Expert verified Corporate governance audit in India is a legal and ethical necessity. With rising scams, stricter regulations, and investor pressure, companies are expected to maintain transparency, ethical leadership, and solid internal controls.
Stay with us as we break down the full scope, process, and regulatory framework for auditing corporate governance. We also include a checklist, you can use to get ready.
What is a Corporate Governance Audit in India?
Corporate governance audit refers to the in-depth assessment of the effectiveness of a company’s governance framework
It reviews the company’s board of directors, committees, internal systems, transparency, risk management, and stakeholder rights.
The main goal is to make sure the company is being run in a way that is transparent, accountable, and responsible to its stakeholders—including investors, employees, and the public.
Regulatory Framework Governing Corporate Governance Audits
Corporate governance audits in India are governed by a combination of laws, guidelines, and standards.
Here’s a look at those:
- Companies Act, 2013
It is the cornerstone of corporate governance in India, it mandates:
- Board Composition: Minimum directors, independent directors, and women directors (for listed companies).
- Audit Committee: Requires listed companies to form an audit committee with a majority of independent directors.
- Corporate Social Responsibility (CSR): Mandates spending 2% of average net profits on CSR activities (Section 135).
- Whistleblower Mechanism: Requires listed companies to establish vigil mechanisms for reporting unethical practices (Section 177).
- Disclosures: Detailed reporting on related-party transactions, director remuneration, and board evaluations.
- SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 – LODR
If your company is listed on a stock exchange like NSE or BSE, these SEBI rules are to be followed:
- Board Independence: At least one-third of the board must be independent directors.
- Board Committees: Mandates audit, nomination, remuneration, and stakeholder relationship committees.
- Disclosure Norms: Quarterly/half-yearly financial results, material events within 24 hours, annual reports with corporate governance compliance details.
- Risk Management: Requires them to formulate a risk management framework.
- Ministry of Corporate Affairs (MCA)
The MCA regulates all corporate laws in India. They can investigate and penalize companies for poor governance.
They monitor whether:
- Companies are filing correct reports
- Independent directors are really independent
- Board is functioning as per legal standards
- ICAI Guidelines for Corporate Governance Audits
Released guidance for auditors on how to conduct governance audits – best practices, risk assessments, and standard procedures.
- Other Key Regulations
- Securities Contracts (Regulation) Act, 1956 (SCRA): Regulates stock exchanges and listed securities to ensure fair trading and investor protection.
- Competition Act, 2002: Prevents anti-competitive practices; CCI approval required for M&As to avoid monopolies.
- Prevention of Money Laundering Act (PMLA), 2002: Mandates record-keeping and reporting of suspicious financial activities
- Insolvency and Bankruptcy Code (IBC), 2016: Holds directors/promoters accountable in insolvency; ensures timely resolution and protects creditors’ rights.
- Sector-Specific Regulations
- RBI Guidelines for banks and NBFCs
- IRDAI Regulations for insurance companies
Corporate Governance Audit Checklist India
Corporate Governance Audit Scope
A typical corporate governance audit in India covers:
- Board and Leadership Evaluation
- Board of directors is effective, diverse, and independent.
- Proportion of independent directors (SEBI LODR mandates 1/3rd for top listed companies).
- Structure, size, and functioning of the board.
- Leadership performance, decision-making, and whether directors fulfill their roles.
- Gender diversity (at least one woman director for listed entities).
- Audit Committees
- Committee is independent, meets regularly, and reviews financial statements thoroughly.
- Committee members have the right qualifications and attend meetings.
- Oversight of financial reporting, internal controls, and statutory audits.
- Review of related-party transactions (RPTs) and fraud prevention.
- Assess alignment with SEBI’s Audit Committee requirements.
- Risk Management & Internal Controls
- Existence of a risk management policy (mandatory for listed companies -SEBI LODR).
- Clear policies on operational, financial, compliance, and reputational risks.
- Effectiveness of internal audit teams and their independence.
- Fraud detection mechanisms (e.g., PMLA compliance).
- Reviews the strength and testing of internal control mechanisms.
- Financial Reporting & Transparency
- Compliance with Indian Accounting Standards .
- Auditor independence and quality of audit reports.
- Timely reporting of financial results and material events .
- Transparency in director remuneration, RPTs, and ESG metrics .
- Scrutinize annual reports, auditor rotation policies, and stock exchange filings.
- Compliance with Laws & Regulations
- Review compliance certificates, statutory registers, and regulatory filings.
- Verifies timely filings with regulatory authorities like the MCA and SEBI.
- Tracks any penalties or notices and how the company responds.
- Stakeholder Rights
- Fair treatment of minority shareholders
- Compliance with POSH Act and labor laws.
- Analyze shareholder complaints, AGM minutes, and employee grievance logs.
- Transparency in communication with stakeholders.
- Ethics & Corporate Culture
- Implementation and awareness among employees/directors.
- Compliance with Prevention of Corruption Act and Vigil Mechanism under Companies Act.
- Whistleblower protection mechanisms and resolution of reported issues.
- Training on ethical behavior and conflict of interest policies.
- Sector-Specific Additions
- Banks/NBFCs: Compliance with RBI’s fit-and-proper criteria for directors and capital adequacy norms.
- Insurance Companies: Adherence to IRDAI’s board composition and solvency requirements.
- Startups/Unlisted Firms: Voluntary adoption of MCA’s Corporate Governance Guidelines (2009).
Why Choose PKC for Corporate Governance Audits?
|
Process of Conducting a Corporate Governance Audit in India
A corporate governance audit has to be undertaken in a structured, step-by-step manner. Here’s a look at the process we follow:
1. Planning and Scoping
- Define audit goals and align them with statutory requirements
- Identify audit areas -board effectiveness, audit committees, risk management, financial disclosures, etc. and include sector-specific requirements
- Engage internal auditors or hire external consultants like PKC Management Consulting
- Develop a timeline for document review, interviews, and reporting.
2. Document Review
- Board Records: Minutes of board/committee meetings, director appointment letters, evaluation reports.
- Financial Statements: Annual reports, audit reports, Ind AS compliance records.
- Policies: CSR policy, whistleblower mechanism, code of conduct, risk management framework.
- Regulatory Filings: SEBI disclosures, MCA-21 filings, stock exchange communications.
3. Interviews and Surveys
- Board Members: Assess their understanding of governance roles
- Audit Committee: Review their oversight of financial reporting and internal controls.
- Management: Evaluate implementation of governance policies
- Employees: Check awareness of whistleblower mechanisms
- Statutory Auditors: Discuss audit challenges and management cooperation.
- Investors: Understand grievances
4. Evaluation and Benchmarking
- Gap Analysis: Compare practices against legal requirements
- Risk Assessment: Identify governance risks and prioritize them
- Benchmarking: Use industry benchmarks for listed entities.
5. Reporting and Recommendations
- Draft Audit Report: Highlight findings, best practices and gaps (classidy as critical, minor, etc. )
- Suggest corrective actions and preventive measures
- Share findings with the board, audit committee, and regulators (if mandated).
6. Implementation and Follow-Up
- Action Plan: Assign responsibility for addressing gaps and set deadlines.
- Monitoring:
- Track progress through follow-up audits or internal reviews.
Case Studies: Corporate Governance Failures in India
- Satyam Scandal (2009)
Founder of Satyam Computers,(one of India’s top IT firms) Ramalinga Raju admitted that he falsified financial statements, inflating profits by INR 7,000 crore.
Governance Failures:
- Board negligence
- Auditor collusion
- No whistleblower system
- Weak internal controls
Followed by Reforms: Auditor rotation (Companies Act 2013), stricter SEBI disclosures.
- IL&FS Crisis (2018)
Infrastructure Leasing & Financial Services (IL&FS) defaulted on its debts. Over INR 91,000 crore in loans were unpaid.
It was treated like a government-backed institution, but poor transparency and huge debt built up quietly over time.
Governance Failures:
- Board ignored risks
- Complex subsidiaries hid debt
- Directors failed to raise red flags
- Misuse of board power and poor risk controls
- Auditor oversight
Followed by Reforms: RBI tightened NBFC norms, NFRA audit oversight.
- Yes Bank Crisis (2020)
Co-founder Rana Kapoor approved risky loans to suspicious companies – INR90,000Cr. Eventually, the bank couldn’t recover the loans, and it was taken over by the RBI in a rescue plan.
Rana Kapoor was later arrested for money laundering and corruption.
Governance Failures:
- Weak board independence
- Audit committee ignored warnings
- CEO’s unchecked control
- False reporting and misrepresentation of financial health
- Hidden NPAs
Followed by Reforms: PCA for private banks, CEO tenure caps.
- PNB Scam (2018)
INR 11,400Cr fraud via fake Letters of Undertaking (LoUs) by Nirav Modi and Mehul Choksi with the help of insiders in the bank.
Governance Failures:
- Weak internal controls
- Audit lapses
- Employee collusion
- No oversight on overseas transactions
- Senior officials ignored early warning signs
Followed by Reforms: SWIFT-linked banking systems, mandatory fraud reporting.
Author
Sambhav R Shah
