Government of India
National Financial Reporting Authority
*****
7th Floor, Hindustan Times House,
Kasturba Gandhi Marg, New Delhi
No. NF-20011/3/2020 Dated. 28.04.2020.
NOTICE
Subject: Draft Procedure for Submission of Audit Files to NFRA.
In pursuance of the duties cast upon it under the Companies Act, 2013, and NFRA Rules,
2018, NFRA proposes to prescribe the procedures to be followed by all entities regulated by NFRA
for submission of Audit Files to NFRA. NFRA invites comments from regulated entities on the
procedure described in this draft document in Annexure A. Your comments should be mailed to
social@nfra.gov.in before 31st of May 2020. The email shall contain full contact details of the sender
including name, mobile number, professional address and membership number. Comments without
these minimum identification requirements will not be considered.
Vivek Narayan
Secretary, NFRA
File No.NF-20011/3/2020-O/o CGM(AK)
Annexure A
Draft Procedure for Submission of Audit Files to NFRA.
These procedures are applicable to all audit firms/ chartered accountants (referred to as
entities in these procedures) covered under the jurisdiction of the National Financial Reporting
Authority (NFRA) as laid down vide Section 132 of the Companies Act, 2013, read with NFRA Rules
2018. These procedures govern the submission of Audit Files to NFRA and are issued under the
mandate given to NFRA by the Companies Act 2013, and to discharge the functional responsibilities
defined under NFRA Rules 2018, particularly under Rule 8 (1).
2. Audit Files are defined by para 6(b) of SA 230 Audit Documentation. It may be noted that the SAs
are prescribed/deemed to have been prescribed by the Central Government in exercise of its powers
under sec 143(10) of the Companies Act, 2013. The SAs are, therefore, subordinate legislation.
Failure to comply with the SAs will amount to violation of the provisions of law.
3. It may also be noted that one of the purposes of audit documentation is “Enabling the conduct of
external inspections in accordance with applicable legal, regulatory or other requirements.”
4. The generic procedural requirements described in this document are not a full specification for the
Audit Files. They form a baseline which sets out the minimum requirements necessary to be complied
with by entities while submitting Audit Files to NFRA for any purposes.
5. As required by law, all entities must establish policies and procedures to ensure that Audit Files are
organised, and maintained, in a manner completely consistent with the law, and are retained and
accessible as long as prescribed. Similarly, Audit File management requirements should be
incorporated into the entity’s IT policies, wherever applicable.
6. The Audit File has to be submitted in an electronic format to NFRA. Though entities are free
to follow electronic, manual or hybrid methods of maintaining audit files, the final Audit File
submitted to NFRA has to be compiled in an electronic format conforming to the minimum
requirements mentioned in this document. Care should be taken to maintain the integrity, authenticity,
readability and completeness of the records while converting to/preserving in an electronic format.
The original formats should not be changed except as provided in this document. Wherever hard
copies/physical files/records are maintained; the entity shall take measures to ensure the integrity of
such records. The hard copies shall be serially numbered, dated and signed and sealed, wherever
applicable. A log register shall be maintained in such cases and the copies of the log register shall
form part of the submission to NFRA. All such hardcopies or physical files maintained shall be
scanned to a PDF format with a scanning density of a minimum of 300 dots per inch (dpi).
7. NFRA will only accept files in the formats of Portable Document Format (PDF), MS Word, MS
Excel or MS PowerPoint, or any equivalent file formats, or any combination of the same. Other file
formats (e.g.: MOV, AVI, MP4 etc.) will be accepted in the original/native format if the conversion of
such files into PDF is either not possible or such conversion will compromise the integrity/
authenticity/ readability/ completeness of such files/information in the files.
8. The Audit File submitted to NFRA in the formats specified in para 7 should contain an Index page
in PDF format at the beginning. The index should list out the contents of the Audit File, grouped and
sorted in a logical order. The submission must then maintain the referential integrity of all index data
in subsequent sections.
9. Many entities use some documents/records management systems, or proprietary IT applications, for
creation/collation/ management/preservation of Audit Files. Such applications must be able to export
whole electronic folders of records of an Audit File along with the meta data, into a single PDF file
File No.NF-20011/3/2020-O/o CGM(AK)
such that the content and appearance of the electronic records are not degraded. All components of an
electronic Audit File should be exported as an integral unit; for example, including emails with
associated file attachments. All metadata associated with an electronic record should be linked to the
record to which it belongs. Optionally, the metadata and other application related data can be
presented in a PDF format with proper reference to the subsequent sections/folders/records that
contain other records forming part of the Audit File. All pages of the PDF shall be serially numbered.
Care should be taken to ensure that all the data related to the Audit File is exported to the output
folders and is transferred to NFRA in its entirety. No additional documents or data will be allowed to
be added to the Audit File after it is submitted to NFRA.
10. Such IT applications must have an audit trail (logs) built into the system, which tracks actions
taken on electronic records, access, management, archiving, disposal, application related events,
coding changes, version changes etc. to demonstrate authenticity and integrity of the Audit Files
throughout the file lifecycle. The exported report as mentioned in para 9 shall contain the log reports
of record addition, modification, deletion, archiving, retrieval, re-archiving, user logins, reviews, sign
offs, and any modifications to the sign offs at appropriate sections of the output folder, linked to the
record to which it belongs. The audit trail shall be unalterable and capable of recording all the actions
that are taken upon an electronic record/IT application/meta data or software structure. The trail shall
contain, inter alia, the details of the user initiating the action, the action taken and the date and time of
the event.
11. In case an audit trail/log is not maintained in the existing application used by the entities or there
is no log register, the fact shall be mentioned in the submitted Audit File. This will be viewed as an
inherent weakness of the quality control policies of the entity.
12. All the records i.e., the reports/records exported from the IT application, electronic files directly
obtained and kept at various electronic/digital storage locations, scanned PDFs of hard copies, copies
of the log register, audit trail etc. shall be arranged in sequential order after the index page referred to
in para 8.
13. Once the files are so indexed, sorted and arranged in sequential order, the files shall be placed in a
single folder in the same order. The folder shall be compressed to reduce the size using WinZip or
WinRAR or similar commonly used applications. When using compression to reduce file size, entities
should use lossless compression to maintain the integrity of source data. Lossless compression
produces smaller file sizes without removing any information. By use of lossless compression, the file
size can be reduced to 85% to 90% of actual file size. The compressed file(s) should be uploaded to
the specified File Transfer Protocol (FTP) location provided by NFRA. The auditor may install any
commonly used FTP client for this purpose.
14. The covering letter/email accompanying the Audit File shall include the total number of pages in
the attached Audit File, the total number of records/files/folders attached and the total size in MB of
the attached audit file. The covering letter shall also contain a brief description about the entity’s
policies, practices and tools used for maintaining Audit Files.
15. These procedures will be applicable till such time as they are not expressly
revoked/amended/modified by NFRA.
16. The above procedures are applicable only with respect to the manner and form in which Audit
Files need to be submitted to NFRA. They do not cover anything related to the Integrity of Audit
Files, records/document management aspects, and the minimum functional and security requirements
of the IT platforms used for Audit Documentation. Separate procedures/guidelines will be issued in
this regard.
*****
File No.NF-20011/3/2020-O/o CGM(AK)