Section 143 & CARO 2020: What Every Statutory Auditor Must Verify and Report
Section 143 of the Companies Act 2013 mandates statutory audit for all companies above threshold limits. CARO 2020 (Companies Auditor's Report Order) prescribes 49 specific matters auditors must examine and report on. This post breaks down the core verification requirements every CA must follow.
CA Harun Raaj
Chartered Accountant · Harun Raaj & Associates
Section 143: The Statutory Audit Mandate
Section 143 of the Companies Act 2013 requires companies to appoint a statutory auditor to examine financial statements and report on their truth and fairness. But the law does not stop at the balance sheet. The Auditor's Report Order, 2020 (CARO 2020) expands the auditor's responsibility into 49 specific areas that must be verified and disclosed.
Understanding these requirements is not optional--it is the backbone of compliant audit practice.
What Section 143(3) Requires in the Auditor's Report
Section 143(3) states the auditor must report on whether the financial statements give a true and fair view. But CARO 2020 extends this. The auditor must now:
- Verify whether the company maintains adequate internal financial controls over financial reporting
- Examine if those controls are effective
- Report on the efficacy of internal controls
This is not an opinion--it is a mandatory finding under paragraph 3(xi) of CARO 2020.
The 49 CARO 2020 Verification Points: Core Areas
CARO 2020 requires auditors to examine and report on matters grouped under several heads:
Fixed Assets and Property
Paragraph 3(i): The auditor must verify that the company has maintained proper records for fixed assets. You must physically inspect a sample, check existence, and ensure the books match the ground reality. Many auditors skip this; CARO 2020 makes it mandatory.
Inventory
Paragraph 3(ii): Verify that inventories have been physically verified during the year. Check the frequency, the procedures, and whether discrepancies were properly investigated. For companies dealing in perishable goods, the auditor must assess whether the verification method is reasonable.
Loans and Advances
Paragraph 3(iii): Examine all loans and advances granted by the company. This includes loans to employees, related parties, and third parties. You must verify:
- Whether loans were granted in accordance with the company's bylaws
- Whether proper documentation exists
- Whether interest (if applicable) has been charged and recovered
- Whether any loan to a director was sanctioned by the Board and disclosed in the financial statements
Deposits from Public
Paragraph 3(iv): If the company has accepted public deposits, verify that they comply with Section 73 of the Companies Act 2013. Check whether proper registers are maintained, interest is paid on time, and the company is not in default.
Related Party Transactions
Paragraph 3(v): This is one of the most critical areas. Verify that all related party transactions were:
- Identified correctly
- Authorized by the Audit Committee (in listed companies and those with certain turnover thresholds)
- Disclosed in the Financial Statements (in Schedule 17)
- Priced at arm's length (if transfer pricing is required under the Income Tax Act)
Directors' Remuneration and Loans
Paragraph 3(vii): Examine whether remuneration to directors complies with Section 197 of the Companies Act 2013. Verify that:
- No director was paid remuneration exceeding limits set by the Articles
- No loans were given to directors except as permitted
- All required Board approvals were obtained
Deposits and Investment of Funds
Paragraph 3(viii): If the company has accepted deposits from directors or members, verify compliance with Section 73. If money was invested, check whether it was done as per Board resolutions and whether it generated adequate returns.
Internal Financial Controls
Paragraph 3(xi): This is mandatory for all companies. The auditor must evaluate whether the company has:
- Identified financial reporting risks
- Designed and implemented controls to mitigate those risks
- Monitored and tested those controls during the financial year
- Documented the internal control framework
You cannot simply audit transactions; you must audit the system that generates those transactions.
Fraud and Irregularities
Paragraph 3(xxiii): The auditor must inquire and report on whether:
- Any director, manager, or key managerial personnel was involved in any act of fraud or breach of duty
- Any fraud was detected that caused loss to the company
This does not make the auditor a detective, but it requires appropriate inquiry procedures.
GST Compliance
Paragraph 3(xxiv): Verify that the company has:
- Paid GST on time
- Filed returns correctly
- Claimed ITC properly
- Not been found liable for unauthorized ITC claims
Banking and Statutory Compliance
Paragraphs 3(xii) to 3(xxii): The auditor must verify compliance with:
- Borrowing limits (Section 180(1)(d))
- Investments in other companies (Section 186)
- Acquisition of shares (Section 68)
- Maintenance of statutory registers
- Dividend distribution
- Cost audit and secretarial audit (where applicable)
The Reporting Format: Form CRA
All CARO 2020 findings must be reported in the prescribed format. For most companies, this is done through a separate Annexure to the Auditor's Report. Some findings require qualification in the main audit opinion; others are disclosed as informatory.
Critical violations (such as failure to maintain adequate books of account or evidence of fraud) can result in an adverse or qualified opinion.
Common Pitfalls Auditors Make
Checkbox Compliance: Many auditors treat CARO 2020 as a checklist to be ticked off. This exposes both the auditor and the company to regulatory action.
Sample Size Without Logic: Verifying 5 invoices out of 1,000 is not sufficient. Use a risk-based sampling approach.
Ignoring Related Party Transactions: Never assume management disclosures are complete. Trace transactions to board minutes and financial statements.
Weak Internal Control Evaluation: Do not rely on management representations. Test the controls yourself.
The Auditor's Liability
Section 143 audit is not a courtesy service. The auditor's report is relied upon by shareholders, lenders, regulators, and the public. A failure to perform adequate verification under Section 143 and CARO 2020 can expose the auditor to:
- Disciplinary action by the Institute of Chartered Accountants of India (ICAI)
- Civil liability to the company and shareholders
- Criminal prosecution under the Companies Act 2013
Bottom Line
Section 143 and CARO 2020 are not theoretical frameworks--they are enforceable requirements. Every finding, every verification, every report must be rooted in evidence and professional skepticism.
The auditor who takes shortcuts pays the price when regulators come calling.
I'm CA Harun Raaj, Visakhapatnam. Reach out to discuss audit compliance or Section 143 verification challenges.
Need help with this?
Our team handles the paperwork. You focus on your business.