Auditing Practices Overview

𝗡𝗙𝗥𝗔 𝗖𝗶𝗿𝗰𝘂𝗹𝗮𝗿 (𝟬𝟳 𝗝𝗮𝗻 𝟮𝟬𝟮𝟲) – 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻𝗶𝗻𝗴 𝗔𝘂𝗱𝗶𝘁𝗼𝗿–𝗧𝗖𝗪𝗚 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻 | 𝗞𝗲𝘆 𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀 Today, NFRA has issued an important circular addressing Listed Companies and Auditors emphasizing robust, effective and documented two-way communication between Statutory Auditors and Those Charged with Governance (TCWG), including Audit Committees, in line with the Companies Act, 2013 and Standards on Auditing (SA 260 (Revised) & SA 265). 𝗪𝗵𝘆 𝘁𝗵𝗶𝘀 𝗺𝗮𝘁𝘁𝗲𝗿𝘀? NFRA investigations have highlighted that weak or perfunctory communication is not a procedural lapse- it directly undermines governance, audit quality, and investor confidence. 𝗞𝗲𝘆 𝗵𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗼𝗳 𝘁𝗵𝗲 𝗖𝗶𝗿𝗰𝘂𝗹𝗮𝗿 𝟭) 𝗖𝗹𝗲𝗮𝗿 𝗶𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗧𝗖𝗪𝗚: Auditors must appropriately determine TCWG (Board / sub-group) at the start of the audit and reassess whether communication with the full Board is also required. 𝟮) 𝗠𝗮𝗻𝗱𝗮𝘁𝗼𝗿𝘆 𝘁𝘄𝗼-𝘄𝗮𝘆 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻: Communication must be continuous, meaningful, and not limited to last-minute presentations before approval of financial statements. 𝟯) 𝗪𝗿𝗶𝘁𝘁𝗲𝗻 & 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗲𝗱 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻: Oral discussions must be formally documented. Bullet-only presentations or emails with “deemed acceptance” are unacceptable. 𝟰) 𝗖𝗼𝘃𝗲𝗿𝗮𝗴𝗲 𝗼𝗳 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗮𝘂𝗱𝗶𝘁 𝗺𝗮𝘁𝘁𝗲𝗿𝘀, 𝗶𝗻𝗰𝗹𝘂𝗱𝗶𝗻𝗴: - Audit strategy, scope, timing, and materiality - Key risks, going concern issues, valuation and ECL judgments - Significant unusual transactions and related party transactions - Deficiencies in internal financial controls (SA 265) - Auditor independence and non-audit services 𝟱) 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲𝘀𝘀 𝗶𝘀 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹: At least two structured interactions annually - before audit commencement and well before financial statement approval. 𝟲) 𝗝𝗼𝗶𝗻𝘁 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆: Boards, Audit Committees, Management, and Auditors collectively own the responsibility for effective communication - not auditors alone. 𝗕𝗼𝘁𝘁𝗼𝗺 𝗹𝗶𝗻𝗲 This circular is a strong reminder that effective governance begins with transparent, timely, and well-documented dialogue between Auditors and TCWG. Compliance with SA 260 (Revised) and SA 265 must be demonstrated in both form and substance. 𝘈 𝘮𝘶𝘴𝘵-𝘳𝘦𝘢𝘥 𝘧𝘰𝘳 𝘉𝘰𝘢𝘳𝘥𝘴, 𝘈𝘶𝘥𝘪𝘵 𝘊𝘰𝘮𝘮𝘪𝘵𝘵𝘦𝘦𝘴, 𝘊𝘍𝘖𝘴, 𝘊𝘰𝘮𝘱𝘢𝘯𝘺 𝘚𝘦𝘤𝘳𝘦𝘵𝘢𝘳𝘪𝘦𝘴, 𝘢𝘯𝘥 𝘈𝘶𝘥𝘪𝘵𝘰𝘳𝘴. #NFRA #AuditQuality #CorporateGovernance #AuditCommittee #TCWG #SA260 #SA265 #CompaniesAct2013 #FinancialReporting #BoardResponsibilities

I saw a Board choose one CFO over another, and it wasn’t what you think. Two highly accomplished CFOs were contenders for a pivotal Audit Committee Chair role. Both had impeccable credentials: decades of experience, flawless technical mastery, and strong governance backgrounds. During the selection, each was asked how they would handle a significant, unexpected financial adjustment in the upcoming quarter. The first CFO outlined a precise, technically sound response: “We will ensure full compliance with IFRS, document the variance thoroughly for the auditors, and re-forecast the following quarters to absorb the impact.” It was correct, disciplined, and focused on managing the event. The second CFO framed it differently: “First, I will brief the Board on the operational root cause, not just the accounting impact. Second, we will pre-empt investor concerns by linking this adjustment to our broader strategic realignment. Third, I’ll work with IR to ensure our narrative emphasizes long-term resilience, not short-term noise.” It was strategic, forward-looking, and focused on leading through the event. The Board’s choice was unanimous. You see, the first CFO spoke the language of accounting. The second spoke the language of governance and stakeholder confidence. Both were skilled. However, only one demonstrated board-level intelligence: the ability to see beyond the ledger and steward perception, strategy, and trust. The lesson was clear: 𝒕𝒆𝒄𝒉𝒏𝒊𝒄𝒂𝒍 𝒑𝒓𝒐𝒇𝒊𝒄𝒊𝒆𝒏𝒄𝒚 𝒊𝒔 𝒕𝒉𝒆 𝒑𝒓𝒊𝒄𝒆 𝒐𝒇 𝒆𝒏𝒕𝒓𝒚. 𝑻𝒓𝒖𝒆 𝒊𝒏𝒇𝒍𝒖𝒆𝒏𝒄𝒆 𝒂𝒕 𝒕𝒉𝒆 𝒃𝒐𝒂𝒓𝒅 𝒍𝒆𝒗𝒆𝒍 𝒄𝒐𝒎𝒆𝒔 𝒇𝒓𝒐𝒎 𝒇𝒓𝒂𝒎𝒊𝒏𝒈 𝒇𝒊𝒏𝒂𝒏𝒄𝒊𝒂𝒍𝒔 𝒘𝒊𝒕𝒉𝒊𝒏 𝒕𝒉𝒆 𝒄𝒐𝒏𝒕𝒆𝒙𝒕 𝒐𝒇 𝒆𝒏𝒕𝒆𝒓𝒑𝒓𝒊𝒔𝒆 𝒗𝒂𝒍𝒖𝒆, 𝒓𝒆𝒑𝒖𝒕𝒂𝒕𝒊𝒐𝒏, 𝒂𝒏𝒅 𝒔𝒕𝒓𝒂𝒕𝒆𝒈𝒊𝒄 𝒏𝒂𝒓𝒓𝒂𝒕𝒊𝒗𝒆. So, for finance leaders aiming for the #boardroom, stop mastering only the numbers. Master the story they tell, the risks they hide, and the future they imply.

Audit, Risk & Compliance (ARC): The Three Pillars of Strong Governance "Let me explain why Audit, Risk, and Compliance aren’t just checkboxes—they’re your governance backbone." I’ve had this conversation many times with peers, clients, and boards. And here’s what I often say when someone asks, “How do you build strong governance?” You start with ARC: - Audit - Risk Management - Compliance Each has its role, but when aligned, they become a strategic force. Let me walk you through it from experience: 🔍 Audit is your independent lens. Think of Audit as the team that tells you what’s happening. Their job is to verify that controls are working not just existing on paper. ▶ Example: I once saw an internal audit uncover a $500K billing discrepancy no one had noticed. That wasn’t just cost savings it was a control failure caught before it became reputational damage. The best audit teams today use data analytics and real-time assurance tools to stay ahead. Traditional static audits no longer suffice. ⚠️ Risk is your radar. Risk Management isn’t about stopping risk, it’s about knowing which risks matter, and how much risk you can take to grow. I’ve seen risk teams run scenario analyses ahead of market expansion that flagged FX volatility. With a solid hedging plan, they avoided a 7% EBITDA hit. That’s what proactive risk management looks like. And right now? The strongest risk programs I’ve seen are integrating AI, ESG risk, and third-party oversight into their frameworks. ✅ Compliance is your moral and legal compass. Compliance isn’t just about avoiding fines. It’s about building trust internally and externally. A solid compliance program is the reason one company I worked with navigated new data privacy regulations across multiple countries without missing a beat or getting penalized. What’s changing? Compliance is becoming more automated, more behavior-driven, and more global. And that means compliance officers need better tech and a seat at the strategy table. Now here’s the key: ARC only works when it's integrated. When Audit, Risk, and Compliance operate in silos, things fall through the cracks. But when they collaborate sharing insights, aligning priorities, and using common platforms governance becomes a value driver. A recent PwC survey backs this up: - 73% of execs say ARC alignment improves decision-making - 65% plan to invest in integrated GRC platforms - Over half say Internal Audit is now a transformation partner If you’re leading or supporting ARC functions, my advice is simple: Don’t build walls, build bridges. The future of governance isn’t in functions. It’s in how those functions work together. Let me know how ARC works in your organization today. Do the functions collaborate, or still operate in silos? #Governance #InternalAudit #RiskManagement #Compliance #GRC #BoardEffectiveness #OperationalResilience #Leadership #3prm #tprm #GovernanceExcellence #RiskStrategy #ComplianceCulture

Early on in my auditing career at Deloitte, I learned a valuable lesson that has stuck with me ever since. It's a big reason why I became a successful CFO and consultant. Here it is: We never started audits by just checking the numbers.   Instead, we focused on the processes behind those numbers.  📌 Why?   Every number in a financial statement comes from a business process.   If that process is flawed, the numbers might be inaccurate—or worse, fraudulent.  Imagine I’m auditing a company with $20M in reported sales.   If I only match invoices to revenue, I’ve missed the bigger picture.  There are so many invoices I can vouch anyway I still won't see anything. Or I see what the invoices want me to see. Even if I did find something on a small sample, projecting it to the wider population always seems like a massive overreach ✔️ Instead, I ask:   🔹 How do they take and fulfill orders?   🔹 How do they bill customers?   🔹 What controls ensure accurate billing, collection and reporting?  📌 I walkthrough contracts, shipping documents, and bank statements to verify activity.  🚀 By focusing on the underlying process, I can:   ✅ Identify risk areas and gaps in controls.  (this then becomes the focus of the audit) ✅ Benchmark against industry best practices.   ✅ Help businesses increase revenue or reduce inefficiencies. Even though I’m no longer an auditor, this lesson still shapes how I advise businesses today.  My message here (particularly to SME Accountants): 👉 Don’t just record numbers.   Understand the "Why" and "How" behind them.  💡 Ask yourself: ✔️ Where does this data come from?   ✔️ How do our systems ensure the completeness and accuracy of the data?   ✔️ How can we reduce errors and improve decision-making?  When you optimize financial processes, you don’t just track business performance You improve it.  🚀 Step out of the ledger. Step into business impact.   📊 Your value isn’t just in recording numbers—it’s in improving the processes that create them.  Cheers, Ajibola 🔄 Tag a finance professional who needs this mindset shift!  

𝐓𝐡𝐞 𝐈𝐧𝐯𝐨𝐢𝐜𝐞 𝐓𝐡𝐚𝐭 𝐀𝐥𝐦𝐨𝐬𝐭 𝐆𝐨𝐭 𝐀𝐰𝐚𝐲 During an audit for a client, I noticed a curious pattern. Several invoices had back-to-back serial numbers but wildly different dates. One invoice, dated March 30th, recorded a sale worth ₹10 lakh. Curious, I traced it back to the dispatch records. Turns out the goods were still sitting in the warehouse — untouched. Classic case of fictitious sales to inflate revenue. 𝘛𝘩𝘢𝘵'𝘴 𝘸𝘩𝘦𝘯 𝘐 𝘭𝘦𝘢𝘳𝘯𝘦𝘥: An invoice isn't just a piece of paper — it's a story. And as auditors, we need to connect the dots. 𝐊𝐞𝐲 𝐃𝐞𝐭𝐚𝐢𝐥𝐬 𝐭𝐨 𝐀𝐥𝐰𝐚𝐲𝐬 𝐂𝐡𝐞𝐜𝐤: 1. Seller and buyer details 2. Date of the transaction 3. Description of goods/services 4. Quantity and rates 5. Tax details (like GST) 6. Terms of payment 7. Invoice currency for international transactions 8. Proper authorization and approval signatures 𝐑𝐞𝐝 𝐅𝐥𝐚𝐠𝐬 𝐭𝐨 𝐖𝐚𝐭𝐜𝐡 𝐅𝐨𝐫: 1. Missing invoice numbers (potential fake invoices). 2. Unusually high amounts without approvals. 3. Invoices dated just before year-end to boost sales. 4. Multiple invoices issued to the same buyer within a short span. 5. Frequent cancellations or credit notes without clear reasons. 𝘕𝘦𝘹𝘵 𝘵𝘪𝘮𝘦 𝘺𝘰𝘶 𝘳𝘦𝘷𝘪𝘦𝘸 𝘪𝘯𝘷𝘰𝘪𝘤𝘦𝘴, 𝘳𝘦𝘮𝘦𝘮𝘣𝘦𝘳 — 𝘵𝘩𝘦 𝘯𝘶𝘮𝘣𝘦𝘳𝘴 𝘮𝘢𝘺 𝘵𝘦𝘭𝘭 𝘢 𝘴𝘵𝘰𝘳𝘺, 𝘣𝘶𝘵 𝘪𝘵'𝘴 𝘶𝘱 𝘵𝘰 𝘺𝘰𝘶 𝘵𝘰 𝘶𝘯𝘤𝘰𝘷𝘦𝘳 𝘵𝘩𝘦 𝘵𝘳𝘶𝘵𝘩. #vouching #stat_audit

NFRA Circular 7th Jan 2026: TCWG & Auditors Communication The Circular seeks to bring to attention of all corporate leaders the importance of two-way communication between Auditors and Company and equally importantly the need to document the interaction. Attached slide deck prepared by CA Sounder Rajan S P, gives a view including, roles of Auditors, Board, AC, Best practices, FAQ, Non-Compliance implication, SA 260 requirements, etc SA 260 Auditors communication with Those Charged with Governance (TCWG) been there for long, recognises rightly, that a sub- group of Board (AC in practice) who focuses on FS & work of Auditor constitutes TCWG, so that there is a focused engagement of SMEs viz., AC. The standard also provides that where Auditors believe the whole Board needs to be updated on any matter, the Auditor needs to communicate to whole Board. NFRA circular, based on its experience of inspections to date, seeks to ensure compliance with SA 260 in spirit. Key requirements & my recommendation: A. TCWG: AC to comprise members who have understanding of FS preparation, Audit standards, Accounting Standards, Taxation and Corporate laws. B. Add to AC, as permanent invitees, the MD/ ED and Non- Executive Chairman of Company, who will connect the FS with business strategy; example impairment requirement.  Amend the charter if required. C. Do not make whole board as TCWG or make a separate group of Directors as TCWG: the AC will become ineffective. SA 260 rightly recognises sub group (AC) as TCWG and where required Auditors are encouraged to reach out to full Board. Companies Act and SEBI also mandate AC with responsibilities for FS. D. Minimum 3 meetings between Auditor and TCWG for discussion on: 1. Audit Scope for the FY 2. Audit observations during course of audit and  3. Audit conclusion. E. Auditors to identify based on their assessment who constitute TCWG and there can be instances where Auditor feels AC composition is not adequate and hence whole Board has to be TCWG. The Company Board to evaluate who will constitute TCWG for the engagement with Auditors ; AC or AC+ or AC ++ or whole Board. F. A Nodal officer for interaction between Auditors and TCWG: usually the AC Chair. G. Documentation of communication between Auditors and TCWG ( Do not templatise) H. All IDs without presence of Management team, to engage at least once a year with Auditors and seek direct views from Auditors on their work, observations and areas of improvement. SA 260 requires same. I. AC Chair to present at each Board meeting for benefit of all Directors, summary of AC deliberations ; a formal presentation by AC Chair helps and triggers interaction where required. On a personal note, would encourage all companies outside NFRA purview, also to practice above, since SA 260 application which is applicable to all entities irrespective of size. Happy reading and please share with peers.The attached presentation may be presented to Boards as is.

PROCESS AUDIT CHECKLIST (COMMON POINTS) IN MANUFACTURING SECTOR: 1. Process Control Are standard operating procedures (SOPs) available and followed? Is process capability (Cp, Cpk) monitored and within acceptable limits? Are control charts used for critical process parameters? Is there evidence of regular calibration of equipment and gauges? Are process changes documented and approved through change control? 2. Material Handling & Storage Are materials labeled correctly (name, batch, status)? Is FIFO (First-In-First-Out) or FEFO (First-Expiry-First-Out) followed? Are storage conditions (temp, humidity) monitored and maintained? Are rejected or non-conforming materials segregated and labeled? 3. Operator Competency & Safety Are operators trained and certified for the tasks they perform? Are safety PPEs being worn and used correctly? Are safety instructions and emergency procedures visible? Is there a system for reporting and investigating near-misses and incidents? 4. Equipment Management Is there a preventive maintenance schedule and is it being followed? Are breakdowns recorded and analyzed for recurrence? Are start-up and shutdown procedures standardized? Are critical spare parts available and tracked? 5. Quality Assurance Are in-process inspections conducted as per the control plan? Are inspection tools calibrated and used properly? Are quality issues tracked using root cause analysis tools (5 Why, Fishbone)? Are quality records complete and traceable? 6. Production & Planning Is actual vs planned production tracked? Are downtimes recorded with reasons? Is the takt time, cycle time, and lead time monitored? Are WIP levels controlled and visualized (kanban, signage)? 7. Waste Management & 5S Is workplace organization (5S) maintained? Are waste bins labeled and segregated? Are daily 5S audits conducted and actioned? Are there visible signs of lean practices (kaizen, visual boards, etc.)? 8. Tooling & Fixtures Are tools and fixtures stored properly with visual controls? Are they identified and logged for use and maintenance? Is there a system for tool calibration and wear tracking? 9. Documentation & Records Are process-related documents current and controlled? Are logs (production, quality, maintenance) filled accurately? Are version-controlled work instructions available at workstations? 10. Environmental & Regulatory Compliance Are emissions, effluents, and noise levels monitored and controlled? Is compliance with environmental regulations documented? Are MSDS (Material Safety Data Sheets) available and up-to-date?

How to Win Any Audit Conversation 5P Audit Talk Code Ever feel like you're walking into an ISO audit with a target on your back? You know your work is solid — but the moment the auditor walks in, your confidence walks out. One wrong word. One nervous ramble. One offhand comment — and suddenly, the conversation spirals. Let’s fix that. Here’s how to talk to any ISO Auditor — without slipping up or sounding unsure. 🧭 THE 5P Audit Talk Code **Think of it like your GPS for audit conversations 1. Polite – But Not Passive Tone rule: calm, respectful, not overly eager. → Avoid over-explaining or defending. → Don’t fill silences — let them ask. → Use neutral phrasing:  “Let me walk you through how we approach that”  “This is how it’s currently structured” 2. Precise – No Rambles Stick to the question. Answer what was asked. Nothing more. Nothing less. Auditor: “Do you monitor this?” Wrong: “Well… not really, but we tried to set it up last year…” Right: “Yes. We monitor it monthly using [X]. I can show you the last three reports.” → Think Twitter, not TED Talk. 3. Process-Based – Not People-Based Talk about the system, not individuals. Wrong: “John usually checks it.” Right: “The process requires a monthly review by the department lead, documented in [system/tool].” Use phrasing like:  “The process we follow is…”  “Our current procedure outlines…” 4. Proof-Backed → Don’t explain it — show it.  → If you say it exists, have it ready.  → Screenshots, logs, reports, checklists — whatever backs your point. Pull up real examples if asked: “Here’s the form we use” Don’t explain verbally what you can demonstrate visually. 5. Professional – Stay in Audit Mode No complaints. No sarcasm. No improvisation. And never (!) blame another person or team — even if you really want to. If you don’t know, say:  “That’s outside my scope, but I can connect you with the right owner”  “Let me confirm that and follow up — would you like that in writing?” 🔄 Bonus: When You’re Unsure – How to Stay in Control Even the best-prepared person hits a moment of doubt. When that happens, don’t guess. Use audit-fluent bridging phrases like: → “I want to be accurate on that — let me double-check the current setup” → “That’s owned by another team — I’ll loop them in so you get the full picture” → “We’ve been updating this area — can I show you where we are with it right now?” → “Give me a second — I’ll pull up the latest record so you can see exactly what we’ve got” → “That’s a fair question. The way we currently approach it is evolving, but here’s what’s in place today” These buy you time, maintain confidence and show that you know your process. *** Auditors don’t just listen to your words. They read your behavior and mindset. This Code helps you speak with clarity, alignment and credibility. Tell me — what you always use to stay cool during an audit? P.S. Want the 5P Audit Talk Code™ as a printable card? Comment “5P” and I’ll send it your way. #Auditor #Quality

𝗜𝗳 𝘆𝗼𝘂 𝗴𝗮𝘃𝗲 𝗺𝗲 𝟯𝟬 𝗺𝗶𝗻𝘂𝘁𝗲𝘀 𝘄𝗶𝘁𝗵 𝗮𝗻 𝗮𝘂𝗱𝗶𝘁 𝗰𝗼𝗺𝗺𝗶𝘁𝘁𝗲𝗲, 𝗜 𝘄𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗿𝗲𝘃𝗶𝗲𝘄 𝘁𝗵𝗲 𝗺𝗶𝗻𝘂𝘁𝗲𝘀. 𝗜 𝘄𝗼𝘂𝗹𝗱 𝗮𝘀𝗸 𝗳𝗼𝘂𝗿 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀. Minutes record what already was discussed without looking for context or quality of the discussion. What I look for is whether the questions in that room were the right ones. In many of my investigations, the audit committee did exist. The difference was in how numbers were actually looked at. These four questions usually reveal that. 𝟭. 𝗗𝗼 𝘆𝗼𝘂 𝗵𝗮𝘃𝗲 𝗮𝗰𝗰𝗲𝘀𝘀 𝘁𝗼 𝗱𝗮𝘁𝗮 𝗯𝗲𝘆𝗼𝗻𝗱 𝘄𝗵𝗮𝘁 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝘀? If the answer is no, the committee is reviewing a curated version of reality. Oversight without independent data access can’t be oversight at all; at the best its ratification. 𝟮. 𝗛𝗼𝘄 𝗱𝗼 𝘆𝗼𝘂 𝗱𝗲𝗳𝗶𝗻𝗲 𝘁𝗵𝗲 𝗿𝗼𝗹𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗲𝘅𝘁𝗲𝗿𝗻𝗮𝗹 𝗮𝘂𝗱𝗶𝘁𝗼𝗿? If the answer includes fraud detection, there is a fundamental misunderstanding of the mandate. The Standards on Auditing are clear on this. Audit committees that rely on the external auditor to catch fraud have an assurance gap they may not know exists. 𝟯. 𝗛𝗼𝘄 𝗺𝘂𝗰𝗵 𝘁𝗶𝗺𝗲 𝗱𝗼 𝘆𝗼𝘂 𝗮𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝘀𝗽𝗲𝗻𝗱 𝗿𝗲𝘃𝗶𝗲𝘄𝗶𝗻𝗴 𝗮𝗻𝗱 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗶𝗻𝗴? A committee that meets for 90 minutes before the full board, reviewing 200 pages distributed 48 hours earlier, cannot exercise meaningful scrutiny. The architecture exists, but not the time required to use it. This was very evident in research I did for the listed companies. 𝟰. 𝗪𝗵𝗮𝘁 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲 𝗱𝗼𝗲𝘀 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗶𝘁𝘁𝗲𝗲 𝗵𝗮𝘃𝗲 𝗶𝗻 𝗱𝗲𝗮𝗹𝗶𝗻𝗴 𝘄𝗶𝘁𝗵 𝘀𝗶𝘁𝘂𝗮𝘁𝗶𝗼𝗻𝘀 𝗶𝗻𝘃𝗼𝗹𝘃𝗶𝗻𝗴 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗺𝗮𝗻𝗶𝗽𝘂𝗹𝗮𝘁𝗶𝗼𝗻? Financial qualification and investigative experience are built through different careers. Most audit committees are composed entirely of the former. Experience of how manipulation actually appears in numbers is less common. That perspective, often described as a forensic lens, is usually developed through investigation. Its absence is a structural gap worth examining. Four questions. Thirty minutes. Sometimes that is all it takes to see where the gaps are. 𝗜𝗻 𝘆𝗼𝘂𝗿 𝗲𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝗰𝗲, 𝘄𝗵𝗶𝗰𝗵 𝗼𝗳 𝘁𝗵𝗲𝘀𝗲 𝗳𝗼𝘂𝗿 𝗶𝘀 𝘁𝗵𝗲 𝗵𝗮𝗿𝗱𝗲𝘀𝘁 𝘁𝗼 𝗴𝗲𝘁 𝗿𝗶𝗴𝗵𝘁? #AuditCommittee #CorporateGovernance #FraudRisk #RiskManagement #FinancialReporting #ForensicForesight #Compliance

Internal Audit and ESG Integration 🌎 The expanding scope of ESG has positioned internal audit as a critical function for oversight, alignment, and assurance. As ESG becomes central to corporate strategy and regulatory scrutiny intensifies, internal audit contributes to embedding sustainability principles across governance, risk management, and operational processes. Internal audit helps define the organization’s ESG approach, ensuring it aligns with the mission, values, and long-term strategy. This includes facilitating regular reviews by top management and integrating stakeholder expectations into planning and decision-making. It also plays a key role in verifying that policies across areas such as human capital, cybersecurity, and investment are consistent with ESG commitments. A core responsibility is the assessment of sustainability-related risks and opportunities. Internal audit evaluates how these are identified, measured, and managed, particularly in relation to regulatory developments, product innovation, and third-party relationships. This enables organizations to proactively manage exposure and strengthen resilience. Audit teams also design and test ESG-related controls, monitor changes in the regulatory landscape, and coordinate with second-line assurance providers to maintain oversight and compliance. Ensuring the reliability of ESG data is another essential focus. Internal audit reviews the systems used to capture, analyze, and report on ESG performance, including the use of predictive indicators, technology platforms, and data governance mechanisms. Culture and awareness are also within scope. Internal audit assesses how well ESG values are understood and acted upon across the organization by reviewing training, communication, and stakeholder engagement processes. In parallel, it evaluates issue management protocols, including how complaints are handled, regulatory inquiries addressed, and lessons integrated into continuous improvement plans. Through this comprehensive coverage, internal audit enables organizations to integrate ESG with rigor, accountability, and transparency. Source: KPMG #sustainability #sustainable #esg #business