A Comprehensive Guide to Secretarial Audit

Table of Contents

1. Factors Involved in Planning and Performing an Audit
2. Stages of an Audit
3. ICSI Auditing Standards
4. Matters Relating to Professional Mis-Conduct While Obtaining Professional Work
5. Acceptance of Secretarial Audit

Check out Taxmann's Handbook on Secretarial Audit which provides an in-depth understanding of Secretarial Audit. It guides the reader through the entire secretarial audit process, from deciding to accept the engagement to conducting various audit procedures and creating the audit report, addressing the auditor's responsibilities regarding fraud and quality control aspects. Additionally, it addresses the challenges secretarial auditors face, summarising legal requirements, ICSI auditing standards, and related guidance notes.

1. Factors Involved in Planning and Performing an Audit

It is the duty of the Secretarial Auditor to plan and perform the audit in a way that enables obtaining reasonable assurance regarding compliance and maintenance of records. He does this by gathering sufficient appropriate evidence by performing various audit procedures. He evaluates the evidence, and makes his report to the members of the company.

The Secretarial Auditor must follow the due procedures right from the moment he is approached for the engagement, throughout the performance of audit and until he submits the report to the auditee. Even thereafter, the duty of the Secretarial Auditor extends to attending the Annual General Meeting.

The Secretarial Auditor must adhere to the requirements relating to Secretarial Audit under the Companies Act, 2013 read with the Rules and the Listing Regulations and SEBI’s circulars, as may be applicable. Apart from this, the Secretarial Auditor must follow the Auditing Standards CSAS 1-4, Guidance Notes on the Auditing Standards, the Guidance Note on Secretarial Audit, the Manual on Secretarial Audit, Guidelines on Peer Review, Quality Review, UDIN and other guidance issued by the ICSI while planning and performing the audit. The Secretarial Auditor must also keep in mind the matters of misconduct as detailed under the First and Second Schedules to the Company Secretaries Act, 1980. When the conduct of an auditor amounts to a misconduct under the said Schedules, disciplinary proceedings may be launched against him.

Further, there are qualitative aspects that must be kept in mind. He is expected to conduct the engagement in a professional manner with integrity, independence and competence. He should maintain confidentiality. Maintaining confidentiality is important for any client; it becomes more important in respect of listed companies because if unpublished price-sensitive information is leaked, it may lead to insider trading and violation of the code of conduct that fiduciaries must have in place as per the SEBI (Prohibition of Insider Trading) Regulations, 2015.

The Secretarial Auditor must keep in mind the nature of business, the business cycle, the history of the company and its promoters, nature and volume of the transactions or records of the auditee, applicable laws, systems in place for compliance and other factors specific to the auditee company.

2. Stages of an Audit

The various stages of an audit can be summarised as under:

1. Accepting an audit engagement includes matters to be considered and procedures to be performed before accepting the engagement and soon thereafter. This includes matters like assessing the integrity level of the client, competence of the auditor, communication with the previous incumbent, and so on.
2. Planning the audit includes planning the scope, timeline and extent of the audit procedures.
3. Understanding the entity and its environment involves understanding the entity’s business, events during the review period, internal controls and systems in place for compliance.
4. Assessing risks of material misstatement or non-compliance flows from the understanding of the entity and its environment.
5. Determining materiality for the purpose of performing test-checks and sampling based on the assessment of risks.
6. Performing audit procedures includes test of controls and substantive procedures.
7. Maintainance of audit documentation including working papers, preservation of evidence obtained and related matters.
8. Evaluating the evidence involves analysing the sufficiency and appropriateness of the evidence to support reasonable assurance on compliance. The evidence must constitute reasonable basis for the auditor to form his opinion.
9. Forming an audit opinion based on the evidence with respect to the extent of compliance with laws.
10. Drafting the Secretarial Audit Report based on the audit opinion formed. This may be a modified report (having adverse remarks, qualification or other remarks) or this may be an unmodified report (clean report).
11. Submitting the Report to the Auditee involves finalising the report, generating UDIN, signing the report and appropriately addressing it to the auditee.
12. Presence at AGM is required for the Secretarial Auditor unless exempt by the company.

3. ICSI Auditing Standards

The ICSI has issued Auditing Standards to equip Practising Company Secretaries with the tools, techniques and knowledge on best practices for rendering auditing services to their clients. Auditing Standards also ensure uniformity and standardisation of auditing procedures and practices. Company Secretaries in Practice have been bestowed and entrusted with the opportunity of performing various types of audits, right from the Secretarial Audit under the provisions of section 204 of the Companies Act, 2013 and under regulation 24A of the Listing Regulations, audit of depository participants, internal audit of stock brokers, internal audit of investment advisors, internal audit of portfolio managers, internal audit of credit rating agencies and so on. As laws become more complex and as the business environment evolves, more audit opportunities and responsibilities will be offered to the Company Secretaries in practice.

The ICSI constituted the Auditing Standards Board in 2016. The Auditing Standards framed by the Auditing Standards Board were issued in 2019. These were made applicable on a recommendatory basis from 1st July, 2019. In view of the Covid-19 pandemic, the mandatory applicability of the ICSI Auditing Standards was postponed to 1st April, 2021. The ICSI has also issued Guidance Notes to the ICSI Auditing Standards to provide clarity and practical guidance on the Standards.

3.1 Applicability of ICSI Auditing Standards CSAS-1 to CSAS-4

• Practising Company Secretaries are required to follow all the ICSI Auditing Standards mandatorily in respect of all audit engagements under any statute on or after 1st April, 2021.
• This is applicable for all audit engagements whether in pursuance of the Companies Act, 2013 or under the securities market regulations or any other law.
• In respect of audits conducted on a voluntary basis at the request of the auditee, compliance is not mandatory but is recommended.
• In respect of audits undertaken pursuant to an order of Court, Tribunal or a Regulatory Authority, CSAS-1 should be followed to the extent possible.
• CSAS-1 to CSAS-3 pertain to all audits in general, including Secretarial Audit. CSAS-4 is dedicated to Secretarial Audit.

3.2 Framework under ICSI Auditing Standards

• CSAS-1: Auditing Standard on Audit Engagement: This Standard deals with the principles and procedures for acceptance and continuance of an audit engagement. It deals with pre-engagement meeting, communication with the previous auditor, limit on audit engagements, conflict of interest, appointment of the auditor, audit engagement letter, maintaining confidentiality and change in terms of engagement.
• CSAS-2: Auditing Standard on Audit Process and Documentation: This Standard deals with planning and performing the audit process and maintenance of documentation. What constitutes sufficient and appropriate record to form the basis of the auditor’s opinion is also defined here. It provides for matters relating to audit planning, enumerates the steps in the overall audit process, developing an audit plan, risk assessment, preparation of checklists, collection of evidence, analysis of evidence, audit documentation, and matters on record keeping and retention.
• CSAS-3: Auditing Standard on Forming of Opinion: This Standard deals with the manner of evaluating the conclusions drawn from the audit evidence for the purpose of forming an opinion and drawing the audit report. The aim is to provide uniformity in the manner of forming the audit opinion.
• CSAS-4: Auditing Standard on Secretarial Audit: This Standard lays down matters relating to Secretarial Audit and evaluation of compliance with laws.

This Chapter discusses the concepts and practical aspects relating to the process of audit with due consideration to ICSI Auditing Standards, the Guidance Notes, matters of misconduct under the Company Secretaries Act, 1980, and other guidance available.

4. Matters Relating to Professional Mis-Conduct While Obtaining Professional Work

The way a person conducts himself is what makes or breaks a professional. Professionals must conduct themselves in a manner that shows strength of character, determination, discipline, integrity and reliability. The conduct of a member of a profession, which is unbecoming of a professional, though may be legal, needs to be viewed seriously. This is because society and the businesses rely on the work of professionals and any misconduct on the part of the professional affects the stakeholders and may also bring discredit to the profession. Hence, there needs to be a disciplinary mechanism to deal with matters of misconduct.

The First and Second Schedules to the Company Secretaries Act, 1980 deal with matters of misconduct in respect of Company Secretaries. Simplistically speaking, the First Schedule contains matters of serious misconduct, and the Second Schedule provides for matters of misconduct of much graver nature. Disciplinary proceedings in respect of the former are held before the Board of Discipline, whereas in respect of the latter, proceedings are held before the Disciplinary Committee. The consequences range from reprimand, fine up to Rs. 1 Lakh, suspension of membership for a period up to three months in case of misconduct falling under the First Schedule, while in case of the Second Schedule, the consequences are reprimand, higher fine limits up to Rs. 5 Lakhs, permanent cancellation of membership or suspension of membership for any length of time. An appeal lies with the Appellate Authority constituted under the Chartered Accountants Act, 1949.

The aforesaid First Schedule is divided into four parts:

• Part I – Professional misconduct relating to Company Secretaries in Practice
• Part II – Professional misconduct relating to Members in employment
• Part III – Professional misconduct relating to all Members generally
• Part IV – Other misconduct relating to all Members generally

The Second Schedule is divided into three parts:

• Part I – Professional misconduct relating to Company Secretaries in Practice
• Part II – Professional misconduct relating to all Members generally
• Part III – Other misconduct relating to all Members generally

Company Secretaries in Practice must keep in mind clauses (5) and (6) of Part I of the First Schedule when it comes to obtaining any engagement.

• Clause (5) provides that a Company Secretary in Practice shall be deemed to be guilty of professional misconduct, if he—

“secures, either through the services of a person who is not an employee of such Company Secretary or who is not his partner or by means which are not open to a Company Secretary, any professional business. Provided that nothing herein contained shall be construed as prohibiting any arrangement permitted in terms of items (2), (3) and (4) of this part.”

• Clause (6) provides that a Company Secretary in Practice shall be deemed to be guilty of professional misconduct, if he —

“solicits clients or professional work, either directly or indirectly, by circular, advertisement, personal communication or interview or by any other means: Provided that nothing herein contained shall be construed as preventing or prohibiting-

(i) any Company Secretary from applying or requesting for or inviting or securing professional work from another Company Secretary in practice; or

(ii) a member from responding to tenders or enquires issued by various users of professional services or organisations from time to time and securing professional work as a consequence.”

The objective behind the aforesaid clauses is that the professional service should not be commoditised. A professional remains a professional only so long as his work speaks for itself. Hence, ideally speaking, a professional in practice must get assignments and not seek assignments except in the manner permitted otherwise. A Company Secretary in practice is allowed to apply for work from another Company Secretary in practice or by responding to tenders and enquiries. The ICSI has issued the ICSI (Guidelines for Advertisement by Company Secretaries), 2020, which is applicable to the Members of the Institute, whether in practice or otherwise, rendering any advisory, consultancy or representation services. Advertisement in the limited manner as permitted by the Guidelines are permitted and do not amount to misconduct. A Practising Company Secretary (PCS) must always keep in mind the above aspects when obtaining professional engagements.

5. Acceptance of Secretarial Audit

Once a Company Secretary in Practice is offered an audit engagement, he or she must weigh several factors before acceptance the engagement. There are various matters of professional behaviour and good conduct, procedures and documentation that must be followed in the course of accepting an engagement. Matters relating to independence and limit on number of audits have been dealt with in the previous chapter. The other matters are detailed in the forthcoming paragraphs under the following heads:

• Pre-engagement Meeting
• Factors to be Considered Before Accepting
• Eligibility Certificate
• Appointment of Auditor
• Audit Engagement Letter
• Communication to the Previous Incumbent
• Acceptance of the Engagement
• Changes in the Engagement

5.1 Pre-engagement Meeting

Before accepting the Secretarial Audit engagement, the auditor is required to have a pre-engagement meeting with the company. Matters such as terms of engagement including the timelines proposed, previous years’ reports, the general nature of business of the company, the organisational and decision-making structure, an understanding of the industrial environment it works in, internal controls in respect of compliance, may be discussed, among other matters. The Secretarial Auditor must disclose his conflict of interest, if any, at this stage itself. If there is substantial conflict of interest as detailed in the previous chapter, he must not accept the engagement. The PCS shall maintain utmost confidentiality in respect of the information gathered during the meeting.

When it comes to confidentiality, the PCS must remember that Clause (1) of the Second Schedule to the Company Secretaries Act, 1980 provides that a Company Secretary in Practice shall be deemed to be guilty of professional misconduct, if he —

“discloses information acquired in the course of his professional engagement to any person other than the client so engaging him, without the consent of such client, or otherwise than as required by any law for the time being in force.”

Although the clause talks about information acquired “in the course of his professional engagement,” it is expected that the PCS keep in mind the spirit behind the clause and maintain confidentiality in respect of information obtained even before he accepts the engagement. This must be ensured irrespective of whether he accepts the engagement.

5.2 Factors to be Considered Before Accepting an Audit Engagement

Firstly, we will look at the factors to be considered while accepting an audit engagement. In this regard, the ICSI issued a Guidance Manual on Quality of Audit & Attestation Services formulated by the Quality Review Board in April 2015. As per the Manual, the firm’s quality control systems shall contain policies in respect of client relationships. A firm is required to have policies and procedures in respect of acceptance of a client relationship. Policies need to be framed in order to ensure that the following are factored in while considering acceptance of an engagement:

• The PCS or the firm has the required competence, time and resources necessary to carry out the engagement.
• Relevant ethical requirements like independence are satisfied.
• Very specifically, it mentions that the firm must consider the integrity level of the client and ensure that it is at an acceptable level. The factors to be considered in this regard include: the reputation of the promoters, directors and key managerial personnel, business practices and policies, attitude towards compliance, limitations imposed on the audit, if any, and the reasons for not reappointing the earlier auditor.
• It asks the firms to ensure whether the reporting framework is acceptable and whether the management of the client acknowledges and accepts its responsibility as far as the subject matter is concerned. In respect of Secretarial Audit, this would be acknowledging that the responsibility of compliance lies with the management.
• If there is a limitation on the scope of the engagement in such a manner that it may not permit the auditor to obtain reasonable level of assurance, or in a manner that indicates the PCS has to issue a disclaimer of opinion, he shall not accept the engagement of audit. For example, if the auditee says that the auditor shall not have access to secretarial records or crucial elements of financial information, it is better that the PCS not accept the engagement.

5.3 Eligibility Certificate

The Guidance Note to CSAS-1, para 1.1.2 provides that the PCS shall submit a Certificate confirming the following:

• The number of audits is within the limits prescribed by the ICSI.
• There is no substantial conflict of interest with the auditee.
• There is no restriction to render the service under the ICSI Guidelines.
• He or she is not debarred from undertaking such audit under any law or under the orders of the disciplinary mechanism of the ICSI.

The Guidance Note also provides a specimen eligibility certificate as Annexure A to the said Guidance Note.

5.4 Appointment of Secretarial Auditor

The procedures regarding the appointment of the Secretarial Auditor like passing of Board Resolution at a meeting of the Board, and filing of Form MGT-14 within 30 days in case of public companies is covered.

5.5 Audit Engagement Letter

The PCS must seek from the auditee an Engagement Letter detailing the following as per the requirement under para 1.1.3 and para 1.2 of the CSAS-1:

• The objective and scope of the audit;
• The responsibilities of the Auditor and the Auditee. In cases where the responsibility is determined by law, the Engagement Letter shall refer to the provisions of the relevant law along with a statement that the Management acknowledges and understands its responsibilities for preparation and maintenance of records and for devising proper systems to ensure compliance with the provisions of applicable laws, act, rules, regulations and standards for the time being in force.
• Written representations provided and/or to be provided by the Management to the Auditor, including particulars of the Predecessor or Previous Auditor;
• The timelines within which the audit report shall be submitted by the Auditor, along with milestones, if any;
• The commercial terms regarding audit fees and reimbursement of out-of-pocket expenses in connection with the audit; and
• Limitations imposed, if any, on the audit by the auditee.

Once the engagement letter is received and the terms are acceptable to the auditor having regard to the timelines, commercial terms, scope of audit, and limitations imposed, if any, the auditor shall indicate his acceptance to the engagement either by way of indicating it on a copy of the engagement letter or by way of a separate communication.

The Auditors’ responsibilities include:

• Performing the audit as per the terms of the engagement.
• Deputing team members who have the competence to perform the audit under the supervision of the PCS.
• Ensuring professional behaviour by everyone in the audit team.
• Ensuring maintenance of confidentiality by the entire team.
• Ensuring there is no trading in securities while in possession of unpublished price sensitive information.

Auditee’s responsibilities shall include:

• Providing access to the necessary documents and records.
• Deputing personnel to provide such documents, information and explanation required by the auditor.
• Providing management representations on the matters required by the Auditor providing substantial evidence in respect of those matters and acknowledging responsibility on the matters stated in the representations.
• To provide details of the previous incumbent, if any.

5.6 Communication to the Previous Incumbent

A professional must always have respect towards his fellow professionals. This is necessary to uphold the dignity of the profession and also to ensure there is healthy competition and cooperation among the members of the profession. Towards this, clause (8) of Part I of the First Schedule to the Company Secretaries Act, 1980 provides that a Company Secretary in Practice shall be deemed to be guilty of professional misconduct, if he —

“accepts the position of a Company Secretary in Practice previously held by another Company Secretary in Practice without first communicating with him in writing.”

Communication with previous incumbent is required in case of certain engagements, of which Secretarial Audit is one.

The Guidance Note on Audit Engagement provides clarity on the words, “Predecessor or Previous Auditor” in clause (6) under the Definitions. It defines ‘Predecessor or Previous Auditor’ as, “an Auditor who has conducted the most recent audit assignment of the Auditee and submitted report thereon prior to the incumbent Auditor or was engaged but did not complete the audit assignment due to his resignation, termination or otherwise.” The Guidance Note also clarifies,

“An Auditor who has completed the assignment and has not been reappointed or an Auditor who had been appointed but has not completed the assignment due to resignation, termination or otherwise, shall be deemed to be a “Predecessor or Previous Auditor” for the same assignment.”

From this we can gather that Predecessor or Previous Auditor means:

1. The Auditor who has submitted report in respect of the most recent audit assignment but has not been reappointed, or
2. The Auditor who was engaged but did not complete the audit assignment due to any reason.

The PCS who is approached with a Secretarial Audit engagement must keep in mind that prior intimation is compulsory even before he accepts the engagement. There should be positive evidence of the communication having reached the previous incumbent, that is, there should be proof of delivery. Electronic media like e-mail may also be used for communication provided that the PCS is able to establish that the communication has been received by the previous incumbent. No-objection or consent of the previous incumbent is not needed. In terms of the Guidance Note on Audit Engagement, communication sent through registered post acknowledgement due or by courier or by hand delivery with a written acknowledgement or through an e-mail is acceptable. Applying the guidance contained in para 4.9.5 of Guidance Note on Code of Conduct for Company Secretaries on the aforesaid clause (8) of Part I of the First Schedule to the Company Secretaries Act, 1980, in respect of exclusive attestation assignments offered to Company Secretaries in Practice, the PCS must take steps to learn whether a different PCS was appointed for the same period earlier and it is desirable to seek consent from such person.

Further, a reasonable time should be given to the previous incumbent to respond to the communication. As per the Guidance Note on Audit Engagement, the reasonable period would be 7 days from the date of communication. The Guidance Note also provides the format for such communication.

This requirement should also be looked at as an opportunity for the PCS to get the acquaintance of another professional or to maintain a good professional camaraderie. In fact, the PCS may ask the previous incumbent regarding any significant issues arising out of his experience with the client that he may be able to provide. Such information may be useful while performing the audit. It is necessary to maintain confidentiality of the information.

5.7 Commercial terms

There is no minimum fee required to be charged by the PCS in respect of engagements. However, he or she should ensure that a fair fee is charged. The factors to be kept in mind while deciding the fee include: the size of the company, type of company
– whether private or public or listed, nature of business, internal controls in place, man-hours estimated, and other relevant factors. In terms of clause (2) of Part I of the First Schedule to the Company Secretaries Act, 1980, the PCS is not permitted to pay a commission to obtain an audit.