PKC Management Consulting


corporate governance audit - PKC

Corporate Governance Audit: Why It Matters & How to Get It Right 

Posted On : , Expert verified

Corporate governance audit in India is a legal and ethical necessity. With rising scams, stricter regulations, and investor pressure, companies are expected to maintain transparency, ethical leadership, and solid internal controls.

Stay with us as we break down the full scope, process, and regulatory framework for auditing corporate governance. We also include a checklist, you can use to get ready. 

What is a Corporate Governance Audit in India? 

Corporate governance audit refers to the in-depth assessment of the effectiveness of a company’s governance framework

It reviews the company’s board of directors, committees, internal systems, transparency, risk management, and stakeholder rights.

The main goal is to make sure the company is being run in a way that is transparent, accountable, and responsible to its stakeholders—including investors, employees, and the public.

Regulatory Framework Governing Corporate Governance Audits 

Corporate governance audits in India are governed by a combination of laws, guidelines, and standards. 

Here’s a look at those:

  1. Companies Act, 2013

It is the cornerstone of corporate governance in India, it mandates:

  • Board Composition: Minimum directors, independent directors, and women directors (for listed companies).
  • Audit Committee: Requires listed companies to form an audit committee with a majority of independent directors.
  • Corporate Social Responsibility (CSR): Mandates spending 2% of average net profits on CSR activities (Section 135).
  • Whistleblower Mechanism: Requires listed companies to establish vigil mechanisms for reporting unethical practices (Section 177).
  • Disclosures: Detailed reporting on related-party transactions, director remuneration, and board evaluations.
  1. SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 – LODR

If your company is listed on a stock exchange like NSE or BSE, these SEBI rules are to be followed: 

  • Board Independence: At least one-third of the board must be independent directors.
  • Board Committees: Mandates audit, nomination, remuneration, and stakeholder relationship committees.
  • Disclosure Norms: Quarterly/half-yearly financial results, material events within 24 hours, annual reports with corporate governance compliance details.
  • Risk Management: Requires them to formulate a risk management framework.
  1. Ministry of Corporate Affairs (MCA)

The MCA regulates all corporate laws in India. They can investigate and penalize companies for poor governance.

They monitor whether:

  • Companies are filing correct reports
  • Independent directors are really independent
  • Board is functioning as per legal standards
  1. ICAI Guidelines for Corporate Governance Audits

Released guidance for auditors on how to conduct governance audits – best practices, risk assessments, and standard procedures.

  1. Other Key Regulations
  • Securities Contracts (Regulation) Act, 1956 (SCRA): Regulates stock exchanges and listed securities to ensure fair trading and investor protection.
  • Competition Act, 2002: Prevents anti-competitive practices; CCI approval required for M&As to avoid monopolies.
  • Prevention of Money Laundering Act (PMLA), 2002: Mandates record-keeping and reporting of suspicious financial activities
  • Insolvency and Bankruptcy Code (IBC), 2016: Holds directors/promoters accountable in insolvency; ensures timely resolution and protects creditors’ rights.
  1. Sector-Specific Regulations
  • RBI Guidelines for banks and NBFCs 
  • IRDAI Regulations for insurance companies 

Corporate Governance Audit Checklist India

Corporate Governance Audit Scope 

A typical corporate governance audit in India covers: 

  1. Board and Leadership Evaluation
  • Board of directors is effective, diverse, and independent.
  • Proportion of independent directors (SEBI LODR mandates 1/3rd for top listed companies).
  • Structure, size, and functioning of the board.
  • Leadership performance, decision-making, and whether directors fulfill their roles.
  • Gender diversity (at least one woman director for listed entities).
  1. Audit Committees
  • Committee is independent, meets regularly, and reviews financial statements thoroughly.
  • Committee members have the right qualifications and attend meetings.
  • Oversight of financial reporting, internal controls, and statutory audits.
  • Review of related-party transactions (RPTs) and fraud prevention.
  • Assess alignment with SEBI’s Audit Committee requirements.
  1. Risk Management & Internal Controls
  • Existence of a risk management policy (mandatory for listed companies -SEBI LODR).
  • Clear policies on operational, financial, compliance, and reputational risks.
  • Effectiveness of internal audit teams and their independence.
  • Fraud detection mechanisms (e.g., PMLA compliance).
  • Reviews the strength and testing of internal control mechanisms.
  1. Financial Reporting & Transparency 
  • Compliance with Indian Accounting Standards .
  • Auditor independence and quality of audit reports.
  • Timely reporting of financial results and material events .
  • Transparency in director remuneration, RPTs, and ESG metrics .
  • Scrutinize annual reports, auditor rotation policies, and stock exchange filings.
  1. Compliance with Laws & Regulations
  • Review compliance certificates, statutory registers, and regulatory filings.
  • Verifies timely filings with regulatory authorities like the MCA and SEBI.
  • Tracks any penalties or notices and how the company responds.
  1. Stakeholder Rights
  • Fair treatment of minority shareholders
  • Compliance with POSH Act and labor laws.
  • Analyze shareholder complaints, AGM minutes, and employee grievance logs.
  • Transparency in communication with stakeholders.
  1. Ethics & Corporate Culture
  • Implementation and awareness among employees/directors.
  • Compliance with Prevention of Corruption Act and Vigil Mechanism under Companies Act.
  • Whistleblower protection mechanisms and resolution of reported issues.
  • Training on ethical behavior and conflict of interest policies.
  1. Sector-Specific Additions
  • Banks/NBFCs: Compliance with RBI’s fit-and-proper criteria for directors and capital adequacy norms.
  • Insurance Companies: Adherence to IRDAI’s board composition and solvency requirements.
  • Startups/Unlisted Firms: Voluntary adoption of MCA’s Corporate Governance Guidelines (2009).

Why Choose PKC for Corporate Governance Audits?

  • Specialized corporate governance expertise, not generic auditing
  • Board effectiveness assessments with actionable improvement recommendations
  • Independent director evaluation and board composition analysis
  • Deep regulatory compliance knowledge across multiple jurisdictions
  • Risk management frameworks tailored to governance requirements
  • ESG integration with corporate governance best practices
  • Audit committee effectiveness and internal controls optimization
  • Executive compensation benchmarking and governance structure reviews
  • Stakeholder engagement strategies for transparency and accountability
  • Corporate disclosure enhancement for regulatory and investor relations
  • Whistleblower policy implementation and ethics program development

Process of Conducting a Corporate Governance Audit in India

A corporate governance audit has to be undertaken in a structured, step-by-step manner. Here’s a look at the process we follow: 

1. Planning and Scoping

  • Define audit goals and align them with statutory requirements
  • Identify audit areas -board effectiveness, audit committees, risk management, financial disclosures, etc. and include sector-specific requirements
  • Engage internal auditors or hire external consultants like PKC Management Consulting 
  • Develop a timeline for document review, interviews, and reporting.

2. Document Review

  • Board Records: Minutes of board/committee meetings, director appointment letters, evaluation reports.
  • Financial Statements: Annual reports, audit reports, Ind AS compliance records.
  • Policies: CSR policy, whistleblower mechanism, code of conduct, risk management framework.
  • Regulatory Filings: SEBI disclosures, MCA-21 filings, stock exchange communications.

3. Interviews and Surveys

  • Board Members: Assess their understanding of governance roles 
  • Audit Committee: Review their oversight of financial reporting and internal controls.
  • Management: Evaluate implementation of governance policies 
  • Employees: Check awareness of whistleblower mechanisms 
  • Statutory Auditors: Discuss audit challenges and management cooperation.
  • Investors: Understand grievances

4. Evaluation and Benchmarking

  • Gap Analysis: Compare practices against legal requirements 
  • Risk Assessment: Identify governance risks and prioritize them 
  • Benchmarking: Use industry benchmarks for listed entities.

5. Reporting and Recommendations

  • Draft Audit Report: Highlight findings, best practices and gaps (classidy as critical, minor, etc. )
  • Suggest corrective actions and preventive measures
  • Share findings with the board, audit committee, and regulators (if mandated).

6. Implementation and Follow-Up

  • Action Plan: Assign responsibility for addressing gaps and set deadlines.
  • Monitoring:
  • Track progress through follow-up audits or internal reviews.

Case Studies: Corporate Governance Failures in India 

  1. Satyam Scandal (2009)

Founder of Satyam Computers,(one of India’s top IT firms) Ramalinga Raju admitted that he falsified financial statements, inflating profits by INR 7,000 crore.

Governance Failures:

  • Board negligence
  • Auditor collusion
  • No whistleblower system
  • Weak internal controls 

Followed by Reforms: Auditor rotation (Companies Act 2013), stricter SEBI disclosures.

  1. IL&FS Crisis (2018) 

Infrastructure Leasing & Financial Services (IL&FS) defaulted on its debts. Over INR 91,000 crore in loans were unpaid.

It was treated like a government-backed institution, but poor transparency and huge debt built up quietly over time.

Governance Failures:

  • Board ignored risks
  • Complex subsidiaries hid debt
  • Directors failed to raise red flags
  • Misuse of board power and poor risk controls
  • Auditor oversight

Followed by Reforms: RBI tightened NBFC norms, NFRA audit oversight.

  1. Yes Bank Crisis (2020)

Co-founder Rana Kapoor approved risky loans to suspicious companies – INR90,000Cr. Eventually, the bank couldn’t recover the loans, and it was taken over by the RBI in a rescue plan.

Rana Kapoor was later arrested for money laundering and corruption.

Governance Failures:

  • Weak board independence
  • Audit committee ignored warnings
  • CEO’s unchecked control
  • False reporting and misrepresentation of financial health
  • Hidden NPAs

Followed by Reforms: PCA for private banks, CEO tenure caps.

  1. PNB Scam (2018)

INR 11,400Cr fraud via fake Letters of Undertaking (LoUs) by Nirav Modi and Mehul Choksi  with the help of insiders in the bank.

Governance Failures:

  • Weak internal controls 
  • Audit lapses
  • Employee collusion 
  • No oversight on overseas transactions
  • Senior officials ignored early warning signs

Followed by Reforms: SWIFT-linked banking systems, mandatory fraud reporting.

Author

author

Sambhav R Shah

How PKC can help you

Your dream business is just a click away. Book a FREE 30 mins consulting.

Call us : +91 9176100095

Sign up for FREE consultation.

Related posts :

Frequency of Internal Audit in India - PKCHow Often Should You Audit? A Guide to Internal Audit Frequency applicability of internal audit for private companies- PKC IndiaIs Internal Audit Mandatory for All Private Limited Companies in India?

Fill out your details

    Want to Talk? Get a Call Back Today!
    +91 9176100095
    phone
    phone-2