AUDIT PROCESS - Handbook of GST Law & Procedures (CBIC) [October 2024] - GST

6. AUDIT PROCESS (I) The Internal Audit function involves scrutiny of records of the taxpayer, selected on the basis of risk parameters, in a uniform, efficient and comprehensive manner, adhering to the stipulated principles and policies and in accordance with the best international audit standards. Detailed guidelines for conduct of audit in line with the legal provisions contained in the CGST Act, 2017 and CGST Rules, 2017 have been prescribed by the Directorate General of Audit in the GSTAM, 2019. (II) Brief steps of the Audit Process as contained in GSTAM 2019 are as under (i) Creation of Audit teams. (ii) Selection of taxpayers. (iii) Allotment of taxpayers to the audit groups. (iv) Intimation to the taxpayer regarding the conduct of audit (GST ADT -01). (v) Reviewing the taxpayer data taxpayer at a Glance (TAG), Registration, Returns, payments, Dispute Resolution, Audit Report Utility, E-way bills Third-Party data if available and conducting Desk Review in office. (vi) Preparing the audit plan based on the finding of Desk Review. (vii) Carrying out audit verification as per the Audit Plan including mandatory checks to be carried out. (viii) Conveying the preliminary findings of the audit to the taxpayer and recording his response. (ix) Preparing the draft audit report (DAR) for the Monitoring Committee Meeting (MCM) held by the Commissioner. (x) Examining the audit paras in MCM. (xi) Preparing the final audit report (FAR), within thirty days of the Meeting. (xii) Communicating the final audit report to the taxpayer (ADT-02). 6.1 Methodology for selection of taxpayers A scientific and well deliberated Risk Assessment programme, developed in coordination with the DGARM, is used to identify risky taxpayers. 6.1.1 Risk parameters for selection of taxpayers The list of risky taxpayers, which are selected based on risk parameters is shared with the Audit Commissionerates for audit. These risk parameters are subject to change depending upon audit feedback leading to their recalibration and identification of new risk parameters. 6.1.2 The CGST Audit Commissionerates are categorized based on number of large, medium and small categories of taxpayers (the criteria of which is annual turnover of the taxpayers) within their jurisdiction. A document containing Risk Flags and the action points for decision support to facilitate the auditors in identifying the areas to focus during audit is separately provided with the risk flag indicators. The list of taxpayers provided by DGARM to each Audit Commissionerate contains- (i) 70% of the taxpayers (risky taxpayers) selected on the basis of their risk score. (ii) 10% of the total taxpayers selected randomly by the DGARM s system applying different algorithms, (iii) The remaining 20% of the taxpayers to be audited are selected by the Audit Commissionerates based on local risk factors, after obtaining approval from the jurisdictional Chief Commissioner. A comprehensive list is provided by DGARM for 20% selection to be made by the Audit Commissionerates. GSTAM, 2019 provides indices on indicative duration for conduct of audit that is inclusive of desk review, preparation and approval of Audit plan, actual Audit and preparation of Audit report wherever necessary, for each category would be as under: a. For large taxpayers - 7 working days b. For medium taxpayers - 5 working days c. For small taxpayers - 3 working days 6.2 Audit intimation to the taxpayer: As per section 65 of the CGST Act, 2017 taxpayers listed to be audited should be intimated of audit at least 15 working days before the commencement of audit verification in their premises. The CGST Rules provide that letter in FORM GST ADT-01 shall be issued at least fifteen working days prior to the conduct of audit and shall detail a request for providing records / documents which are necessary for conducting audit. In case the Registered Person does not respond to the letter, a reminder should be issued within a reasonable time. Where the registered person does not volunteer to submit the same on the basis of letters issued by the auditor, necessary action as outlined in various other provisions of the Act such as inspection can be deployed to achieve the desired outcome. Para 1.3 of the GSTAM, 2019 prescribes action to be initiated by the concerned Executive Commissionerate, which includes action through enforcement. In such cases, the Executive Commissioners should take immediate proactive action for safeguard of revenue, keeping the Audit Commissioner and DG Audit apprised of the action taken. Details of such registered persons should also be included in the Risk Parameters by DG Audit and DGARM on a reference to be made by the Audit Commissioner, so that in future the said person may be identified for audit on priority. Also, the GST compliance rating of said person may also be modulated to reflect non-compliance with the mandate of audit. 6.3 Audit preparation - desk review Detailed methodology for desk review has been described in Chapter 5.5 of the GSTAM, 2019. The salient elements of Desk Review are: (i) The desk review lays emphasis on gathering data about the taxpayers, his operations, business practices, accounting system, studying flow of materials, cash and documentation. (ii) The information available with the Department is reconciled with the collected information. Results of Financial Ratios, Revenue Risk Analysis and Trend Analysis is documented. (iii) Examination of financial statements, cost tax audit reports and records is carried out and all receipts of taxpayer as mentioned in financial records are examined for Tax liability and to verify eligibility for any exemption. 6.4 Audit Plan Based on the result of the preliminary Desk Review carried out by the auditor as per steps / procedure laid down in the Audit Manual, a draft Audit Plan is prepared for approval. The QAR API Manual prescribes approval of audit plan of taxpayers for every Audit Circle in the following manner: (i) Approval by Pr Commissioner/ Commissioner - Top five taxpayers based on turnover (ii) Additional / Joint Commissioner - All other large and medium taxpayers. (iii) Assistant/ Deputy Commissioner, Circle - All small taxpayers. An audit plan outlines a logical series of review and examination steps that would meet the goals and standards of an audit in an efficient and effective manner. It should account for complexity of audits. It allows auditor to take a reasonable view regarding the vulnerable areas, the weak points in the internal control systems, abnormal trends and unusual occurrences that warrant detailed verification. Certain unanswered or inadequately answered queries about the affairs of the registered person may also be added to this list. An illustrative Audit Plan has been prescribed in Annexure GSTAM VII. 6.5 Mandatory checks and conduct of Audit verification- (i) Audit verification involves verification of data and documents submitted at the time of desk review and also verification of issues mentioned in the audit plan. (ii) The verification techniques must be appropriate for audit objectives identified in the audit plan. At times, it may be difficult to test the technical correctness of all objections owing to varied interpretations of the provisions of law. However, it should be corrected to the extent that any professional auditor, working with and having access to the same research material would likely come to the same conclusion. It also means that the auditor must demonstrate, in writing, the research and reasoning used to base his application of legislation, policies and jurisprudence. (iii) The auditor should conduct the verification in a systematic manner, following the sequence of steps envisaged in the working papers. Special care should be taken to examine all those issues pointed out in the audit plan. The auditor should try to determine whether any apparent weakness in the internal control system of the manufacturer/service provider has led to any loss of revenue. The auditor should also identify recurrent procedural infractions. Discrepancies, if any, should be noted along with details of enquiries made regarding the cause of the discrepancies and their revenue implication. (iv) Documents submitted to various Government departments/ Regulatory Authorities such as Customs, Income Tax, Banks, etc. by the registered person should be used in cross verification of the information filed by the registered person for the assessment of GST. Information available with open sources such as electronic and print media, internet etc. should also be used for verification of information filed by the registered person. (v) The audit verification gives maximum opportunity to the auditor to go through the registered person s records. As a result of which, an auditor may come across a new set of information or documents, not earlier known, during any of the earlier stages. Further, while examining an issue, the auditor may come across a fresh issue also requiring detailed examination. In such a situation, the auditor should, after obtaining the approval of higher authority, go beyond the scrutiny envisaged under the Audit Plan and record the reasons for doing so. At the end of each entry in working papers, the auditor must indicate the findings. If any of the planned verifications is not conducted, the reasons for the same must also be recorded. While the process of verification for each audit would be unique in terms of Audit Plan, it should involve some general steps as discussed below. (vi) A detailed scrutiny of documents like Annual Financial Accounts containing Director s Report, Statutory Auditor s Report, Balance Sheet and Profit Loss Account should be carried out. The auditor must also examine Trial Balance, Ledgers, Journal Vouchers, 26AS Statement, Invoices and E-Way bills. The auditor may also examine Cash Flow Statement, Groupings, Cost Audit Report and Tax Audit Report and should also check whether the registered person is maintaining the statutory records as required under other statutes like the Companies Act, 2013. (vii) Audit objections raised must be fully supported by documentary and legal evidence. (viii) During audit, the auditors may examine the details of procurements from unregistered persons as to whether they are liable to reverse charge mechanism- Section 9(4) of the CGST Act, 2017. (ix) For verifying the gap in ITC availment, the auditor should carry out a test check of the invoices of such suppliers whose details are not figuring in GSTR 2A and identify some of such suppliers with high tax value and get the particulars of tax payment verified at the supplier s end. 6.6 Communication of Audit observations As the Audit system adopts a transparent methodology, it is necessary that all the audit objections noticed by the Audit Group are conveyed to the registered person before preparing the Draft Audit Report. Accordingly, the audit objections should be intimated in writing to the registered person, clearly stating that the same is not in the nature of any show cause notice and is only a part of participative and fact-finding audit scheme under which even the preliminary and tentative audit observations are being shared with the registered person for ascertaining his point of view. Where satisfactory explanation or evidence is submitted to the auditor, the finding should be revised as necessary. However, if a response from the registered person is not forthcoming, draft audit paras should be prepared based on available records after citing the lack of cooperation on part of the registered person, in the Audit Report. 6.7 Draft Audit Report (DAR) (i) After completion of audit verification, the auditor prepares the Draft Audit Report which records the results of verification conducted as per the audit plan. Any additional issue (not mentioned in the original plan) verified / point noticed is also mentioned. The initial views of the taxpayers are recorded in the verification document. Details of spot recoveries and willingness of the registered person to pay short levy are also recorded. (ii) The narrative of the objections in the audit report should be concise, to the point and self-contained and should convey the gist of the objection raised. Telegraphic narration should be avoided. Where the objections are based on any circulars or clarifications issued by the Board, they should be quoted. Cases, in which certain specified conditions are not fulfilled, giving rise to objections are backed by interpretations as decided by the court judgments, decisions of Appellate authorities or supported by technical literature, those should be cited. (iii) The DAR should be prepared within the shortest time span possible, i.e., within 10 -15 days of the commencement of the audit in the registered person s place and placed before the Monitoring Committee for decision. 6.8 Monitoring Committee Meeting (MCM) Monitoring Committee Meeting (MCM) should be convened by the Audit Commissioner at least once a month, to which the Executive Commissioner or his representative shall be invited to attend. During the MCM, each of the audit objections/ observations should be examined for its sustainability. The minutes of each such meeting should be drawn, pointing out the decision on each audit objection regarding its sustainability and directions for future action. The objections rejected by the meeting will be treated as closed. The decision taken by the Audit Commissioner, with regard to settlement of audit objections after recovery of all dues or dropping of the unsustainable audit objections, shall be final. 6.9 Final Audit Report (FAR)- Based on the decision of the MCM, the DAR should be finalized within thirty days from the date of the meeting and FAR should be prepared. A copy of the FAR (GST ADT -02), even if it is a NIL report, should be sent to the registered person, by e-mail through the system (GSTN) and necessary records confirming such action should be kept in Registered person s Master File. It may be noted that the communication of the FAR to the auditee concludes the proceedings of audit. The format of FAR is FORM GST ADT-02. An illustrative list of documents to be verified during audit in respect of supply of goods/ services is prescribed in Annexure GSTAM-IX. 6.10 Follow up action- An audit objection should be closed after requisite action, i.e., either recovery of amounts due or issuance of show cause notice. After the issuance of Final Audit Report, wherever further action such as issue of Show Cause Notice is required under Section 73 and/ or Section 74 of the CGST Act, 2017, the Audit Group shall prepare the Draft Show Cause Notice. The Show Cause Notice should be issued by the concerned officer of the Audit Commissionerate as per the competency decided by the Board in its instructions issued from time to time and the same shall be answerable to the adjudicating authority as per the Board s instructions issued in this regard. It is the responsibility of the Audit Commissionerate as per the competency to pursue / persuade the taxpayer for payment of tax dues, especially on the paras admitted by the Registered Person. However, for any pending action, i.e., recovery, especially on paras admitted in writing by the Registered Person, the matter can be taken up with the jurisdictional Executive Commissionerate, for follow up. In case, new facts, necessitating reconsideration of findings in an audit report, come to the knowledge of officers who are required to take action on an objection, they should send their report along with supporting material to the Planning and Coordination Section for reconsideration. But this action must be taken most expeditiously, say within one month of receipt of the Audit Report. In exceptional cases involving cogent grounds, the views taken in the Monitoring Meetings shall be taken up for review/re-consideration by the MCM only. The Audit Commissioner should send a list containing details of Show Cause Notices issued during the month to each of the Executive Commissionerates, on a monthly basis. Note: For detailed information on audit processes, Goods and Services Tax Audit Manual, 2019 (GSTAM), issued by the Directorate General of Audit may be referred to.