What is a forensic audit?
A forensic audit is a structured investigation into a specific allegation or suspicion — quite different from a statutory audit, which provides reasonable assurance over the financial statements. Forensic engagements aim to surface evidence, identify perpetrators, quantify impact and produce documentation that can be used in subsequent regulatory or litigation proceedings.
Typical triggers include: a whistleblower complaint, vendor / customer-side fraud, related-party leakage, bank-statement anomalies, an inventory or cash shortfall, a lender’s suspicion, or NCLT-ordered investigation.
Who commissions forensic audits
Audit committees acting on whistleblower complaints; lenders evaluating an account that is sliding to NPA; NCLT-appointed investigators; regulatory bodies (SFIO, ED) running parallel investigations; promoters who suspect leakage but want to verify before raising disputes; PE / VC investors during transaction due diligence where a red flag has come up.
Governing references
The relevant references:
- ICAI Forensic Accounting and Investigation Standards (FAIS) — methodology, evidence handling, reporting.
- Indian Evidence Act — admissibility of digital and documentary evidence.
- Companies Act 2013, Sections 210, 213 — central-government and shareholder-driven investigation.
- SFIO referrals under Section 212.
- Bharatiya Nyaya Sanhita / Bharatiya Sakshya Adhiniyam for criminal proceedings.
How we run a forensic audit
- Mandate & scope letter — precise allegations, period under review, scope of access.
- Evidence preservation — secure server data, email exports, ERP logs, hard-copy registers; chain-of-custody documentation.
- Fund-flow mapping — bank statements, vendor master, ERP postings, corresponding shipping / GRN / inventory records.
- Interview protocol — structured interviews with relevant staff, board members, vendors / customers; documented in line with FAIS.
- Quantification — loss to the company, beneficiaries, related-party benefit.
- Report — factual findings, opinions on responsibility, exhibits and supporting documents annexed.
- Post-report support — testimony at NCLT / ED / SFIO, response to perpetrator’s rebuttal, ongoing investigative leads.
What we’ll ask for
- Bank statements and corresponding stop-payment / cancellation records.
- ERP / accounting system access — full posting history, audit trail logs.
- Vendor master, customer master, employee master.
- Email archive of relevant employees (with appropriate authorisation).
- Original bills, GRNs, dispatch documents, contracts.
- Board minutes, audit committee minutes, internal audit reports.
- Whistleblower complaint or investigation order.
How long it takes and what it costs
A focused engagement runs 6–12 weeks; broader investigations covering 3–5 years of transactions can run 12–20 weeks. We work on a milestone-billed basis with a defined scope to prevent runaway timelines. Confidentiality protocol is signed at engagement start.
Frequently asked questions
Is the forensic audit report admissible in court?
Yes, when prepared under FAIS with proper evidence custody and supporting exhibits. We prepare the report assuming it will be challenged in cross-examination.
Can the alleged perpetrator be interviewed during the investigation?
Yes, with appropriate process safeguards. The interview is conducted with witnesses, documented and signed; the perpetrator is given an opportunity to respond before the report is finalised, in line with natural justice.
What if the investigation finds no wrongdoing?
The report says so — an absence-of-finding is itself a useful output for the audit committee or board. We do not pre-decide outcomes.
Can findings trigger ED or income-tax action?
If the findings indicate prima facie offences under PMLA, IT Act or other statutes, the company / audit committee may have to consider mandatory referrals. We flag these clearly so the board can decide.
Talk to our team.
A 30-minute call with our team — no deck, no follow-up email blasts. Just a read on whether we’re the right team for your forensic engagement.