Audit & Assurance · Tax & Regulatory Audits
Provident Fund, Payroll & Labour Law Audit
Provident Fund defaults, ESI shortfalls, and labour law non-compliance rarely surface on their own — they surface during an EPFO inspection, a labour commissioner visit, or a due diligence exercise before funding or acquisition, by which point interest, damages, and prosecution exposure have already accumulated.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
Provident Fund defaults, ESI shortfalls, and labour law non-compliance rarely surface on their own — they surface during an EPFO inspection, a labour commissioner visit, or a due diligence exercise before funding or acquisition, by which point interest, damages, and prosecution exposure have already accumulated. PNPC's PF, Payroll & Labour Law Audit is a structured, evidence-based review of your payroll processing, statutory deduction and deposit discipline, and labour law compliance posture — conducted by practising Chartered Accountants who have represented manufacturing and services companies before EPFO, ESIC, and state labour authorities since 1986.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
A Provident Fund, Payroll & Labour Law Audit is an independent verification exercise that examines whether an establishment's payroll processing, statutory deductions, and employer contributions comply with India's payroll and labour compliance framework as it currently stands following the four Labour Codes coming into force on 21 November 2025 — the Code on Wages 2019 (which has repealed and consolidated the Payment of Wages Act 1936, the Minimum Wages Act 1948, the Payment of Bonus Act 1965, and the Equal Remuneration Act 1976), the Occupational Safety, Health and Working Conditions Code 2020 (which has repealed and consolidated the Factories Act 1948 and the Contract Labour (Regulation and Abolition) Act 1970, among other statutes), and the Code on Social Security 2020 (which has repealed and consolidated the Employees' State Insurance Act 1948, the Payment of Gratuity Act 1972, the Employees' Compensation Act 1923, and the Maternity Benefit Act 1961, and which now houses the ESI framework, gratuity, and other social security benefits). Provident Fund itself sits in a transitional position: the Employees' Provident Funds and Miscellaneous Provisions (EPF&MP) Act 1952 has not yet been fully repealed — full migration of PF to Chapter III of the Code on Social Security depends on a further notification and a one-year transition window that had not been triggered as of this audit — so PF contribution, Section 7A inquiries, Section 7Q interest, and Section 14B damages continue to operate under the EPF&MP Act 1952 in the interim, even as ESI, gratuity, bonus, wages, and OSH compliance now run under the new Codes. Unlike a routine payroll processing engagement, this audit is diagnostic: it tests whether wages have been correctly classified for PF and ESI/social-security purposes under the now-unified statutory definition of wages, whether contributions have been computed on the correct wage base, whether returns have been filed and challans deposited within statutory timelines, and whether the establishment's contract labour, bonus, and gratuity obligations are being discharged correctly.
The audit typically covers three layers. The first is payroll mechanics — verifying that basic wages, dearness allowance, and other components treated as part of 'wages' are being correctly identified. This has taken on added importance since the Code on Wages' unified wage definition caps excludable allowances (HRA, conveyance, and similar components not treated as wages) at 50% of total remuneration, with any excess added back to 'wages' for PF, gratuity, and other statutory purposes — a codification, for gratuity and bonus purposes, of the same underlying principle the Supreme Court applied to PF specifically in Regional Provident Fund Commissioner (II) West Bengal vs Vivekananda Vidyamandir & Others (2019): that allowances paid universally, necessarily, and ordinarily to all employees cannot be artificially split out to shrink the statutory wage base. The second layer is statutory compliance — PF contribution at the prescribed rate on wages up to the statutory wage ceiling (with voluntary higher contribution where opted), ESI/social-security contribution for employees within the applicable wage ceiling, timely filing of PF ECR (Electronic Challan cum Return) and ESI-equivalent monthly contributions, and correct treatment of International Workers, trainees, and contract labour. The third layer is documentary and procedural — wage and attendance registers now maintained under the Code on Wages and OSH Code framework, appointment letters, and the licensing/registration compliance that now sits under the OSH Code for principal employers engaging contract labour, together with the establishment's readiness to produce these records in an EPFO inspection or labour department visit.
For manufacturing units, the audit additionally examines whether the registers formerly maintained under the Factories Act 1948 — overtime, leave with wages, accident records — and now required under the OSH Code 2020 and its rules are being maintained consistently with the payroll data, since discrepancies between these registers and PF/ESI filings are a common trigger for EPFO enforcement action under Section 7A of the EPF&MP Act. For services companies, particular attention goes to contract staffing arrangements — where the principal employer carries joint and several liability for PF and social-security dues of contract workers deployed on its premises if the contractor defaults, a liability many services companies are unaware they carry until an EPFO notice arrives.
The output of the audit is a structured findings report — a gap-by-gap breakdown of underpaid contributions, misclassified wage components, filing delays, missing registers, and contract labour exposure — together with a quantified estimate of interest and damages under Section 7Q and Section 14B of the EPF&MP Act where PF shortfalls are identified, and a prioritised remediation roadmap. Where the findings indicate historical liability, PNPC advises on voluntary disclosure and negotiated settlement strategy with EPFO/ESIC (both now operating under the Code on Social Security's administrative framework for non-PF matters), which is generally far less costly than a liability discovered through a departmental inspection.
When this audit is the right engagement
Ahead of a due diligence exercise for fundraising, acquisition, or sale — PF and labour law liabilities are a standard diligence checklist item and undisclosed exposure can derail or reprice a transaction
After rapid headcount growth or a shift to contract/gig staffing models, where payroll processes designed for a small team have not scaled with statutory compliance discipline
Following a change in payroll vendor, HR system, or CTC structuring (e.g. restructuring basic wage as a smaller proportion of CTC) that may have altered the PF/ESI wage base without a compliance review
When an EPFO or ESIC notice, summons under Section 7A, or a labour department inspection is anticipated or has already been received, and an independent pre-assessment is needed before responding
As part of an annual internal control review for manufacturing and services companies that engage a meaningful volume of contract labour, where principal-employer liability for contractor defaults is a live risk
When management or the Audit Committee wants independent assurance — beyond what the payroll processing vendor self-certifies — that statutory deposits, returns, and wage classification are actually correct
Before onboarding to a group PF trust exemption or converting from the EPFO-managed scheme to an exempted private PF trust, where historical compliance must be clean before approval
When a different engagement fits better
Routine monthly payroll processing and statutory filing — that is an ongoing payroll compliance service, not a periodic audit; PNPC's Payroll Processing engagement covers this on a recurring basis
A single, narrow question such as 'is PF applicable to this one consultant' — that is better handled as a specific advisory query rather than a full audit engagement
An establishment with fewer than 20 employees and no contract labour, where PF/ESI applicability itself may not yet be triggered — an applicability assessment is the right first step, not a full audit
Pure income-tax TDS-on-salary compliance review with no PF/ESI/labour law scope — that sits within a TDS compliance review, a related but distinct engagement
Immediate crisis response to an active EPFO recovery proceeding or attachment notice — that requires urgent representation and litigation support first; the audit can follow once the immediate matter is stabilised
Purely a Factories Act or shops & establishment licensing renewal — those are registration/licensing engagements rather than an audit of existing payroll compliance
PF, Payroll & Labour Law Audit vs related engagements
| Feature | PF/Payroll/Labour Audit | Statutory Financial Audit | Internal Audit | Routine Payroll Processing | Standalone PF/ESI Registration |
|---|---|---|---|---|---|
| Primary objective | Verify PF/ESI/labour law compliance and quantify exposure | Opinion on true and fair view of financial statements | Evaluate broader risk, controls, and governance | Ongoing salary processing and statutory filing | One-time obtaining of PF/ESI employer code |
| Governing framework | EPF&MP Act 1952 (PF) + Code on Wages, OSH Code, Code on Social Security (wages, gratuity, ESI, OSH) | Companies Act 2013 / Standards on Auditing | Standards on Internal Audit (ICAI) / Section 138 | EPF&MP Act procedural compliance | EPFO/ESIC registration rules |
| Frequency | Periodic — annual, pre-transaction, or triggered by event | Mandatory annually for companies | Annual or as per internal audit plan | Monthly, ongoing | One-time (with periodic amendments) |
| Wage-base and classification testing | Core focus — tests basic/DA/allowance classification | Not tested in depth unless material to financials | Only if payroll is a scoped risk area | Not typically re-tested once configured | Not applicable — pre-registration only |
| Contract labour / principal-employer liability review | Yes — explicit scope item | Generally out of scope | Only if flagged as a risk area | Out of scope | Out of scope |
| Quantifies interest/damages exposure (Sec 7Q/14B) | Yes — a core deliverable | Not typically quantified separately | Depends on scope | No | Not applicable |
| Mandatory under law | Not mandatory — a management/board-driven exercise | Mandatory for all companies | Mandatory above prescribed thresholds (Sec 138) | Not an audit; an operational function | Mandatory once employee thresholds are crossed |
| Typical trigger | Growth, M&A diligence, EPFO notice, governance review | Every financial year-end | Annual internal audit plan cycle | Every payroll cycle | Crossing 20 (PF) / 10 (ESI) employee threshold |
| Deliverable | Findings report + quantified exposure + remediation roadmap | Audit report and opinion | Internal audit report to Audit Committee/Board | Payslips, ECR, monthly statutory challans | PF/ESI employer registration code |
These engagements are complementary, not substitutes. A company under statutory audit still needs a dedicated PF/payroll/labour law audit if headcount, contract labour usage, or wage structuring changes have not been independently tested — statutory financial audit tests materiality to the financial statements, not line-by-line PF/ESI compliance. PNPC scopes each engagement to the specific trigger — routine assurance, transaction diligence, or notice response — after an initial consultation.
| # | Stage & What PNPC Does | CA Advice Portals Never Give | Timeline |
|---|---|---|---|
| 1 | Scoping Consultation — Understand the trigger and define audit boundaries | We ask what a payroll vendor never asks: is this ahead of a funding round or acquisition? Has there been a CTC restructuring in the last 3 years? How much of your workforce is on third-party payroll or contract labour? Is there an active or anticipated EPFO/ESIC notice? These answers determine whether the audit needs to go back 3 years or 6 years, whether contract labour principal-employer exposure needs deep testing, and whether the report needs to be diligence-ready for an investor's legal team. | Day 1–2 |
| 2 | Document & Data Request — Payroll registers, ECR/ESI filings, employment records | We request the full data set upfront, not piecemeal: monthly payroll registers for the audit period, PF ECR challans and ESI contribution challans as filed, employee master with CTC break-up (basic, DA, HRA, special allowance, etc.), contractor/vendor agreements where contract labour is engaged, Form I registration and Certificate of Registration records under the Contract Labour Act, appointment letters, and any prior EPFO/ESIC correspondence or inspection reports. | Day 2–5 |
| 3 | Applicability & Coverage Testing — Verify employee/establishment threshold compliance | We test whether every employee who should be covered under PF (basic + DA below the statutory wage ceiling, or opted for higher voluntary contribution) and ESI (gross wages within the applicable ceiling) is actually enrolled — a common gap is trainees, apprentices, and 'consultants' who are functionally employees but excluded from coverage. We also verify the establishment crossed the 20-employee PF threshold and 10-employee ESI threshold correctly and on the right date. | Week 1–2 |
| 4 | Wage Classification Testing — The Vivekananda Vidyamandir test applied line by line | This is where most exposure hides. We test each salary component against the Supreme Court's test: an allowance that is paid universally, necessarily, and ordinarily to all employees in a category cannot be excluded from the PF wage base merely by labelling it a special allowance. We reconstruct what the PF wage base should have been and compare it to what was actually contributed — the delta is your quantified historical exposure. | Week 2–3 |
| 5 | Contribution Reconciliation — ECR/challan vs payroll register vs bank remittance | Three-way reconciliation: the ECR filed with EPFO, the payroll register showing what was deducted from employees, and the bank statement showing what was actually remitted. Mismatches here — deducted from employee salary but not deposited — carry criminal exposure under Section 316 of the Bharatiya Nyaya Sanhita (BNS) 2023 (criminal breach of trust — the offence formerly codified as Sections 405/406 IPC, which stand repealed for conduct after 1 July 2024) in addition to civil recovery, since employee PF deductions held back are treated as a trust obligation, not just a compliance lapse. | Week 2–3 |
| 6 | Filing Timeliness Review — Due-date discipline across the audit period | PF ECR is due by the 15th of the following month; delayed deposit attracts interest under Section 7Q (currently 12% p.a.) and damages under Section 14B on a graded scale depending on the length of delay, in addition to potential prosecution for repeated defaults. We build a month-by-month timeline of actual filing/deposit dates against due dates for the entire audit period — not a sample. | Week 3 |
| 7 | Contract Labour & Principal-Employer Exposure Review | If your contractors deploy 20+ workmen on your premises, the contract labour licensing requirement — carried forward from the erstwhile Contract Labour (Regulation and Abolition) Act 1970 into the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed that Act — requires them to hold a valid licence, and you as principal employer must hold the corresponding registration. If a contractor defaults on PF/social-security dues for their deployed workers, EPFO can — and does — proceed against the principal employer for recovery. We map every active contractor relationship against this exposure. | Week 3–4 |
| 8 | Bonus, Gratuity & Statutory Register Review | Bonus compliance (minimum 8.33% where applicable, computed correctly on eligible salary under the Code on Wages, which has consolidated and repealed the Payment of Bonus Act 1965) and gratuity provisioning for employees crossing 5 years of service (now governed by the Code on Social Security 2020, which has consolidated and repealed the Payment of Gratuity Act 1972), together with the statutory registers required under the Code on Wages and OSH Code framework and applicable state Shops & Establishments rules — attendance register, wage register, leave register, overtime register — are tested for existence, accuracy, and inspection-readiness. | Week 4 |
| 9 | Labour Code Compliance Review — Code on Wages, OSH Code, Code on Social Security | The four Labour Codes came into force on 21 November 2025, and we test current compliance against them, not a future contingency. The Code on Wages' unified wage definition caps non-cash and excludable allowances at 50% of total remuneration for gratuity and bonus purposes, materially raising the effective wage base for CTC structures that were designed around a low basic-to-gross ratio. We separately confirm the transitional status of PF itself — full migration to Chapter III of the Code on Social Security depends on a further notification that had not been triggered as of this audit, so PF continues to run under the EPF&MP Act 1952 in the interim, while ESI, gratuity, bonus, and OSH obligations already run under the new Codes. | Week 4 |
| 10 | Draft Findings Report & Management Discussion | We do not deliver a report as a surprise. Draft findings — each gap, its statutory basis, the quantified exposure (contribution shortfall + Section 7Q interest + Section 14B damages estimate), and a severity rating — are walked through with management before finalisation, so there is an opportunity to clarify facts, provide missing documents, or correct our understanding before the report is locked. | Week 5 |
| 11 | Final Report & Remediation Roadmap | The final report is structured for its actual use — whether that is a board-level compliance update, a due diligence annexure for an investor's legal counsel, or a working document for voluntary disclosure to EPFO/ESIC. It includes a prioritised remediation roadmap: what must be fixed immediately (active deduction-not-deposited situations), what should be regularised through voluntary compliance (historical wage misclassification), and what is a process fix going forward (payroll system reconfiguration). | Week 5–6 |
| 12 | Voluntary Disclosure & Settlement Support (where exposure exists) | Where the audit identifies historical shortfalls, we advise on whether voluntary disclosure to EPFO — typically resulting in a more favourable damages computation than a department-initiated Section 7A inquiry — is the right path, and represent the establishment through that process. This is materially different from waiting for an inspection, where the department has full discretion on damages assessment and prosecution decisions. | As needed — post-report |
| 13 | Payroll Process Remediation — Fixing the system, not just the number | A report that quantifies exposure without fixing the underlying payroll configuration guarantees a repeat finding next year. PNPC works with your payroll team or vendor to correct wage component classification, ECR filing workflow, and contractor compliance monitoring going forward — often transitioning the client onto PNPC's own payroll processing retainer for ongoing assurance. | Week 6 onward |
Realistic timeline: 5–6 weeks for a full audit covering a 2–3 year period for a mid-sized establishment (100–500 employees), from data request to final report. Timeline extends for multi-location establishments, larger contract labour populations, or where historical records require reconstruction. A narrower pre-transaction diligence scope (12–24 months, headline findings only) can often be completed in 2–3 weeks against a tighter deadline.
Monthly payroll registers for the full audit period — gross pay, all earning and deduction components itemised per employee
Employee master file — date of joining, date of exit (where applicable), designation, CTC structure with basic/DA/HRA/allowance break-up
CTC structuring policy or compensation philosophy document, and any revisions made during the audit period with effective dates
List of employees excluded from PF/ESI coverage with the stated reason (e.g. above wage ceiling with no voluntary option, genuine consultant, international worker under totalisation agreement)
Bank salary disbursement statements corresponding to each payroll cycle in the audit period
PF ECR (Electronic Challan cum Return) copies filed for each month in the audit period, with filing date and remittance date
PF challans/payment receipts evidencing actual deposit, to reconcile against ECR filed and amounts deducted from employees
PF establishment code allotment letter and any subsequent code-related correspondence with EPFO
Details of any voluntary higher PF contribution (VPF) opted by employees, and its treatment in the wage base
Any prior EPFO inspection reports, Section 7A orders, summons, or correspondence received during or before the audit period
Details of International Workers (if any) and their PF coverage status under the applicable Social Security Agreement, if one exists with their home country
ESI monthly contribution filings and challans for the audit period, employer and employee share
ESI establishment code (Code Number) allotment details
List of employees within the ESI wage ceiling and confirmation of their coverage status
Details of any employees who crossed the ESI wage ceiling mid-year and the point at which contribution was correctly discontinued (contribution period rules)
Any ESIC inspection reports or correspondence received during or before the audit period
List of all active contractors/staffing agencies deploying workers on the establishment's premises, with headcount per contractor
Contractor's contract labour licence copies and validity (issued under the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed the erstwhile Contract Labour (Regulation and Abolition) Act 1970)
Principal employer's Certificate of Registration (Form I application) under the Contract Labour Act
Contracts/agreements with staffing vendors, specifically the clauses on statutory compliance responsibility and indemnity
Evidence of periodic verification that contractors have deposited PF/ESI for workers deployed at the establishment (contractor's ECR/challan copies, if obtained)
Bonus computation working papers and the applicable annual return filed for the audit period (bonus compliance now sits under the Code on Wages 2019, which has consolidated and repealed the Payment of Bonus Act 1965)
Gratuity policy, actuarial valuation reports (if applicable), and gratuity trust details (if a separate trust is maintained) — gratuity is now governed by the Code on Social Security 2020, which has consolidated and repealed the Payment of Gratuity Act 1972
Leave records — earned leave, sick leave — and evidence of leave encashment computation where applicable
Employee compensation/insurance policy details, if maintained for categories of employees not covered under the ESI framework (now consolidated, along with the erstwhile Employees' Compensation Act 1923, under the Code on Social Security 2020)
Shops & Establishments Act registration certificate and renewal status for each location
Factories Act registration and licence (for manufacturing units), and related registers — attendance, overtime, leave with wages, accident register
Wage registers, register of fines/deductions (if any), and overtime registers required under the Code on Wages 2019 (which has consolidated and repealed the Payment of Wages Act 1936 and Minimum Wages Act 1948)
State-specific labour welfare fund registration and contribution records, where applicable
Professional Tax registration and deduction records (state-specific, often reviewed alongside payroll compliance)
Board resolution or management authorisation for the audit engagement, and designated point of contact for document requests
Organisation chart identifying HR/payroll function ownership and reporting lines
Any internal payroll SOP or compliance checklist currently in use
Details of the payroll software/vendor used during the audit period and any system migration during that time
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| Pre-Audit Scoping | Decision to commission the audit | Define the audit period, entities/locations in scope, and the specific trigger (routine assurance, M&A diligence, EPFO notice response) so the report is fit for its actual use from the outset. | A generically scoped audit produces a report that satisfies no one — too shallow for diligence, too broad and slow for a notice deadline. |
| Fieldwork & Testing | Document collection begins | Three-way reconciliation of payroll register, ECR/challan filings, and bank remittance; wage-base classification testing against the Vivekananda Vidyamandir standard; contract labour exposure mapping. | Sample-only testing (rather than full-period reconciliation) misses systemic misclassification that compounds every month it continues undetected. |
| Findings & Quantification | Testing complete | Every gap is quantified — contribution shortfall, Section 7Q interest (currently 12% p.a.), and Section 14B damages on the applicable graded scale — not just flagged qualitatively. | Unquantified findings cannot be prioritised or negotiated; management cannot make an informed decision on voluntary disclosure without a number. |
| Report Delivery & Remediation Planning | Fieldwork and findings finalised | A prioritised roadmap distinguishing immediate criminal-exposure items (deducted-but-not-deposited PF) from historical civil exposure (wage misclassification) from forward-only process fixes. | Treating all findings as equal severity either causes panic over low-risk items or, worse, delay on the one item — deducted employee contributions not deposited — that carries the most serious personal liability for directors/officers in default. |
| Voluntary Disclosure (if exposure found) | Historical shortfall identified | Assessment of whether voluntary approach to EPFO/ESIC is advisable, preparation of the disclosure computation, and representation through the settlement process. | Waiting for a department-initiated Section 7A inquiry typically results in a less favourable damages assessment and removes the negotiating position voluntary disclosure provides. |
| Ongoing Monitoring | Remediation implemented | Transition to a periodic (typically annual) re-audit cadence or an ongoing payroll compliance retainer, so wage classification and filing discipline is verified continuously rather than only when a trigger event forces a look-back. | Without a recurring check, CTC restructuring, new hires, or a new payroll vendor can silently reintroduce the same gaps the original audit fixed. |
| Labour Code Compliance | Four Labour Codes in force nationally from 21 November 2025 | CTC and wage-base modelling against the Code on Wages' 50% cap on excludable allowances, so gratuity and bonus cost impact is understood and budgeted now that the Codes are operative — and separate tracking of PF's transitional status, since PF continues under the EPF&MP Act 1952 pending a further notification bringing Chapter III of the Code on Social Security into force for provident fund. | Establishments that have not yet re-modelled CTC against the 50% cap risk an underestimated gratuity and bonus wage base that is already live law, not a future exercise — the compression is happening now, not on some future transition date. |
What exactly does a PF, Payroll & Labour Law Audit cover?
It covers three layers: payroll mechanics (are wage components correctly classified for PF/ESI purposes), statutory compliance (are contributions computed correctly, filed on time, and actually deposited), and documentary/procedural readiness (are the registers and records an inspector would ask for in place and accurate). For manufacturing clients it also tests Factories Act registers; for services clients with contract staffing, it tests principal-employer exposure under the Contract Labour Act.
Is this audit legally mandatory?
No. Unlike statutory financial audit or internal audit under Section 138 of the Companies Act, there is no law that mandates a periodic PF/payroll/labour law audit. It is a management- or board-commissioned exercise, undertaken voluntarily for assurance, ahead of a transaction, or in response to a notice or anticipated inspection.
What is the Vivekananda Vidyamandir judgment and why does it matter so much to this audit?
In Regional Provident Fund Commissioner (II) West Bengal vs Vivekananda Vidyamandir & Others (2019), the Supreme Court held that allowances paid universally, necessarily, and ordinarily to all employees in a category cannot be excluded from the PF wage base merely by labelling them a 'special allowance' or similar — if the allowance is not linked to any variable factor (like actual travel or actual overtime) and is paid to everyone as a matter of course, it forms part of 'basic wages' for PF purposes. Many CTC structures created before this judgment — and some still created today — deliberately split a large portion of gross pay into such allowances to shrink the PF contribution base.
What is the current PF wage ceiling and does it matter if our employees earn well above it?
The statutory PF wage ceiling has stood at ₹15,000 per month (basic + DA) since 2014, though the government has signalled possible revision from time to time — always verify the current notified figure before relying on it for planning. Employees whose basic + DA is at or below this ceiling must be covered under PF; above it, coverage is optional at the point of first employment unless the employee is already an existing PF member from a previous employer, in which case coverage continues regardless of wage level (with contribution either capped at the ceiling wage or on full wages if the employer opts for a higher contribution).
What is the ESI wage ceiling?
Employees with gross monthly wages at or below the statutory ESI wage ceiling are covered; those above it are excluded. This coverage now runs under the Code on Social Security 2020 (in force since 21 November 2025), which has consolidated and repealed the standalone ESI Act 1948, though the ESIC administrative machinery, benefit structure, and wage ceiling mechanism continue substantially unchanged under the Code. The ceiling has been revised periodically by government notification — the applicable figure must be confirmed as of the audit period being tested, since historical periods before the Code's commencement are still tested against the erstwhile ESI Act as it stood at the time. A related rule: once an employee is covered in a contribution period (April–September or October–March) their coverage continues for that full period even if their wages are subsequently revised above the ceiling mid-period.
What is Section 7Q interest and Section 14B damages under the EPF&MP Act?
Section 7Q empowers EPFO to charge interest on any amount due but not paid within the prescribed time — currently at 12% per annum, computed from the date it fell due until actual payment. Section 14B empowers EPFO to levy damages (a penalty, distinct from interest) on delayed payment, computed on a graded scale that increases with the length of the delay. Both can be levied together — interest compensates for the time value of the delayed amount; damages penalise the default itself.
Can deducting an employee's PF contribution and not depositing it lead to criminal liability?
Yes. Amounts deducted from an employee's wages towards their PF contribution are held by the employer in a fiduciary capacity — they are not the employer's money. Failure to deposit deducted employee contributions can attract prosecution under Section 316 of the Bharatiya Nyaya Sanhita (BNS) 2023 — the criminal breach of trust offence that replaced Sections 405/406/409 of the erstwhile Indian Penal Code with effect from 1 July 2024 — in addition to the civil recovery, interest, and damages proceedings under the EPF&MP Act itself. This is treated far more seriously by enforcement authorities than a case where the employer simply failed to compute or remit its own employer-share contribution correctly.
Who is liable if a contractor fails to deposit PF/ESI for workers deployed at our premises?
Under the contract labour licensing framework (now part of the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed the erstwhile Contract Labour (Regulation and Abolition) Act 1970) and the EPF&MP Act, the principal employer can be held liable to ensure PF and social-security compliance for contract workers deployed on its premises if the contractor defaults — EPFO can proceed directly against the principal employer for recovery in such cases. This is a commonly underestimated exposure for services companies that treat contract staffing purely as a commercial vendor relationship without ongoing compliance verification.
How far back does the audit typically look?
It depends on the purpose. For a routine assurance or governance exercise, 2–3 years is common. For pre-transaction due diligence, the buyer's or investor's legal team often specifies the look-back period, sometimes matching the limitation period relevant to potential EPFO recovery action, which in practice can extend well beyond a typical 3-year statutory audit cycle since EPFO recovery proceedings are not always time-barred in the same way as other claims. For a notice-response engagement, the audit period matches the specific period under departmental inquiry.
What happens if the audit finds a significant historical shortfall — what are our options?
Broadly two paths: voluntary disclosure to EPFO/ESIC with a self-computed shortfall, interest, and damages payment, or waiting for the department to identify the gap through its own inspection or a Section 7A inquiry. Voluntary disclosure generally results in a more predictable and often more favourable outcome — EPFO retains discretion on damages assessment under Section 14B, and cooperative, self-reported compliance is typically viewed more favourably than a department-discovered default, though EPFO's ultimate assessment is never guaranteed in advance.
Does this audit cover TDS on salary, or just PF/ESI/labour law?
The core scope is PF, ESI, and labour law compliance — wage classification, contribution accuracy, filing timeliness, contract labour exposure, and statutory registers. TDS on salary under Section 192 of the Income-tax Act is a related but distinct compliance area, generally covered under a separate TDS compliance review, though PNPC can combine both into a single payroll compliance engagement where that is more efficient for the client.
How does the audit treat 'consultants' or 'retainers' who are functionally employees?
This is one of the more sensitive areas of the audit. Where an individual is engaged as a 'consultant' but works exclusively for the establishment, under its direction and control, with fixed hours and no independent business risk, EPFO and ESIC authorities can — and do — reclassify the relationship as employment for PF/ESI purposes, regardless of the label used in the engagement letter. We test the substance of these arrangements against established tests for employer-employee relationship, not just the contractual label.
What are International Workers under the PF framework, and are they covered differently?
An 'International Worker' under the PF scheme is broadly either a foreign national working in India for an establishment covered under the EPF&MP Act, or an Indian employee who has worked or will work in a country with which India has a Social Security Agreement (SSA) and is eligible for benefits there. International Workers are generally covered under PF without the standard wage ceiling exemption — full salary is typically subject to contribution — unless a valid Certificate of Coverage under an applicable SSA exempts them from Indian PF for a defined period.
How do the Labour Codes change PF and gratuity calculations?
The Code on Wages 2019, in force nationally since 21 November 2025, applies a uniform definition of 'wages' that requires excludable components (allowances such as HRA, conveyance, and similar items not treated as wages) to be capped at 50% of an employee's total remuneration. If excluded components exceed that cap, the excess is added back to 'wages' for the purpose of computing gratuity and bonus — meaning many CTC structures with a low basic-to-gross ratio now carry a materially higher gratuity and bonus cost than before the Codes took effect. Provident Fund itself is a partial exception for now: the EPF&MP Act 1952 has not yet been fully repealed, and full migration of PF to Chapter III of the Code on Social Security awaits a further notification and transition period, so PF contribution currently continues to be tested under the EPF&MP Act's existing wage-classification standard (including the Vivekananda Vidyamandir test) rather than the Code's 50% cap.
We use a third-party payroll processing vendor. Doesn't that mean compliance is already their responsibility?
A payroll vendor processes what it is instructed to process, based on the wage structure and inputs the client provides — it does not independently audit whether the CTC structure is legally compliant, whether contract labour exposure exists, or whether historical filings were accurate. Statutory liability for PF, ESI, and labour law compliance rests with the establishment and its officers in default, not the payroll vendor, regardless of the vendor's own service-level commitments.
What documents will PNPC need from us to begin the audit?
At minimum: monthly payroll registers for the audit period, PF ECR and ESI contribution filings with proof of deposit, employee master data with CTC break-up, contractor agreements and licences if contract labour is used, and any prior EPFO/ESIC correspondence. The full document checklist is shared and reviewed at the scoping consultation, tailored to your specific business and the audit's purpose.
How long does the audit take?
A full audit covering 2–3 years for a mid-sized establishment (roughly 100–500 employees) typically takes 5–6 weeks from data receipt to final report. A narrower pre-transaction diligence scope, covering a shorter period with headline findings only, can often be completed in 2–3 weeks against a tighter deadline. Multi-location establishments, larger contract labour populations, or incomplete historical records extend the timeline.
What does this audit cost?
Fees are scoped based on headcount, audit period length, number of locations, and whether contract labour exposure needs to be separately mapped. PNPC provides a written scope and fixed fee quote after the initial scoping consultation — there is no standard published rate because the effort varies significantly between a 50-employee single-location services company and a 500-employee multi-state manufacturing operation with extensive contract staffing.
Can this audit be used as part of investor or acquirer due diligence?
Yes — this is one of the most common triggers for the engagement. Investor and acquirer legal teams routinely include PF/ESI/labour law compliance as a diligence checklist item, and an independently commissioned audit report, prepared ahead of the transaction rather than reactively during diligence, materially strengthens the seller's or target company's negotiating position and reduces the risk of last-minute price adjustment or escrow holdback tied to labour compliance findings.
Does the audit cover bonus and gratuity compliance as well?
Yes, as part of the broader labour law scope. We test bonus computation against the eligibility and minimum percentage requirements now carried under the Code on Wages 2019 (which has consolidated and repealed the erstwhile Payment of Bonus Act 1965), verify the applicable annual return filing, and review gratuity provisioning under the Code on Social Security 2020 (which has consolidated and repealed the erstwhile Payment of Gratuity Act 1972) — including whether an actuarial valuation is being obtained where required and whether the gratuity fund (if maintained through a trust) is being managed correctly.
What is a Section 7A inquiry and how is it different from this audit?
A Section 7A inquiry is a formal, quasi-judicial proceeding initiated by the EPFO Regional Provident Fund Commissioner to determine the amount of PF dues payable by an establishment — it is an adversarial, department-led process with statutory notice, hearing, and appeal rights. PNPC's audit is a voluntary, client-commissioned, non-adversarial review conducted before any such proceeding begins (or, if a Section 7A notice has already been received, to prepare a considered response to it).
Are there penalties beyond interest and damages for PF/ESI non-compliance?
Yes. Beyond Section 7Q interest and Section 14B damages, the EPF&MP Act and the Code on Social Security 2020 (which now houses the ESI framework) both provide for prosecution of the employer and, in the case of a company, every officer in default, for continued or wilful non-compliance — with imprisonment and fine as possible consequences in serious or repeated cases. Directors, particularly those designated as 'occupier' or responsible officer under the applicable statute, carry personal exposure that is not limited by the corporate veil in these specific statutory contexts.
How does PNPC's audit differ from what an EPFO/ESIC department inspector would check?
A department inspection is adversarial by design — its purpose is to identify recoverable dues on behalf of the fund, not to advise the establishment. PNPC's audit applies the same statutory tests an inspector would apply, but from an advisory posture: we identify gaps before the department does, quantify exposure honestly (including items an inspector might miss), and — critically — help design the remediation and disclosure strategy, which a department inspector has no role or incentive to do.
Do you also audit minimum wages compliance as part of this engagement?
Yes. Minimum wage compliance now sits under the Code on Wages 2019 (in force since 21 November 2025, which has consolidated and repealed the erstwhile Minimum Wages Act 1948) and introduces, for the first time, a national floor wage below which no state can set its minimum wage. We verify that wages paid to each employee category meet or exceed the applicable state-notified minimum wage for the relevant scheduled employment and skill category, and that wage revisions notified periodically by the state government have been correctly implemented and are not lagging behind the current notification or the national floor wage.
What is a 'contribution period' under the ESI framework and why does it matter to the audit?
The ESI framework — now administered under the Code on Social Security 2020, which has consolidated and repealed the standalone ESI Act 1948 — defines two fixed contribution periods each year: 1 April to 30 September, and 1 October to 31 March. An employee whose wages are within the ESI ceiling at the start of a contribution period remains covered for that entire period even if a wage revision takes them above the ceiling mid-period; coverage and contribution obligations only change at the start of the next contribution period. Payroll systems that stop ESI deduction the exact month wages cross the ceiling, rather than at the end of the contribution period, are non-compliant.
Can PNPC conduct this audit for our UAE branch or group entity as well as the India entity?
PF, ESI, and the Indian labour law framework tested in this audit apply specifically to establishments operating in India under Indian statute — the UAE has its own distinct labour law, WPS (Wage Protection System), and end-of-service gratuity framework governed by UAE Labour Law and, for Free Zone entities, the relevant Free Zone Authority's employment regulations. PNPC's Dubai office conducts an analogous payroll and labour compliance review under UAE rules, coordinated with the India-side audit for group entities operating in both jurisdictions.
What if we've never had a PF or ESI inspection and assume we're fully compliant?
The absence of a departmental inspection is not evidence of compliance — EPFO and ESIC inspect a relatively small proportion of registered establishments in any given period, and wage misclassification in particular can persist undetected for years precisely because it does not trigger an obvious filing discrepancy; the ECR is filed correctly against whatever wage base is fed into it, it is simply the wrong base.
Does the audit look at gig workers or platform workers differently?
The Code on Social Security 2020, in force since 21 November 2025, introduces a distinct statutory category for gig workers and platform workers, with a framework for social security contributions from aggregators — separate from the traditional employee-employer contribution model. Where a client engages gig or platform-style workers, we assess the arrangement both for potential employee misclassification risk (where a 'gig' arrangement is in substance a disguised employment relationship) and for the aggregator's compliance posture against the Code's gig-worker social security framework.
How does PNPC handle confidentiality during the audit, given it involves sensitive payroll and personal data?
The engagement is governed by a signed engagement letter with explicit confidentiality terms, consistent with the professional and ethical standards Chartered Accountants are bound by under the Chartered Accountants Act 1949 and ICAI's Code of Ethics. Payroll and employee personal data shared with us is used solely for the audit engagement and is not disclosed to any third party without client authorisation, except where legally compelled.
What is the difference between 'damages' under Section 14B and a 'penalty' more generally?
Section 14B damages are a specific, EPF&MP Act-defined civil consequence for delayed payment of dues, computed on a graded scale based on the period of default — they are compensatory-punitive in nature but distinct from criminal penalties. Separately, both the EPF&MP Act and the Code on Social Security 2020 (which now houses the ESI framework) provide for prosecution — fine and/or imprisonment — as a criminal consequence for wilful default, false statements, or obstruction, which is a different legal track entirely and generally reserved for more serious or repeated non-compliance.
Should a company with no current PF/ESI issues still commission this audit periodically?
Many well-governed companies do, on an annual or biennial cycle, precisely because payroll systems, CTC structures, headcount, and contractor relationships change continuously, and each change is a fresh opportunity for a compliance gap to be introduced even where the baseline was clean. Boards and Audit Committees increasingly treat this as good governance practice alongside — not instead of — the statutory internal audit.
Can the audit findings be used to negotiate down the damages EPFO would otherwise assess?
A well-documented, self-conducted audit with a transparent, voluntary disclosure to EPFO puts the establishment in a materially stronger position during any subsequent Section 7A hearing or damages assessment than an establishment with no independent analysis, since it demonstrates good-faith compliance effort and provides a defensible computation basis. That said, the final quantum of damages assessed under Section 14B remains within EPFO's statutory discretion and is not something PNPC or any advisor can guarantee in advance.
What is the role of the 'occupier' under the Factories Act in this audit, and why does it matter for manufacturing clients?
The 'occupier' concept — originally defined under the Factories Act 1948 and now carried forward into the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed that Act — is the person who has ultimate control over the affairs of the factory, typically a designated director for a company, and carries personal statutory responsibility for compliance with the applicable provisions, including registers relevant to this audit (overtime, leave with wages, accident records). For manufacturing clients, we specifically verify the occupier is correctly and currently designated, since an outdated or incorrect occupier designation is itself a compliance gap independent of the payroll findings.
Will PNPC also help fix the payroll system configuration after the audit, or only report the findings?
Both, if the client wants it. The audit itself is a diagnostic report, but PNPC works directly with the client's payroll team or vendor to correct wage component classification, ECR filing workflows, and contractor compliance monitoring processes identified as gaps — and many clients transition onto PNPC's ongoing payroll processing retainer afterward for continuous assurance rather than repeating a full audit each year.
Why choose PNPC for this audit instead of relying solely on our payroll vendor's self-certification?
A payroll vendor's self-certification tests whether the vendor processed what it was told to process correctly — it does not independently test whether the wage structure itself, the contract labour arrangements, or the historical filing discipline comply with the underlying law. PNPC has represented manufacturing and services clients before EPFO, ESIC, and state labour authorities since 1986; our audit is conducted by practising Chartered Accountants who understand both the statutory framework and how enforcement authorities actually apply it in practice.
PNPC's PF, Payroll & Labour Law Audit vs a payroll vendor's self-certification
| Dimension | PNPC Audit | Payroll Vendor Self-Certification |
|---|---|---|
| Independence | Independent Chartered Accountant review, no operational conflict | Vendor certifying its own processing accuracy |
| Wage-base classification testing | Tests every component against statutory and case-law standards | Assumes the wage structure provided at onboarding is correct |
| Contract labour / principal-employer exposure | Explicitly mapped and quantified | Typically out of scope entirely |
| Quantified exposure (interest + damages) | Computed under Section 7Q and Section 14B | Not typically computed |
| Regulatory representation capability | Can represent the establishment before EPFO/ESIC directly | Generally no representation mandate or authority |
| Due diligence readiness | Report structured for investor/acquirer legal review | Not designed for third-party diligence use |
| Remediation support | Works with payroll team/vendor to fix root cause | Limited to its own processing scope |
What the PNPC package includes
- 01
Scoping consultation to define audit period, entities, and specific purpose (assurance, diligence, notice response)
- 02
Full three-way reconciliation — payroll register, ECR/ESI filings, and bank remittance
- 03
Wage classification testing against the Supreme Court's Vivekananda Vidyamandir standard, component by component
- 04
Quantified exposure computation — contribution shortfall, Section 7Q interest, Section 14B damages estimate
- 05
Contract labour and principal-employer liability mapping across all active vendor relationships
- 06
Bonus, gratuity, and statutory register review across the Code on Wages, Code on Social Security, and applicable Shops & Establishments/OSH Code registers
- 07
Draft findings walkthrough with management before the report is finalised
- 08
Prioritised remediation roadmap distinguishing immediate, historical, and process-level fixes
- 09
Voluntary disclosure and EPFO/ESIC representation support where exposure is identified
- 10
Optional transition onto PNPC's ongoing payroll processing retainer for continuous compliance assurance
Talk to a PNPC Chartered Accountant before EPFO does — a self-commissioned audit today is a negotiating position; a department-discovered gap tomorrow is a liability.