The National Financial Reporting Authority (NFRA) has identified deficiencies in audit procedures relating to related-party revenue transactions, going concern assessments and loan controls in selected audit engagements conducted by CNK & Associates LLP, while also flagging weaknesses in the firm’s audit quality control framework.
The findings were highlighted in NFRA’s Audit Inspection Report 2024 on the audit firm, which reviewed selected statutory audit engagements for the financial year ended March 31, 2024, across the banking, shipping and pesticides sectors.
NFRA said the inspection covered both firm-wide quality control systems and selected audit engagement files, focusing on areas such as revenue recognition, loans and advances, provisions, trade receivables and going concern assessments.
Related-party revenue audit procedures flagged
One of the key observations related to audit procedures around related-party revenue transactions in a selected engagement where related-party transactions accounted for 99% of the company’s total revenue.
“The Audit file has no evidence of the auditor’s evaluation whether such transactions were conducted at arm’s length,” NFRA said in the report.
The regulator noted that while the audit team had obtained margin calculations for contracts involving overseas related parties, the basis for differential margins of 25% and 35% was not evaluated and oral explanations from management were accepted.
NFRA further observed that the audit file lacked evidence of verification of payment received from overseas entities and did not sufficiently establish whether actual services had been rendered by the company.
“The Audit file has no evidence of auditor’s verification of actual services provided by the Company to the above stated related parties,” the report stated.
The regulator also observed absence of documented control testing despite the auditor reporting that internal financial controls were operating effectively.
“However, the Audit file has no evidence of performance of any audit procedure relating to controls i.e., identification of controls, evaluation of design and implementation (D&I) of relevant controls, and test of controls,” NFRA stated.
Going concern observations raised
In another selected engagement, NFRA flagged deficiencies in the audit of going concern assumptions.
The regulator noted that the audited company had disclosed erosion of net worth, recurring operating losses and mismatch between current liabilities and current assets, while preparing financial statements on a going concern basis.
According to the report, management’s plan included sale of investments in subsidiaries, arranging funds from group companies and execution of Service Level Agreements with related parties.
However, NFRA said the auditor did not evaluate the reasonableness of fair value considered by management, marketability of assets, agreements relating to pledged assets with lenders, specific funding support from group companies and whether proceeds generated from Service Level Agreements were sufficient to meet funding requirements.
The regulator also flagged presentation issues in the audit report.
“In respect of ‘Going Concern’, the Firm has given Material Uncertainty over Going Concern paragraph, EoM (Emphasis of Matter) paragraph and KAM (Key Audit Matter) paragraph in the Audit report. Including the same matter at three places in the Audit report is not as per SAs,” NFRA said.
Loan controls and sampling deficiencies identified
In the audit of loans and advances in one engagement, NFRA observed that audit documentation identified several control gaps and delayed implementation of key controls during the audit period.
These included sanctioning of credit products to blocked or high-risk accounts, absence of real-time monitoring mechanisms and reliance on compensating or system-based controls implemented towards the end of, or after, the financial year.
While the audit firm stated that the identified exceptions were non-pervasive and not material, NFRA said the audit documentation did not clearly evidence how the impact of those control deficiencies was evaluated during the audit.
The regulator also observed inadequate documentation relating to sample selection methodology for testing microfinance, housing and other loans.
“More explicit documentation of the sampling approach, including the population characteristics, method of selection, sample size, and linkage to audit objectives, would improve transparency and demonstrate compliance with SA 530,” NFRA stated.
NFRA additionally flagged blank or partially completed loan audit checklists and generic remarks without supporting evidence or sign-offs in certain audit files.
Audit documentation and independence monitoring under scanner
Apart from engagement-specific observations, NFRA identified deficiencies in CNK & Associates LLP’s overall audit quality control systems.
The regulator observed that the firm lacked formal documentation relating to nomination of leaders for key functional areas such as independence, audit quality, human resources and monitoring.
NFRA also flagged deficiencies in documentation relating to evaluation of independence threats before accepting non-audit services or audit engagements involving network entities.
According to the report, the firm relied on informal communication methods such as WhatsApp groups, telephone calls and follow-up emails for independence evaluations without maintaining formal documentation or approval trails.
The regulator further noted that the firm did not maintain a centralized record of non-audit services rendered by network entities to audit clients.
NFRA also highlighted weaknesses in audit documentation controls.
“It was noted that the audit team members and other users with access rights of completed audit files were able to create and modify audit documentation even after the signing of the audit report and archival of the audit file, without any effective restriction or control,” the report stated.
The regulator additionally observed that preparer and reviewer details, dates of preparation and review and evidence of supervision were incomplete or missing in several audit documents.
Further, certain final audit files were not assembled within the 60-day period prescribed under Standard on Quality Control (SQC) 1.
CNK says corrective measures initiated
CNK & Associates LLP informed NFRA that it has initiated corrective measures across various areas including centralized independence monitoring, enhanced audit trail controls, formalization of documentation processes, strengthening of Engagement Quality Control Review procedures and implementation of automation initiatives for quality management systems.
The firm also stated that it has commenced internal monitoring reviews of audit files for FY25 and initiated steps to strengthen its Engagement Quality Control Review framework in line with SQC 1 requirements.
However, NFRA clarified that the effectiveness of the remedial measures was not evaluated as part of the inspection because most of the steps were initiated after the inspection period.
