PKC Management Consulting

Audit findings follow up procedures with example,- PKC

Audit Findings Follow Up Procedures in India (With Examples)

Audit findings follow up procedures are not only essential but required by law to stay compliant and avoid penalties.

Understand with us the post audit follow up process explained with steps and example.

Understanding Audit Finding Follow Ups 

When an audit is completed, the auditor shares audit findings i.e. the results or observations identified during an audit.

These findings highlight areas where an organization is not following required laws, policies, or internal procedures.

Learn here about: 

Following up on audit findings is just as important as identifying them. If findings are ignored, the same issues will continue, which may lead to penalties, legal problems, or reputational damage.

Regulatory Framework for Audit Follow Up in India

Audit follow-ups are not only a good practice for organisations, but they are also a good practice. 

Here’s a look at what regulations and laws drive them:

Regulation Relevance
Companies Act, 2013 Requires audit trail, audit committees, and internal audits
ICAI Standards (SA 265 etc.) Guide communication and follow-up on control weaknesses
SEBI LODR Regulations Mandates audit committee oversight on audit findings
CARO 2020 Statutory auditor must report management’s compliance actions
RBI Circulars Require banks and NBFCs to report compliance on audit observations annually
CAG Framework Enforces structured legislative follow-up on audit findings in public entities

Public Sector Audit Follow-Up (CAG of India)

Audit follow-up in this sector is driven by the Comptroller and Auditor General (CAG), who audits Union/State governments and PSUs. 

After audit reports are tabled in Parliament or State Legislatures, legislative committees like the Public Accounts Committee (PAC) and Committee on Public Undertakings (COPU) review findings.

  • Action Taken Reports (ATRs): Audited entities must submit ATRs detailing fund recovery, disciplinary steps, and policy reforms.
  • Monitoring & Compliance: CAG tracks ATRs; PAC/COPU assess adequacy and demand further action if necessary, reinforcing transparency.

Private Sector Audit Follow-Up

In the corporate sector, audit follow-up is regulated through the Companies Act, 2013, ICAI Standards, SEBI Regulations, and oversight bodies like NFRA and MCA.

  • Section 177: Audit Committees must review audit reports and ensure timely corrective action.
  • Section 138: Internal audits are mandatory for specified companies, with oversight by the Audit Committee.

Regulatory bodies like the Ministry of Corporate Affairs (MCA), SEBI, and NFRA strengthen enforcement.

  • SEBI (LODR) Regulations, 2015: Listed companies must disclose responses to audit qualifications and review whistleblower complaints.
  • NFRA: Oversees audit quality and can penalize auditors, indirectly pushing companies to act on audit issues.

Standards and Digital Compliance

The Institute of Chartered Accountants of India (ICAI) sets out Standards on Auditing (SAs), such as:

  • SA 265, 330: Require auditors to communicate internal control deficiencies and follow up on risk mitigation.

Recent rules mandate digital accountability:

  • From FY 2023-24, all companies are required to maintain a tamper-proof audit trail under the Companies (Accounts) Rules, 2014, verified by auditors.

Sector-Specific Audit Follow-Up Mechanisms

Reserve Bank of India (RBI):

  • Banks and NBFCs must submit compliance reports post-audit.
  • Board-level reviews are mandated.
  • Delay in action can trigger regulatory sanctions.

IRDAI (Insurance), PFRDA (Pension Funds), and Others:

  • Industry-specific regulators issue their own mandates for audit follow-up.
  • Includes regular internal audits, compliance reports, and implementation reviews.

Step-by-Step Audit Findings Follow Up Procedures in India 

Once the audit is completed, the real work begins: resolving findings and preventing recurrence.Here is how it is to be approached: 

1. Issuance and Acknowledgment of Audit Findings

The audit finding follow up procedure starts with the submission of the report. 

  • Internal Auditor, Statutory Auditor, CAG, RBI, SEBI, or other regulator issue the audit report.
  • The report lists observations, control weaknesses, and recommendations.
  • Management acknowledges the findings and shares the report with the Audit Committee or Board.
  • They then establish official recognition of the findings and ensure they are taken seriously.

2. Root Cause Analysis (RCA)

The process owner and department head are required to provide a formal response for each finding. This prevents recurrence by fixing the root cause, not just the symptom.

This response must include:

  • Acknowledgment: Agreement or disagreement with the finding.
  • Root Cause Analysis: The underlying reason for the issue (not just the symptom).
  • Corrective Action Plan (CAP): Specific, measurable actions to fix the issue.
  • Responsible Person: The individual accountable for implementation.
  • Target Date: A realistic deadline for completion.

Example: Misclassification of expenses might be due to system flaws, manual errors, or lack of training.

3. Development of a Corrective Action Plan (CAP)

Management, specifically the audited department/process owner, is responsible for addressing the findings and preparing a formal written response and a Corrective Action Plan (CAP).

The plan must be S.M.A.R.T. (Specific, Measurable, Achievable, Relevant, Time-bound). It must specify:

  • Corrective Action: The steps to be taken to fix the immediate issue.
  • Preventive Action: The steps to be taken to prevent recurrence.
  • Responsible Person/Department: The individual or team accountable for implementation.
  • Target Completion Date: A realistic deadline for full implementation.

4. Management & Audit Committee Review and Approval

The formulated CAP is reviewed and approved by senior management or a dedicated oversight body.

They validate that the CAP is:

  • Practical
  • Risk-sensitive
  • Budgeted
  • Aligned with statutory and regulatory obligations

5. Implementation of Corrective Actions

This is the phase where management implements the agreed-upon actions.

The responsible person within the management executes the agreed-upon actions (e.g., updating a policy, implementing a control, recovering an amount, training staff).

Examples of Actions:

  • Policy and SOP updates
  • Staff training and awareness
  • Technology upgrades (e.g., implementing audit trail software)
  • Strengthening internal controls

6. Documentation and Evidence Collection

Documentary evidence or system logs are collected to verify completion of each action. It creates a verifiable audit trail for future scrutiny.

Types of Evidence:

  • Updated policies
  • System reports/logs 
  • Communication records
  • Proof of staff training

It is submitted to internal Audit, Statutory Auditors, Audit Committee, and/or regulators (e.g., RBI, SEBI, CAG)

7. Follow-Up Audit or Validation

Internal audit (or external auditor for statutory cases) conducts a follow-up review to verify the reported completion of corrective actions. They 

  • Verify implementation through testing and review of controls
  • Conduct interviews, walkthroughs, or data testing

8. Status Reporting to Audit Committee/Board

The internal audit team prepares a Follow-Up Report or a Status Tracker that is presented to the Audit Committee and senior management. 

This tracker uses a RAG (Red-Amber-Green) status:

  • Red: Action not taken/ineffective
  • Amber: Action in progress/delayed
  • Green: Action completed and verified

9. Formal Closure of Findings

If the auditor is satisfied that the root cause has been addressed, the risk is mitigated, and the new control is operating effectively, the finding is formally closed in the observation tracker.

The status of all open and closed findings is regularly reported to the Audit Committee and the Board of Directors, providing assurance on the company’s control environment.

Difference Between Public Vs Private Sector Post Audit Follow Ups

Feature Public Sector (C&AG) Private Sector
Primary Driver Parliament/State Legislature (PAC/COPU) Board of Directors / Audit Committee
Follow-Up Document Action Taken Note (ATN) Corrective Action Plan (CAP) / Status Tracker
Validation Body C&AG’s office & PAC Internal Audit & Statutory Auditor
Final Authority Parliament/State Legislature Shareholders (via reporting) & Regulators (NFRA, SEBI)
Focus Public accountability, propriety, compliance Risk mitigation, operational efficiency, financial accuracy

Post Audit Follow Up Checklist- PDF Free Download

Here’s a post-audit follow-up checklist that will help you get a glimpse of what happens after an audit is complete. 

Remember this is a sample PDF checklist and needs to be customized based on the industry you operate in, your business size, and regulatory requirements. 

Get in touch with PKC’s experts for audit services and complex compliance matters.

Audit Finding Follow-Up Example: LM Manufacturing Pvt. Ltd. (FY 2024–25)

Let’s assume  a mid-sized auto parts manufacturer LM Manufacturing Pvt. Ltd. based in Pune underwent its statutory audit for FY 2024–25 as per the Companies Act, 2013.

The auditors highlighted certain issues in the audit report that required follow-up action.

Statutory Audit Finding

Auditor reported:

  • Inventory reconciliation was not performed regularly
  • Stock discrepancies worth ₹45 lakhs were noted between the ERP system and physical stock
  • Indicated weak internal controls in inventory management, violating good accounting practices under ICAI standards.

Post Audit Follow Up Steps

Step By Step Follow Up Procedure After an Audit

Step 1: Acknowledgement

  • Management accepted the audit finding
  • Issue was discussed in the Audit Committee meeting
  • It was recorded in the company’s “Audit Action Tracker.”

Step 2: Root Cause Analysis

  • The finance team and internal audit unit conducted an RCA.
  • Findings:
    • Stock counts were done only once a year, not quarterly
    • ERP entries were often delayed due to poor coordination between production and stores department
    • No clear accountability assigned for stock verification.

Step 3: Corrective Action Plan (CAP)

  • Conduct quarterly stock reconciliation starting Q2 FY 2025–26.
  • ERP to be updated daily with stock movement
  • Assign Stores Manager as responsible for stock verification
  • Deadline: 60 days for first reconciliation

Step 4: Management Review & Approval

  • Audit Committee reviewed the CAP
  • Approved budget for additional staff training and ERP system upgrade

Step 5: Implementation

  • ERP system upgraded with real-time stock tracking module
  • Training sessions held for production and finance staff
  • Quarterly stock verification calendar rolled out

Step 6: Documentation & Reporting

  • Finance Head submitted a progress report to the Board of Directors in September 2025.
  • Internal memos documented reconciliation progress and updated controls.
  • Copies were shared with statutory auditors.

Step 7: Follow-Up Audit

In November 2025, internal audit team verifies:

  • ERP and physical stock are now matched.
  • Quarterly reconciliations were completed on schedule.
  • Responsibility for stock control clearly documented.

Finding marked as “Resolved.”

LM Manufacturing Pvt. Ltd. successfully closed the audit issue within 6 months.

It strengthened internal controls and reduced stock discrepancies. This helped them  improve compliance with Companies Act, 2013 and ICAI audit standards.

Audit Findings Follow Ups With PKC Vs Others 

Aspect PKC India Other Firms
Follow-Up Timeline ✅ Defined milestones post-implementation Generic 3–6 month follow-up
Verification ✅ Evidence-based validation 🚫Self-certification or limited checks
Monitoring ✅ Continuous support 🚫 Limited or periodic
Action Plans ✅ Client-specific corrective actions 🚫 Standard recommendations
Reporting ✅ Detailed status updates 🚫Quarterly or annual reports
Risk Focus ✅ Proactive risk mitigation 🚫Reactive compliance approach
Stakeholder Involvement ✅ Active board and management engagement 🚫Minimal engagement
Documentation ✅ Full audit trail of actions 🚫Basic documentation
Compliance Assurance ✅ 100% compliance goal 🚫Best-effort basis
Industry Expertise ✅ Sector-specific insights 🚫Generalized expertise
Regulatory Updates ✅ Timely and proactive 🚫Occasional updates
Cost Structure ✅ All-inclusive follow-up 🚫Follow-up billed separately
Success Metrics ✅ Defined KPIs and outcomes 🚫Basic compliance measures

FAQs on Audit Findings Follow Up Procedures 

They are steps taken after an audit to correct issues and improve compliance. These procedures are guided by the Companies Act, ICAI standards, and regulators like RBI and SEBI.

The company’s management, Audit Committee, and Board of Directors are primarily responsible. Auditors review whether corrective actions have been implemented.

Follow ups depend on the severity of the issue. Serious issues need immediate attention, while minor ones may be checked in the next audit cycle. In India, regulators often prescribe timelines for compliance.

Ignoring audit findings can lead to regulatory penalties, reputational damage, and legal consequences. For listed companies and banks, SEBI and RBI can take strict action.

Yes, the CAG audits government bodies, and departments must submit Action Taken Notes (ATNs). The Public Accounts Committee reviews these for accountability.

How PKC can help you

Your dream business is just a click away. Book a FREE 30 mins consulting.

Call us : +91 9176100095

Fill out your details

    Want to Talk? Get a Call Back Today!
    +91 9176100095
    phone
    Index