The National Financial Reporting Authority (NFRA) of India is reportedly proposing to establish a method for auditors that would assist them in keeping their audit documentation files and information safe in a tamper-proof way, to avoid KPMG-like tampering. This would be similar to DigiLocker, which caters to individual users, as reported by ET News.
Following the recent regulatory action taken by its American counterpart, the Public Company Accounting Oversight Board (PCAOB), the regulator for auditors of listed and large Indian companies, the NFRA has also moved in the same direction in the matter of instances of manipulation of audit document files. PCAOB has levied a penalty of one million dollars on the audit firm KPMG India and a penalty of seventy-five thousand dollars on the engagement partner of the firm, CA Sagar Pravin Lakhani, in addition to a one-year suspension from associating with a registered public accounting firm.
It has been brought to the attention of the PCAOB that CA Sagar Pravin Lakhani, the engagement partner, along with other members of the KPMG India engagement team, signed off on dozens of blank working papers. These papers were subsequently replaced, after the issuance of the audit report, with completed working papers; however, in many instances, the signoff dates were not updated on the completed working papers. Because of this approach, the working papers did not accurately reflect the dates on which the audit work was really finished and evaluated. In addition, KPMG India was aware of the fact that its audit software enabled its workers to edit or amend audit paperwork without changing the signoff date.
As a consequence of this, the NFRA has been debating whether or not to implement the technology known as “digilocker” in order to prevent auditors from potentially manipulating data and audit paperwork. The law mandates that auditors finish their audit files and prohibits them from making any changes to the information later on in any way. Only the audit files are subject to oversight by regulatory authorities such as the NFRA, and if any of those files are tampered with, the oversight will be rendered ineffective.
It has been reported that the NFRA intends to mandate that the audit files be archived electronically with time stamps placed on the documents in a manner that is analogous to the technique used by DigiLocker. Even if they are going to be kept in an impartial location, the audit firms will have access to all of the records. At any time that the NFRA requires access to the records, it will make a request for access, and the company in question will be obligated to provide it.
In the event that any additions or adjustments are made, the originals cannot be removed without causing a chain reaction. Additionally, the records of these adjustments and additions will be accessible to users.
Digilocker Facility for ICAI Members/Students: Digital Locker to keep e-docs
What’s the difference between the digilocker facility given by the ICAI and the one being discussed by NFRA? The ICAI digilocker appears to safeguard vital records, whereas the NFRA intends to monitor and manage the entire audit trail. If I’m wrong, someone please enlighten me. Thanks
As per news reports, NFRA is planning to use the proposed “Entity Digilocker” for the purpose.
In Budget 2023, the “Entity DigiLocker” was proposed for large businesses, nonprofits, and MSMEs. Entity dgilocker shall be used for the purpose of securely storing time-stamped documents online and sharing them with a variety of authorities, regulators, banks, and other business entities, including NFRA and auditors, as needed.
The “entity digilocker” would be an expansion of the existing “digilocker.” It would discourage auditors and businesses from changing or tampering with audit-related records and files. To move things forward, NFRA is consulting with MEITY, as per news reports.
So, once the proposed NFRA plan gets through, the auditor shall get ready for the audit by getting all of the files and documents they need from Entity Digilocker and storing them safely and separately in Entity Digilocker during the audit. So, auditors or companies won’t be able to add to or change any new or existing documents in the future. This makes it impossible to change the documents in any way.