sector-specific rules — deliverable is a register of non-compliances with risk and remediation plan.
  • Management audit: review of the efficiency and effectiveness of management decisions and operations in a defined area (procurement, inventory, marketing spend, related-party transactions) — often commissioned by investors or boards on specific concerns.
  • Tax audit (Section 44AB): covered in Direct Tax — included here for completeness.
Systems audit (IT, process, controls)

Systems audit assesses whether IT applications, process workflows and the controls layered on top of them produce reliable, complete and timely information — a prerequisite for the IFC opinion under Section 143(3)(i).

  • IT General Controls (ITGC) — access management, change management, backups, business continuity, segregation of duties.
  • Application controls — input / processing / output validations, audit trails, user provisioning, privileged access review.
  • Process workflow audits — matching the designed process to what actually runs, gap analysis, control redesign where the control fails to address the underlying risk.
  • Reporting with specific observations, risk rating (High / Medium / Low), root cause, and recommended action owner and timeline.
Stock audit (bank / lender engagements)

Stock audits are typically commissioned by lender banks on a quarterly or half-yearly basis for borrowers with working-capital limits above specified thresholds — independent verification of stock, debtors, and drawing-power calculations.

Scope typically covers:

  • Physical verification of stock at factory / warehouse locations, with test counts and reconciliation to stock statements submitted to the bank.
  • Ageing of stock and identification of slow-moving or non-moving items; provisioning adequacy.
  • Debtors ageing and verification of recoverability; concentration analysis.
  • Drawing power (DP) calculation review — eligible stock + eligible book debts, less margins and creditors, against the sanctioned limit.
  • Review of insurance cover on hypothecated assets, charge filing with ROC, and compliance with other lender covenants.
  • Reporting in the bank's prescribed format, with observations and recommended actions.
Agreed-upon procedures and limited review

Agreed-upon procedures (AUPs) under SRS 4400 deliver factual findings against a specific scope agreed with the engaging party — useful when an audit opinion is not needed, or is not allowed, but independent verification is.

  • Agreed-upon procedures (SRS 4400): we perform specifically agreed procedures and report the factual findings; no opinion or assurance is expressed — typically commissioned by lenders, investors, or counter-parties for focused due diligence.
  • Limited review (SRE 2400): moderate-assurance review of historical financial statements via inquiry and analytical procedures — commonly used by unlisted companies for quarterly / half-yearly stakeholder reporting.
  • Other assurance engagements (SAE 3400 / 3402 / 3410): prospective financial information, service-organisation controls, and greenhouse-gas statements where required.
  • Transaction-specific engagements: sources-and-uses verification, IPO working-capital certifications, debt-covenant compliance certificates.
Certification services

CA certificates are required across statutes and stakeholder contexts — we issue certifications backed by the working papers and representations each certifying line actually requires.

Tax & FEMA
  • Form 15CB — certification for foreign remittances to non-residents.
  • Form 3CEB — international transactions and specified domestic transactions under Section 92E.
  • Forms 3CA / 3CB / 3CD — tax audit under Section 44AB.
  • FC-GPR, FC-TRS, FLA Return — FEMA certifications.
Banking & lender-facing
  • Net-worth certificates — for visa, tenders, lender covenants.
  • Turnover certificates — for tender bids and empanelment.
  • Utilisation certificates — for grants, CSR disbursement, and project-linked lending.
  • DP calculation certifications — for banks on a monthly / quarterly basis.
Corporate law & regulatory
  • Valuation reports and share-valuation certifications (where CA-valuation is permitted).
  • Certifications on ESOP allotment, buy-back, and Section 230 / 232 scheme filings.
  • Statutory-compliance certifications for listed entities under SEBI LODR (where the signatory is a CA).
  • Consumption / input-output norm certifications for DGFT / customs exemptions.

Frequently asked questions

Short answers to the questions we hear most often about audit & assurance.

When is a statutory audit mandatory under the Companies Act, 2013?

Every company registered in India — private limited, public limited, OPC, Section 8 — must have its financial statements audited every financial year by a Chartered Accountant under Sections 139 to 143. The requirement applies irrespective of turnover or profit. In addition, LLPs with turnover above ₹40 lakh or contribution above ₹25 lakh must be audited under the LLP Act 2008. Tax audit under Section 44AB of the Income-tax Act is a separate requirement based on turnover thresholds — see our <a href="/services/direct-tax/">Direct Tax page</a>.

Which companies need an internal audit under Section 138?

Under Rule 13 of the Companies (Accounts) Rules 2014, internal audit is mandatory for: (a) every listed company, (b) every unlisted public company with paid-up share capital ≥ ₹50 crore, turnover ≥ ₹200 crore, outstanding bank / PFI loans ≥ ₹100 crore, or outstanding deposits ≥ ₹25 crore, and (c) private companies with turnover ≥ ₹200 crore or outstanding bank / PFI loans ≥ ₹100 crore. The internal auditor can be a Chartered Accountant, Cost Accountant, or any other professional the Board decides.

What is CARO 2020 and who does it apply to?

The Companies (Auditor's Report) Order, 2020 (CARO 2020) is a reporting framework the statutory auditor must comply with when issuing the auditor's report. It covers 21 clauses — fixed assets, inventory, loans to related parties, CSR compliance, cash transactions, defaults to lenders, fraud, and more. CARO 2020 applies to all companies other than banking, insurance, Section 8 companies, One-Person Companies, small companies, and most private companies (unless they're subsidiaries of public companies or cross thresholds on paid-up capital, turnover or borrowings specified in the order).

When is a cost audit required?

Cost audit is governed by Section 148 and the Companies (Cost Records and Audit) Rules 2014. Companies in specified regulated sectors (telecommunications, electricity, petroleum, drugs and pharmaceuticals, sugar, fertilisers, etc.) and non-regulated sectors (machinery, steel, rubber, textiles, and others listed in the rules) above prescribed turnover thresholds must maintain cost records and have them audited. Reporting is in Form CRA-3 (cost audit report) filed with Form CRA-4 on MCA.

What does a typical bank stock audit cover?

A stock audit commissioned by a lender bank independently verifies that the stock and debtors reported in the borrower's monthly / quarterly stock statements are real, available, and correctly valued — the inputs that drive the drawing-power calculation on cash-credit limits. Scope normally includes physical stock verification at a sample of locations, reconciliation with book stock, ageing of stock and debtors, review of insurance cover and charge registration, and sign-off on the DP calculation in the bank's prescribed format. Thresholds and frequency vary by bank — most require it above ₹5 crore of working-capital exposure.

What's the difference between an audit, a review, and agreed-upon procedures?

An <strong>audit</strong> under SA 700 provides reasonable assurance — a positive opinion on whether financial statements are free of material misstatement. A <strong>limited review</strong> under SRE 2400 provides moderate (negative) assurance — the reviewer states that nothing came to their attention that would indicate the statements are not fairly presented. <strong>Agreed-upon procedures</strong> under SRS 4400 provide no assurance at all — the engagement reports factual findings on specifically agreed procedures (e.g., "we tested 50 invoices and found 3 with missing approvals"). Choosing the right level matters: audits are expensive and time-consuming; AUPs are quick and targeted.

Have an audit or assurance engagement to scope?

We'll review what you have and come back with a focused plan — applicable sections, forms, timelines, and what we'll need from you.

Book a consultation Contact us

Explore other services

Direct Tax

Income tax filings, TDS/TCS, transfer pricing, Form 15CA/15CB, and representation before assessing and appellate authorities.

Indirect Tax (GST)

GST registration, monthly and annual returns, audits under Section 35(5), refund advisory, and advance-ruling representation.

Corporate Advisory

Company and LLP incorporation, ROC and NCLT representation, due diligence, valuation, IFRS, ESOP, and M&A.