All-about Audits | Cyber, CSR, Social, Takeover, Forensic, Environmental, Labour Law, et. al.

Table of Contents:

1. Cyber Security Audit
2. CSR Audit and its purposes
3. Differences between Social Audit and Takeover Audit
4. Implications of Social Audit
5. Advantages of Social Audit
6. Forensic Audit Report
7. Environmental Audit and its Process
8. Need for Environmental Audit
9. Scope of Corporate Governance Audit
10. Cyber Audit
11. Forensic Audit
12. Labour Law Audit
13. Auditing Standards of ICSI
14. Unmodified and Modified Opinions under CSAS-3
15. Detection and Reporting of fraud under CSAS-4
16. Takeover Audit

1. Cyber Security Audit

Cyber security is an attempt to minimising any risk of financial loss, disruption or damage to the reputation of an organisation that may arises from the failure of its information technology systems. The objective of the cyber audit is to provide an assessment of the operating effectiveness of cyber security policies and procedures, identify, protect, detect, respond and recover processes and activities to the board.

The following can be the illustrative check point on the Cyber Securities Audit:

• • Check points relating to the Personnel Security
  • Check points relating Physical access to electronic information systems
  • Account and Password Management
  • Confidentiality of Data
  • Compliance and Audit of policies, standards, procedures, and guidelines.

Check out Taxmann's CRACKER | Secretarial Audit Compliance Management & Due Diligence which covers topic-wise past exam questions with a sub-topic wise arrangement of questions in each chapter, chapter-wise marks distribution, trend analysis of past exam questions, ICSI Study Material comparison, etc.

CS Professional | New Syllabus | June 2022 Exams

2. CSR Audit and its Purposes

Corporate Social Responsibility (“CSR”) is a broad term. However, for the purpose of addressing the scope of a CSR Audit, CSR is about managing and taking into consideration organization’s operational, processes and behavioural impact on society and stakeholders from a broad perspective. CSR is more than basic legal compliance and is highly connected with and affects organization’s bottom line.

The followings are the purpose of CSR Audit:

• • To evaluate internal control and governance framework.
  • To assess the project life cycle.
  • To ensure compliance with the provisions of Companies Act, 2013 with respect to constitution of the Committee, adoption of policy and appropriate spending towards CSR activities.
  • To facilitate transparent monitoring mechanism and Act as a mentor for the Company’s CSR activities and implementation of CSR policy.
  • To conduct financial review of projects to confirm the utilization of budgets for achieving desired outcomes.

3. Differences between Social Audit and Takeover Audit

Social Audit:

Social auditing creates an impact upon governance. It values the voice of stakeholders, including marginalized/poor groups whose voices are rarely heard.

• • Social auditing is taken up for the purpose of enhancing local governance, particularly for strengthening accountability and transparency in local bodies.
  • Social Audit makes it sure that in democracy, the powers of decision makers should be used as far as possible with the consent and understanding of all concerned.

Takeover Audit:

• • Takeover audit for merger/acquisition/takeover could be done as three parts: pre-acquisition, post-acquisition and sell-side.
  • To provide the desired results to an investor and to ensure that the acquisition is executed in the most effective manner, the concept of the takeover audit has been evolved; the takeover audit provides a cost benefit analysis to suggest a strategic plan for the long term investment strategy.
  • A rigorous audit vide due diligence process help companies take advantage of legitimate new business opportunities, while at the same time help minimize the risks.
  • A strong audit cum due diligence process is critical to ensure that the acquirer is fully aware of all aspects of the proposed transaction and provides access to vital intelligence that is used to negotiate the final price and integrate the new subsidiary more effectively.

4. Implications of Social Audit

Implications of Social Audit discussed below:

• • Social auditing creates an impact upon governance. It values the voice of stakeholders, including marginalized/poor groups whose voices are rarely heard.
  • Social auditing is taken up for the purpose of enhancing local governance, particularly for strengthening accountability and transparency in local bodies.
  • Social Audit makes it sure that in democracy, the powers of decision makers should be used as far as possible with the consent and understanding of all concerned.

5. Advantages of Social Audit

The advantages of Social Audit discussed as under:

• • Encourage community participation among different business entities.
  • Ensure continuous efforts towards environmental protection and use of environment friendly production processes.
  • Building Customer Satisfaction and trust through ethical business practices.
  • Promotes collective decision-making and sharing of responsibilities.

6. Forensic Audit Report

Forensic Audit Report is statement of observation gathered & considered while proving conclusive evidence. It is a medium through which an auditor expresses his opinion under audit after the forensic audit investigation is completed.

Forensic Audit Report include the following points:

• • Executive Summary.
  • Origin of the audit.
  • Audit Objective.
  • Proposed Audit Outputs.
  • Audit Implementation approach.
  • Risk Analysis.
  • Audit Process.
  • Preliminary understanding of scope and incident coverage.
  • Collect evidence.
  • Conduct Interviews.
  • Analyse findings.
  • Validate inferences and conclusions.
  • Evidence of risk events

7. Environmental Audit and its Process

Environmental Audit refers to verification and assessment of environmental measures in an organisation.

• • Environmental Audit is a term that can reflect various types of evaluations intended to identify environmental compliance and management system implementation gaps along with related corrective actions and it has a wide variety of meanings.
  • Process of Environment Audit:

Step 1: Understanding the industrial activity and Pre-audit or planning stage: Collection of background information about the entity, definition of objectives and scope of audit, formation of audit team and development of audit plan and protocols.

Step 2: On-site or Field Audit: Communicate the objectives of the audit to key faculties and schedule necessary meetings and interviews, identify areas of concern, site/facility inspection, evidence/records/document review, staff interviews, initial review of findings.

Step 3: Assessing the impact and post-audit: Final evaluation of findings, submit preliminary report with type and magnitude of impact on the environment, get approval of management, introduce the findings to the auditees submit final environment audit report along with short/long term acceptability.

Step 4: Follow up or review: Verify the action taken on audit findings and recommendations.

8. Need for Environmental audit

Following are need for Environment Audit:

• • It help business to assess the environmental impact of their operations.
  • It ensure that the corporate decisions are not spoiling company’s market for its products, destroying the source of essential supply, damaging or polluting the very infrastructure that makes usage and demand of the product grow.
  • It highlights areas of inefficiencies in process.
  • It highlights excessive wastes.
  • It provides opportunity for business to decrease its wastes output and reduce the cost of waste treatment or waste disposal.

9. Scope of Corporate Governance Audit

The Scope of Corporate Governance Audit is wide and generally boundary less and covers:

• • Financial and Non-Financial Stakeholders.
  • Boards of Directors (Composition, Mix, Independence).
  • Committees of the Boards and terms of References.
  • Control Environment (Accounting, Controls, Internal and External Audit).
  • Risk Management.
  • Transparency and Disclosure of financial information and executive compensation.
  • Strategic plans, programs and guidance on social responsibilities.

In India, the Companies Act, 2013 and the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 are the principle governing laws on corporate governance.

10. Cyber Audit

• • Cyber Audit team of professional conducts an organizational review to ensure that the correct and most up to date cyber and IT processes and infrastructure are being applied.
  • Cyber audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization.
  • In Cyber Audit the Internal auditors and risk management professionals have key roles to play in the Information Management function of the company. In the era of global digital economy it is critical to protecting enterprise information from the insider as well as the outsider hackers.
  • Audit helps enterprises with the challenges of managing cyber threats, by providing an objective evaluation of the controls and making recommendations to improve them as well as assisting the senior management and the board of directors understand and respond to cyber risks.
  • A cyber audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization.

11. Forensic Audit

Forensic Audit Report is statement of observation gathered & considered while proving conclusive evidence. It is a medium through which an auditor expresses his opinion under audit after the forensic audit investigation is completed.

• • Forensic is the application of science to crime concerns. Forensic science is science which is applied to legal matters especially criminal matters.
  • A Forensic Audit is a comprehensive and systematic process involving a series of activities and tasks undertaken for establishing the accuracy and authenticity of the transactions under review.
  • The object of forensic auditing is to relate the findings of audit by examining and gathering legally tenable evidence and producing it to the Court. In the process the corporate veil is lifted in case of corporate entities to identify the fraud and the persons responsible for it.

12. Labour Law Audit

Labour law audit is a process of facts findings and it is a continuous process and ensures a win – win situation for all the stakeholders.

• • Audit under the labour and employment laws is an effective tool for compliance management of labour, employment and industrial laws.
  • Labour law audit is not compulsory, but it is highly recommendatory to conduct this audit. It helps to detect non-compliance of labour and employment laws applicable to a business and take corrective measures to avoid any unwarranted legal actions by the regulators against the business and its management.
  • Labour audit cover all labour legislations applicable to an industry/business or any other commercial establishment, wherein audit is being conducted by the labour law auditor. Scope of labour law audit will certainly differ from business to business.

Example: Suppose if the business does not have a factory, the provisions of Factories Act, 1948 and any rules/regulations made thereunder won’t be applicable on such business.

13. Auditing Standards of ICSI

The Council of the Institute of Company Secretaries of India (ICSI) has approved the issuance of four ICSI Auditing Standards. The Standards are required to be observed by the Company Secretaries undertaking Audits. The Standards seek to promote best auditing practices, uniformity and consistency while conducting audits. The four Standards are:

14. Unmodified and Modified Opinions under CSAS-3

As per provisions of CSAS-3:

(a) Unmodified Opinion:

The Auditor shall express an unmodified opinion when based on Audit Evidence, the Auditor concludes that:

• • There is due compliance with the applicable laws in terms of timelines and process; and
  • The records as relevant for the audit verified by him as a whole are free from misstatement and maintained in accordance with the applicable laws.

(b)  Modified Opinion:

The Auditor shall express modified opinion when the Auditor concludes that:

• • Based on the Audit Evidence obtained, there is non-compliance with the applicable laws in terms of timelines and process; or
  • Based on the Audit Evidence obtained, the Records as a whole are not free from Misstatement; or are not maintained in accordance with applicable laws; or
  • He is unable to obtain sufficient and appropriate Audit Evidence to conclude that there is due compliance with the applicable laws in terms of timelines and process; or
  • He is unable to obtain sufficient and appropriate Audit Evidence to conclude that the Records as a whole are free from Misstatement; or are maintained in accordance with applicable laws.

Whenever the Auditor expresses a modified opinion or disclaims an opinion, the text of the opinion shall be either in italics or bold letters.

15. Detection and Reporting of fraud under CSAS-4

As per provisions of CSAS-4:

(a)  Detection of Fraud:

• • The Auditor shall exercise professional judgment and maintain professional scepticism throughout the planning and performance of the audit to detect and report the fraud envisaged under the provisions of Section 143(12) of the Companies Act, 2013 read with Companies (Audit and Auditors) Rules, 2014.
  • During the course of the audit, if the Auditor suspects commission of any fraud, he shall endeavour to collect further evidence for the same. The suspicion may arise on perusal of internal control systems, complaint under whistle blower mechanism and reports of the other auditors, etc.
  • The Auditor shall ensure to collect sufficient evidence which substantiates his suspicion of the commission of the fraud against the Auditee by its employees and officers.

(b)  Reporting of Fraud:

• • The Auditor having sufficient reason to believe that there is commission of fraud and have justifiable grounds for the same, he shall report to Audit Committee/Board/Central Government as per the process laid down under the Companies Act, 2013 and include the same in Secretarial Audit Report

The Auditor shall verify if the fraud detected by other Auditor has been reported to the Audit Committee/Central Government and report the same in the Secretarial Audit Report.

• • The Auditor shall verify whether the Audit Committee/Board has given any comments on the fraud reported by the auditors in their report in terms of the provisions of the Companies Act, 2013

16. Takeover Audit

Takeover audit for merger/acquisition/takeover could be done as three parts: pre-acquisition, post-acquisition and sell-side.

• • To provide the desired results to an investor and to ensure that the acquisition is executed in the most effective manner, the concept of the takeover audit has been evolved; the takeover audit provides a cost benefit analysis to suggest a strategic plan for the long term investment strategy.
  • A rigorous audit vide due diligence process help companies take advantage of legitimate new business opportunities, while at the same time help minimize the risks.
  • A strong audit cum due diligence process is critical to ensure that the acquirer is fully aware of all aspects of the proposed transaction and provides access to vital intelligence that is used to negotiate the final price and integrate the new subsidiary more effectively.