NFRA Guidance on Financial Statement Preparation and Audit Documentation

AI CFO
Mar 17
10 min read

Updated: Mar 18

1. Executive Summary

The National Financial Reporting Authority (NFRA), constituted under Section 132 of the Companies Act 2013, regulates auditing and financial reporting for large companies in India. Its mandate includes monitoring compliance with Indian Accounting Standards (Ind AS) and Standards on Auditing (SAs), issuing guidance, and enforcing quality. In 2024–2026, NFRA intensified its audit oversight, emphasizing documentation-driven audit quality.

Key themes include strengthening professional skepticism, ensuring audit files comprehensively support the audit opinion (SA 230), and improving risk assessment processes (SA 315, SA 240).

Recent NFRA issuances relevant to financial statements and audit documentation include:

· Audit File Maintenance (Dec 2025) – Circular NF-22/52/2025 underscores SA 230/SQC 1 requirements for timely assembly and retention of audit files (typically within 60 days of the audit report). Firms must adopt formal policies to preserve complete, unaltered audit records.

· Auditor–TCWG Communication (Jan 2026) – Circular NF-25013/3/2025 notes a persistent need to “strengthen communications” between auditors and those charged with governance (TCWG/Audit Committees) in compliance with the Companies Act and SA 260 (Revised) Documentation of such communications (e.g. minutes, letters) is often missing.

· Audit Strategy (Nov 2025) – NFRA’s model Audit Strategy Memorandum (toolkit) emphasizes defining the overall audit strategy early, setting materiality levels (SA 320), and mapping key risks to controls and substantive tests.

· Revenue Risk (Jan 2026) – A staff “Risk & Response” memorandum and toolkit highlight that revenue recognition remains the highest fraud risk in audits. Auditors are reminded to perform assertion-level ROMM (Risk of Material Misstatement) assessment for revenue and to “presume fraud risk in case of revenue” per SA 240 unless rebutted.

· Group Audits (Oct 2024) – Circular on SA 600 cites “gross negligence and audit failure” in group audits, often due to over-reliance on component auditors. It clarifies that principal auditors must fully comply with all SA 600 requirements and not apply “fallacious interpretations” that skip procedures.

· Annual Report 2024–25 (Dec 2025) – The report’s enforcement section documents recurring deficiencies: incomplete audit documentation, failure to document judgments, inadequate controls testing, and independence lapses. It also notes that revenue, related parties, and internal controls are common trouble spots.

Common Findings: NFRA inspections frequently find

(1) audit documentation gaps – missing or altered workpapers, no evidence of key judgments or TCWG communications;

(2) risk assessment lapses – especially failing to treat revenue as a presumed fraud area and insufficient materiality analysis;

(3) reporting omissions – such as undisclosed related-party transactions, going-concern uncertainties, or impairment losses. This document compiles NFRA’s issues, recommendations, and best-practice guidance for auditors.

2. Methodology

We systematically reviewed NFRA’s official publications up to March 2026, focusing on financial statement preparation and audit documentation.

Sources include:

· NFRA Circulars: e.g., Audit File Maintenance (Dec 2025); Effective Communication (Jan 2026); Group Audits (Oct 2024); Fraud Reporting (Jun 2023); Revenue Ind AS Compliance (Mar 2023).

· NFRA Toolkits/Staff Series: e.g., Audit Strategy Memo (Nov 2025); ROMM for Revenue (Jan 2026); Estimates Q&A (Sept 2025).

· Annual Reports: Especially Annual Report 2024–25 (Dec 2025), which includes firm-specific orders and aggregated findings.

· Inspection Reports/Orders: Selected cases (e.g. PwC, Lodha, BSR) cited in NFRA documents or press releases.

· Consultation Papers: Drafts (e.g. SA 600 revised) where relevant.

3. Core Content

Section A: Issues Identified by NFRA

NFRA’s publications identify recurring audit failures. The table below categorizes key issues by topic:

Issue Category	Specific Problems Cited	Source (Date)	Examples/Quotes
Audit Documentation (SA 230, 260, 265)	Missing or incomplete working papers - Evidence of judgments not recorded Audit file not assembled on time Unauthorized post-signing edits Weak documentation of communications to TCWG (SA 260).	NFRA Circular (Audit File – Dec 2025) Annual Report 2024–25 (Dec 2025) Enforcement Orders	• NFRA found instances where “audit documentation was inadequate”, e.g. no records of key controls or conclusions, and that internal control deficiencies were not communicated to governance. One case noted “failure to assemble the Audit File within 60 days of completion of the audit”, violating SA 230/SQC1. • Another order cited “lack of documented audit evidence of communication with Those Charged with Governance” contrary to SA 260.
Revenue – ROMM (SA 315, 240)	Inadequate identification of revenue fraud risks Insufficient cut-off and completeness testing Management bias ignored Failure to allocate variable consideration (Ind AS 115)	NFRA Staff Series (Revenue ROMM – Jan 2026) Audit Toolkit (Revenue – Nov 2025) Annual Report 2024–25	• NFRA emphasizes that revenue has “highest risk of material misstatement”, yet found audits where risk assessment for revenue wasn’t done, raising undetected fraud risk • Toolkit reminds auditors that SA 240 “casts a responsibility on the auditor to presume fraud risk in case of Revenue, unless… rebutted”. • Frequently noted: no testing of period-end sales or rebates, and lack of substantive checks on large contracts.
Audit Planning & Materiality (SA 300, 320)	Weak preliminary audit strategy (no clear scope/timing) Materiality set arbitrarily or late Ignoring specialist involvement (IT, internal audit) Unaddressed high-risk areas due to poor planning	NFRA Strategy Memo (Nov 2025) Annual Report 2024–25	• Cases show “failure to plan the audit and understand the nature of the entity”, including “failure to determine materiality and performance materiality” • One report noted audit procedures were insufficient in key areas like materiality and revenue testing. • NFRA’s model strategy memorandum highlights documenting overall strategy separately from detailed plans.
Consolidated FS / Group Audits (SA 600)	Principal auditor blind reliance on component audit reports Neglecting inter-company eliminations Misinterpreting SA 600 obligations Missing disclosures for subsidiaries/associates	NFRA Circular (Group Audit – Oct 2024) Annual Report 2024–25	• NFRA observed “gross negligence and audit failure in audits of Group Financial Statements” for several corporate collapses. Principal auditors “did not raise red flags” despite fraud indicators, relying on “fallacious interpretations of SA 600”. • The circular reiterates that a principal auditor must perform all SA 600 procedures and cannot skip steps because another SA seems “independent” of auditor obligations. • NFRA noted cases where consolidated FS ignored unaudited component statements or lacked testing of consolidation adjustments.

Section B: NFRA Suggestions & Recommendations

To address these issues, NFRA’s guidance and advisories offer recommendations. The table below summarizes NFRA’s suggestions by topic, linked to relevant standards, and includes practical implementation tips:

Topic	NFRA Recommendations	Standards Referenced	Implementation Tips
Audit Documentation	Structured documentation systems: Implement indexed, digital audit file systems; encrypt and log access. Link evidence to assertions: For each risk, clearly map procedures to conclusions (per SA 230 . Timely assembly: Complete the final audit file (including all workpapers) soon after report issuance usually within 60 days). Retention and security: Follow SQC 1 (retain ≥7 years) and maintain version control to prevent post-signing edits.	SA 230 (Audit Documentation); SQC 1 (Quality Control); SA 260, SA 265	– Use audit management software (with audit trail) for workpapers and evidence. – Checklists for required file components (risk assessment, master file, working papers). – Log all file assembly steps and approvals.
ROMM Assessment (Revenue)	Assertion-level risk assessment: Identify revenue-related ROMMs at the assertion level (SA 315). Presume fraud risk in revenue: Treat revenue as a fraud risk by default (SA 240). If rebutted, document strong rationale Map risks to controls/substantives: Identify revenue controls (e.g. sales order entry, invoicing systems) and link them to planned tests (SA 315, SA 330). Pay attention to cut-offs and incentives: Audit year-end sales carefully; inspect large discounts or incentive accruals (NFRA noted these as common manipulation points).	SA 315 (Risk Assessment); SA 240 (Fraud); SA 330 (Substantive Procedures)	– Develop a revenue control matrix in planning. – Confirm a sample of major customers and reconcile sales to cash. – Use spreadsheets to simulate revenue recognition (consider variable consideration as per Ind AS 115). – Require documentation of management’s revenue assumptions.
Audit Strategy & Planning	Preliminary strategy first: Document an overall audit strategy (scope, timing, resources) separate from the detailed plan (per SA 300). Materiality early: Set overall and performance materiality up front (SA 320), with benchmarks (e.g. 0.5–1% of revenue, 5–8% of profit). Document rationale. Specialist involvement: Engage experts (IT, tax, valuations) as needed and describe their roles in strategy. Team planning: Assign tasks clearly (including any component auditors), and prepare a timeline with key milestones.	SA 300 (Audit Planning); SA 320 (Materiality)	– Prepare a concise “Audit Strategy Memo” for client, summarizing key focus areas (fraud risk, related-party, going concern). – Conduct team briefings on strategy and risk prioritization. – Review materiality if preliminary results (e.g. losses) change audit scope.
Quality Enhancement	Outreach and training: NFRA recommends nationwide education (auditor–board interactions, workshops) to disseminate best practices. Firm-level reviews: Establish internal peer reviews or pre-issuance reviews to catch documentation gaps early. Professional skepticism: Reinforce scepticism in firm culture (SA 200.12) to challenge management assertions. Independence policies: Update and enforce policies on related-party checks and non-audit services (NFRA noted improvements needed in many firms).	SA 200 (General Principles); Corporate Governance norms	– Conduct internal training on recent NFRA findings and “lessons learned”. – Use NFRA’s sample memos and Q&A as audit training materials. – Survey audit teams periodically on compliance with new guidance.

Section C: Guidance and Best Practices

In addition to high-level suggestions, NFRA’s documents provide practical guidance and templates:

· ROMM Workpapers:

NFRA published a Risk & Response model worksheet for revenue (staff series). It demonstrates linking each revenue risk (e.g. existence, cut-off) to controls and procedures, including formulating response descriptions and conclusion statements. Audit teams can adapt these templates for other assertions.

· Fraud Risk Flowchart:

A conceptual flowchart (based on SA 240) can aid planning. For example: (1) Identify suspected fraud area (e.g. incentives) → (2) Presume fraud risk in revenue → (3) Plan targeted procedures (e.g. cut-off tests, data analytics) → (4) If management rebuts fraud presumption, require formal documentation of rationale (SA 240) and still perform skepticism-based tests. NFRA stresses (via SA 240) that a rebuttal must be well-supported by audit evidence.

· Case Study – Revenue:

A typical NFRA illustration considers a manufacturing client with year-end sales discounts. The audit approach may include:

· Evaluating management estimates (sample contracts, past discount patterns).

· Testing controls (reviewing contract change logs, approvals).

· Substantive tests (revenue cut-off at warehouses, confirmation of receivables).

· Disclosures (ensuring Ind AS 115 variable consideration notes are correct). NFRA emphasizes confirming significant balances and reconciling sales return provisions.

· Group Audit Checklist: NFRA material highlights key steps for principal auditors:

· Communication with components: Document discussions with each component auditor at planning, midterm, and wrap-up.

· Risk areas: Ensure group-specific risks (e.g. intragroup guarantees, fund diversion) are addressed.

· Consolidation adjustments:

Independently verify any consolidation entries (eliminations, foreign currency translation, non-controlling interest calculations). NFRA found auditors often overlook these.

· Audit Committee Materials:

NFRA encourages auditors to prepare clear summaries of findings (e.g. on revenue risks, fraud indicators) for audit committees. Since communication is repeatedly flagged, auditors should use written memos or slide decks to TCWG, with minutes confirming receipt (SA 260, 265).

The above practices, drawn from NFRA’s toolkits and recommended memos, aim to make audits documentably robust and directly address NFRA’s enforcement concerns.

Section D: Common Deficiencies Highlighted by NFRA

In addition to the audit-specific issues above, NFRA’s inspections have repeatedly flagged financial reporting and disclosure deficiencies in companies’ published statements. The following areas are frequently cited in NFRA’s orders and firm-wide inspections (2020–2026):

· Related Party Transactions (Ind AS 24):

Auditors often fail to identify, verify, and disclose all related parties and their transactions. NFRA notes inadequate assessment of arm’s-length pricing, and missing or incomplete disclosures of related-party terms, balances, and commitments. Major cases (e.g. a Zee Ltd. order) found auditors negligent in not reporting significant undisclosed transactions involving promoters. Related-party audit procedures and documentation are commonly deficient.

· Impairment of Assets (Ind AS 36):

Firms frequently overlook impairment indicators or understate losses. NFRA cases cite insufficient impairment testing for investments, goodwill, or PPE – often missing updated cash flow forecasts or sensitivity analyses. Disclosures on assumptions (discount rates, growth rates) are often incomplete. In enforcement reports, NFRA found cases where investment impairments (e.g. ₹38 crore in loss-making subsidiaries) were not properly recognised, and where audit evidence on valuations was inadequate.

· Going Concern (SA 570 / Ind AS 1):

Auditors sometimes fail to adequately evaluate or disclose going-concern uncertainties. NFRA reviews have highlighted missing disclosures on deteriorating financial conditions (e.g. sustained losses or defaults) that cast doubt on continuity. For example, audits of entities with sharp declines in revenue or mounting losses lacked the required “material uncertainties” disclosures.

· Revenue Recognition (Ind AS 115):

NFRA notes incomplete disclosures of revenue streams and contract terms. Deficiencies include inadequate breakdown of revenue categories, missing disclosures of contract assets/liabilities, and lack of explanation of variable consideration practices. Auditors have failed to ensure clients’ notes cover performance obligations and timing of revenue – an area NFRA views as highly prone to misstatement.

· Investments and Financial Instruments (Ind AS 109 / 107):

Audits often omit required disclosures on fair value hierarchies, credit risk or market risk of financial assets. NFRA found inadequate note presentation for investments held for sale or impaired instruments. In one high-profile case, auditors missed verifying over ₹12,500 crore of loans and investments to related parties, a matter flagged as suspected fraud.

· Loans, Advances and Other Financial Assets:

Disclosure lapses are common for large intra-group loans or advances. Required details on terms, interest rates, security, and credit loss provisions are often insufficient. NFRA calls out missing notes on ECL (expected credit losses) and inadequate arm’s-length assessments for loans to subsidiaries/affiliates.

· Provisions, Contingent Liabilities and Commitments (Ind AS 37):

Auditors frequently fail to ensure full disclosure of contingencies or litigations. Reports cite omitted guarantees or claims (e.g. pending lawsuits) that should have been presented as contingent liabilities. Proper description of provisions (nature, timing, uncertainties) is sometimes missing in the notes.

· Other Comprehensive Income (OCI) & Equity:

PFirms often misclassify or insufficiently explain OCI components (such as revaluation reserves or actuarial gains/losses). NFRA notes missing reconciliations of equity movements and unexplained differences in reserves.

· Segment Reporting (Ind AS 108):

Audits sometimes overlook segment disclosures. NFRA has found incomplete reporting of operating segments (products/services, geographies) and neglect of major customer disclosures when required.

· Presentation & Classification (Ind AS 1):

Common issues include incorrect current/non-current classification of assets, missing comparative data, or insufficient disclosure of accounting policies and judgments. NFRA reports often mention general presentation weaknesses (e.g. combining dissimilar items or inconsistent formats across years).

· Internal Controls over Financial Reporting (ICFR) Deficiencies:

NFRA frequently finds material control weaknesses that affect financial disclosures (e.g., controls over revenue or related-party transactions). Auditors sometimes under-report these ICFR deficiencies. For instance, inadequate testing of revenue controls can lead to misstatement risk not being captured in the ICFR report.

· Post-Sign-off Modifications:

Finally, NFRA warns against altering financial statements or audit files after the audit report date. Instances of undocumented post-signing changes have been flagged as undermining the reliability of disclosures.

The above deficiencies are drawn from NFRA’s published enforcement orders and inspection reports. Auditors should be particularly vigilant in these areas to ensure compliance with Ind AS disclosure requirements and SA reporting obligations.