Auditors must do basic groundwork, not rely too much on AI: NFRA Chairman

If one reads the Companies Act, Code of Ethics, and Standards of Audit and Quality Control in a harmonious manner, then one would not have any confusion about definition of non-audit services, he said

Auditors must not have any conflicting interest during the audit exercise and also not rely too much on artificial intelligence (AI). With increasing reliance on technology, AJAY BHUSHAN PANDEY, chairperson of National Financial Reporting Authority (NFRA), says in a conversation with Ruchika Chitravanshi that NFRA would check if audit firms have kept to their word in the follow-on inspection this year. NFRA will shortlist another seven to eight firms for an annual inspection this year. Edited excerpts:

What do you think of the state of the audit profession in India, having gone through the process of inspecting the Big Five recently?
 

We need to recognise the complexity of the working environment in today’s globally integrated, information technology-driven new business and economic environment. This requires specialisation, new professional skill sets, and a change in the auditor’s mindset, particularly for the audit of public interest entities. Perhaps we could consider specialisation in the audit profession or robust continuing education for chartered accountants.

Second is the adequate and appropriate demonstration of professional work with transparent and clear audit work papers.

The third thing we found is the independence of auditors from the audited entities. If an audit firm or its network associates undertake substantial consultancy work from the audit client or its associates, then their independence will be impacted due to various threats posed to them, such as self-interest threat, self-review threat, familiarity threat, and so on.

The fourth is the communication between those charged with governance, the board of directors, audit committee, and the auditors.

Many auditors say that non-audit services are not well defined.
 

If one reads the Companies Act, Code of Ethics, and Standards of Audit and Quality Control in a harmonious manner, all of which talk about auditor’s independence and professional scepticism, then one would not have any confusion about the definition of non-audit services.

You have used strong language in pointing out some lapses in your inspection report. Firms, however, have justified themselves as far as any violation related to non-audit services goes.
 

In our inspection reports, we have noted varying degrees of compliance by different firms. The purpose of the inspection is to advise them on what is unacceptable and where there is a scope for improvement. When we inspect the firm again at a later date, there will be an evaluation of the corrective and remedial action taken by the firm.

Many of the firms have already started taking remedial action. For example, some of them have come up with the policy of not providing non-audit services to audit clients or their group entities. However, in case we find that things have not improved, then there are other options available to us under the law.

Our regulatory objective is to implement effective supervisory mechanisms to protect the interest of our stakeholders. Towards this goal, it is critical to see that the audit firms should have absolutely no conflict of interest and discharge their larger public interest obligation flawlessly.

Are you satisfied with the responses they have given to your inspection findings?
 

We have noted and believe in the positive tone of audit firms’ intention when they say, “We have taken note, and we will improve”. And I will wait for their words to be translated into action, which will be visible in the next inspections. This inspection and the disciplinary proceedings — we have tried to separate them as much as possible.

Our inspection report itself says that this exercise is not to find faults for penalising auditors straightaway. But, say after one or two inspections, if things don’t improve and these deficiencies come up again, then in that particular case, audit firms will find it very difficult to justify their conduct. Such a situation may warrant appropriate disciplinary action depending upon the nature of non-compliance.

How will you pick who you inspect next?
 

There are various parameters: the extent and significance of the public interest involved, say the number of companies being audited by the audit firm.

The second is based on the risk factors, both reflected by quantitative as well as qualitative aspects. Of course, we have to bring some surprise element also by selecting some on a random basis as well.

With what frequency would you do these inspections?
 

Inspection will be an annual phenomenon. It is in line with the core principles of our global forum called the International Forum of Independent Audit Regulators. We have to use our public resources very judiciously. We may pick seven or eight more firms besides the Big Five to inspect this year.

NFRA had come up with a statement some time ago, that resigning does not absolve the auditor of his responsibility towards fraud reporting. What was the trigger to make that statement?
 

What we are saying is that resignation is not the escape route for the auditor to absolve himself from the critical public interest obligation of reporting frauds in or by corporates. If it has come to the auditor’s notice and as a sound independent professional, he has a reason to believe, then one has to file a report with MCA as mandated in the law of the land.

Our statement was in the general context of many resignations that were going on and our findings during our disciplinary proceedings.

How are you using AI in your work and what is your advice to audit firms now exploring ways to deploy more AI?
 

We will use data analytics data to identify the risk parameters. One should have professional skepticism and then use AI as a supplement to their analysis. But I would urge them to avoid the general tendency to only rely on AI. The groundwork should continue to be done by the professionals. If there is some mistake in the audit due to information given by AI, then it cannot be used as an excuse.