AUDIT & REGULATORY UPDATE | 13 MARCH 2026
NFRA Inspection Reports 2026: Key Takeaways for CAs
India’s audit regulator, the National Financial Reporting Authority (NFRA), is set to publish inspection reports for 10 major audit firms — including EY, KPMG, Deloitte, PwC, Grant Thornton, and BDO — before 31 March 2026. This is the highest number of inspections in a single cycle since NFRA was established in 2018, making it the most significant audit quality development of this financial year.
For CAs in practice, these reports are a direct signal of what the regulator considers acceptable — and unacceptable — audit quality. For CA students, they are living case studies of auditing standards in action. Here is a comprehensive overview of what NFRA is, what it found, and what it means for you.
What is NFRA and Why Should CAs Care?
NFRA was constituted on 1 October 2018 under Section 132 of the Companies Act, 2013. It operates as an independent statutory body under the Ministry of Corporate Affairs and regulates audit quality for Public Interest Entities (PIEs) — listed companies, banks, insurers, and large unlisted public companies.
Unlike ICAI’s disciplinary mechanism, NFRA is a government body with sweeping enforcement powers: it can debar auditors for up to 10 years and impose penalties up to ₹25 lakhs on individuals and ₹5 crore on audit firms. All inspection reports and orders are published publicly on nfra.gov.in — making India’s audit quality framework one of the most transparent in Asia.
The FY 2025-26 Inspection Cycle
The current inspection cycle is historic in scope. Five inspection teams have worked simultaneously across 10 firms, reviewing 42 individual audit engagements. The firms being inspected collectively audit approximately two-thirds of Nifty 500 companies — meaning their quality standards directly affect the reliability of financial information that millions of Indian investors depend on.
The scope of each inspection covers two layers: firm-wide quality control systems (SQC 1 compliance, governance, independence policies) and individual audit engagement files. Both layers matter — you can have great firm-level policies but still fail at the engagement level, and vice versa.
What NFRA Has Been Finding: Top Deficiencies
Based on the 12 inspection reports already published, four areas consistently appear as deficiencies across firms:
- Auditor Independence
This is NFRA’s single biggest concern. Multiple firms were found to be providing non-audit services — tax advisory, consulting, IT services — to companies they also audited, creating self-review threats. Independence policy manuals at some firms had not incorporated NFRA’s previously communicated guidance, a repeat finding that signals a systemic issue rather than an isolated lapse.
- Audit Documentation
SA 230 requires that audit documentation be prepared as procedures are performed — not assembled retrospectively. NFRA found multiple instances of audit files being signed off as ‘complete’ before all procedures were finished, and missing documentation for key professional judgements made during the engagement. If a judgement is not documented, NFRA treats it as if it was never made.
- Related Party Transactions
SA 550 requires auditors to independently identify related parties and test the arm’s length nature of transactions. NFRA found that several engagement teams were relying on management’s own identification of RPTs without performing independent verification. Arm’s length price testing was superficial, with insufficient challenge of management’s assumptions.
- SQC 1 and Quality Control Gaps
At the firm-wide level, NFRA found cases where engagement partners were not personally signing audit reports — a direct violation of SQC 1. Engagement Quality Control Review (EQCR) documentation was not always integrated within the audit file, and governance structures were inadequately documented, particularly in the context of international network firm relationships.
NFRA’s New Initiatives in 2025-26
Beyond inspections, NFRA has significantly expanded its engagement with the audit profession this year. It launched a nationwide outreach programme — ‘Creating a Better Financial Reporting World’ — with sessions already completed in Hyderabad and Indore, and upcoming sessions in Bengaluru and Kolkata.
It also released free Audit Practice Toolkits in November 2025 specifically for small and medium audit firms, and partnered with IndiaAI to develop AI tools for automated financial reporting compliance screening. The AI challenge carries a prize pool of ₹1.5 crore — signalling that NFRA is preparing for technology-driven oversight at scale.
What This Means for You
| If you are… | Action to Take |
| CA in Practice | Review your SQC 1 compliance and update independence policies before 31 March 2026 |
| CA in Practice | Verify all audit files are complete before sign-off — no backdating, no gaps in documentation |
| CA in Practice | Check whether you provide any non-audit services to current audit clients and address the threat |
| CA in Practice | Read the 12 published NFRA reports on nfra.gov.in — they are free benchmarking for your firm |
| CA Student | Map NFRA themes to your audit syllabus: SA 230, SA 315, SA 540, SA 550 are directly tested |
| CA Student | Treat NFRA orders as real-world case studies — far more instructive than textbook examples |
The Bottom Line
NFRA’s FY2025-26 cycle marks a clear turning point: audit quality in India is now measurable, public, and enforceable. The firms that invest in genuine compliance — not just paperwork — will emerge stronger. Those that treat quality control as a checkbox exercise will find it increasingly difficult to operate as NFRA scales up its oversight with AI-assisted tools.
Keep an eye on nfra.gov.in over the coming weeks. When the 10 new inspection reports drop before 31 March, they will be essential reading for every CA in practice and every student serious about a career in audit.