HomeServicesAudit & AssuranceForensic Audit & Investigation Assignments

Audit & Assurance · Specialised Audit & Certification

Forensic Audit & Investigation Assignments

A forensic audit is called when the numbers do not add up and someone needs to prove exactly why — with evidence that survives cross-examination, not just a management letter that gets filed away.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

A forensic audit is called when the numbers do not add up and someone needs to prove exactly why — with evidence that survives cross-examination, not just a management letter that gets filed away. PNPC Global has conducted forensic audits and fraud investigations for promoters, boards, lenders, and legal counsel across India and the UAE since 1986. We trace the money, document the trail, and produce findings that hold up in a Board meeting, an arbitration, a bank's fraud classification process, or a courtroom — because a forensic audit that cannot withstand scrutiny is not a forensic audit at all.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Forensic Audit & Investigation Assignments is

A forensic audit is an investigative examination of a company's financial records, transactions, and underlying documentation, conducted with the specific objective of detecting, proving, and quantifying fraud, financial irregularity, or misconduct — in a manner that produces evidence usable in legal proceedings, arbitration, disciplinary action, or regulatory referral. Unlike a statutory audit, which forms an opinion on whether financial statements present a true and fair view based on test checks and reasonable assurance, a forensic audit works backward from a specific suspicion or allegation — a whistle-blower complaint, an unexplained stock shortage, a lender's discovery of diversion of funds, a shareholder dispute, or a regulator's directive — and applies investigative techniques designed to establish what happened, how, by whom, and with what financial impact.

Forensic audits in India are not governed by a single dedicated statute the way statutory audits are governed by Section 143 of the Companies Act 2013. Instead, the discipline draws on the Institute of Chartered Accountants of India's Forensic Accounting and Investigation Standards (FAIS), issued by ICAI's Digital Accounting and Assurance Board, which set out the principles, evidence-gathering standards, and reporting expectations for forensic engagements undertaken by Chartered Accountants in India. Where the findings feed into a bank fraud classification, the engagement is shaped by the Reserve Bank of India's Master Directions on Fraud Risk Management, which require banks to refer accounts showing fraud indicators to forensic auditors empanelled with the bank before formally classifying an account as fraud. Where the matter involves related-party diversion, round-tripping, or misstatement material enough to attract regulatory attention, findings may also be referred to the Serious Fraud Investigation Office (SFIO) under Sections 210 and 212 of the Companies Act 2013, or examined by the Institute's own Financial Reporting Review Board.

A forensic audit typically combines several disciplines: transaction tracing (following the movement of funds through bank statements, ledgers, and related-party accounts to establish where money actually went, as against where it was recorded as going); document examination (testing the authenticity of invoices, purchase orders, agreements, and board resolutions against independent evidence — vendor confirmations, GST filings, courier records, email metadata); digital forensics (recovering and analysing deleted files, email communications, accounting-system audit trails, and access logs where IT systems are implicated); and interviews conducted under a structured, evidence-preserving protocol so that statements can be relied upon later without being challenged as coerced or leading. The output is not an audit opinion in the Standards on Auditing sense — it is an investigation report that states findings, the evidence supporting each finding, the quantum of loss or misstatement established, and — where instructed — an opinion on the mechanism by which the fraud was perpetrated and the control failure that allowed it.

Because forensic audit findings routinely end up before a Board, an NCLT bench, an arbitrator, a bank's fraud identification committee, or an economic-offences investigating agency, the standard of evidence, chain-of-custody discipline, and documentation rigour required is materially higher than in a routine assurance engagement. A forensic auditor must be prepared to depose on their findings, defend their methodology under cross-examination, and produce a working-paper trail that an opposing expert cannot dismantle. This is a specialised discipline distinct from — though it draws on the same underlying skills as — statutory, internal, and tax audit, and it is typically commissioned only when a specific trigger exists, not as a routine annual exercise.

When a forensic audit is the right engagement

A whistle-blower complaint, anonymous tip, or internal audit finding has surfaced a specific, credible allegation of fraud, diversion of funds, or financial misstatement that needs independent, evidence-based investigation before the Board or Audit Committee decides on action

A lender or consortium of banks has flagged irregularities in an account — diversion of funds, fund round-tripping, discrepancy between stock statements and physical stock, or related-party transactions inconsistent with the stated end-use of borrowed funds — and requires a forensic audit report before classifying the account as fraud under RBI's Master Directions

A shareholder or promoter dispute involves allegations that funds were siphoned, related-party transactions were used to extract value, or financial statements were manipulated to understate profits or misstate the value of a stake being bought out or sold

A company has discovered a stock shortage, cash shortage, or unexplained variance during a physical verification or statutory audit that the routine audit process cannot adequately explain and that management or the Board believes may involve deliberate concealment

Legal counsel needs an independent expert financial investigation and quantification of loss to support litigation, arbitration, an insurance claim (fidelity/crime insurance), or a criminal complaint under the Bharatiya Nyaya Sanhita or Prevention of Corruption Act

A regulator, the National Company Law Tribunal, or an Insolvency Resolution Professional under the Insolvency and Bankruptcy Code 2016 requires a transaction audit to identify preferential, undervalued, fraudulent, or extortionate transactions under Sections 43, 45, 50, and 66 of the IBC ahead of or during a corporate insolvency resolution process

An employee, vendor, or management-level individual is suspected of a specific fraud scheme — bribery/kickbacks, bid rigging, ghost vendors, payroll fraud, expense-report fraud, or inventory theft — and the organisation needs the scheme documented with evidence sufficient to support termination, recovery, or criminal referral

A company operating in India and the UAE suspects cross-border diversion — funds moved out through inflated invoicing, round-tripped through related entities, or misrepresented in FEMA/RBI filings — requiring an investigation team with visibility into both jurisdictions

When a forensic audit is not the right engagement

Routine year-end financial statement assurance — that is the statutory audit under Section 143 of the Companies Act; a forensic audit is not a substitute for, and does not replace, the mandatory annual statutory audit

A general sense that 'something feels off' without any specific, articulable red flag, transaction, or allegation — an operational or internal audit review, or a targeted management review, is usually the more proportionate first step; forensic audit is investigative and evidence-intensive, and works best against a defined scope

Ongoing, periodic assurance over a function or process with no suspected wrongdoing — that is the role of internal audit under Section 138 or a routine operational/process audit, conducted at planned intervals, not the trigger-based, one-time nature of a forensic engagement

Simple accounting errors, reconciliation differences, or bookkeeping backlogs with no indication of intent to deceive — these are addressed through an accounting clean-up and reconciliation exercise, which is materially less expensive and faster than a forensic investigation

Tax positions under genuine, good-faith dispute with the tax department where there is no allegation of fraud or fabricated documentation — that is tax litigation and representation, not a forensic audit engagement

Situations requiring only a valuation opinion, without any element of suspected irregularity — that is a standalone valuation engagement under Rule 11UA of the Income-tax Rules or the applicable valuation standard, not a forensic investigation

Structure Comparison

Forensic Audit vs other audit and assurance engagements

FeatureForensic AuditStatutory AuditInternal Audit (Sec 138)Operational/Process AuditDue Diligence
Primary objectiveInvestigate and prove suspected fraud/irregularity with evidenceOpinion on true and fair view of financial statementsSystematic risk-based review of controlsEfficiency & SOP adherence review of a functionAssess risk and value before a transaction
TriggerSpecific allegation, red flag, or regulatory/lender directiveStatutory obligation, every financial yearTurnover/borrowing/deposit/capital threshold crossedGrowth, process risk, or management requestProposed M&A, investment, or funding round
Governing frameworkICAI Forensic Accounting & Investigation Standards (FAIS); RBI fraud risk management directions where applicableStandards on Auditing (SA) under Companies Act Sec 143ICAI Standards on Internal Audit (SIA)ICAI Standards on Internal Audit (SIA)No single mandatory standard; scope-driven
Evidence standardLitigation/regulatory-grade — chain of custody, admissibilityReasonable assurance — test-check basedReasonable assurance — risk-based samplingManagement-assurance level, not litigation-gradeCommercial risk assessment, not evidentiary
Typical outputInvestigation report — findings, evidence, quantum, root causeAuditor's Report under Sec 143 + CARO 2020Internal audit report to Audit CommitteeOperational audit report with recommendationsDue diligence report with risk flags and pricing impact
Reports toBoard / Audit Committee / lender / legal counsel / tribunalShareholders (via AGM) and RoCAudit Committee / BoardManagement / Audit CommitteeAcquirer, investor, or lender commissioning the review
FrequencyOne-time, triggered by an eventAnnual, mandatoryAnnual, per Board-approved planPeriodic — monthly, quarterly, or annual per planOne-time, ahead of a specific transaction
May be referred to authoritiesYes — SFIO, EOW, CBI, PMLA authorities, RBI, as applicableNo — unless fraud is detected and reported under Sec 143(12)No — internal Board/Audit Committee recordNo — internal management documentNo — internal to the transacting parties

These engagements are not interchangeable. A statutory auditor who detects an indication of fraud during a routine audit has a separate, specific reporting obligation to the Central Government under Section 143(12) of the Companies Act — that duty does not itself constitute a forensic audit, and typically triggers a forensic audit as the next step to investigate and quantify what the statutory auditor's test checks only flagged. PNPC scopes the appropriate engagement — and sequencing between them — during the initial consultation.

How it works
#Stage & What PNPC DoesCA Advice Portals Never GiveTimeline
1Initial Confidential Consultation — Understanding the trigger before anything is documentedWe first understand who raised the concern, what specifically was observed, who currently knows about it, and what decision the engagement needs to support — a Board resolution, a bank's fraud classification file, a legal notice, an insurance claim, or a police complaint. This shapes the entire engagement: the evidentiary standard, the confidentiality protocol, and who on our side is briefed. This conversation happens under a signed non-disclosure agreement before any document changes hands.Week 1
2Engagement Letter & Scope Definition — What is, and is not, in scopeA vague mandate to 'investigate everything' produces an unfocused, expensive, and legally weaker report. We define the specific transactions, time period, individuals, and entities within scope in writing, agreed with the Board or the party commissioning the engagement — and explicitly note what is excluded, so the final report cannot later be criticised for scope creep or selective coverage.Week 1
3Evidence Preservation Protocol — Securing records before they can be altered or destroyedBefore fieldwork begins, we advise on securing accounting system access logs, backing up email servers and accounting data, restricting document destruction under the organisation's document retention policy, and — where warranted — engaging a digital forensics specialist to image relevant devices. Evidence integrity established late in an investigation is evidence that can be challenged; we address this on Day 1, not after fieldwork starts.Week 1–2
4Document & Transaction Universe MappingWe map every ledger, bank account, related-party entity, and vendor/customer master relevant to the scoped allegation — not a sample, a universe. From this universe we identify the transaction population that requires detailed tracing versus the population that can be tested on a risk basis. This distinction matters later: a finding built on a properly defined population survives scrutiny; one built on an arbitrary sample does not.Week 2–3
5Transaction Tracing & Fund Flow AnalysisWe trace the actual movement of money — bank statement to bank statement, ledger to ledger, related-party to related-party — reconstructing where funds genuinely went, independent of how they were recorded in the books. This is where diversion, round-tripping, and layering typically surface: the accounting entry says one thing; the bank trail says another. We build this as a documented, source-referenced fund-flow schedule, not a narrative summary.Week 3–6, depending on transaction volume
6Document Authentication & Third-Party VerificationInvoices, purchase orders, agreements, and confirmations are tested against independent sources — vendor confirmations sent directly (not through the suspected individual), GST portal filings, courier and delivery records, bank confirmations, and, where relevant, forensic document examination for signs of backdating or alteration. A document that only exists in the company's own files, uncorroborated, is treated as an allegation, not evidence.Week 4–7
7Digital Forensics — Where IT systems, email, or deleted records are implicatedWhere the scheme involves deleted accounting entries, altered system logs, or email communications, we engage or coordinate with digital forensic specialists to recover and analyse the relevant data under a documented chain of custody, so that recovered evidence remains usable if the matter proceeds to litigation, arbitration, or a criminal complaint.Runs in parallel with document review, Week 3 onward
8Structured Interviews — Evidence-preserving, not confrontationalWhere interviews are within scope, they follow a structured protocol: prepared question sets built from the documentary evidence already gathered, a second team member present to record contemporaneous notes, and no leading or coercive questioning that could later be challenged as tainting the statement's reliability. Interviews are typically the last evidence-gathering step, conducted once the documentary and transactional picture is substantially built.Week 6–8, where applicable
9Quantification of Loss / MisstatementEvery finding is quantified — not described qualitatively. We build a loss/misstatement schedule that ties each rupee amount to specific transactions and evidence, distinguishing between amounts that are proven with high confidence, amounts that are probable but rely on inference, and amounts flagged for further investigation. Courts, arbitrators, and insurers expect this level of granularity — a single lump-sum 'estimated loss' figure invites challenge.Week 7–9
10Root Cause & Control Failure AnalysisBeyond what happened, we document why it was possible — which control was absent, overridden, or circumvented, and by whom. This is what the Board, the Audit Committee, and (where relevant) the statutory auditor need to assess whether the control environment itself requires remediation, separate from any action against the individual(s) involved.Week 8–9
11Draft Report Review with Legal CounselBefore finalisation, we review the draft findings with the client's legal counsel — where engaged — to ensure the report's language, evidentiary basis, and conclusions are fit for the intended downstream use, whether that is a Board decision, a bank fraud classification submission, an arbitration filing, or a criminal complaint. We do not alter findings to suit a desired outcome; we ensure the report is presented in a form that withstands the scrutiny of its intended audience.Week 9–10
12Final Report Delivery & PresentationThe final forensic audit report is delivered with a structured executive summary, a detailed findings section referencing every piece of supporting evidence, the quantification schedule, and root-cause/control-failure analysis. Where requested, PNPC presents findings directly to the Board, Audit Committee, or lender's fraud identification committee, and can be engaged for follow-on support including deposition preparation or expert testimony.Week 10–12, typical for a mid-complexity engagement
13Post-Report Support — Referral, recovery, and remediationWhere findings warrant it, we assist with preparing the SFIO/EOW/police referral, support the bank's Master Directions-based fraud classification process, advise on internal disciplinary or recovery action, and help redesign the specific controls that allowed the scheme to occur — so the investigation converts into a permanent fix, not just a report on the shelf.As needed, following report delivery

Timelines vary significantly with the complexity, transaction volume, number of entities involved, and whether digital forensics or cross-border tracing (India-UAE) is required. A narrow, single-scheme investigation (e.g., one vendor, one employee, a defined time period) can conclude in 4–6 weeks. A multi-entity, multi-year, cross-border diversion investigation can extend to several months. PNPC provides a scoped timeline and fee estimate only after the initial confidential consultation — a forensic audit cannot be meaningfully quoted before the scope is understood.

Document Checklist
Engagement & Authorisation

Board resolution or letter of authorisation from the party commissioning the investigation — promoter, Board, Audit Committee, lender, or legal counsel — establishing the mandate and scope

Signed engagement letter defining scope, time period, entities/individuals covered, confidentiality terms, and intended use of the report (internal, litigation, regulatory referral, insurance claim)

Non-disclosure and confidentiality undertakings from all individuals who will have access to the investigation, including internal staff supporting the engagement

Details of who has already been informed of the investigation and who must remain unaware during the evidence-gathering phase — critical for evidence preservation

Financial Records & Accounting Data

General ledger and trial balance for the relevant period, with system-level access to the accounting software (not just exported reports) where possible

Bank statements for all operating, current, and related-party accounts for the scoped period, with online banking access or bank confirmation letters where feasible

Vendor and customer masters, including creation/modification history and the user IDs that made changes

Purchase orders, invoices, delivery challans, goods receipt notes, and payment vouchers for the transactions under review

Fixed asset register and physical verification records, where asset misappropriation is part of the scope

Payroll records and employee master data, where payroll or ghost-employee fraud is suspected

Petty cash books, expense reimbursement claims, and supporting bills, where expense fraud is part of the scope

Corporate & Related-Party Records

Shareholding pattern, related-party register, and details of common directorships/ownership across group entities

Related-party transaction disclosures from prior financial statements and Board/Audit Committee approvals for such transactions

Group entity structure chart, including entities incorporated in the UAE or other jurisdictions where cross-border diversion is suspected

Minutes of Board and Audit Committee meetings for the relevant period, and any prior internal audit or statutory audit reports flagging related concerns

IT Systems & Digital Evidence

Accounting system audit trail/log reports showing who created, modified, or deleted entries, and when — most modern ERP and accounting systems retain this if not disabled

Access control list for the accounting system and financial approval workflows — who has authority to approve payments, create vendors, or override controls

Email server backup or litigation-hold instruction for relevant custodians' mailboxes, preserved before the investigation becomes known more widely within the organisation

Device inventory for individuals whose devices may need forensic imaging, and IT department contact for coordinating preservation

External Confirmations & Third-Party Sources

GST portal filings (GSTR-1, GSTR-2A/2B, GSTR-3B) for cross-verification of purchase and sales transactions against the counterparty's own filings

Bank confirmation letters and, where necessary, statements obtained directly from the bank rather than relying solely on company-provided copies

Vendor and customer balance confirmations sent independently by the investigating CA firm, not routed through the individual under suspicion

Registrar of Companies (MCA21) filings for related and counterparty entities — directorship overlaps, registered addresses, filing history

Context Documents (Where Applicable)

The original whistle-blower complaint, anonymous tip, or internal audit finding that triggered the investigation, in its original form

Any prior internal investigation notes, HR disciplinary records, or exit interview notes relevant to the individuals in scope

Insurance policy documents, where a fidelity/crime insurance claim is contemplated, including notice-of-loss timelines that may be time-sensitive

Existing legal correspondence, notices, or pleadings if litigation or arbitration is already underway or contemplated

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
Red Flag IdentificationWhistle-blower complaint, audit finding, lender query, or unexplained varianceConfidential preliminary assessment to determine if the red flag warrants a full forensic engagement or a lighter-touch management review. Early advice on evidence preservation — before anyone alerts the suspected individual(s).Evidence altered or destroyed once the subject becomes aware. Delay allows the scheme to continue and the eventual loss to grow.
Scoping & EngagementDecision to formally investigateWritten scope, engagement letter, confidentiality protocol, and identification of who within the organisation needs to know versus who must not, during the investigation.Undefined scope leads to an unfocused, expensive investigation whose findings are later challenged as selective or incomplete.
Evidence GatheringEngagement commencementTransaction tracing, document authentication, digital forensics coordination, and structured interviews — each following an evidentiary discipline that anticipates challenge.Evidence gathered without chain-of-custody discipline can be excluded or discredited in litigation, arbitration, or a bank's fraud classification process.
Quantification & ReportingFieldwork substantially completeLoss/misstatement quantified transaction-by-transaction with confidence levels, root-cause and control-failure analysis, and a report structured for its intended downstream use.A vague, unquantified, or narrative-only report carries little weight before a Board, arbitrator, insurer, or investigating agency.
Regulatory/Legal ReferralFindings warrant escalationSupport in preparing the SFIO referral under Sections 210/212 of the Companies Act, EOW/police complaint, RBI fraud classification submission under the Master Directions on Fraud Risk Management, or PMLA-related reporting where proceeds of crime are implicated.Delayed or improperly documented referral can prejudice the ability to pursue criminal or regulatory action, and in bank fraud cases can affect the lender's own regulatory compliance timelines.
Recovery & RemediationPost-investigationAdvice on civil recovery action, insurance claim support under fidelity/crime cover, disciplinary action documentation, and — critically — redesign of the specific control that failed, so the same scheme cannot recur.A forensic audit that ends at the report, without control remediation, frequently precedes a repeat incident — sometimes using the same mechanism, sometimes a variant of it.
Statutory Audit InterfaceFindings affect prior-period financial statementsCoordination with the statutory auditor on any restatement, disclosure, or Section 143(12) reporting obligation the statutory auditor may independently owe once fraud indicators are identified.Statutory auditor unaware of confirmed fraud findings may issue an unqualified opinion inconsistent with known facts, creating exposure for the company and the auditor alike.
Frequently asked
What exactly is a forensic audit, in plain terms?

It is a detailed financial investigation conducted when there is a specific suspicion of fraud, diversion of funds, or financial misconduct — designed to establish what actually happened, trace where the money actually went, quantify the loss, and produce findings and evidence that can support a Board decision, a legal case, an insurance claim, or a regulatory referral. It is fundamentally different from a routine annual audit, which forms an opinion on financial statements based on reasonable assurance and test checks rather than investigating a specific allegation.

Practitioner noteThe single biggest misunderstanding we encounter: clients expect a forensic audit to work like a statutory audit, just 'more thorough'. It does not. It starts from a specific question — what happened to this money, or did this person do this — and works backward with an investigator's mindset, not an assurance provider's mindset.
How is a forensic audit different from a statutory audit?

A statutory audit under Section 143 of the Companies Act 2013 is a mandatory, annual, retrospective examination of financial statements, using test checks and sampling, to form an opinion on whether they present a true and fair view. A forensic audit is investigative, triggered by a specific red flag, and aims to establish facts with evidentiary rigour sufficient for litigation, arbitration, or regulatory action. A statutory auditor who encounters an indication of fraud during the routine audit has a separate obligation under Section 143(12) to report it — but that reporting duty is not itself a forensic investigation; it typically triggers one.

Practitioner noteWe are sometimes asked why the statutory auditor 'did not catch' a fraud that a later forensic audit uncovers. Statutory audit is a sampling-based, reasonable-assurance exercise across the entire financial statements — it is not designed to detect every instance of deliberate concealment, particularly collusive fraud designed specifically to evade normal controls and audit procedures.
Who typically commissions a forensic audit — and who can commission one?

A forensic audit can be commissioned by the company's Board or Audit Committee, promoters or majority shareholders, a lender or consortium of banks (often as part of RBI's fraud classification process), legal counsel on behalf of a client in a dispute, an Insolvency Resolution Professional under the Insolvency and Bankruptcy Code, or occasionally directed by a regulator, tribunal, or court. Anyone with a legitimate interest and the standing to authorise the investigation and grant access to records can commission one.

Practitioner noteWe always confirm the commissioning party has the actual authority to grant access to the records and individuals the investigation will need. A forensic audit commissioned by one director without Board authority, in a company where the suspected individual is another director with equal authority, is a scenario we scope very carefully before proceeding.
What is the ICAI Forensic Accounting and Investigation Standards (FAIS)?

FAIS are standards issued by the Institute of Chartered Accountants of India, through its Digital Accounting and Assurance Board, specifically to bring consistency and rigour to forensic accounting and investigation engagements undertaken by Chartered Accountants. They cover matters including engagement acceptance, evidence gathering, documentation, and reporting for forensic work — distinct from the Standards on Auditing that govern statutory audits. PNPC's forensic engagements are conducted with reference to these standards.

Practitioner noteAsk any firm proposing to conduct your forensic audit whether they work with reference to FAIS and what forensic-specific training or experience the engagement team has. Statutory audit experience alone does not automatically translate into investigative rigour — the skill sets, while related, are genuinely different.
How long does a forensic audit take?

It depends entirely on scope, transaction volume, number of entities involved, and whether digital forensics or cross-border tracing is required. A narrow investigation — one vendor, one employee, a clearly defined time period — can often be completed in 4–6 weeks. A multi-entity, multi-year, cross-border diversion investigation involving related parties in both India and the UAE can extend to several months. We provide a realistic timeline only after the initial confidential scoping consultation.

Practitioner noteBe wary of any firm that quotes a fixed timeline before understanding the scope. The honest answer at the first meeting is almost always 'we need to understand the transaction universe before we can commit to a timeline' — anything else is a guess dressed up as a quote.
What triggers a bank to commission a forensic audit on a borrower's account?

Under the Reserve Bank of India's Master Directions on Fraud Risk Management, banks are required to examine accounts showing early warning signals — diversion of funds, discrepancies between stock statements and physical stock, related-party transactions inconsistent with the stated purpose of the facility, or other red flags — and, where warranted, commission a forensic audit by a bank-empanelled forensic auditor before formally classifying the account as fraud. The forensic audit report is a key input into the bank's decision and its subsequent reporting to the RBI.

Practitioner noteIf your account is under a bank-commissioned forensic audit, the auditor is engaged by and reports to the bank — not to you. You are entitled to know the scope and to respond to findings, but you should engage your own independent advisor (which can include a separate forensic review) rather than relying solely on the bank's process to represent your position.
Can a forensic audit report be used as evidence in court?

A forensic audit report itself is an expert opinion, and the Chartered Accountant who prepares it can be called as an expert witness under the Indian Evidence Act framework (now the Bharatiya Sakshya Adhiniyam) to explain findings and be cross-examined. Whether the underlying documents and evidence referenced are independently admissible depends on how they were gathered, preserved, and authenticated — which is precisely why chain-of-custody discipline during the investigation matters so much. A report built on properly preserved, authenticated evidence carries far more weight than one built on unverified internal documents alone.

Practitioner noteWe work closely with legal counsel from the outset in any engagement where litigation is a realistic outcome — not just at the report-drafting stage. Evidentiary requirements are far easier to satisfy if they are designed into the investigation from Day 1 than retrofitted after fieldwork is complete.
What is the difference between fraud, error, and a genuine business dispute?

Fraud requires intent to deceive for gain — a deliberate act, not a mistake. An error is an unintentional misstatement — a wrong entry, a miscalculation, a genuine misunderstanding of an accounting treatment. A genuine business dispute — a disagreement over valuation, contract interpretation, or performance — may involve no wrongdoing at all. A forensic audit's job is precisely to establish which of these it actually is, based on evidence, rather than assume fraud from the outset. Not every forensic audit concludes that fraud occurred — some conclude the variance was error, or that the dispute has a legitimate commercial explanation.

Practitioner noteWe tell every client at the outset: we follow the evidence, not a predetermined conclusion. A forensic auditor who only ever finds fraud, regardless of the facts, is not conducting an independent investigation — and a report like that is far more vulnerable to challenge than one prepared to conclude 'no fraud established' where the evidence genuinely supports that.
What is the Serious Fraud Investigation Office (SFIO) and when does a matter go there?

SFIO is a multi-disciplinary investigation agency under the Ministry of Corporate Affairs, empowered under Sections 210 and 212 of the Companies Act 2013 to investigate corporate fraud on the direction of the Central Government — typically for cases of significant public interest, involving listed companies, or where the Registrar or other regulatory bodies refer the matter. SFIO investigation is a distinct and more serious escalation than an internal forensic audit; SFIO has statutory powers of arrest, search, and seizure that a privately commissioned forensic audit does not.

Practitioner noteA well-conducted forensic audit report, prepared with the evidentiary rigour we described earlier, is often the document that either supports or helps avoid an SFIO referral — a company that proactively investigates, quantifies, and remediates a fraud discovered internally is in a materially different position than one where regulators discover it independently.
How does forensic audit relate to the Insolvency and Bankruptcy Code (IBC)?

Under the IBC, 2016, once a Corporate Insolvency Resolution Process (CIRP) begins, the Resolution Professional is required to conduct a transaction audit examining the corporate debtor's transactions for preferential transactions (Section 43), undervalued transactions (Section 45), extortionate credit transactions (Section 50), and fraudulent or wrongful trading (Section 66) during the look-back period preceding the CIRP commencement. This transaction audit is fundamentally a forensic exercise — tracing fund flows and testing related-party dealings — often outsourced to a forensic audit firm supporting the Resolution Professional.

Practitioner noteWe support Resolution Professionals with IBC transaction audits regularly. The look-back periods and the specific tests under Sections 43, 45, 50, and 66 each differ — a transaction that is merely undervalued is analysed differently from one alleged to be fraudulent, and the burden and consequence differ significantly. This is specialised work distinct from a standalone corporate forensic audit.
What is 'round-tripping' and how does a forensic audit detect it?

Round-tripping refers to funds being moved out of a company — often disguised as a legitimate payment such as an advance, a consultancy fee, or an investment — and then returned to the company or its promoters through a different, disguised route, creating the appearance of fresh capital, revenue, or an unrelated transaction. Detecting it requires tracing fund flows across multiple bank accounts and entities, often including group companies and, in cross-border cases, foreign entities — precisely the transaction-tracing discipline a forensic audit applies, as distinct from the entity-by-entity, period-by-period lens of a statutory audit.

Practitioner noteRound-tripping is rarely visible from a single company's books alone — it requires tracing the same funds across multiple related entities' accounts. This is one of the clearest illustrations of why forensic audit scope frequently needs to extend beyond the entity under primary suspicion to its related parties.
We suspect an employee, not a vendor or director. Does the process differ?

The investigative discipline is the same — document review, transaction tracing, digital evidence, structured interviews — but the practical considerations differ. Employee-level investigations typically involve HR and labour law considerations (natural justice in any subsequent disciplinary action, notice and hearing requirements before termination for cause), and interview protocols must be carefully structured to avoid any suggestion of coercion, which could undermine both the disciplinary process and any subsequent legal action.

Practitioner noteWe coordinate closely with HR and, where engaged, employment counsel on employee-level investigations specifically because a procedurally flawed internal disciplinary process can undermine an otherwise well-evidenced forensic finding — the employee can successfully challenge the termination on procedural grounds even where the underlying fraud finding is sound.
What is the role of digital forensics in a forensic audit?

Where a scheme involves deleted accounting entries, altered system logs, suspicious email communications, or data on an individual's device, digital forensics recovers and analyses this electronic evidence under a documented chain of custody — imaging devices before any risk of alteration, extracting metadata that shows when documents were actually created or modified, and reconstructing deleted records where technically possible. PNPC coordinates with specialist digital forensics providers as part of the forensic audit engagement where the scope requires it.

Practitioner noteDigital evidence is powerful specifically because metadata is hard to fabricate convincingly — a document that claims to have been created on one date but carries system metadata showing a much later creation date is often the single most persuasive piece of evidence in a fabrication case. But this only holds up if the imaging and preservation process itself is done correctly and early.
Does PNPC investigate suspected fraud within its own audit clients, or only third-party engagements?

Both, with an important distinction: where PNPC is already the statutory auditor of a company and a fraud indication arises during that audit, we have a specific reporting obligation under Section 143(12) of the Companies Act, and typically the forensic investigation itself is conducted by an independent team — either a separate PNPC forensic team operating under appropriate independence safeguards, or, where independence concerns warrant it, we advise the client to engage an entirely separate firm. Independence is not a formality in forensic work — a compromised or conflicted investigator's findings carry little weight.

Practitioner noteWe are direct with clients about this: if we are your statutory auditor and a serious fraud indication surfaces, we will tell you plainly whether we believe an independent forensic team — potentially outside PNPC — is the more defensible choice for that specific investigation. Protecting the credibility of the eventual report matters more to us than retaining every piece of client work.
What does a forensic audit typically cost?

Forensic audit fees are scope-driven and not comparable to a standard audit fee schedule — they depend on transaction volume, number of entities and individuals in scope, whether digital forensics is required, whether cross-border tracing is involved, and the evidentiary rigour required for the intended downstream use (internal Board decision versus litigation-ready report versus SFIO-referral-grade documentation). PNPC provides a fee estimate only after the initial confidential scoping consultation, once we understand what the investigation actually needs to cover.

Practitioner noteBe sceptical of any firm quoting a forensic audit fee before a scoping conversation — the range between a narrow, single-scheme investigation and a multi-entity, multi-year, cross-border investigation is enormous, and a credible firm will not guess.
Can a forensic audit be conducted covertly, without alerting the suspected individual?

Yes, and in most cases this is essential to the investigation's success. Evidence preservation — securing accounting system backups, restricting document access, and gathering third-party confirmations — is typically done before the suspected individual is aware an investigation is underway, precisely because early awareness creates a real risk of evidence being altered, deleted, or destroyed. We advise clients on this sequencing at the very first scoping conversation.

Practitioner noteThe single most damaging mistake we see clients make before engaging us: confronting the suspected individual, or discussing the suspicion openly in a meeting the individual attends, before evidence has been secured. Once that happens, evidence preservation becomes a race against time rather than a controlled first step.
What happens if the forensic audit finds no evidence of wrongdoing?

It happens, and it is a legitimate and useful outcome. A forensic audit that thoroughly investigates a red flag and concludes the variance was due to an accounting error, a genuine timing difference, or a legitimate business explanation gives the Board or commissioning party the confidence to close the matter without further action — and, where the allegation was made against an individual, it can be equally important in clearing that person's name with documented, credible evidence.

Practitioner noteWe have concluded engagements with no fraud finding more often than clients initially expect. An investigation that only ever confirms suspicions, never disconfirms them, should raise questions about its independence — the value of a forensic audit lies precisely in following the evidence wherever it leads.
How does forensic audit interact with fidelity/crime insurance claims?

Most fidelity guarantee or crime insurance policies require the insured to notify the insurer promptly on discovery of a loss and to provide documented proof of the loss amount and circumstances as a condition of the claim. A forensic audit report — with its transaction-level quantification and evidence trail — is typically the core document supporting such a claim. Insurers frequently engage their own forensic accountant to review or challenge the claimed quantum, so the rigour of the original investigation directly affects the claim's success.

Practitioner noteCheck your policy's notification timeline before commissioning the forensic audit — many fidelity policies have a strict notice period from discovery of loss, and a lengthy internal deliberation before engaging a forensic auditor can itself jeopardise the claim regardless of how strong the eventual evidence is.
Is a forensic audit relevant for a family-owned or closely-held business, or only large companies?

It is entirely relevant. In fact, closely-held and family businesses are frequently where forensic audits are most needed — controls are often informal, trust-based, and concentrated in a small number of individuals, which creates exactly the conditions where diversion or misappropriation can continue undetected for years. Disputes between family shareholders over alleged siphoning are among the more common forensic audit engagements we handle, distinct from institutional corporate fraud cases.

Practitioner noteFamily business disputes are often the most sensitive engagements we handle — the same people who are the suspected party and the commissioning party may be related by blood or marriage, and the investigation has to proceed with rigour while we remain acutely aware of the personal dimension involved.
What is the difference between a forensic audit and a special purpose audit?

A special purpose audit is a broader category — any audit engagement scoped for a specific, defined purpose outside the standard statutory audit, such as an audit for a specific stakeholder, a specific transaction, or a specific compliance requirement. A forensic audit is one particular type of special purpose engagement — specifically investigative, fraud-focused, and evidence-driven. Not every special purpose audit involves any suspicion of wrongdoing; a forensic audit, by definition, does.

Practitioner noteWe are occasionally asked to conduct a 'special audit' where, on scoping, it becomes clear the real requirement is a forensic investigation — the vocabulary clients use and the actual engagement needed do not always match at first conversation, which is exactly why the initial scoping call matters.
Our lender has asked us to bear the cost of the forensic audit they are commissioning. Is this normal?

It is common practice for banks to require the borrower to bear the cost of a lender-commissioned forensic audit, particularly where it is triggered by irregularities in the borrower's own account. This is typically a condition specified in the loan agreement or communicated as part of the bank's process under RBI's fraud risk management framework. You should still understand the scope of that audit and consider whether an independent parallel review, engaged directly by you, is warranted to represent your interests.

Practitioner noteWe frequently advise borrowers in this exact situation — bearing the cost of the bank's forensic auditor while also engaging PNPC independently to review the same facts, so the borrower has an informed, independent view before responding to the bank's findings rather than relying solely on a report commissioned by the counterparty.
How does PNPC maintain confidentiality during a forensic engagement?

Every forensic engagement begins with signed non-disclosure undertakings from all PNPC team members involved, a defined and limited circle of individuals at the client who are briefed on the investigation's existence, secure and access-controlled document handling, and communication protocols that avoid discussing the investigation over channels that could be intercepted or discovered by the subject. Given that many engagements depend on the subject remaining unaware until evidence is secured, confidentiality discipline is treated as a core deliverable, not an afterthought.

Practitioner noteWe have, on occasion, declined to communicate findings over a client's regular email system where we had reason to believe the suspected individual had access to that system or its backups — using alternative, controlled channels instead. This level of operational discipline is standard practice for us, not an exceptional precaution.
Can a forensic audit be conducted across both an Indian company and its related UAE entity?

Yes. PNPC operates from Chennai, Bangalore, Hyderabad, and Dubai, which allows a single engagement team to trace fund flows and examine records across an Indian entity and a related UAE entity without the loss of context that occurs when two separate, unconnected firms handle each jurisdiction independently. Cross-border investigations also require awareness of FEMA reporting obligations on the India side and UAE regulatory and banking-secrecy considerations on the other, which our combined presence is structured to handle coherently.

Practitioner noteCross-border diversion cases — where funds are moved from an Indian entity to a related UAE entity through inflated invoicing or disguised service fees — are exactly the scenario where a firm without presence in both jurisdictions loses the thread. We have handled a number of these matters precisely because we can follow the money across the border within one engagement team.
What is the difference between fraud detection and fraud prevention — does PNPC do both?

A forensic audit is fundamentally a detection and investigation exercise — it examines what has already happened. Fraud prevention is a forward-looking discipline — designing and strengthening internal controls, segregation of duties, approval workflows, and internal audit coverage to reduce the likelihood of fraud occurring or going undetected in future. PNPC provides both: the forensic investigation itself, and — as a distinct, follow-on engagement — control redesign and internal audit strengthening informed directly by what the forensic audit revealed about how the specific scheme was possible.

Practitioner noteThe most valuable outcome of a forensic audit, in our experience, is rarely the recovery of the specific amount investigated — it is the control redesign that follows, which prevents the next, larger instance of the same scheme. We push every client toward this follow-on step; a forensic report that only documents the past without fixing the control gap is an incomplete engagement.
What is PMLA and when does it become relevant to a forensic audit?

The Prevention of Money Laundering Act, 2002 (PMLA) criminalises dealing with 'proceeds of crime' derived from specified 'predicate offences' — which include several offences under the Companies Act, the Indian Penal Code/Bharatiya Nyaya Sanhita, and other statutes. Where a forensic audit uncovers fund diversion or fraud that constitutes a predicate offence under PMLA's schedule, the matter can attract the attention of the Enforcement Directorate (ED), independent of any parallel Companies Act or criminal proceedings. This is a specialised area, and PNPC works alongside legal counsel where PMLA exposure is identified during an investigation.

Practitioner noteWe flag potential PMLA exposure to legal counsel the moment it becomes apparent during an investigation — this is not an area where a Chartered Accountant should advise alone; it requires coordinated legal input given the ED's independent and wide-ranging powers under the Act.
How do you handle a situation where the suspected individual is a director or promoter with control over records?

This is among the more delicate scenarios in forensic practice. We prioritise independent, third-party sources of evidence — bank confirmations obtained directly, GST portal data, vendor confirmations sent independently — precisely because records held or controlled by the suspected individual may not be reliable or complete. Where the individual also controls IT system access, evidence preservation steps (backups, access log capture) need to happen before the individual is aware of the investigation, often requiring the Board or an independent director to authorise access outside the suspected individual's control.

Practitioner noteThese are the engagements where the initial evidence-preservation sequencing we described earlier matters most. If a director-level suspect learns of the investigation before records are secured, the evidentiary trail can be significantly compromised — sometimes irreversibly.
Does a forensic audit finding automatically mean criminal or civil action will follow?

No. The forensic audit produces findings and evidence; what the commissioning party does with those findings is a separate decision, usually made in consultation with legal counsel. Options range from no further action (where findings do not support the original suspicion), to internal disciplinary action, to civil recovery proceedings, to a criminal complaint, to a regulatory referral (SFIO, RBI, ED) — and the choice depends on the strength of evidence, the amounts involved, the relationship considerations (particularly in family businesses), and the client's objectives.

Practitioner noteWe deliberately keep our role focused on establishing facts and quantifying loss with defensible evidence — the decision on what action to take belongs to the client and their legal counsel. We provide the evidentiary foundation for that decision; we do not make it for them.
What qualifications should the team conducting our forensic audit have?

Look for Chartered Accountants with specific forensic accounting and investigation experience — not general audit experience alone — ideally with exposure to ICAI's FAIS framework, experience working alongside legal counsel on evidentiary matters, and access to digital forensics specialists where the engagement may require them. Ask specifically how many forensic investigations the proposed team has led (as distinct from statutory audits), and whether any of that work has been tested in litigation, arbitration, or a regulatory referral.

Practitioner noteWe are candid with prospective clients about our forensic team's specific experience and the types of matters we have handled — cross-border diversion, IBC transaction audits, bank-mandated investigations, and family business disputes. If a firm cannot speak specifically to forensic engagement experience beyond routine statutory audit work, that is a fair question to press on before engaging them.
Why should we engage PNPC rather than a large forensic-only specialist firm?

Large forensic-only firms bring scale for very large, complex investigations, but they typically have no ongoing relationship with your business before or after the engagement, and their fee structures reflect that scale. PNPC brings four decades of practising CA experience across India and the UAE, a genuine India-UAE cross-border capability from our own offices rather than a correspondent-firm arrangement, and — where you are already or become a PNPC client for statutory audit, tax, or compliance — continuity of context that a one-time specialist engagement cannot replicate. For most mid-market and closely-held business investigations, this combination delivers the evidentiary rigour required without the overhead of a large forensic-only mandate.

Practitioner noteFor very large, multi-jurisdictional, high-value investigations — particularly those likely to involve international asset tracing beyond India and the UAE — we are candid that a large global forensic specialist may be the more appropriate lead, and we can support as the India-UAE team within that structure. We scope this honestly rather than overreaching on engagements that need a different scale of resource.
What is the difference between a forensic audit and due diligence conducted before an acquisition?

Due diligence is a forward-looking risk and value assessment conducted before a transaction — evaluating the target's financial position, contingent liabilities, and business risk to inform pricing and deal structure, generally without any presumption of wrongdoing. A forensic audit is retrospective and investigative, triggered by an actual suspicion of fraud or misconduct, and aimed at establishing what happened with evidentiary rigour. That said, if due diligence uncovers a red flag — an unexplained related-party transaction, inconsistent financial records, or a pattern suggesting manipulation — it can and often does escalate into a forensic audit before the transaction proceeds.

Practitioner noteWe have converted a standard buy-side due diligence engagement into a forensic review mid-way more than once, when the numbers did not reconcile the way management's narrative suggested they should. Clients are usually glad we flagged it before signing, not after.
How does PNPC ensure the forensic audit report withstands challenge from the other side's experts?

By anchoring every finding to independently verifiable evidence rather than internal company records alone, documenting the methodology used for sampling and tracing so it can be explained and defended, distinguishing clearly between what is proven, what is probable, and what remains unresolved, and having the engagement team available to depose or testify on the findings if the matter proceeds to litigation or arbitration. A report that overstates its certainty, or that cannot explain its own methodology under questioning, is the single most common weakness opposing experts exploit.

Practitioner noteWe deliberately avoid overstating conclusions. A report that says 'the evidence establishes X with high confidence, and Y remains unresolved pending further information' is more credible — and more useful to a Board or a court — than one that claims certainty it cannot actually support.
Can PNPC act as a court-appointed or tribunal-appointed forensic expert?

Yes. Where a court, the National Company Law Tribunal, or an arbitral tribunal requires an independent forensic accounting expert — whether appointed jointly by consent of the parties or directly by the tribunal — PNPC's forensic team can act in that capacity, applying the same evidentiary discipline as in a privately commissioned engagement, but with the added independence obligations that a court-appointed expert role carries.

Practitioner noteA court- or tribunal-appointed role carries a different duty than a party-commissioned engagement — the primary obligation runs to the court or tribunal, not to whichever party proposed the appointment. We are explicit about this distinction with all parties before accepting such an appointment.
Why PNPC Global
FeatureGeneric Audit FirmLarge Forensic-Only SpecialistPNPC Global
Forensic-specific expertiseLimited — statutory audit skills applied to a fraud scenarioDeep, but engagement is transactional and one-timeDedicated forensic capability built on four decades of practising CA experience
Evidence discipline (chain of custody, admissibility)Often informal — not designed for litigation useStrong, but at premium cost regardless of matter sizeLitigation-grade discipline scaled appropriately to the matter's actual size and stakes
Cross-border India-UAE capabilityTypically none, or via an unconnected correspondent firmMay have global reach but loses India-UAE-specific contextOwn offices in Chennai, Bangalore, Hyderabad, and Dubai — one team, both jurisdictions
Confidentiality & evidence preservation from Day 1Frequently an afterthought, addressed after fieldwork beginsGenerally strong, standard practiceBuilt into the initial scoping consultation before any document changes hands
Root cause & control remediation follow-throughRarely offered as a distinct next stepOften out of scope — investigation-only mandateExplicit follow-on engagement to redesign the control that allowed the scheme
Ongoing relationship post-investigationNone — one-time engagementNone — one-time engagement, high cost to re-engageContinuity as your statutory audit, tax, and compliance advisor where relevant, with independence safeguards
Cost proportionality for mid-market/family businessesMay underinvest in rigour to keep cost lowCost structure built for very large corporate mandatesScoped and priced to the actual size and stakes of your matter
Direct access to the investigating CAVaries by firm sizeOften layered through case managers and juniorsDirect access to your engagement CA — not a support queue

What the PNPC package includes

  1. 01

    Confidential initial scoping consultation under signed non-disclosure — before any document changes hands

  2. 02

    Written scope definition and engagement letter tailored to the specific allegation, transactions, and individuals in scope

  3. 03

    Evidence preservation guidance from Day 1 — accounting system backups, access restriction, litigation-hold advice for email and digital records

  4. 04

    Transaction tracing and fund-flow analysis, built as a documented, source-referenced schedule

  5. 05

    Document authentication through independent third-party confirmation — vendor confirmations, GST portal cross-checks, bank confirmations

  6. 06

    Coordination with digital forensics specialists where deleted records, altered logs, or email evidence are implicated

  7. 07

    Structured, evidence-preserving interview protocol where interviews are within scope

  8. 08

    Transaction-level loss and misstatement quantification with confidence-level classification, not a single estimated figure

  9. 09

    Root cause and control-failure analysis distinguishing what happened from why it was possible

  10. 10

    Report structured for its intended downstream use — Board decision, bank fraud classification, arbitration, or regulatory referral

  11. 11

    Post-report support — SFIO/EOW/police referral preparation, insurance claim documentation, and control redesign

  12. 12

    Cross-border India-UAE tracing capability from PNPC's own Chennai, Bangalore, Hyderabad, and Dubai offices

When you suspect something is wrong, the first conversation should be confidential, unhurried, and with a Chartered Accountant who has actually led forensic investigations — not a sales call. Speak directly with a PNPC forensic engagement CA before you alert anyone else, before any document is moved, and before a routine concern becomes an unrecoverable loss.

← Back to Audit & Assurance
Talk to a CA