Note - BSR & Co, formerly Bharat S Raut, is part of KPMG’s domestic and international network for auditing. KPMG does auditing work in India through BSR an Indian chartered accountant firm that also signs on the balance sheets of Indian companies. KPMG, a network of global firms, cannot conduct audit as per Institute of Chartered Accountants of India (ICAI)’s regulations. Hence it conducts audit through BSR. It is just for signing purposes that such arrangement is made.
1. BSR’s appointment as statutory auditor of IL&FS Financial Services Ltd. (IFIN) for 2017-18 was illegal, since BSR was not eligible to be appointed due to violation of Sec 141(3)(e) (subsisting business relationships on the date of appointment) and Sec 141(3)(i) (provision of non-audit services directly or indirectly) of the Companies Act, 2013. BSR’s continuation as statutory auditor was also violative of Sec 141(4)
2. Notwithstanding such lack of eligibility, and without prejudice to such finding, NFRA has conducted a full Audit Quality Review. The important findings in the AQRR (Audit Quality Review Report) are mentioned below.
3. Failure to comply with Standards of Auditing (SAs) documented in AQRR are of such significance that NFRA concludes BSR did not have justification for issuing the Audit Report asserting that audit was conducted as per SAs.
4. Please refer to ICAI’s Implementation Guide on Reporting Standards. If during a subsequent review of audit process, it is found that audit procedures in SAs were not complied with, it tantamounts to auditor making a deliberately false declaration in the report and consequences for auditor could be very serious indeed.
5. BSR and KPMG network entities de facto use the KPMG Trade Mark and Brand Name for all their audit and non-audit services, making a futile attempt to show a de jure separation from KPMG. This will fail in view of public perception of BSR network entities being part of KPMG global network, and legal agreements between them. Non-audit services provided technically by KPMG labelled network entities are services provided by BSR entities, and result in gross violations of independence requirements for auditors as per Companies Act, and Code of Ethics mandated by Institute of Chartered Accountants of India.
6. IFIN didn't comply with Minimum Net Owned Funds and Capital to Risk Assets Ratio as on 31st March, 2018. These were negative, against a minimum positive requirement, and this non-compliance continued since long. Financial Statements (FS) of NBFC have to disclose these numbers. IFIN’s management contested RBI’s computation method and showed positive numbers as per its own definition. BSR was convinced that IFIN management was wrong. But they went along with wrong numbers disclosed in the FS, with only an Emphasis of Matter (EOM) para in Auditor’s Report, when EOM is justified only when the disclosure requirements as per SAs are fulfilled. Thus, BSR failed to highlight a material misstatement of major magnitude and fundamental importance.
7. Unjustified Valuation of a Derivative Asset: Rs 184 cr. Reversal of General Contingency Provision: Rs 225 cr. Non-provision for Impairment in the value of Investments: Rs 200.20 cr. In the above cases, BSR has not obtained sufficient, appropriate audit evidence, as required by SAs, to support the numbers finally reported in the FS. The total of the 3 items led to an inflation of profits of IFIN by Rs 609 cr
8. Numerous other violations of the SAs have been detailed in the AQRR. These deal with the assessment of the use of the Going Concern assumption by the management, the complete absence of the required communication with Those Charged With Governance, inadequate and improper evaluation of the Risk of Material Misstatements, determination of Materiality amounts on the basis of non-relevant factors, etc
9. The Engagement Quality Control Review (EQCR) mechanism was found to be completely inadequate for the intended task.
10. NFRA has also extensively studied the IT processes and platform that are used by BSR for their Audit File documentation. NFRA found that the IT processes/platform have deficiencies that are systemic and structural in nature, and arise substantially from a complete disregard for basic principles of IT security in the software used. This renders the audit documentation completely unfit for the intended purpose.