India’s new audit regulator the National Financial Reporting Authority (NFRA) recently passed an order banning Udayan Sen, former managing partner and chief executive officer of Deloitte India, in a review of the audit firm Deloitte Haskins and Sells’ audit of IL&FS Financial Services. IL&FS Financial Services (IFIN) is a subsidiary of IL&FS which collapsed under the burden of loans worth ₹90,000 crore in 2018. The Centre took it over to avoid the spread of a financial contagion.

This is the first such action taken by the NFRA against an audit, after it was set up nearly two years ago. Although the order does not specifically name the parties to whom loans were given, it specifies what went wrong during the audit of IFIN by Deloitte that led to NFRA banning Sen from conducting audits for seven years and imposed a fine of ₹25 lakh on him.

Here are some of the main issues that the order dealt with.

Going concern

The NFRA held that Udayan Sen had not obtained sufficient evidence that IFIN was a going concern based on the management’s assessment of the going concern assumption. As engagement partner, Sen had the ultimate responsibility to make an independent assessment of the management’s going concern assumption of IFIN before signing the audit report.

Sen had concluded, based on bullish Indian market and past trends of the performance of IFIN, that the going concern assumption was appropriate. This was a failure of due diligence on Sen’s part, the NFRA held. Sen had denied these allegations as baseless and said that the audit engagement team had evaluated the asset liability management disclosures of IFIN.

Sen also stated that the net worth of the company being six times its share capital and the fact that the company regularly received the highest credit rating, helped him conclude that there was no threat to IFIN as a going concern.

Net-owned funds and CRAR

From financial years 2014-15 to 2015-16, IFIN’s net-owned funds (NOF) had dropped from (-) ₹45.93 crore to (-) ₹4,123.76 crore. The NFRA’s order states that the capital risk (weighted) assets ratio (CRAR) of IFIN was at (-) 42.61 per cent against a regulatory requirement of 15 per cent. This deterioration of NOF and CRAR was caused by reckless lending to group companies of IFIN as per RBI’s inspection reports, which was among the main causes for the collapse of IL&FS and its group companies.

Sen as the Deloitte Haskins and Sells’ engagement partner on the IFIN audit was ultimately responsible to bring this to the notice of those charged with governance at IFIN. In his response, he stated that these individuals were already aware of the RBI inspection reports. And also, that the RBI had given time till March 31, 2019, to the company to bring the NOF and CRAR to the regulatory requirement.

But the NFRA held that auditing standards required Sen as engagement partner to officially bring the fact that IFIN was in violation of RBI norms to those charged with governance at IFIN. This is a requirement whether or not they already knew about these issues. This had to be done before the audit report was signed.

Additionally, the NFRA has also charged and found Sen guilty of not disclosing material facts relating to NOF and CRAR in the IFIN’s notes to accounts. These facts were known to him and recorded in the audit papers but were not disclosed in the financial statements. He was also held guilty of not obtaining the management’s stand on RBI’s inspection reports and letting an incorrect NOF and CRAR being reported in the financial statements of IFIN.

Risk evaluation

At the time of performing the audit, IFIN was designated as a systemically important non-deposit taking NBFC. The NFRA held that this meant the auditor of IFIN had to take into consideration the higher risk that audit of such an entity would entail. This should have been reflected in evaluation of credit appraisal memorandums, relaxation of credit appraisal norms, recognition of non-performing assets, etc.

There were instances where loans given out were routed manually outside the information technology solution used by IFIN. Approvals for these loans were sought from the authorised signatories manually. This was a breach of internal controls that were put in place for evaluation of loans.

Sen in his response to NFRA’s show-cause notice said that the fact that loans were approved manually did not mean that internal controls were side-stepped. The NFRA rejected this contention and stated that in the usual course, loans are supposed to be processed only through the IT solution that was used to process loan approvals.

Even if manual approvals were sought and then routed through the IT solution for loan approvals, this fact should have been documented in the audit papers, the NFRA said. This oversight of recording such frequent override of internal controls meant that Sen as the engagement partner had not evaluated the risk of material misstatements in the financial statements due to laxity of internal controls.

Providing prohibited services

The Companies Act 2013 bans audit firms from providing many services to its audit clients where they have to audit financial statements. This is done so that the lure of such services does not impinge on the independence of the auditor while conducting the audit of financial statements.

The NFRA found Sen guilty of not exercising due diligence while accepting engagements of such prohibited services from IFIN. The NFRA held that Deloitte and its affiliates providing services like tax advisory, management services, representation in income tax cases, assistance in filing appeals, among others impinge on the ability of an auditor to complete an audit of financial statements in an independent manners.

This is more so because services like litigation support services to a client cause a “self-review” threat where Sen’s audit engagement team would have to rely on Deloitte’s own assessment of how a particular legal case would proceed while auditing amounts of disclosures made in financial statements.

Role as engagement partner

The NFRA held that there was deficiency in Sen’s direction, supervision, and review of the various facets of the audit like risk assessment during audit, audit planning, communications with those charged with governance at IFIN. This resulted in the quality of the audit conducted by Deloitte being below par.

The NFRA also found Sen did not perform necessary due diligence before signing the audit report of IFIN. This was based on the fact that he had stated in the audit report that he had obtained reasonable assurances that the financial statements were free from any material misstatements that may be caused due to fraud or errors. The NFRA held that this was not the case, and still Sen had issued an audit report without any qualifications or an unmodified report.

This meant that he had not adhered to the standards on auditing, Institute of Chartered Accountants of India’s code of ethics and the Companies Act 2013.

Related Topics
comment COMMENT NOW