Chapter 2 –

Audit Strategy, Planning & Programming

STAGES OF AUDIT EXECUTION

Stage - I Execution • In order to carry out the audit in an effective, efficient & timely manner,
Planning auditors need to plan the work and a detailed audit program should be
prepared covering the audit objectives, scope and audit approach.
• During execution planning, auditor should consider the manpower
requirement, qualification of members of ET, time factor etc.
Stage - II Risk and Control Auditor need to conduct a detailed assessment of risk and control as per
Evaluation requirements of SA 315. Steps involved in assessment of risk are:
• List the risk that need to be reviewed for each segment of audit.
• Capture for each risk the controls that exist or those that are needed
• Determine the steps required to test the effectiveness of each controls.
Note: While making Risk & Control assessment auditor need to consider the
Materiality levels.
Stage - III Testing • As required by SA 330, auditor should test the operating effectiveness of the
controls to determine whether controls are operating as designed.
• Auditor should perform appropriate substantative procedures (Tests of
Details and SAP) so as to collect sufficient appropriate audit evidences w.r.t.
completeness, accuracy and validity of accounting data.
Stage - IV Reporting • The auditor should review and assess the conclusions drawn from the audit
evidence obtained as the basis for the expression of an opinion on the F.S. The
opinion so farmed should be expressed in the form of audit report as required
by SA 700.
• Auditor’s report should contain a clear written expression of opinion on the
financial statements taken as a whole.

Page 1 of 58
Chapter 3 –
Risk Assessment and Internal Control
Internal Control
Internal Internal Control structure in an organization is referred to as the policies and procedures
Control established by the entity to provide reasonable assurance that the objectives are achieved.
structure The control structure in an organization basically has the following components:
1. Control Environment - Control environment covers the effect of various factors like
management attitude; awareness and actions for establishing, enhancing or mitigating the
effectiveness of specific policies and procedures.
2. Accounting System - Accounting system means the process by which transactions are
processed for maintaining financial records. Accounting system identifies, assemble, analyze,
calculate, classify, record, summarize and report transactions and other events.
3. Control Procedure - Policies and procedures means those policies and procedures in
addition to the control environment and accounting systems which the management has
established to achieve the entity’s specific objectives. Such Policies and Procedures cover the
followings:
• Segregation of duties.
• Authorisation of Transactions.
• Adequacy of records and documents.
• Accountability and safeguarding of assets.
• Independent checks.
Key 1. Enterprise Risk Management: Organization having robust processes to identify & mitigate
components to risks across the entity & its periodical review will assist in early identification of weaknesses
assess and in internal control and taking effective control measures. In such entities, surprises of failures
evaluate the in controls is likely to be few.
control 2. Segregation of Job Responsibilities: Segregation of duties is an important element of
environment control which ensures that no two commercial activities should be conducted by the same
person.
3. Job Rotation in Sensitive Areas: In key commercial functions, job rotation is regularly
followed to avoid degeneration of controls.
4. Documents of delegation of Financial Powers: Document on delegation of powers allows
controls to be clearly operated without being dependant on individuals.
5. IT based Controls: In an IT Environment, it is much easier to embed controls through the
system instead of being human dependant. The failure rate for IT embedded controls is likely
to be low, is likely to have better audit trail & is thus easier to monitor.
Frameworks of COSO Framework COSO Framework is designed to be used by organizations to assess the
Internal effectiveness of the system of internal control to achieve objectives as
Controls determined by management. The Framework lists three categories of
objectives as below:

Page 2 of 58
 (a) Operations Objectives: Operation objectives are related to the
effectiveness and efficiency of the entity’s operations, including
operational and financial performance goals, and safeguarding of
assets.
(b) Reporting Objectives: Reporting objectives are related to internal
and external financial and non-financial reporting to stakeholders,
which would encompass reliability, timeliness, transparency, or
other terms as established by regulators, standard setters, or the
entity’s policies.
(c) Compliance objectives: Compliance objective are related to the
entity’s compliance with applicable laws and regulations.
Components and Principles prescribed by COSO Framework
Committee of Sponsoring Organizations of the Treadway Commission
(COSO) framework includes 17 principles representing the fundamental
concepts associates with its five components. These components and the
associates principles are:
Components Principles
Risk 1. Demonstrates commitment to integrity and
Assessment ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority, and
responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
Control 6. Specifies suitable objectives
Environment 7. Identifies and analyses risk
8. Assesses fraud risk
9. Identifies and analyses significant change
Control 10. Selects and develops control activities
Activities 11. Selects and develops general controls over
technology
12. Deploys through policies and procedures
Monitoring 13. Uses relevant information
14. Communicates internally
15. Communicates externally
Information and 16. Conducts ongoing and/or separate
Communication evaluations
17. Evaluates and communicate deficiencies
CoCO The CoCo (criteria of control) framework was first published by
the Canadian Institute of Chartered Accountants in 1995. This model
builds on COSO and is thought by some to be more concrete and user-

Page 3 of 58
 friendly. CoCo describes internal control as actions that foster the best
result for an organization. These actions, which contribute to the
achievement of the organization’s objectives, focus on:
• effectiveness and efficiency of operations;
• reliability of internal and external reporting;
• compliance with applicable laws and regulations and internal
policies.
CoCo indicates that control comprises: “Those elements of an
organization (including its resources, systems, processes, culture,
structure, and tasks) that, taken together, support people in the
achievement of the organization’s objectives.”
The CoCo framework outlines criteria for effective control in the
following four areas:
• Purpose
• Commitment
• Capability
• Monitoring and Learning
In order to assess whether controls exist and are operating effectively,
each criterion would be examined to identify the controls that are in
place to address them.
COBIT • COBIT stands for Control Objectives for Information and Related
Technology. It is a framework created by the ISACA (Information
Systems Audit and Control Association) for IT governance and
management. It is meant to be a supportive tool for managers and
allows bridging the crucial gap between technical issues, business
risks and control requirements.
• Business managers are equipped with a model to deliver value to the
organization and practice better risk management practices
associated with the IT processes.
• It is a control model that guarantees the integrity of the information
system. Today, COBIT is used globally by all managers who are
responsible for the IT business processes. It is a thoroughly
recognized guideline that can be applied to any organization across
industries.
• Overall, COBIT ensures quality, control and reliability of information
systems in organization, which is also the most important aspect of
every modern business.
SOX – Sec. 404 SOX Section 404 (Sarbanes-Oxley Act Section 404) mandates that all
publicly-traded companies must establish internal controls and
procedures for financial reporting and must document, test and maintain
those controls and procedures to ensure their effectiveness.

Page 4 of 58
 The purpose of SOX is to reduce the possibilities of corporate fraud by
increasing the stringency of procedures and requirements for financial
reporting.
The SEC rules and PCAOB standard require that:
• Management perform a formal assessment of its controls over
financial reporting including tests that confirm the design and
operating effectiveness of the controls.
• Management include in its annual report an assessment of Internal
Controls over Financial Reporting.
• The external auditors provide two opinions as part of a single
integrated audit of the company:
1. An independent opinion on the effectiveness of the system of
Internal Controls over Financial Reporting.
2. The traditional opinion on the financial statements.

Important Questions
Q. No. 1: Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework includes
17 principles representing the fundamental concepts associates with its five components. List these
principles.
HINT: Refer COSO Framework
Q. No. 2: Write a short note on: Control Objectives for Information and Related Technology (CoBIT)
Framework.
HINT: Refer CoBIT Framework.

Page 5 of 58
Chapter 7 –
Professional Ethics (Code of Ethics)

Overview of Code of Ethics (COE)

Chapter Sections Title
1 100-150 General Application of the
Code
2 200-290 Professional Accountants
in Public Practice
3 300-350 Professional Accountants
in Service
Coverage
100 - Introduction and Fundamental Principles
110 - Integrity
120 - Objectivity
130 - Professional Competence and Due Care
140 - Confidentiality
150 - Professional Behaviour
200 - Introduction
210 - Professional Appointment
220 - Conflicts of Interest
230 - Second Opinions
240 - Fees and Other Types of Remuneration
250 - Marketing Professional Services
260 - Gifts and Hospitality
270 - Custody of Client Assets
280 - Objectivity – All Services
290 - Independence – Assurance Engagements
300 - Introduction
310 - Potential Conflicts
320 - Preparation and Reporting of Information
330 - Acting with Sufficient Expertise
340 - Financial Interests
350 - Inducements

Fundamental Principles to be followed by an Accountant

Fundamental Integrity A professional accountant should be straightforward and honest in all
Principles professional and business relationships.
– Sec. 100 of Objectivity A professional accountant should not allow bias, conflict of interest or
COE undue influence of others to override professional judgments.
Professional • A professional accountant has a continuing duty to maintain
Competence professional knowledge and skill at the level required to ensure that a
and Due Care client or employer receives competent professional service based on
current developments in practice, legislation and techniques.

Page 15 of 58
 • A professional accountant should act diligently and in accordance with
applicable technical and professional standards while providing
professional services.
Confidentiality A professional accountant should respect the confidentiality of information
acquired as a result of professional and employment relationships and
should not disclose any such information to third parties without proper
and specific authority unless there is a legal or professional right or duty to
disclose.
Professional A professional accountant should comply with relevant laws and
Behavior regulations and should avoid any action that discredits the profession.
Integrity – Sec. • The principle of integrity imposes an obligation on all professional accountants to be
110 of COE straightforward and honest in professional and employment relationships. Integrity also
implies fair dealing and maintaining an impartial attitude and truthfulness.
• A professional accountant should not be associated with reports, returns, communications or
other information where he believes that the information:
(a) Contains a materially false or misleading statement;
(b) Contains statements or information furnished negligently; or
(c) Omits or obscures any information required to be included where such omission or
obscurity would be misleading.
Objectivity – • The principle of objectivity imposes an obligation on all professional accountants not to
Sec. 120 of COE compromise their professional duty or while in service judgment because of bias, conflict of
interest or the undue influence of others.
• A professional accountant may be exposed to situations that may impair objectivity. It is
impracticable to define and prescribe all such situations. Relationships that bias or unduly
influence the professional judgment of the professional accountant should be avoided.
Professional The principle of professional competence and due care imposes the following obligations on
Competence and professional accountants:
Due Care – Sec. (a) To maintain professional knowledge and skill at the level required to ensure that the clients
130 of COE or employers receive competent professional service; and
(b) To act diligently in accordance with applicable technical and professional standards while
providing professional services.
Confidentiality – The principle of confidentiality imposes an obligation on professional accountants to refrain
Sec. 140 of COE from:
(a) Disclosing outside the firm or employing organization information acquired as a result of
professional and employment relationships without proper and specific authority or unless
there is a legal or professional right or duty to disclose; and
(b) Using information acquired as a result of professional and employment relationships to
their personal advantage or the advantage of third parties.
Circumstances (a) Disclosure is permitted by law and is authorized by the client or the
where employer;
(b) Disclosure is required by law, for example:

Page 16 of 58
 disclosure is (i) Production of documents or other provision of evidence in the
appropriate course of legal proceedings; or
(ii) Disclosure to the appropriate public authorities of infringements
of the law that come to light.
(c) There is a professional duty or right to disclose, when not prohibited
by law:
(i) To comply with requirement of peer review or quality review
(ii) To respond to an inquiry or investigation by a regulatory body;
(iii) To protect the professional interests of a professional accountant
in legal proceedings; or
(iv) To comply with technical standards and ethical requirements.
Considerations In deciding whether to disclose confidential information, professional
before accountants should consider the following points:
disclosing (a) Whether the interests of all parties, including third parties whose
information interests may be affected, could be harmed if the client or employer
consents to the disclosure of information by the professional
accountant;
(b) Whether all the relevant information is known and substantiated, to
the extent it is practicable; and
(c) The type of communication that is expected and to whom it is
addressed; in particular, professional accountants should be satisfied
that the parties to whom the communication is addressed are
appropriate recipients.
Professional • The principle of professional behaviour imposes an obligation on professional accountants
Behaviour to comply with relevant laws and regulations and avoid any action that may bring discredit
– Sec. 150 of to the profession.
COE • The professional accountants should act in a manner consistent with the reputation of the
profession and refrain from any conduct which might bring disrepute to the profession.

Threats in Compliance of Fundamental Principles and Safeguards

Threats Self-interest It may occur as a result of the financial or other interests of a professional
involves in threats accountant or of a relative
compliance – Self-review It may occur when a previous judgment needs to be re- evaluated by the
Sec. 100 of COE threats professional accountant responsible for that judgment.
Advocacy It may occur when a professional accountant promotes a position or opinion
threats to the point that subsequent objectivity may be compromised.
Familiarity It may occur when, because of a relationship, a professional accountant
threats becomes too sympathetic to the interests of others.
Intimidation It may occur when a professional accountant may be deterred from acting
threats objectively by threats, actual or perceived.

Page 17 of 58
Circumstances Self-Interest (a) A financial interest in a client or jointly holding a financial interest with
that may create Threats a client.
Threats (b) Undue dependence on total fees from a client.
(c) Having a close business relationship with a client.
(d) Concern about the possibility of losing a client.
(e) Potential employment with a client
(f) A loan to or from an assurance client or any of its directors or officers.
Self-review (a) Reporting on the operation of financial information systems after being
threats involved in their designing or implementation.
(b) Having prepared the original data used to generate records that are the
subject matter of the engagement.
(c) A member of the engagement team is being associated with the client
as a director or officer.
(d) A member of the engagement team is being employed by the client in a
position to exert direct and significant influence over the subject
matter of the engagement.
(e) Performing a service for a client that directly affects the subject matter
of engagement.
Advocacy (a) Promoting shares in a listed entity when that entity is a financial
Threats statement audit client.
(b) Acting as a representative on behalf of an assurance client in litigation
or disputes with third parties.
Familiarity (a) A member of the engagement team is a relative of a director or officer
Threats of the client.
(b) A member of the engagement team is a relative of an employee of the
client who is in a position to exert direct and significant influence over
the subject matter of the engagement.
(c) A former partner of the firm being a director or officer of the client or
an employee in a position to exert direct and significant influence over
the subject matter of the engagement.
(d) Accepting gifts or preferential treatment from a client.
(e) Long association of senior personnel with the assurance client.
Intimidation (a) Being threatened with dismissal or replacement in relation to a client
Threats engagement.
(b) Being threatened with litigation.
(c) Being pressured to reduce inappropriately the extent of work
performed in order to reduce fees.
Safeguards that Safeguards 1. Educational, training and experience requirements for entry into the
may eliminate created by the profession.
or reduce profession, 2. Continuing professional development requirements.
threats legislation or 3. Corporate governance regulations.
4. Professional standards.

Page 18 of 58
Regulation to 5. Professional or regulatory monitoring and disciplinary procedures.
reduce threats 6. External review by a legally empowered third party of the reports,
returns, communications or information produced by a professional
accountant.
Safeguards in In the work environment, the relevant safeguards will vary depending on
the work the circumstances. Work environment safeguards comprise firm-wide
environment safeguards and engagement specific safeguards.
Firm-wide safeguards in the work environment
(a) Leadership of the firm that stresses the importance of compliance with
the fundamental principles and establishes the expectation that
members of an assurance team will act in the public interest.
(b) Policies and procedures to implement and monitor quality control of
engagements.
(c) Documented policies regarding identification of threats to compliance
with the fundamental principles and the application of safeguards to
eliminate or reduce the threats.
(d) Documented independence policies regarding identification of threats
to independence and application of safeguards to eliminate or reduce
the threats.
(e) Documented internal policies and procedures requiring compliance
with the fundamental principles.
(f) Timely communication of a firm’s policies and procedures, including
any changes to them, to all partners and professional staff.
(g) training and education on such policies and procedures.
(h) Designating a member of senior management to be responsible for
overseeing the adequate functioning of the firm’s quality control
system.
(i) A disciplinary mechanism to promote compliance with policies and
procedures.
(j) Published policies and procedures to encourage and empower staff to
communicate to senior levels within the firm any issue relating to
compliance with the fundamental principles that concerns them.
Engagement-specific safeguards in the work environment
(a) Involving an additional professional accountant to review the work
done or otherwise advise as necessary.
(b) Consulting an independent third party, such as a committee of
independent directors, a professional regulatory body or another
professional accountant.
(c) Discussing ethical issues with TCWG of the client.
(d) Disclosing to TCWG of the client the nature of services provided and
extent of fees charged.
(e) Rotating senior assurance team personnel.

Page 19 of 58
Chapter 18 -
Audit under Fiscal laws

Form 3CD
31. (a)* Particulars of each loan or deposit in an amount exceeding the limit specified in section 269SS taken or
accepted during the previous year:
(i) name, address and permanent account number (if available with the assessee) of the lender or
depositor;
(ii) amount of loan or deposit taken or accepted;
(iii) whether the loan or deposit was squared up during the previous year;
(iv) maximum amount outstanding in the account at any time during the previous year;
(v) whether the loan or deposit was taken or accepted by cheque or bank draft or use of electronic
clearing system through a bank account;
(vi) in case the loan or deposit was taken or accepted by cheque or bank draft, whether the same was
taken or accepted by an account payee cheque or an account payee bank draft.
*(These particulars need not be given in the case of a Government company, a banking company or a
corporation established by a Central, State or Provincial Act.)
(b)* Particulars of each specified sum in an amount exceeding the limit specified in section 269SS taken or
accepted during the previous year:
(i) name, address and Permanent Account Number (if available with the assessee) of the person from
whom specified sum is received;
(ii) amount of specified sum taken or accepted;
(iii) whether the specified sum was taken or accepted by cheque or bank draft or use of electronic
clearing system through a bank account;
(iv) in case the specified sum was taken or accepted by cheque or bank draft, whether the same was
taken or accepted by an account payee cheque or an account payee bank draft.
*(These Particularsneed not be given in the case of a Government company, a banking company or a
corporation established by the Central, State or Provincial Act.)
(c) Particulars of each repayment of loan or deposit or any specified advance in an amount exceeding the limit
specified in section 269T made during the previous year:
(i) name, address and Permanent Account Number (if available with the assessee) of the payee;
(ii) amount of the repayment;
(iii) maximum amount outstanding in the account at any time during the previous year;
(iv) whether the repayment was made by cheque or bank draft or use of electronic clearing system
through a bank account;
(v) in case the repayment was made by cheque or bank draft, whether the same was taken or accepted
by an account payee cheque or an account payee bank draft.

Page 23 of 58
 (d) Particulars of repayment of loan or deposit or any specified advance in an amount exceeding the limit
specified in section 269T received otherwise than by a cheque or bank draft or use of electronic clearing
system through a bank account during the previous year:
(i) name, address and Permanent Account Number (if available with the assessee) of the payer;
(ii) amount of loan or deposit or any specified advance received otherwise than by a cheque or bank
draft or use of electronic clearing system through a bank account during the previous year.
(e) Particulars of repayment of loan or deposit or any specified advance in an amount exceeding the limit
specified in section 269T received by a cheque or bank draft which is not an account payee cheque or
account payee bank draft during the previous year:
(i) name, address and Permanent Account Number (if available with the assessee) of the payer;
(ii) amount of loan or deposit or any specified advance received by a cheque or a bank draft which is not
an account payee cheque or account payee bank draft during the previous year.

Audit under GST Laws

Definition of Audit means the examination of records, returns and other documents maintained or
Audit furnished by the registered person under this Act or the rules made thereunder or under any
– Sec. 2(13) of other law for the time being in forceto verify the correctness of
CGST Act, 2017 • turnover declared,
• taxes paid,
• refund claimed and input tax credit availed, and
• to assess his compliance with the provisions of this Act or the rules made thereunder;
Points to Remember
Definition of Audit under CGST is a very wide term which not only includes examination
of records, returns and documents maintained under this Act, but also includes records,
documents and returns maintained under other law.
Types of Audit
Audit under GST
under GST
Regime
(3 types) Audit by taxable Person Audit by GST Authorities
(if threshold > ` 2 Cr.)

File Audited Returns General Audit Special Audit by a CA

+ nominated by Commissioner
Audited Accounts (Order by
+ Commissioner) (Order by Deputy/Asst.
Reconciliation Statements Commissioner)

Audit based on Every registered person whose turnover during a financial year exceeds the
turnover – Sec. prescribed limit shall get his accounts audited by a Chartered Accountant or
35(5) of CGST a Cost Accountantand shall submit
Act, 2017 • a copy of the audited annual accounts,
• the reconciliation statement u/s 44(2) and
• such other documents in such form and manner as may be prescribed.

Page 24 of 58
 Points to Remember
• Rule 80(3) of CGST Rules, 2017: Every registered person whose
aggregate turnover during a financial year exceeds ` 2Cr. shall get
his accounts audited and he shall furnish a copy of audited annual
accounts and a reconciliation statement, duly certified, in FORM
GSTR-9C.
• Sec. 44(2) - Every registered person who is required to get his
accounts audited in accordance with the provisions of Sec. 35(5)
shall furnish, electronically, the annual return along with a copy of
the audited annual accounts and a reconciliation statement,
reconciling the value of supplies declared in the return furnished
for the financial year with the audited annual F.S., and such other
particulars as may be prescribed.
Audit by Tax • The Commissioner or any officer authorised by him, by way of a general
Authorities – or a specific order, may undertake audit of any registered person for such
Sec. 65 of CGST period, at such frequency and in such manner as may be prescribed.
Act, 2017 • Audit may be conducted at the place of business of the registered person
or in their office.
• The registered person shall be informed by way of a notice not less than
15 working days prior to the conduct of audit in such manner as may be
prescribed.
• Audit shall be completed within a period of 3 months from the date of
commencement of the audit. However, is Commissioner is satisfied that
audit in respect of such registered person cannot be completed within 3
months, he may, for the reasons to be recorded in writing, extend the
period by a further period not exceeding six months.
• On conclusion of audit, the proper officer shall, within 30 days, inform
the registered person, whose records are audited, about the findings, his
rights and obligations and the reasons for such findings.
• If the audit results in detection of tax not paid or short paid or
erroneously refunded, or input tax credit wrongly availed or utilised, the
proper officer may initiate action under section 73 or section 74.
Special Audit – Directions for • If at any stage of scrutiny, inquiry, investigation or
Sec. 66 of CGST Special Audit any other proceedings, any officer not below the
Act, 2017 rank of Assistant Commissioner, having regard to
the nature and complexity of the case and the
interest of revenue, is of the opinion that the value
has not been correctly declared or the credit availed
is not within the normal limits, he may, with the
prior approval of the Commissioner, direct such
registered person by a communication in writing to

Page 25 of 58
 get his records including books of account examined
and audited by a chartered accountant or a cost
accountant as may be nominated by the
Commissioner.
• Direction shall be issued in FORM GST ADT-03.
Time limit for The chartered accountant or cost accountant so
completion of nominated shall, within the period of 90 days, submit a
Audit report of such audit duly signed and certified by him to
the said Assistant Commissioner mentioning therein
such other particulars as may be specified.
Extension of Assistant Commissioner may,
Time Limit • on an application made to him in this behalf by the
registered person or the chartered accountant or
cost accountant
or
• for any material and sufficient reason,
extend the said period by a further period of 90 days
Opportunity to • The registered person shall be given an opportunity
the registered of being heard in respect of any material gathered on
person the basis of special audit which is proposed to be
used in any proceedings against him under this Act
or the rules made thereunder.
• The registered person shall be informed of the
findings of the special audit in FORM GST ADT-04.
Audit Expenses Expenses of examination and audit, including the
and remuneration of such chartered accountant or cost
Remuneration accountant, shall be determined and paid by the
Commissioner and such determination shall be final.
Action on basis Where the special audit conducted results in detection
of Audit Report of tax not paid or short paid or erroneously refunded, or
input tax credit wrongly availed or utilised, the proper
officer may initiate action under section 73 or section
74.
Practices to be Auditor should evaluate internal control so as to identify the areas to be focused. For this
adopted for purpose, following practices may be adopted:
GST Audit (1) Auditor may verify the following:
(a) Statutory Audit report which has specific disclosure w.r.t. to maintenance of record,
stock and fixed assets.
(b) Information System Audit report and the Internal Audit Report.
(2) Internal Control questionnaire may be designed for GST compliance.

Page 26 of 58
 (3) Generalised audit software may be used for GST audit which would ensure adoption of
modern practice of risk based audit.
(4) Reconciliation of the books of account or reports from the ERP’s to the return is also useful.
(5) Trial balance should be reviewed for detecting any set off of expenses against incomes.
(6) Purchases/expenses are to be reviewed to examine applicability of reverse charge applicable
to goods/services.
(7) Reconciliation of foreign exchange outgo would also be necessary to identify the liability of
import of services.
(8) Ratio analysis may also provide important information on areas of noncompliance.

Format of GST Form GST ADT-04

Audit report Reference No. :
Date :
To,
--------------------------------------------
GSTIN ………………………………
Name ………………………………….
Address ………………………………
Information of Findings upon Special Audit
Your books of account and records for the F.Y………………..…. has been examined by .…………..
(chartered accountant/cost accountant) and this Audit Report is prepared on the basis of
information available/documents furnished by you and the findings/discrepancies are as
under:
Short payment of Integrated tax Central tax State/UT tax Cess
Tax
Interest
Any other amount
[Upload pdf file containing audit observation]
You are directed to discharge your statutory liabilities in this regard as per the provisions
of the Act and the rules made thereunder, failing which proceedings as deemed fit may be
initiated against you under the provisions of the Act.
Signature ......................................
Name ………………………………..
Designation ………………………...

Important Questions
Q. No. 1: Define the term Audit under CGST Act. Describe the statutory requirements of audit under CGST Act
based on threshold limit.
Q. No. 2: Briefly discuss the provisions given under section 66 regarding special audit required under CGST
Act.
Q. No. 3: List the best practice that can be adopted for GST Audit.
Q. No. 4: Write short note on: Format for GST Audit Report.

Page 27 of 58
Chapter 28 –
Audit of PSU

Elements and Principles of PSU Auditing

Elements of Parties • The auditor: In public sector auditing the role of auditor is fulfilled by
Audit Involved Supreme Audit Institution, India and by its personnel delegated with the
task of conducting audits.
• The responsible party: In public sector auditing, the relevant
responsibilities are determined by constitutional or legislative
arrangement. The responsible parties may be responsible for the subject
matter information, for managing the subject matter or for addressing
recommendations and may be individuals or organizations. Generally,
auditable entities and those charged with governance of the auditable
entities would be the responsible parties.
• Intended users: The intended users are the individuals, organizations or
classes thereof for whom the auditor prepares the audit report. The
intended users may be legislative or oversight bodies, TCWG or the general
public. The intended user is primarily the Parliament or the Legislature
which represents the citizens by determining the priorities of public
finance, purpose and content of public spending and income.
Subject Matter, • Subject matter refers to the information, condition or activity that is
Criteria and measured or evaluated against certain criteria.
Subject Matter • The criteria are the benchmarks used to evaluate the subject matter. Each
Information audit shall have criteria suitable to the circumstances of that audit. In
determining the suitability of criteria the auditor considers their relevance
and understandability for the intended users, as well as their completeness,
reliability and objectivity (neutrality, general acceptance and comparability
with criteria used in similar audits).
• Subject matter information refers to the outcome of evaluating or
measuring the subject matter against the criteria.
Types of There are two types of engagement: Attestation Engagements and Direct
Engagement Reporting Engagements.
• In attestation engagements, the responsible party measures the subject
matter against the criteria and presents the subject matter information, on
which the auditor then gathers sufficient and appropriate audit evidence to
provide a reasonable basis for expressing a conclusion.
• In direct reporting engagements, it is the auditor who measures or evaluates
the subject matter against the criteria.

Page 57 of 58
 Financial audits are always attestation engagements, as they are based on
financial information presented by the responsible party. Performance
audits and compliance audits are generally direct reporting engagements.
Principles of General (i) Ethics & Independence
PSU Auditing Principles (ii) Professional Judgement, due care and skepticism
(iii) Quality Control
(iv) Audit Team Management & Skill
(v) Audit Risk
(vi) Materiality
(vii) Documentation
(viii) Communication
Principles Planning an 1. Auditors shall obtain an understanding of the nature
relating to Audit of the entity/programme to be audited.
Auditing 2. Auditors shall conduct a risk assessment or problem
Process analysis and revise this as necessary in response to
the audit findings.
3. Auditors shall identify and assess the risks of fraud
relevant to the audit objectives.
4. Auditors shall plan their work to ensure that the audit
is conducted in an effective and efficient manner.
Conducting an 1. Auditors shall perform audit procedures that provide
Audit sufficient and appropriate audit evidence to support
the audit report
2. Auditors shall evaluate the audit evidence and draw
conclusions
Reporting & 1. Auditors shall prepare a report based on the
Follow-up conclusions reached.
2. Follow up on reported matter as relevant.

----------------------------------

Page 58 of 58