July 15, 2026

SA 600 Reform: Why MCA Must Act on NFRA’s Audit Standard Proposal

0
A magnifying glass placed over financial reports and charts on an office desk, alongside a calculator, documents, and a laptop, symbolizing corporate auditing, financial reporting, regulatory oversight, and accounting standards.

A representative image

Spread love

By P. SESH KUMAR

Summary

Nearly two years after the National Financial Reporting Authority (NFRA) recommended a revised Standard on Auditing 600 (SA 600), the Ministry of Corporate Affairs (MCA) has yet to notify the reform, creating prolonged uncertainty in India’s audit ecosystem. The issue has gained urgency following SEBI’s interim findings in the Rajesh Exports case, where regulators said they were unable to verify the majority of the company’s reported consolidated revenue because overseas subsidiary accounts were unavailable.

The opinion piece argues that India’s existing SA 600 framework allows principal auditors to rely extensively on component auditors while limiting accountability for the overall consolidated audit opinion. NFRA’s proposed revision would align India with international standards by making the group auditor ultimately responsible for the consolidated financial statements, requiring greater oversight, documentation, and risk-based supervision.

New Delhi, July 15, 2026 — Nearly two years after the National Financial Reporting Authority (NFRA) recommended a revised Standard on Auditing 600 (SA 600) that would make the group auditor ultimately answerable for the opinion on consolidated financial statements (CFS), the Ministry of Corporate Affairs (MCA) is still “in consultation” and still short of a decision. The issue has acquired fresh urgency from the Rajesh Exports affair, in which SEBI says it could not verify the overwhelming bulk of a listed company’s revenue because the accounts of its overseas subsidiaries were not available for examination.

A Decision Twenty Months Deferred

India specialises in regulatory limbo where everything has been decided except the thing that matters. NFRA recommended a revised SA 600 to the Central Government in November 2024, along with thirty‑three other auditing standards, and proposed that they take effect from 1 April 2026. That date has come and gone. We are now told that MCA is “in advanced consultation” and likely to decide soon. Twenty months is a long time to think about a standard that eight of eleven NFRA board members–including nominees of the CAG, RBI and SEBI — had already voted for.

What has nudged the file, if the reporting is right, is not a fresh argument but a fresh scandal. In an interim ex parte order of 3 June 2026, SEBI said it had been unable to verify most of Rajesh Exports’ reported consolidated revenue– around Rs 15 lakh crore across five financial years– because the standalone accounts of its overseas subsidiaries, principally the Swiss refiner, were not understood to be publicly available. The order recorded a prima facie view of misconduct and dereliction on the part of the statutory auditors and passed the matter to NFRA; the company denies wrongdoing and attributes the affair to confusion and a communication gap.

One must be careful–an interim order is not a finding, and legislating in the heat of a headline is a poor way to make standards  But the case dramatizes, with almost textbook clarity, the hole in the present architecture. If ninety‑eight per cent of a listed group’s revenue sits in components the Indian principal auditor never audited, never visited and never had to interrogate, then the phrase “true and fair view of the consolidated position” is doing work that no human being has actually done.

What SA 600 Does, And What The Revision Would Do

The extant SA 600 is titled, revealingly, “Using the Work of Another Auditor”. The title is the theory. The standard is built around a division of labour and, crucially, a division of responsibility. The principal auditor checks the competence of the other auditor, obtains and considers his report, and may state in his own report the extent to which he has relied on that work– thereby, in substance if not in form, disclaiming responsibility for that portion of the consolidated whole. Reliance, once disclosed, insulates.

This reflects an age in which the group was understood as a federation of separately audited legal persons, each with its own auditor appointed under section 139 of the Companies Act and professionally accountable in his own right. The group auditor was a coordinator of opinions, not the commander of a single audit.

NFRA’s proposed SA 600 (Revised), aligned with ISA 600 (Revised) issued by the IAASB, moves away from a ‘using the work of another auditor’ federation model and towards a risk‑based group audit in which the group auditor is required to take overall responsibility for the consolidated opinion and actively direct and evaluate component work.

Four changes matter:

(i)        Responsibility becomes indivisible: the group auditor is ultimately answerable for the audit opinion on the consolidated financial statements, whoever did the underlying work.

(ii)       Scoping ceases to follow legal form and becomes a function of risk: the idea of the “significant component” falls away and the group auditor must identify and respond to risks wherever they arise – in entities, service centres, divisions or branches.

(iii)      Communication becomes an obligation rather than a courtesy: the group auditor must direct, instruct, evaluate and, where necessary, perform the work himself.

(iv)      Documentation and scepticism are pushed up: the file must show what the group auditor did about the component auditor’s work, not just that he received it.

NFRA has proposed that the revised standard apply only to public interest entities  (PIEs) and has expressly carved out public sector banks, public sector undertakings including insurers, and their branches. The much‑invoked bank branch auditor of a nationalised bank is not within the proposed perimeter at all — an awkward fact for some of the more dramatic speeches on the subject.

ICAI vs NFRA: India’s Audit Regulator War Thaws amid Fog

The Regulator’s Case

NFRA’s argument is forensic, drawn from its own case files. In recommending the revision, it cited big fraud matters where principal auditors had placed mechanical reliance on other auditors without assessing circumstances that called for extra procedures. The charge is blunt: in a market where fees are competed to the bone and clients select component auditors, the division‑of‑responsibility architecture does not merely permit under‑auditing; it rewards it. Reliance is cheap. Scepticism is expensive. A standard that makes the cheap course defensible will get the cheap course.

A second argument lies in the composition of the vote. The eight members who supported the revision were not allies of the large networks; they were the CAG’s nominee, the Reserve Bank, SEBI, two external experts, two whole‑time members (since increased) and the chairperson. That is the core of India’s financial supervision arriving at the same conclusion from different vantage points– public audit, prudential regulation, market conduct and reporting oversight. When the CAG’s representative, whose institution has no commercial stake in private audit concentration, votes for undivided group‑auditor responsibility, the “Big Four plot” narrative begins to look like comfort fiction.

The third argument is about the consolidated opinion itself. Under section 129(4), the provisions applicable to the audit of a holding company’s financial statements apply mutatis mutandis to the CFS. The auditor who signs the CFS asserts a true and fair view of the group. If he may simultaneously say that he has relied on others for ninety per cent of it, then the assertion is no longer an opinion but a compilation of other people’s opinions with a cover page. Retail investors, lenders and bondholders do not read the reliance paragraph. They read “unqualified”.

The Institute’s Case, Steel‑Manned

It is easy, and lazy, to dismiss ICAI as a trade union defending income. Its case deserves better, because at least three of its limbs are serious.

First, the argument from uniform qualification. In our country, every statutory auditor is a chartered accountant, a member of the same Institute, trained under the same syllabus, examined by the same board and disciplinable by the same authority. ISA 600 was drafted for a world in which the component auditor might be a firm from a weak licensing regime with no inspection and no enforceable ethical code. In that world, requiring the group auditor to assess component competence is a rational safeguard. In India, ICAI says, it is a solecism: it asks one member of a profession to sit in judgment on another whom the State has already certified as competent.

Second, the argument from market structure. Around ninety thousand small and medium practices depend on subsidiary audits as their economic base. If we make the group auditor answerable for component work, he will insist on choosing the component auditor; management will oblige; the network firm will land the mandate. No rule will say “concentrate the market”. The market will simply concentrate, quietly, through thousands of engagement decisions.

NFRA’s likely answer–that the standard does not require the group auditor to redo component work, and that concentration can be addressed by ‘caps’ –speaks to intention, not to incentive.

Third, the argument from regulatory incoherence. RBI’s 2021 circular  on bank and NBFC auditors restricts a single audit firm from auditing more than one entity within a regulated group. In precisely the sector where consolidated mis-statement risk is gravest, Indian law forbids the very consolidation of audit work that ISA 600 assumes. The Indian group auditor of a financial conglomerate cannot appoint himself to the components; he can only duplicate their work at the group’s cost  Add foreign subsidiaries where local law demands a local auditor and no Indian firm has the footprint to redo the work, and ICAI’s concern that Indian firms will be disadvantaged against international networks becomes difficult to wave away.

ICAI also reminds us that responsibility for CFS rests with boards and key managerial personnel. Loading the whole of it onto the group auditor looks unjust. But nobody proposes to relieve management of its primary responsibility. The auditor’s duty is not to prepare the accounts; it is to give an opinion on them. The quarrel is about what an opinion means.

The View From The Component Bench

Component and branch auditors are the constituency nobody consults and everybody invokes. Their grievance is about the mismatch between authority and responsibility. Under section 143(8) of the Companies Act, branch accounts may be audited by someone other than the company’s main auditor, appointed under section 139, who sends his report to the company’s auditor. The subsidiary auditor is appointed by the subsidiary’s members, owes his duty to them and can be removed only by them.

The group auditor who is made answerable for that component work has, in law, no power to appoint, instruct or remove the component auditor. Responsibility without authority is the oldest complaint in administration; here it is dressed in a standard.

The component auditor’s mirror‑image fear is just as real. He apprehends that he will be converted from an independent statutory auditor into a subcontractor–taking instructions, submitting working papers for review, exposing his file to a competitor firm– while retaining full liability to his own members and to NFRA. If the group auditor is a network firm that also covets the subsidiary mandate, he will be handing his methodology, his weaknesses and his client relationship to the firm most likely to displace him.

These are not fanciful objections. They cannot be met by saying the group auditor “may” rely. They can be met, but only by legislating around the standard rather than diluting it.

India’s Grassroots Audit Crisis: Why the CAG Must Reclaim Oversight

The Comparative Ledger: America And Europe

Both sides invoke international practice; both are selective.

In the United States, when the PCAOB rescinded AS 1205, it did not abolish divided‑responsibility audits; it codified them in AS 1206. The standard governs the situation where the lead auditor divides responsibility with a “referred‑to auditor” and makes reference to that report in its own. Divided responsibility survives –but as the exception.

It is hedged with conditions. The lead auditor must perform procedures on the consolidation itself, must obtain written representations as to independence and licensing from the referred‑to auditor, and must disclose in the audit report the magnitude of the portion audited by the other firm. In other cases, a risk‑based supervisory regime applies, requiring the engagement partner to decide whether his firm’s participation is sufficient to serve as lead auditor at all. One may divide responsibility, but one must say so, quantify it and accept that one may simply not sign if one cannot supervise. The Indian reliance paragraph, which quantifies nothing and costs nothing, belongs to a different era.

Europe has taken the opposite path and gone the whole way. Its Statutory Audit Directive states that in a statutory audit of consolidated accounts the group auditor bears full responsibility for the audit report, must review and document his review of component auditors’ work, and must retain documentation sufficient for the competent authority to review his work. The Directive then does the thing our debate has missed. It provides that an auditor may be dismissed only for proper grounds, and that a divergence of opinion on an accounting treatment or audit procedure is expressly not such a ground. Europe gave the group auditor the whole responsibility and, in the same instrument, removed the weapon by which he might have used it to clear the field.

The honest summary is that the mainstream has moved towards undivided group‑auditor responsibility; the US has retained a narrow, quantified, disclosed divided‑responsibility route; and the jurisdiction that thought hardest about collateral damage to small firms–Europe–addressed it by protecting tenure, not by weakening the standard. Our difference argues for stronger statute, not weaker assurance.

Why The Difference Should Not Be Allowed To Fester

There is a respectable case for letting NFRA and ICAI fight it out: regulatory competition can be healthy, and a profession that never resists oversight is no use to anybody.

The facts argue against a long war. For twenty months, auditors have been preparing for a standard that may or may not arrive, audit committees do not know what they are entitled to demand, and investors have been sold consolidated opinions under a standard everyone in authority has already agreed is inadequate. Regulatory uncertainty is not a neutral holding pattern. It is a subsidy to the badly behaved.

The dispute is also corroding both institutions. Some say that NFRA has allowed itself to be caricatured as a Big Four instrument; publishing its exposure draft on SA 600 on the very day ICAI’s Council met to consider its own revision was regulatory theatre, not regulatory judgement. ICAI, for its part, has manoeuvred itself into appearing to defend a weaker audit standard because it protects members’ fees–a devastating position for a statutory body whose charter is the public interest.

Most importantly, the substantive gap is now narrower than either side’s rhetoric admits. ICAI’s own December 2025 revision to SA 600 establishes accountability parameters for principal and component auditors, mandates enhanced written instructions, strengthens scepticism, and expressly enables principal auditors to review component records, visit components and perform direct procedures. In substance, that is ISA 600 with the name filed off. ICAI has conceded the power. What it is still resisting is the duty–and the consequence that reliance can no longer be pleaded as a defence.

What The Ministry Will Probably Do –And What It Should Do

MCA’s incentives are legible. It is not a regulator; it is a Government department. It will optimise for external credibility and domestic manageability.

On the first axis, every argument points to notification. A jurisdiction that alone among major markets permits group auditors to disclaim responsibility for the consolidated opinion is a jurisdiction with an asterisk in the eyes of IFIAR, IOSCO and global investors. On the second axis, every argument points to delay. ICAI is a constituency of hundreds of thousands of members and tens of thousands of firms; antagonising it is not politically costless. The twenty‑month pause reflects this tension.

The likely compromise is easy enough to sketch. MCA will eventually notify the revised standard substantially as NFRA proposed, but keep the public interest entity (PIE) perimeter and the carve‑out for public sector banks, PSUs and their branches, defer the effective date to a realistic point with a transitional year, and fold in as much of ICAI’s December 2025 drafting as can be accommodated without surrendering the core principle. The substance will be adopted, the credit shared, the pain staggered.

What MCA should do is that–and the one thing nobody is asking for. It should notify the standard and simultaneously legislate component‑auditor protection and disclosure.

Two borrowed ideas and two local ones would suffice. Borrow Europe’s rule: an auditor may not be removed, nor his reappointment declined, because of a divergence of opinion on an accounting treatment or audit procedure; require audit‑committee approval, with reasons disclosed, for any change of component auditor soon after a change of group auditor. Borrow America’s discipline: require the group auditor to state, on the face of the consolidated report, the proportion of group assets and revenues audited by other auditors, and to name them. Locally, require disclosure in key audit matters of the components scoped in and out and the basis of that scoping, and mandate NFRA to publish an annual audit‑market concentration report.

At the same time, MCA could bifurcate competence assessment: dispense with it for component auditors who are ICAI members in good standing and not the subject of adverse findings, and require it rigorously for foreign components. It should retain a narrow, quantified division‑of‑responsibility route on the American model for cases where the group auditor is legally barred from doing the work himself – principally entities caught by RBI’s one‑firm‑per‑group rule – and require explicit reporting of its magnitude.

All of this would sit on top of a simple statutory sentence that Parliament has not yet written: who recommends, who is consulted, who decides and what happens when they disagree.

Coda: What An Audit Opinion Is For

The deepest point in this quarrel is not about SA 600 at all. It is about what an audit opinion is for.

If the signature on a consolidated balance sheet means “I have satisfied myself about this”, then the group auditor must be able to satisfy himself, and must be answerable when he has not. If it means “I have collected the signatures of others”, then let us say so clearly on the face of the report and let the market price the difference.

What cannot survive is the present arrangement, in which the auditor gives the first assurance and reserves the second defence. That is not a technical gap in a standard. It is a promise the profession has been making and quietly declining to keep. No amount of diplomacy between NFRA and ICAI will settle it until somebody in MCA accepts that where the buck stops is not an abstract question. It is a line that has to be written down.

(This is an opinion piece. Views expressed are the author’s own.)

From Enron to KPMG: The Failure of Audit Self-Regulation

Follow The Raisina Hills on WhatsApp, Instagram, YouTube, Facebook, and LinkedIn

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Discover more from The Raisina Hills

Subscribe now to keep reading and get access to the full archive.

Continue reading