NFRA Flags Audit Quality Deficiencies at KPMG, PwC, EY and BDO Affiliates

India's audit regulator released inspection reports last Sunday flagging quality deficiencies across affiliates of four global audit networks, with KPMG's BSR Affiliates Network cited for gaps in fraud-risk assessment and PwC network firms facing the sharpest finding: six partners who acquired securities in the holding company of a client whose audit work their firms had accepted.

The National Financial Reporting Authority published the four reports on March 16, covering BSR Affiliates Network (KPMG), Price Waterhouse and Affiliates' Network (PwC), SRBC & Co. LLP (EY) and MSKA & Associates LLP (BDO International). The regulator said the reports are part of a broader inspection cycle targeting 10 large audit firms this year, with additional reports expected in the coming days.

The PwC finding was the most concrete independence breach in the batch. According to the reports, five partners of the PW&A network and one partner of the PwC network were found to have acquired securities in the holding company of a firm for which audit work had been accepted, a direct violation of independence requirements.

For KPMG's BSR Affiliates, the picture was more mixed. NFRA said the firm was "found to be generally compliant with independence requirements and previous years' inspection findings" at the firm-wide level, and acknowledged it had resolved quality issues raised in earlier inspections. But the engagement-level findings were pointed. The fraud-risk assessment on cash misappropriation "focused solely on the possibility of employee-level fraud and did not consider the significant risk of cash siphoning by senior management or brand owners," the report stated. It also found that because brand owners exercised full control over the entity's IT systems, the risk of management override of IT controls was elevated and required explicit evaluation that the engagement team had not performed. Separately, the firm's revenue fraud-risk assessment failed to address the possibility of revenue understatement. NFRA recommended strengthening policies on accepting non-audit services from immediately past audit clients and deepening root-cause analysis practices.

BSR Affiliates responded with a measured acknowledgment. "We recognize that the inspection framework plays a vital role in strengthening audit quality. The firm has noted the feedback shared by the NFRA in the inspection report and would continue to invest in its audit quality agenda and upholding public trust," a spokesperson said.

The EY affiliate SRBC & Co. LLP received a different kind of finding. The firm already has a network-wide policy prohibiting EY network firms from providing non-audit services to NFRA-regulated audit clients, but the regulator said that policy alone is insufficient. NFRA called for "an appropriate monitoring mechanism to ensure that the firm's policies and procedures on firm-wide independence are operating effectively and complied with in practice." Inspectors also flagged deficiencies in analytical procedures and inadequate evaluation of arm's-length pricing in related-party transactions involving shares and investments. SRBC & Co. said it "will continue to take necessary actions, where required, for remediation of the observations in accordance with NFRA rules."

Detailed firm-specific findings for MSKA & Associates LLP, the BDO International affiliate, were not elaborated in the inspection summaries published alongside the reports.

Across all four reports, NFRA said the majority of audit processes reviewed were not aligned with Indian auditing standards and regulatory requirements. The regulator flagged recurring weaknesses in independence monitoring, internal governance, fraud-risk evaluation, audit documentation and related-party transaction scrutiny. It also recommended firms improve their updating and monitoring of the Central Entity System, whose maintenance underpins compliance with independence requirements under SQC 1 and Section 141 of the Companies Act, 2013.

NFRA framed the exercise as constructive rather than punitive. "These inspections are a tool to provide audit firms with actionable regulatory feedback much earlier in the financial reporting cycle to help them enhance their quality control systems," the regulator said. No enforcement actions or penalties were announced alongside the reports. With six firms from the 10-firm inspection cycle still to be covered, further reports are expected before the financial year closes.