Audit & Assurance · Specialised Audit & Certification
Forensic Audit & Investigation Assignments
A forensic audit is called when the numbers do not add up and someone needs to prove exactly why — with evidence that survives cross-examination, not just a management letter that gets filed away.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
A forensic audit is called when the numbers do not add up and someone needs to prove exactly why — with evidence that survives cross-examination, not just a management letter that gets filed away. PNPC Global has conducted forensic audits and fraud investigations for promoters, boards, lenders, and legal counsel across India and the UAE since 1986. We trace the money, document the trail, and produce findings that hold up in a Board meeting, an arbitration, a bank's fraud classification process, or a courtroom — because a forensic audit that cannot withstand scrutiny is not a forensic audit at all.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
A forensic audit is an investigative examination of a company's financial records, transactions, and underlying documentation, conducted with the specific objective of detecting, proving, and quantifying fraud, financial irregularity, or misconduct — in a manner that produces evidence usable in legal proceedings, arbitration, disciplinary action, or regulatory referral. Unlike a statutory audit, which forms an opinion on whether financial statements present a true and fair view based on test checks and reasonable assurance, a forensic audit works backward from a specific suspicion or allegation — a whistle-blower complaint, an unexplained stock shortage, a lender's discovery of diversion of funds, a shareholder dispute, or a regulator's directive — and applies investigative techniques designed to establish what happened, how, by whom, and with what financial impact.
Forensic audits in India are not governed by a single dedicated statute the way statutory audits are governed by Section 143 of the Companies Act 2013. Instead, the discipline draws on the Institute of Chartered Accountants of India's Forensic Accounting and Investigation Standards (FAIS), issued by ICAI's Digital Accounting and Assurance Board, which set out the principles, evidence-gathering standards, and reporting expectations for forensic engagements undertaken by Chartered Accountants in India. Where the findings feed into a bank fraud classification, the engagement is shaped by the Reserve Bank of India's Master Directions on Fraud Risk Management, which require banks to refer accounts showing fraud indicators to forensic auditors empanelled with the bank before formally classifying an account as fraud. Where the matter involves related-party diversion, round-tripping, or misstatement material enough to attract regulatory attention, findings may also be referred to the Serious Fraud Investigation Office (SFIO) under Sections 210 and 212 of the Companies Act 2013, or examined by the Institute's own Financial Reporting Review Board.
A forensic audit typically combines several disciplines: transaction tracing (following the movement of funds through bank statements, ledgers, and related-party accounts to establish where money actually went, as against where it was recorded as going); document examination (testing the authenticity of invoices, purchase orders, agreements, and board resolutions against independent evidence — vendor confirmations, GST filings, courier records, email metadata); digital forensics (recovering and analysing deleted files, email communications, accounting-system audit trails, and access logs where IT systems are implicated); and interviews conducted under a structured, evidence-preserving protocol so that statements can be relied upon later without being challenged as coerced or leading. The output is not an audit opinion in the Standards on Auditing sense — it is an investigation report that states findings, the evidence supporting each finding, the quantum of loss or misstatement established, and — where instructed — an opinion on the mechanism by which the fraud was perpetrated and the control failure that allowed it.
Because forensic audit findings routinely end up before a Board, an NCLT bench, an arbitrator, a bank's fraud identification committee, or an economic-offences investigating agency, the standard of evidence, chain-of-custody discipline, and documentation rigour required is materially higher than in a routine assurance engagement. A forensic auditor must be prepared to depose on their findings, defend their methodology under cross-examination, and produce a working-paper trail that an opposing expert cannot dismantle. This is a specialised discipline distinct from — though it draws on the same underlying skills as — statutory, internal, and tax audit, and it is typically commissioned only when a specific trigger exists, not as a routine annual exercise.
When a forensic audit is the right engagement
A whistle-blower complaint, anonymous tip, or internal audit finding has surfaced a specific, credible allegation of fraud, diversion of funds, or financial misstatement that needs independent, evidence-based investigation before the Board or Audit Committee decides on action
A lender or consortium of banks has flagged irregularities in an account — diversion of funds, fund round-tripping, discrepancy between stock statements and physical stock, or related-party transactions inconsistent with the stated end-use of borrowed funds — and requires a forensic audit report before classifying the account as fraud under RBI's Master Directions
A shareholder or promoter dispute involves allegations that funds were siphoned, related-party transactions were used to extract value, or financial statements were manipulated to understate profits or misstate the value of a stake being bought out or sold
A company has discovered a stock shortage, cash shortage, or unexplained variance during a physical verification or statutory audit that the routine audit process cannot adequately explain and that management or the Board believes may involve deliberate concealment
Legal counsel needs an independent expert financial investigation and quantification of loss to support litigation, arbitration, an insurance claim (fidelity/crime insurance), or a criminal complaint under the Bharatiya Nyaya Sanhita or Prevention of Corruption Act
A regulator, the National Company Law Tribunal, or an Insolvency Resolution Professional under the Insolvency and Bankruptcy Code 2016 requires a transaction audit to identify preferential, undervalued, fraudulent, or extortionate transactions under Sections 43, 45, 50, and 66 of the IBC ahead of or during a corporate insolvency resolution process
An employee, vendor, or management-level individual is suspected of a specific fraud scheme — bribery/kickbacks, bid rigging, ghost vendors, payroll fraud, expense-report fraud, or inventory theft — and the organisation needs the scheme documented with evidence sufficient to support termination, recovery, or criminal referral
A company operating in India and the UAE suspects cross-border diversion — funds moved out through inflated invoicing, round-tripped through related entities, or misrepresented in FEMA/RBI filings — requiring an investigation team with visibility into both jurisdictions
When a forensic audit is not the right engagement
Routine year-end financial statement assurance — that is the statutory audit under Section 143 of the Companies Act; a forensic audit is not a substitute for, and does not replace, the mandatory annual statutory audit
A general sense that 'something feels off' without any specific, articulable red flag, transaction, or allegation — an operational or internal audit review, or a targeted management review, is usually the more proportionate first step; forensic audit is investigative and evidence-intensive, and works best against a defined scope
Ongoing, periodic assurance over a function or process with no suspected wrongdoing — that is the role of internal audit under Section 138 or a routine operational/process audit, conducted at planned intervals, not the trigger-based, one-time nature of a forensic engagement
Simple accounting errors, reconciliation differences, or bookkeeping backlogs with no indication of intent to deceive — these are addressed through an accounting clean-up and reconciliation exercise, which is materially less expensive and faster than a forensic investigation
Tax positions under genuine, good-faith dispute with the tax department where there is no allegation of fraud or fabricated documentation — that is tax litigation and representation, not a forensic audit engagement
Situations requiring only a valuation opinion, without any element of suspected irregularity — that is a standalone valuation engagement under Rule 11UA of the Income-tax Rules or the applicable valuation standard, not a forensic investigation
Forensic Audit vs other audit and assurance engagements
| Feature | Forensic Audit | Statutory Audit | Internal Audit (Sec 138) | Operational/Process Audit | Due Diligence |
|---|---|---|---|---|---|
| Primary objective | Investigate and prove suspected fraud/irregularity with evidence | Opinion on true and fair view of financial statements | Systematic risk-based review of controls | Efficiency & SOP adherence review of a function | Assess risk and value before a transaction |
| Trigger | Specific allegation, red flag, or regulatory/lender directive | Statutory obligation, every financial year | Turnover/borrowing/deposit/capital threshold crossed | Growth, process risk, or management request | Proposed M&A, investment, or funding round |
| Governing framework | ICAI Forensic Accounting & Investigation Standards (FAIS); RBI fraud risk management directions where applicable | Standards on Auditing (SA) under Companies Act Sec 143 | ICAI Standards on Internal Audit (SIA) | ICAI Standards on Internal Audit (SIA) | No single mandatory standard; scope-driven |
| Evidence standard | Litigation/regulatory-grade — chain of custody, admissibility | Reasonable assurance — test-check based | Reasonable assurance — risk-based sampling | Management-assurance level, not litigation-grade | Commercial risk assessment, not evidentiary |
| Typical output | Investigation report — findings, evidence, quantum, root cause | Auditor's Report under Sec 143 + CARO 2020 | Internal audit report to Audit Committee | Operational audit report with recommendations | Due diligence report with risk flags and pricing impact |
| Reports to | Board / Audit Committee / lender / legal counsel / tribunal | Shareholders (via AGM) and RoC | Audit Committee / Board | Management / Audit Committee | Acquirer, investor, or lender commissioning the review |
| Frequency | One-time, triggered by an event | Annual, mandatory | Annual, per Board-approved plan | Periodic — monthly, quarterly, or annual per plan | One-time, ahead of a specific transaction |
| May be referred to authorities | Yes — SFIO, EOW, CBI, PMLA authorities, RBI, as applicable | No — unless fraud is detected and reported under Sec 143(12) | No — internal Board/Audit Committee record | No — internal management document | No — internal to the transacting parties |
These engagements are not interchangeable. A statutory auditor who detects an indication of fraud during a routine audit has a separate, specific reporting obligation to the Central Government under Section 143(12) of the Companies Act — that duty does not itself constitute a forensic audit, and typically triggers a forensic audit as the next step to investigate and quantify what the statutory auditor's test checks only flagged. PNPC scopes the appropriate engagement — and sequencing between them — during the initial consultation.
| # | Stage & What PNPC Does | CA Advice Portals Never Give | Timeline |
|---|---|---|---|
| 1 | Initial Confidential Consultation — Understanding the trigger before anything is documented | We first understand who raised the concern, what specifically was observed, who currently knows about it, and what decision the engagement needs to support — a Board resolution, a bank's fraud classification file, a legal notice, an insurance claim, or a police complaint. This shapes the entire engagement: the evidentiary standard, the confidentiality protocol, and who on our side is briefed. This conversation happens under a signed non-disclosure agreement before any document changes hands. | Week 1 |
| 2 | Engagement Letter & Scope Definition — What is, and is not, in scope | A vague mandate to 'investigate everything' produces an unfocused, expensive, and legally weaker report. We define the specific transactions, time period, individuals, and entities within scope in writing, agreed with the Board or the party commissioning the engagement — and explicitly note what is excluded, so the final report cannot later be criticised for scope creep or selective coverage. | Week 1 |
| 3 | Evidence Preservation Protocol — Securing records before they can be altered or destroyed | Before fieldwork begins, we advise on securing accounting system access logs, backing up email servers and accounting data, restricting document destruction under the organisation's document retention policy, and — where warranted — engaging a digital forensics specialist to image relevant devices. Evidence integrity established late in an investigation is evidence that can be challenged; we address this on Day 1, not after fieldwork starts. | Week 1–2 |
| 4 | Document & Transaction Universe Mapping | We map every ledger, bank account, related-party entity, and vendor/customer master relevant to the scoped allegation — not a sample, a universe. From this universe we identify the transaction population that requires detailed tracing versus the population that can be tested on a risk basis. This distinction matters later: a finding built on a properly defined population survives scrutiny; one built on an arbitrary sample does not. | Week 2–3 |
| 5 | Transaction Tracing & Fund Flow Analysis | We trace the actual movement of money — bank statement to bank statement, ledger to ledger, related-party to related-party — reconstructing where funds genuinely went, independent of how they were recorded in the books. This is where diversion, round-tripping, and layering typically surface: the accounting entry says one thing; the bank trail says another. We build this as a documented, source-referenced fund-flow schedule, not a narrative summary. | Week 3–6, depending on transaction volume |
| 6 | Document Authentication & Third-Party Verification | Invoices, purchase orders, agreements, and confirmations are tested against independent sources — vendor confirmations sent directly (not through the suspected individual), GST portal filings, courier and delivery records, bank confirmations, and, where relevant, forensic document examination for signs of backdating or alteration. A document that only exists in the company's own files, uncorroborated, is treated as an allegation, not evidence. | Week 4–7 |
| 7 | Digital Forensics — Where IT systems, email, or deleted records are implicated | Where the scheme involves deleted accounting entries, altered system logs, or email communications, we engage or coordinate with digital forensic specialists to recover and analyse the relevant data under a documented chain of custody, so that recovered evidence remains usable if the matter proceeds to litigation, arbitration, or a criminal complaint. | Runs in parallel with document review, Week 3 onward |
| 8 | Structured Interviews — Evidence-preserving, not confrontational | Where interviews are within scope, they follow a structured protocol: prepared question sets built from the documentary evidence already gathered, a second team member present to record contemporaneous notes, and no leading or coercive questioning that could later be challenged as tainting the statement's reliability. Interviews are typically the last evidence-gathering step, conducted once the documentary and transactional picture is substantially built. | Week 6–8, where applicable |
| 9 | Quantification of Loss / Misstatement | Every finding is quantified — not described qualitatively. We build a loss/misstatement schedule that ties each rupee amount to specific transactions and evidence, distinguishing between amounts that are proven with high confidence, amounts that are probable but rely on inference, and amounts flagged for further investigation. Courts, arbitrators, and insurers expect this level of granularity — a single lump-sum 'estimated loss' figure invites challenge. | Week 7–9 |
| 10 | Root Cause & Control Failure Analysis | Beyond what happened, we document why it was possible — which control was absent, overridden, or circumvented, and by whom. This is what the Board, the Audit Committee, and (where relevant) the statutory auditor need to assess whether the control environment itself requires remediation, separate from any action against the individual(s) involved. | Week 8–9 |
| 11 | Draft Report Review with Legal Counsel | Before finalisation, we review the draft findings with the client's legal counsel — where engaged — to ensure the report's language, evidentiary basis, and conclusions are fit for the intended downstream use, whether that is a Board decision, a bank fraud classification submission, an arbitration filing, or a criminal complaint. We do not alter findings to suit a desired outcome; we ensure the report is presented in a form that withstands the scrutiny of its intended audience. | Week 9–10 |
| 12 | Final Report Delivery & Presentation | The final forensic audit report is delivered with a structured executive summary, a detailed findings section referencing every piece of supporting evidence, the quantification schedule, and root-cause/control-failure analysis. Where requested, PNPC presents findings directly to the Board, Audit Committee, or lender's fraud identification committee, and can be engaged for follow-on support including deposition preparation or expert testimony. | Week 10–12, typical for a mid-complexity engagement |
| 13 | Post-Report Support — Referral, recovery, and remediation | Where findings warrant it, we assist with preparing the SFIO/EOW/police referral, support the bank's Master Directions-based fraud classification process, advise on internal disciplinary or recovery action, and help redesign the specific controls that allowed the scheme to occur — so the investigation converts into a permanent fix, not just a report on the shelf. | As needed, following report delivery |
Timelines vary significantly with the complexity, transaction volume, number of entities involved, and whether digital forensics or cross-border tracing (India-UAE) is required. A narrow, single-scheme investigation (e.g., one vendor, one employee, a defined time period) can conclude in 4–6 weeks. A multi-entity, multi-year, cross-border diversion investigation can extend to several months. PNPC provides a scoped timeline and fee estimate only after the initial confidential consultation — a forensic audit cannot be meaningfully quoted before the scope is understood.
Board resolution or letter of authorisation from the party commissioning the investigation — promoter, Board, Audit Committee, lender, or legal counsel — establishing the mandate and scope
Signed engagement letter defining scope, time period, entities/individuals covered, confidentiality terms, and intended use of the report (internal, litigation, regulatory referral, insurance claim)
Non-disclosure and confidentiality undertakings from all individuals who will have access to the investigation, including internal staff supporting the engagement
Details of who has already been informed of the investigation and who must remain unaware during the evidence-gathering phase — critical for evidence preservation
General ledger and trial balance for the relevant period, with system-level access to the accounting software (not just exported reports) where possible
Bank statements for all operating, current, and related-party accounts for the scoped period, with online banking access or bank confirmation letters where feasible
Vendor and customer masters, including creation/modification history and the user IDs that made changes
Purchase orders, invoices, delivery challans, goods receipt notes, and payment vouchers for the transactions under review
Fixed asset register and physical verification records, where asset misappropriation is part of the scope
Payroll records and employee master data, where payroll or ghost-employee fraud is suspected
Petty cash books, expense reimbursement claims, and supporting bills, where expense fraud is part of the scope
Shareholding pattern, related-party register, and details of common directorships/ownership across group entities
Related-party transaction disclosures from prior financial statements and Board/Audit Committee approvals for such transactions
Group entity structure chart, including entities incorporated in the UAE or other jurisdictions where cross-border diversion is suspected
Minutes of Board and Audit Committee meetings for the relevant period, and any prior internal audit or statutory audit reports flagging related concerns
Accounting system audit trail/log reports showing who created, modified, or deleted entries, and when — most modern ERP and accounting systems retain this if not disabled
Access control list for the accounting system and financial approval workflows — who has authority to approve payments, create vendors, or override controls
Email server backup or litigation-hold instruction for relevant custodians' mailboxes, preserved before the investigation becomes known more widely within the organisation
Device inventory for individuals whose devices may need forensic imaging, and IT department contact for coordinating preservation
GST portal filings (GSTR-1, GSTR-2A/2B, GSTR-3B) for cross-verification of purchase and sales transactions against the counterparty's own filings
Bank confirmation letters and, where necessary, statements obtained directly from the bank rather than relying solely on company-provided copies
Vendor and customer balance confirmations sent independently by the investigating CA firm, not routed through the individual under suspicion
Registrar of Companies (MCA21) filings for related and counterparty entities — directorship overlaps, registered addresses, filing history
The original whistle-blower complaint, anonymous tip, or internal audit finding that triggered the investigation, in its original form
Any prior internal investigation notes, HR disciplinary records, or exit interview notes relevant to the individuals in scope
Insurance policy documents, where a fidelity/crime insurance claim is contemplated, including notice-of-loss timelines that may be time-sensitive
Existing legal correspondence, notices, or pleadings if litigation or arbitration is already underway or contemplated
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| Red Flag Identification | Whistle-blower complaint, audit finding, lender query, or unexplained variance | Confidential preliminary assessment to determine if the red flag warrants a full forensic engagement or a lighter-touch management review. Early advice on evidence preservation — before anyone alerts the suspected individual(s). | Evidence altered or destroyed once the subject becomes aware. Delay allows the scheme to continue and the eventual loss to grow. |
| Scoping & Engagement | Decision to formally investigate | Written scope, engagement letter, confidentiality protocol, and identification of who within the organisation needs to know versus who must not, during the investigation. | Undefined scope leads to an unfocused, expensive investigation whose findings are later challenged as selective or incomplete. |
| Evidence Gathering | Engagement commencement | Transaction tracing, document authentication, digital forensics coordination, and structured interviews — each following an evidentiary discipline that anticipates challenge. | Evidence gathered without chain-of-custody discipline can be excluded or discredited in litigation, arbitration, or a bank's fraud classification process. |
| Quantification & Reporting | Fieldwork substantially complete | Loss/misstatement quantified transaction-by-transaction with confidence levels, root-cause and control-failure analysis, and a report structured for its intended downstream use. | A vague, unquantified, or narrative-only report carries little weight before a Board, arbitrator, insurer, or investigating agency. |
| Regulatory/Legal Referral | Findings warrant escalation | Support in preparing the SFIO referral under Sections 210/212 of the Companies Act, EOW/police complaint, RBI fraud classification submission under the Master Directions on Fraud Risk Management, or PMLA-related reporting where proceeds of crime are implicated. | Delayed or improperly documented referral can prejudice the ability to pursue criminal or regulatory action, and in bank fraud cases can affect the lender's own regulatory compliance timelines. |
| Recovery & Remediation | Post-investigation | Advice on civil recovery action, insurance claim support under fidelity/crime cover, disciplinary action documentation, and — critically — redesign of the specific control that failed, so the same scheme cannot recur. | A forensic audit that ends at the report, without control remediation, frequently precedes a repeat incident — sometimes using the same mechanism, sometimes a variant of it. |
| Statutory Audit Interface | Findings affect prior-period financial statements | Coordination with the statutory auditor on any restatement, disclosure, or Section 143(12) reporting obligation the statutory auditor may independently owe once fraud indicators are identified. | Statutory auditor unaware of confirmed fraud findings may issue an unqualified opinion inconsistent with known facts, creating exposure for the company and the auditor alike. |
What exactly is a forensic audit, in plain terms?
It is a detailed financial investigation conducted when there is a specific suspicion of fraud, diversion of funds, or financial misconduct — designed to establish what actually happened, trace where the money actually went, quantify the loss, and produce findings and evidence that can support a Board decision, a legal case, an insurance claim, or a regulatory referral. It is fundamentally different from a routine annual audit, which forms an opinion on financial statements based on reasonable assurance and test checks rather than investigating a specific allegation.
How is a forensic audit different from a statutory audit?
A statutory audit under Section 143 of the Companies Act 2013 is a mandatory, annual, retrospective examination of financial statements, using test checks and sampling, to form an opinion on whether they present a true and fair view. A forensic audit is investigative, triggered by a specific red flag, and aims to establish facts with evidentiary rigour sufficient for litigation, arbitration, or regulatory action. A statutory auditor who encounters an indication of fraud during the routine audit has a separate obligation under Section 143(12) to report it — but that reporting duty is not itself a forensic investigation; it typically triggers one.
Who typically commissions a forensic audit — and who can commission one?
A forensic audit can be commissioned by the company's Board or Audit Committee, promoters or majority shareholders, a lender or consortium of banks (often as part of RBI's fraud classification process), legal counsel on behalf of a client in a dispute, an Insolvency Resolution Professional under the Insolvency and Bankruptcy Code, or occasionally directed by a regulator, tribunal, or court. Anyone with a legitimate interest and the standing to authorise the investigation and grant access to records can commission one.
What is the ICAI Forensic Accounting and Investigation Standards (FAIS)?
FAIS are standards issued by the Institute of Chartered Accountants of India, through its Digital Accounting and Assurance Board, specifically to bring consistency and rigour to forensic accounting and investigation engagements undertaken by Chartered Accountants. They cover matters including engagement acceptance, evidence gathering, documentation, and reporting for forensic work — distinct from the Standards on Auditing that govern statutory audits. PNPC's forensic engagements are conducted with reference to these standards.
How long does a forensic audit take?
It depends entirely on scope, transaction volume, number of entities involved, and whether digital forensics or cross-border tracing is required. A narrow investigation — one vendor, one employee, a clearly defined time period — can often be completed in 4–6 weeks. A multi-entity, multi-year, cross-border diversion investigation involving related parties in both India and the UAE can extend to several months. We provide a realistic timeline only after the initial confidential scoping consultation.
What triggers a bank to commission a forensic audit on a borrower's account?
Under the Reserve Bank of India's Master Directions on Fraud Risk Management, banks are required to examine accounts showing early warning signals — diversion of funds, discrepancies between stock statements and physical stock, related-party transactions inconsistent with the stated purpose of the facility, or other red flags — and, where warranted, commission a forensic audit by a bank-empanelled forensic auditor before formally classifying the account as fraud. The forensic audit report is a key input into the bank's decision and its subsequent reporting to the RBI.
Can a forensic audit report be used as evidence in court?
A forensic audit report itself is an expert opinion, and the Chartered Accountant who prepares it can be called as an expert witness under the Indian Evidence Act framework (now the Bharatiya Sakshya Adhiniyam) to explain findings and be cross-examined. Whether the underlying documents and evidence referenced are independently admissible depends on how they were gathered, preserved, and authenticated — which is precisely why chain-of-custody discipline during the investigation matters so much. A report built on properly preserved, authenticated evidence carries far more weight than one built on unverified internal documents alone.
What is the difference between fraud, error, and a genuine business dispute?
Fraud requires intent to deceive for gain — a deliberate act, not a mistake. An error is an unintentional misstatement — a wrong entry, a miscalculation, a genuine misunderstanding of an accounting treatment. A genuine business dispute — a disagreement over valuation, contract interpretation, or performance — may involve no wrongdoing at all. A forensic audit's job is precisely to establish which of these it actually is, based on evidence, rather than assume fraud from the outset. Not every forensic audit concludes that fraud occurred — some conclude the variance was error, or that the dispute has a legitimate commercial explanation.
What is the Serious Fraud Investigation Office (SFIO) and when does a matter go there?
SFIO is a multi-disciplinary investigation agency under the Ministry of Corporate Affairs, empowered under Sections 210 and 212 of the Companies Act 2013 to investigate corporate fraud on the direction of the Central Government — typically for cases of significant public interest, involving listed companies, or where the Registrar or other regulatory bodies refer the matter. SFIO investigation is a distinct and more serious escalation than an internal forensic audit; SFIO has statutory powers of arrest, search, and seizure that a privately commissioned forensic audit does not.
How does forensic audit relate to the Insolvency and Bankruptcy Code (IBC)?
Under the IBC, 2016, once a Corporate Insolvency Resolution Process (CIRP) begins, the Resolution Professional is required to conduct a transaction audit examining the corporate debtor's transactions for preferential transactions (Section 43), undervalued transactions (Section 45), extortionate credit transactions (Section 50), and fraudulent or wrongful trading (Section 66) during the look-back period preceding the CIRP commencement. This transaction audit is fundamentally a forensic exercise — tracing fund flows and testing related-party dealings — often outsourced to a forensic audit firm supporting the Resolution Professional.
What is 'round-tripping' and how does a forensic audit detect it?
Round-tripping refers to funds being moved out of a company — often disguised as a legitimate payment such as an advance, a consultancy fee, or an investment — and then returned to the company or its promoters through a different, disguised route, creating the appearance of fresh capital, revenue, or an unrelated transaction. Detecting it requires tracing fund flows across multiple bank accounts and entities, often including group companies and, in cross-border cases, foreign entities — precisely the transaction-tracing discipline a forensic audit applies, as distinct from the entity-by-entity, period-by-period lens of a statutory audit.
We suspect an employee, not a vendor or director. Does the process differ?
The investigative discipline is the same — document review, transaction tracing, digital evidence, structured interviews — but the practical considerations differ. Employee-level investigations typically involve HR and labour law considerations (natural justice in any subsequent disciplinary action, notice and hearing requirements before termination for cause), and interview protocols must be carefully structured to avoid any suggestion of coercion, which could undermine both the disciplinary process and any subsequent legal action.
What is the role of digital forensics in a forensic audit?
Where a scheme involves deleted accounting entries, altered system logs, suspicious email communications, or data on an individual's device, digital forensics recovers and analyses this electronic evidence under a documented chain of custody — imaging devices before any risk of alteration, extracting metadata that shows when documents were actually created or modified, and reconstructing deleted records where technically possible. PNPC coordinates with specialist digital forensics providers as part of the forensic audit engagement where the scope requires it.
Does PNPC investigate suspected fraud within its own audit clients, or only third-party engagements?
Both, with an important distinction: where PNPC is already the statutory auditor of a company and a fraud indication arises during that audit, we have a specific reporting obligation under Section 143(12) of the Companies Act, and typically the forensic investigation itself is conducted by an independent team — either a separate PNPC forensic team operating under appropriate independence safeguards, or, where independence concerns warrant it, we advise the client to engage an entirely separate firm. Independence is not a formality in forensic work — a compromised or conflicted investigator's findings carry little weight.
What does a forensic audit typically cost?
Forensic audit fees are scope-driven and not comparable to a standard audit fee schedule — they depend on transaction volume, number of entities and individuals in scope, whether digital forensics is required, whether cross-border tracing is involved, and the evidentiary rigour required for the intended downstream use (internal Board decision versus litigation-ready report versus SFIO-referral-grade documentation). PNPC provides a fee estimate only after the initial confidential scoping consultation, once we understand what the investigation actually needs to cover.
Can a forensic audit be conducted covertly, without alerting the suspected individual?
Yes, and in most cases this is essential to the investigation's success. Evidence preservation — securing accounting system backups, restricting document access, and gathering third-party confirmations — is typically done before the suspected individual is aware an investigation is underway, precisely because early awareness creates a real risk of evidence being altered, deleted, or destroyed. We advise clients on this sequencing at the very first scoping conversation.
What happens if the forensic audit finds no evidence of wrongdoing?
It happens, and it is a legitimate and useful outcome. A forensic audit that thoroughly investigates a red flag and concludes the variance was due to an accounting error, a genuine timing difference, or a legitimate business explanation gives the Board or commissioning party the confidence to close the matter without further action — and, where the allegation was made against an individual, it can be equally important in clearing that person's name with documented, credible evidence.
How does forensic audit interact with fidelity/crime insurance claims?
Most fidelity guarantee or crime insurance policies require the insured to notify the insurer promptly on discovery of a loss and to provide documented proof of the loss amount and circumstances as a condition of the claim. A forensic audit report — with its transaction-level quantification and evidence trail — is typically the core document supporting such a claim. Insurers frequently engage their own forensic accountant to review or challenge the claimed quantum, so the rigour of the original investigation directly affects the claim's success.
Is a forensic audit relevant for a family-owned or closely-held business, or only large companies?
It is entirely relevant. In fact, closely-held and family businesses are frequently where forensic audits are most needed — controls are often informal, trust-based, and concentrated in a small number of individuals, which creates exactly the conditions where diversion or misappropriation can continue undetected for years. Disputes between family shareholders over alleged siphoning are among the more common forensic audit engagements we handle, distinct from institutional corporate fraud cases.
What is the difference between a forensic audit and a special purpose audit?
A special purpose audit is a broader category — any audit engagement scoped for a specific, defined purpose outside the standard statutory audit, such as an audit for a specific stakeholder, a specific transaction, or a specific compliance requirement. A forensic audit is one particular type of special purpose engagement — specifically investigative, fraud-focused, and evidence-driven. Not every special purpose audit involves any suspicion of wrongdoing; a forensic audit, by definition, does.
Our lender has asked us to bear the cost of the forensic audit they are commissioning. Is this normal?
It is common practice for banks to require the borrower to bear the cost of a lender-commissioned forensic audit, particularly where it is triggered by irregularities in the borrower's own account. This is typically a condition specified in the loan agreement or communicated as part of the bank's process under RBI's fraud risk management framework. You should still understand the scope of that audit and consider whether an independent parallel review, engaged directly by you, is warranted to represent your interests.
How does PNPC maintain confidentiality during a forensic engagement?
Every forensic engagement begins with signed non-disclosure undertakings from all PNPC team members involved, a defined and limited circle of individuals at the client who are briefed on the investigation's existence, secure and access-controlled document handling, and communication protocols that avoid discussing the investigation over channels that could be intercepted or discovered by the subject. Given that many engagements depend on the subject remaining unaware until evidence is secured, confidentiality discipline is treated as a core deliverable, not an afterthought.
Can a forensic audit be conducted across both an Indian company and its related UAE entity?
Yes. PNPC operates from Chennai, Bangalore, Hyderabad, and Dubai, which allows a single engagement team to trace fund flows and examine records across an Indian entity and a related UAE entity without the loss of context that occurs when two separate, unconnected firms handle each jurisdiction independently. Cross-border investigations also require awareness of FEMA reporting obligations on the India side and UAE regulatory and banking-secrecy considerations on the other, which our combined presence is structured to handle coherently.
What is the difference between fraud detection and fraud prevention — does PNPC do both?
A forensic audit is fundamentally a detection and investigation exercise — it examines what has already happened. Fraud prevention is a forward-looking discipline — designing and strengthening internal controls, segregation of duties, approval workflows, and internal audit coverage to reduce the likelihood of fraud occurring or going undetected in future. PNPC provides both: the forensic investigation itself, and — as a distinct, follow-on engagement — control redesign and internal audit strengthening informed directly by what the forensic audit revealed about how the specific scheme was possible.
What is PMLA and when does it become relevant to a forensic audit?
The Prevention of Money Laundering Act, 2002 (PMLA) criminalises dealing with 'proceeds of crime' derived from specified 'predicate offences' — which include several offences under the Companies Act, the Indian Penal Code/Bharatiya Nyaya Sanhita, and other statutes. Where a forensic audit uncovers fund diversion or fraud that constitutes a predicate offence under PMLA's schedule, the matter can attract the attention of the Enforcement Directorate (ED), independent of any parallel Companies Act or criminal proceedings. This is a specialised area, and PNPC works alongside legal counsel where PMLA exposure is identified during an investigation.
How do you handle a situation where the suspected individual is a director or promoter with control over records?
This is among the more delicate scenarios in forensic practice. We prioritise independent, third-party sources of evidence — bank confirmations obtained directly, GST portal data, vendor confirmations sent independently — precisely because records held or controlled by the suspected individual may not be reliable or complete. Where the individual also controls IT system access, evidence preservation steps (backups, access log capture) need to happen before the individual is aware of the investigation, often requiring the Board or an independent director to authorise access outside the suspected individual's control.
Does a forensic audit finding automatically mean criminal or civil action will follow?
No. The forensic audit produces findings and evidence; what the commissioning party does with those findings is a separate decision, usually made in consultation with legal counsel. Options range from no further action (where findings do not support the original suspicion), to internal disciplinary action, to civil recovery proceedings, to a criminal complaint, to a regulatory referral (SFIO, RBI, ED) — and the choice depends on the strength of evidence, the amounts involved, the relationship considerations (particularly in family businesses), and the client's objectives.
What qualifications should the team conducting our forensic audit have?
Look for Chartered Accountants with specific forensic accounting and investigation experience — not general audit experience alone — ideally with exposure to ICAI's FAIS framework, experience working alongside legal counsel on evidentiary matters, and access to digital forensics specialists where the engagement may require them. Ask specifically how many forensic investigations the proposed team has led (as distinct from statutory audits), and whether any of that work has been tested in litigation, arbitration, or a regulatory referral.
Why should we engage PNPC rather than a large forensic-only specialist firm?
Large forensic-only firms bring scale for very large, complex investigations, but they typically have no ongoing relationship with your business before or after the engagement, and their fee structures reflect that scale. PNPC brings four decades of practising CA experience across India and the UAE, a genuine India-UAE cross-border capability from our own offices rather than a correspondent-firm arrangement, and — where you are already or become a PNPC client for statutory audit, tax, or compliance — continuity of context that a one-time specialist engagement cannot replicate. For most mid-market and closely-held business investigations, this combination delivers the evidentiary rigour required without the overhead of a large forensic-only mandate.
What is the difference between a forensic audit and due diligence conducted before an acquisition?
Due diligence is a forward-looking risk and value assessment conducted before a transaction — evaluating the target's financial position, contingent liabilities, and business risk to inform pricing and deal structure, generally without any presumption of wrongdoing. A forensic audit is retrospective and investigative, triggered by an actual suspicion of fraud or misconduct, and aimed at establishing what happened with evidentiary rigour. That said, if due diligence uncovers a red flag — an unexplained related-party transaction, inconsistent financial records, or a pattern suggesting manipulation — it can and often does escalate into a forensic audit before the transaction proceeds.
How does PNPC ensure the forensic audit report withstands challenge from the other side's experts?
By anchoring every finding to independently verifiable evidence rather than internal company records alone, documenting the methodology used for sampling and tracing so it can be explained and defended, distinguishing clearly between what is proven, what is probable, and what remains unresolved, and having the engagement team available to depose or testify on the findings if the matter proceeds to litigation or arbitration. A report that overstates its certainty, or that cannot explain its own methodology under questioning, is the single most common weakness opposing experts exploit.
Can PNPC act as a court-appointed or tribunal-appointed forensic expert?
Yes. Where a court, the National Company Law Tribunal, or an arbitral tribunal requires an independent forensic accounting expert — whether appointed jointly by consent of the parties or directly by the tribunal — PNPC's forensic team can act in that capacity, applying the same evidentiary discipline as in a privately commissioned engagement, but with the added independence obligations that a court-appointed expert role carries.
| Feature | Generic Audit Firm | Large Forensic-Only Specialist | PNPC Global |
|---|---|---|---|
| Forensic-specific expertise | Limited — statutory audit skills applied to a fraud scenario | Deep, but engagement is transactional and one-time | Dedicated forensic capability built on four decades of practising CA experience |
| Evidence discipline (chain of custody, admissibility) | Often informal — not designed for litigation use | Strong, but at premium cost regardless of matter size | Litigation-grade discipline scaled appropriately to the matter's actual size and stakes |
| Cross-border India-UAE capability | Typically none, or via an unconnected correspondent firm | May have global reach but loses India-UAE-specific context | Own offices in Chennai, Bangalore, Hyderabad, and Dubai — one team, both jurisdictions |
| Confidentiality & evidence preservation from Day 1 | Frequently an afterthought, addressed after fieldwork begins | Generally strong, standard practice | Built into the initial scoping consultation before any document changes hands |
| Root cause & control remediation follow-through | Rarely offered as a distinct next step | Often out of scope — investigation-only mandate | Explicit follow-on engagement to redesign the control that allowed the scheme |
| Ongoing relationship post-investigation | None — one-time engagement | None — one-time engagement, high cost to re-engage | Continuity as your statutory audit, tax, and compliance advisor where relevant, with independence safeguards |
| Cost proportionality for mid-market/family businesses | May underinvest in rigour to keep cost low | Cost structure built for very large corporate mandates | Scoped and priced to the actual size and stakes of your matter |
| Direct access to the investigating CA | Varies by firm size | Often layered through case managers and juniors | Direct access to your engagement CA — not a support queue |
What the PNPC package includes
- 01
Confidential initial scoping consultation under signed non-disclosure — before any document changes hands
- 02
Written scope definition and engagement letter tailored to the specific allegation, transactions, and individuals in scope
- 03
Evidence preservation guidance from Day 1 — accounting system backups, access restriction, litigation-hold advice for email and digital records
- 04
Transaction tracing and fund-flow analysis, built as a documented, source-referenced schedule
- 05
Document authentication through independent third-party confirmation — vendor confirmations, GST portal cross-checks, bank confirmations
- 06
Coordination with digital forensics specialists where deleted records, altered logs, or email evidence are implicated
- 07
Structured, evidence-preserving interview protocol where interviews are within scope
- 08
Transaction-level loss and misstatement quantification with confidence-level classification, not a single estimated figure
- 09
Root cause and control-failure analysis distinguishing what happened from why it was possible
- 10
Report structured for its intended downstream use — Board decision, bank fraud classification, arbitration, or regulatory referral
- 11
Post-report support — SFIO/EOW/police referral preparation, insurance claim documentation, and control redesign
- 12
Cross-border India-UAE tracing capability from PNPC's own Chennai, Bangalore, Hyderabad, and Dubai offices
When you suspect something is wrong, the first conversation should be confidential, unhurried, and with a Chartered Accountant who has actually led forensic investigations — not a sales call. Speak directly with a PNPC forensic engagement CA before you alert anyone else, before any document is moved, and before a routine concern becomes an unrecoverable loss.