HomeServicesAudit & AssuranceProvident Fund, Payroll & Labour Law Audit

Audit & Assurance · Tax & Regulatory Audits

Provident Fund, Payroll & Labour Law Audit

Provident Fund defaults, ESI shortfalls, and labour law non-compliance rarely surface on their own — they surface during an EPFO inspection, a labour commissioner visit, or a due diligence exercise before funding or acquisition, by which point interest, damages, and prosecution exposure have already accumulated.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Provident Fund defaults, ESI shortfalls, and labour law non-compliance rarely surface on their own — they surface during an EPFO inspection, a labour commissioner visit, or a due diligence exercise before funding or acquisition, by which point interest, damages, and prosecution exposure have already accumulated. PNPC's PF, Payroll & Labour Law Audit is a structured, evidence-based review of your payroll processing, statutory deduction and deposit discipline, and labour law compliance posture — conducted by practising Chartered Accountants who have represented manufacturing and services companies before EPFO, ESIC, and state labour authorities since 1986.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Provident Fund, Payroll & Labour Law Audit is

A Provident Fund, Payroll & Labour Law Audit is an independent verification exercise that examines whether an establishment's payroll processing, statutory deductions, and employer contributions comply with India's payroll and labour compliance framework as it currently stands following the four Labour Codes coming into force on 21 November 2025 — the Code on Wages 2019 (which has repealed and consolidated the Payment of Wages Act 1936, the Minimum Wages Act 1948, the Payment of Bonus Act 1965, and the Equal Remuneration Act 1976), the Occupational Safety, Health and Working Conditions Code 2020 (which has repealed and consolidated the Factories Act 1948 and the Contract Labour (Regulation and Abolition) Act 1970, among other statutes), and the Code on Social Security 2020 (which has repealed and consolidated the Employees' State Insurance Act 1948, the Payment of Gratuity Act 1972, the Employees' Compensation Act 1923, and the Maternity Benefit Act 1961, and which now houses the ESI framework, gratuity, and other social security benefits). Provident Fund itself sits in a transitional position: the Employees' Provident Funds and Miscellaneous Provisions (EPF&MP) Act 1952 has not yet been fully repealed — full migration of PF to Chapter III of the Code on Social Security depends on a further notification and a one-year transition window that had not been triggered as of this audit — so PF contribution, Section 7A inquiries, Section 7Q interest, and Section 14B damages continue to operate under the EPF&MP Act 1952 in the interim, even as ESI, gratuity, bonus, wages, and OSH compliance now run under the new Codes. Unlike a routine payroll processing engagement, this audit is diagnostic: it tests whether wages have been correctly classified for PF and ESI/social-security purposes under the now-unified statutory definition of wages, whether contributions have been computed on the correct wage base, whether returns have been filed and challans deposited within statutory timelines, and whether the establishment's contract labour, bonus, and gratuity obligations are being discharged correctly.

The audit typically covers three layers. The first is payroll mechanics — verifying that basic wages, dearness allowance, and other components treated as part of 'wages' are being correctly identified. This has taken on added importance since the Code on Wages' unified wage definition caps excludable allowances (HRA, conveyance, and similar components not treated as wages) at 50% of total remuneration, with any excess added back to 'wages' for PF, gratuity, and other statutory purposes — a codification, for gratuity and bonus purposes, of the same underlying principle the Supreme Court applied to PF specifically in Regional Provident Fund Commissioner (II) West Bengal vs Vivekananda Vidyamandir & Others (2019): that allowances paid universally, necessarily, and ordinarily to all employees cannot be artificially split out to shrink the statutory wage base. The second layer is statutory compliance — PF contribution at the prescribed rate on wages up to the statutory wage ceiling (with voluntary higher contribution where opted), ESI/social-security contribution for employees within the applicable wage ceiling, timely filing of PF ECR (Electronic Challan cum Return) and ESI-equivalent monthly contributions, and correct treatment of International Workers, trainees, and contract labour. The third layer is documentary and procedural — wage and attendance registers now maintained under the Code on Wages and OSH Code framework, appointment letters, and the licensing/registration compliance that now sits under the OSH Code for principal employers engaging contract labour, together with the establishment's readiness to produce these records in an EPFO inspection or labour department visit.

For manufacturing units, the audit additionally examines whether the registers formerly maintained under the Factories Act 1948 — overtime, leave with wages, accident records — and now required under the OSH Code 2020 and its rules are being maintained consistently with the payroll data, since discrepancies between these registers and PF/ESI filings are a common trigger for EPFO enforcement action under Section 7A of the EPF&MP Act. For services companies, particular attention goes to contract staffing arrangements — where the principal employer carries joint and several liability for PF and social-security dues of contract workers deployed on its premises if the contractor defaults, a liability many services companies are unaware they carry until an EPFO notice arrives.

The output of the audit is a structured findings report — a gap-by-gap breakdown of underpaid contributions, misclassified wage components, filing delays, missing registers, and contract labour exposure — together with a quantified estimate of interest and damages under Section 7Q and Section 14B of the EPF&MP Act where PF shortfalls are identified, and a prioritised remediation roadmap. Where the findings indicate historical liability, PNPC advises on voluntary disclosure and negotiated settlement strategy with EPFO/ESIC (both now operating under the Code on Social Security's administrative framework for non-PF matters), which is generally far less costly than a liability discovered through a departmental inspection.

When this audit is the right engagement

Ahead of a due diligence exercise for fundraising, acquisition, or sale — PF and labour law liabilities are a standard diligence checklist item and undisclosed exposure can derail or reprice a transaction

After rapid headcount growth or a shift to contract/gig staffing models, where payroll processes designed for a small team have not scaled with statutory compliance discipline

Following a change in payroll vendor, HR system, or CTC structuring (e.g. restructuring basic wage as a smaller proportion of CTC) that may have altered the PF/ESI wage base without a compliance review

When an EPFO or ESIC notice, summons under Section 7A, or a labour department inspection is anticipated or has already been received, and an independent pre-assessment is needed before responding

As part of an annual internal control review for manufacturing and services companies that engage a meaningful volume of contract labour, where principal-employer liability for contractor defaults is a live risk

When management or the Audit Committee wants independent assurance — beyond what the payroll processing vendor self-certifies — that statutory deposits, returns, and wage classification are actually correct

Before onboarding to a group PF trust exemption or converting from the EPFO-managed scheme to an exempted private PF trust, where historical compliance must be clean before approval

When a different engagement fits better

Routine monthly payroll processing and statutory filing — that is an ongoing payroll compliance service, not a periodic audit; PNPC's Payroll Processing engagement covers this on a recurring basis

A single, narrow question such as 'is PF applicable to this one consultant' — that is better handled as a specific advisory query rather than a full audit engagement

An establishment with fewer than 20 employees and no contract labour, where PF/ESI applicability itself may not yet be triggered — an applicability assessment is the right first step, not a full audit

Pure income-tax TDS-on-salary compliance review with no PF/ESI/labour law scope — that sits within a TDS compliance review, a related but distinct engagement

Immediate crisis response to an active EPFO recovery proceeding or attachment notice — that requires urgent representation and litigation support first; the audit can follow once the immediate matter is stabilised

Purely a Factories Act or shops & establishment licensing renewal — those are registration/licensing engagements rather than an audit of existing payroll compliance

Structure Comparison

PF, Payroll & Labour Law Audit vs related engagements

FeaturePF/Payroll/Labour AuditStatutory Financial AuditInternal AuditRoutine Payroll ProcessingStandalone PF/ESI Registration
Primary objectiveVerify PF/ESI/labour law compliance and quantify exposureOpinion on true and fair view of financial statementsEvaluate broader risk, controls, and governanceOngoing salary processing and statutory filingOne-time obtaining of PF/ESI employer code
Governing frameworkEPF&MP Act 1952 (PF) + Code on Wages, OSH Code, Code on Social Security (wages, gratuity, ESI, OSH)Companies Act 2013 / Standards on AuditingStandards on Internal Audit (ICAI) / Section 138EPF&MP Act procedural complianceEPFO/ESIC registration rules
FrequencyPeriodic — annual, pre-transaction, or triggered by eventMandatory annually for companiesAnnual or as per internal audit planMonthly, ongoingOne-time (with periodic amendments)
Wage-base and classification testingCore focus — tests basic/DA/allowance classificationNot tested in depth unless material to financialsOnly if payroll is a scoped risk areaNot typically re-tested once configuredNot applicable — pre-registration only
Contract labour / principal-employer liability reviewYes — explicit scope itemGenerally out of scopeOnly if flagged as a risk areaOut of scopeOut of scope
Quantifies interest/damages exposure (Sec 7Q/14B)Yes — a core deliverableNot typically quantified separatelyDepends on scopeNoNot applicable
Mandatory under lawNot mandatory — a management/board-driven exerciseMandatory for all companiesMandatory above prescribed thresholds (Sec 138)Not an audit; an operational functionMandatory once employee thresholds are crossed
Typical triggerGrowth, M&A diligence, EPFO notice, governance reviewEvery financial year-endAnnual internal audit plan cycleEvery payroll cycleCrossing 20 (PF) / 10 (ESI) employee threshold
DeliverableFindings report + quantified exposure + remediation roadmapAudit report and opinionInternal audit report to Audit Committee/BoardPayslips, ECR, monthly statutory challansPF/ESI employer registration code

These engagements are complementary, not substitutes. A company under statutory audit still needs a dedicated PF/payroll/labour law audit if headcount, contract labour usage, or wage structuring changes have not been independently tested — statutory financial audit tests materiality to the financial statements, not line-by-line PF/ESI compliance. PNPC scopes each engagement to the specific trigger — routine assurance, transaction diligence, or notice response — after an initial consultation.

How it works
#Stage & What PNPC DoesCA Advice Portals Never GiveTimeline
1Scoping Consultation — Understand the trigger and define audit boundariesWe ask what a payroll vendor never asks: is this ahead of a funding round or acquisition? Has there been a CTC restructuring in the last 3 years? How much of your workforce is on third-party payroll or contract labour? Is there an active or anticipated EPFO/ESIC notice? These answers determine whether the audit needs to go back 3 years or 6 years, whether contract labour principal-employer exposure needs deep testing, and whether the report needs to be diligence-ready for an investor's legal team.Day 1–2
2Document & Data Request — Payroll registers, ECR/ESI filings, employment recordsWe request the full data set upfront, not piecemeal: monthly payroll registers for the audit period, PF ECR challans and ESI contribution challans as filed, employee master with CTC break-up (basic, DA, HRA, special allowance, etc.), contractor/vendor agreements where contract labour is engaged, Form I registration and Certificate of Registration records under the Contract Labour Act, appointment letters, and any prior EPFO/ESIC correspondence or inspection reports.Day 2–5
3Applicability & Coverage Testing — Verify employee/establishment threshold complianceWe test whether every employee who should be covered under PF (basic + DA below the statutory wage ceiling, or opted for higher voluntary contribution) and ESI (gross wages within the applicable ceiling) is actually enrolled — a common gap is trainees, apprentices, and 'consultants' who are functionally employees but excluded from coverage. We also verify the establishment crossed the 20-employee PF threshold and 10-employee ESI threshold correctly and on the right date.Week 1–2
4Wage Classification Testing — The Vivekananda Vidyamandir test applied line by lineThis is where most exposure hides. We test each salary component against the Supreme Court's test: an allowance that is paid universally, necessarily, and ordinarily to all employees in a category cannot be excluded from the PF wage base merely by labelling it a special allowance. We reconstruct what the PF wage base should have been and compare it to what was actually contributed — the delta is your quantified historical exposure.Week 2–3
5Contribution Reconciliation — ECR/challan vs payroll register vs bank remittanceThree-way reconciliation: the ECR filed with EPFO, the payroll register showing what was deducted from employees, and the bank statement showing what was actually remitted. Mismatches here — deducted from employee salary but not deposited — carry criminal exposure under Section 316 of the Bharatiya Nyaya Sanhita (BNS) 2023 (criminal breach of trust — the offence formerly codified as Sections 405/406 IPC, which stand repealed for conduct after 1 July 2024) in addition to civil recovery, since employee PF deductions held back are treated as a trust obligation, not just a compliance lapse.Week 2–3
6Filing Timeliness Review — Due-date discipline across the audit periodPF ECR is due by the 15th of the following month; delayed deposit attracts interest under Section 7Q (currently 12% p.a.) and damages under Section 14B on a graded scale depending on the length of delay, in addition to potential prosecution for repeated defaults. We build a month-by-month timeline of actual filing/deposit dates against due dates for the entire audit period — not a sample.Week 3
7Contract Labour & Principal-Employer Exposure ReviewIf your contractors deploy 20+ workmen on your premises, the contract labour licensing requirement — carried forward from the erstwhile Contract Labour (Regulation and Abolition) Act 1970 into the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed that Act — requires them to hold a valid licence, and you as principal employer must hold the corresponding registration. If a contractor defaults on PF/social-security dues for their deployed workers, EPFO can — and does — proceed against the principal employer for recovery. We map every active contractor relationship against this exposure.Week 3–4
8Bonus, Gratuity & Statutory Register ReviewBonus compliance (minimum 8.33% where applicable, computed correctly on eligible salary under the Code on Wages, which has consolidated and repealed the Payment of Bonus Act 1965) and gratuity provisioning for employees crossing 5 years of service (now governed by the Code on Social Security 2020, which has consolidated and repealed the Payment of Gratuity Act 1972), together with the statutory registers required under the Code on Wages and OSH Code framework and applicable state Shops & Establishments rules — attendance register, wage register, leave register, overtime register — are tested for existence, accuracy, and inspection-readiness.Week 4
9Labour Code Compliance Review — Code on Wages, OSH Code, Code on Social SecurityThe four Labour Codes came into force on 21 November 2025, and we test current compliance against them, not a future contingency. The Code on Wages' unified wage definition caps non-cash and excludable allowances at 50% of total remuneration for gratuity and bonus purposes, materially raising the effective wage base for CTC structures that were designed around a low basic-to-gross ratio. We separately confirm the transitional status of PF itself — full migration to Chapter III of the Code on Social Security depends on a further notification that had not been triggered as of this audit, so PF continues to run under the EPF&MP Act 1952 in the interim, while ESI, gratuity, bonus, and OSH obligations already run under the new Codes.Week 4
10Draft Findings Report & Management DiscussionWe do not deliver a report as a surprise. Draft findings — each gap, its statutory basis, the quantified exposure (contribution shortfall + Section 7Q interest + Section 14B damages estimate), and a severity rating — are walked through with management before finalisation, so there is an opportunity to clarify facts, provide missing documents, or correct our understanding before the report is locked.Week 5
11Final Report & Remediation RoadmapThe final report is structured for its actual use — whether that is a board-level compliance update, a due diligence annexure for an investor's legal counsel, or a working document for voluntary disclosure to EPFO/ESIC. It includes a prioritised remediation roadmap: what must be fixed immediately (active deduction-not-deposited situations), what should be regularised through voluntary compliance (historical wage misclassification), and what is a process fix going forward (payroll system reconfiguration).Week 5–6
12Voluntary Disclosure & Settlement Support (where exposure exists)Where the audit identifies historical shortfalls, we advise on whether voluntary disclosure to EPFO — typically resulting in a more favourable damages computation than a department-initiated Section 7A inquiry — is the right path, and represent the establishment through that process. This is materially different from waiting for an inspection, where the department has full discretion on damages assessment and prosecution decisions.As needed — post-report
13Payroll Process Remediation — Fixing the system, not just the numberA report that quantifies exposure without fixing the underlying payroll configuration guarantees a repeat finding next year. PNPC works with your payroll team or vendor to correct wage component classification, ECR filing workflow, and contractor compliance monitoring going forward — often transitioning the client onto PNPC's own payroll processing retainer for ongoing assurance.Week 6 onward

Realistic timeline: 5–6 weeks for a full audit covering a 2–3 year period for a mid-sized establishment (100–500 employees), from data request to final report. Timeline extends for multi-location establishments, larger contract labour populations, or where historical records require reconstruction. A narrower pre-transaction diligence scope (12–24 months, headline findings only) can often be completed in 2–3 weeks against a tighter deadline.

Document Checklist
Payroll & Employee Master Data

Monthly payroll registers for the full audit period — gross pay, all earning and deduction components itemised per employee

Employee master file — date of joining, date of exit (where applicable), designation, CTC structure with basic/DA/HRA/allowance break-up

CTC structuring policy or compensation philosophy document, and any revisions made during the audit period with effective dates

List of employees excluded from PF/ESI coverage with the stated reason (e.g. above wage ceiling with no voluntary option, genuine consultant, international worker under totalisation agreement)

Bank salary disbursement statements corresponding to each payroll cycle in the audit period

PF Compliance Records

PF ECR (Electronic Challan cum Return) copies filed for each month in the audit period, with filing date and remittance date

PF challans/payment receipts evidencing actual deposit, to reconcile against ECR filed and amounts deducted from employees

PF establishment code allotment letter and any subsequent code-related correspondence with EPFO

Details of any voluntary higher PF contribution (VPF) opted by employees, and its treatment in the wage base

Any prior EPFO inspection reports, Section 7A orders, summons, or correspondence received during or before the audit period

Details of International Workers (if any) and their PF coverage status under the applicable Social Security Agreement, if one exists with their home country

ESI Compliance Records

ESI monthly contribution filings and challans for the audit period, employer and employee share

ESI establishment code (Code Number) allotment details

List of employees within the ESI wage ceiling and confirmation of their coverage status

Details of any employees who crossed the ESI wage ceiling mid-year and the point at which contribution was correctly discontinued (contribution period rules)

Any ESIC inspection reports or correspondence received during or before the audit period

Contract Labour & Third-Party Staffing

List of all active contractors/staffing agencies deploying workers on the establishment's premises, with headcount per contractor

Contractor's contract labour licence copies and validity (issued under the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed the erstwhile Contract Labour (Regulation and Abolition) Act 1970)

Principal employer's Certificate of Registration (Form I application) under the Contract Labour Act

Contracts/agreements with staffing vendors, specifically the clauses on statutory compliance responsibility and indemnity

Evidence of periodic verification that contractors have deposited PF/ESI for workers deployed at the establishment (contractor's ECR/challan copies, if obtained)

Bonus, Gratuity & Other Statutory Benefits

Bonus computation working papers and the applicable annual return filed for the audit period (bonus compliance now sits under the Code on Wages 2019, which has consolidated and repealed the Payment of Bonus Act 1965)

Gratuity policy, actuarial valuation reports (if applicable), and gratuity trust details (if a separate trust is maintained) — gratuity is now governed by the Code on Social Security 2020, which has consolidated and repealed the Payment of Gratuity Act 1972

Leave records — earned leave, sick leave — and evidence of leave encashment computation where applicable

Employee compensation/insurance policy details, if maintained for categories of employees not covered under the ESI framework (now consolidated, along with the erstwhile Employees' Compensation Act 1923, under the Code on Social Security 2020)

Statutory Registers & Licensing

Shops & Establishments Act registration certificate and renewal status for each location

Factories Act registration and licence (for manufacturing units), and related registers — attendance, overtime, leave with wages, accident register

Wage registers, register of fines/deductions (if any), and overtime registers required under the Code on Wages 2019 (which has consolidated and repealed the Payment of Wages Act 1936 and Minimum Wages Act 1948)

State-specific labour welfare fund registration and contribution records, where applicable

Professional Tax registration and deduction records (state-specific, often reviewed alongside payroll compliance)

Corporate & Governance Documents

Board resolution or management authorisation for the audit engagement, and designated point of contact for document requests

Organisation chart identifying HR/payroll function ownership and reporting lines

Any internal payroll SOP or compliance checklist currently in use

Details of the payroll software/vendor used during the audit period and any system migration during that time

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
Pre-Audit ScopingDecision to commission the auditDefine the audit period, entities/locations in scope, and the specific trigger (routine assurance, M&A diligence, EPFO notice response) so the report is fit for its actual use from the outset.A generically scoped audit produces a report that satisfies no one — too shallow for diligence, too broad and slow for a notice deadline.
Fieldwork & TestingDocument collection beginsThree-way reconciliation of payroll register, ECR/challan filings, and bank remittance; wage-base classification testing against the Vivekananda Vidyamandir standard; contract labour exposure mapping.Sample-only testing (rather than full-period reconciliation) misses systemic misclassification that compounds every month it continues undetected.
Findings & QuantificationTesting completeEvery gap is quantified — contribution shortfall, Section 7Q interest (currently 12% p.a.), and Section 14B damages on the applicable graded scale — not just flagged qualitatively.Unquantified findings cannot be prioritised or negotiated; management cannot make an informed decision on voluntary disclosure without a number.
Report Delivery & Remediation PlanningFieldwork and findings finalisedA prioritised roadmap distinguishing immediate criminal-exposure items (deducted-but-not-deposited PF) from historical civil exposure (wage misclassification) from forward-only process fixes.Treating all findings as equal severity either causes panic over low-risk items or, worse, delay on the one item — deducted employee contributions not deposited — that carries the most serious personal liability for directors/officers in default.
Voluntary Disclosure (if exposure found)Historical shortfall identifiedAssessment of whether voluntary approach to EPFO/ESIC is advisable, preparation of the disclosure computation, and representation through the settlement process.Waiting for a department-initiated Section 7A inquiry typically results in a less favourable damages assessment and removes the negotiating position voluntary disclosure provides.
Ongoing MonitoringRemediation implementedTransition to a periodic (typically annual) re-audit cadence or an ongoing payroll compliance retainer, so wage classification and filing discipline is verified continuously rather than only when a trigger event forces a look-back.Without a recurring check, CTC restructuring, new hires, or a new payroll vendor can silently reintroduce the same gaps the original audit fixed.
Labour Code ComplianceFour Labour Codes in force nationally from 21 November 2025CTC and wage-base modelling against the Code on Wages' 50% cap on excludable allowances, so gratuity and bonus cost impact is understood and budgeted now that the Codes are operative — and separate tracking of PF's transitional status, since PF continues under the EPF&MP Act 1952 pending a further notification bringing Chapter III of the Code on Social Security into force for provident fund.Establishments that have not yet re-modelled CTC against the 50% cap risk an underestimated gratuity and bonus wage base that is already live law, not a future exercise — the compression is happening now, not on some future transition date.
Frequently asked
What exactly does a PF, Payroll & Labour Law Audit cover?

It covers three layers: payroll mechanics (are wage components correctly classified for PF/ESI purposes), statutory compliance (are contributions computed correctly, filed on time, and actually deposited), and documentary/procedural readiness (are the registers and records an inspector would ask for in place and accurate). For manufacturing clients it also tests Factories Act registers; for services clients with contract staffing, it tests principal-employer exposure under the Contract Labour Act.

Practitioner noteThe single biggest source of unquantified exposure we find is wage-base misclassification — allowances split out of 'basic' to reduce the PF contribution base in a way the Supreme Court has already ruled impermissible. It rarely shows up unless someone specifically tests for it.
Is this audit legally mandatory?

No. Unlike statutory financial audit or internal audit under Section 138 of the Companies Act, there is no law that mandates a periodic PF/payroll/labour law audit. It is a management- or board-commissioned exercise, undertaken voluntarily for assurance, ahead of a transaction, or in response to a notice or anticipated inspection.

Practitioner note'Not mandatory' does not mean low stakes. The underlying statutory obligations — PF deposit, ESI contribution, correct wage classification — are absolutely mandatory and carry both civil and, in deduction-not-deposited cases, criminal exposure. The audit is voluntary; the compliance it verifies is not.
What is the Vivekananda Vidyamandir judgment and why does it matter so much to this audit?

In Regional Provident Fund Commissioner (II) West Bengal vs Vivekananda Vidyamandir & Others (2019), the Supreme Court held that allowances paid universally, necessarily, and ordinarily to all employees in a category cannot be excluded from the PF wage base merely by labelling them a 'special allowance' or similar — if the allowance is not linked to any variable factor (like actual travel or actual overtime) and is paid to everyone as a matter of course, it forms part of 'basic wages' for PF purposes. Many CTC structures created before this judgment — and some still created today — deliberately split a large portion of gross pay into such allowances to shrink the PF contribution base.

Practitioner noteThis is the test we apply line-by-line to every wage component during the audit. It is also the single largest quantified finding in the majority of PF audits we conduct — the exposure compounds every month the structure remains unchanged.
What is the current PF wage ceiling and does it matter if our employees earn well above it?

The statutory PF wage ceiling has stood at ₹15,000 per month (basic + DA) since 2014, though the government has signalled possible revision from time to time — always verify the current notified figure before relying on it for planning. Employees whose basic + DA is at or below this ceiling must be covered under PF; above it, coverage is optional at the point of first employment unless the employee is already an existing PF member from a previous employer, in which case coverage continues regardless of wage level (with contribution either capped at the ceiling wage or on full wages if the employer opts for a higher contribution).

Practitioner noteA frequent audit finding: an employee who was a PF member at a previous employer is hired above the ceiling and simply not enrolled, on the assumption the ceiling exempts them. It does not — prior membership carries forward the obligation. We check employee PF history, not just current salary, during the audit.
What is the ESI wage ceiling?

Employees with gross monthly wages at or below the statutory ESI wage ceiling are covered; those above it are excluded. This coverage now runs under the Code on Social Security 2020 (in force since 21 November 2025), which has consolidated and repealed the standalone ESI Act 1948, though the ESIC administrative machinery, benefit structure, and wage ceiling mechanism continue substantially unchanged under the Code. The ceiling has been revised periodically by government notification — the applicable figure must be confirmed as of the audit period being tested, since historical periods before the Code's commencement are still tested against the erstwhile ESI Act as it stood at the time. A related rule: once an employee is covered in a contribution period (April–September or October–March) their coverage continues for that full period even if their wages are subsequently revised above the ceiling mid-period.

Practitioner noteThe mid-period continuity rule is commonly missed in payroll systems that auto-stop ESI deduction the month wages cross the ceiling instead of waiting for the contribution period to end. We test this specifically.
What is Section 7Q interest and Section 14B damages under the EPF&MP Act?

Section 7Q empowers EPFO to charge interest on any amount due but not paid within the prescribed time — currently at 12% per annum, computed from the date it fell due until actual payment. Section 14B empowers EPFO to levy damages (a penalty, distinct from interest) on delayed payment, computed on a graded scale that increases with the length of the delay. Both can be levied together — interest compensates for the time value of the delayed amount; damages penalise the default itself.

Practitioner noteWe quantify both separately in our findings report because they are assessed and can be contested separately in proceedings before the EPFO authority — treating them as a single lump figure weakens your position if you later seek a reduction in damages through representation.
Can deducting an employee's PF contribution and not depositing it lead to criminal liability?

Yes. Amounts deducted from an employee's wages towards their PF contribution are held by the employer in a fiduciary capacity — they are not the employer's money. Failure to deposit deducted employee contributions can attract prosecution under Section 316 of the Bharatiya Nyaya Sanhita (BNS) 2023 — the criminal breach of trust offence that replaced Sections 405/406/409 of the erstwhile Indian Penal Code with effect from 1 July 2024 — in addition to the civil recovery, interest, and damages proceedings under the EPF&MP Act itself. This is treated far more seriously by enforcement authorities than a case where the employer simply failed to compute or remit its own employer-share contribution correctly.

Practitioner noteIn every audit, we flag deducted-but-not-deposited situations as the single highest-priority finding, ahead of wage misclassification or filing delays — because the personal liability exposure for directors and officers in default is materially different in kind, not just degree.
Who is liable if a contractor fails to deposit PF/ESI for workers deployed at our premises?

Under the contract labour licensing framework (now part of the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed the erstwhile Contract Labour (Regulation and Abolition) Act 1970) and the EPF&MP Act, the principal employer can be held liable to ensure PF and social-security compliance for contract workers deployed on its premises if the contractor defaults — EPFO can proceed directly against the principal employer for recovery in such cases. This is a commonly underestimated exposure for services companies that treat contract staffing purely as a commercial vendor relationship without ongoing compliance verification.

Practitioner noteWe recommend clients obtain the contractor's ECR/challan copies periodically — not just at the start of the engagement — as an ongoing verification discipline, not a one-time onboarding check.
How far back does the audit typically look?

It depends on the purpose. For a routine assurance or governance exercise, 2–3 years is common. For pre-transaction due diligence, the buyer's or investor's legal team often specifies the look-back period, sometimes matching the limitation period relevant to potential EPFO recovery action, which in practice can extend well beyond a typical 3-year statutory audit cycle since EPFO recovery proceedings are not always time-barred in the same way as other claims. For a notice-response engagement, the audit period matches the specific period under departmental inquiry.

Practitioner noteWe recommend clients not artificially truncate the look-back period to make the exercise faster or the finding smaller — an undiscovered gap outside the tested window does not disappear; it simply surfaces later, usually at a worse time.
What happens if the audit finds a significant historical shortfall — what are our options?

Broadly two paths: voluntary disclosure to EPFO/ESIC with a self-computed shortfall, interest, and damages payment, or waiting for the department to identify the gap through its own inspection or a Section 7A inquiry. Voluntary disclosure generally results in a more predictable and often more favourable outcome — EPFO retains discretion on damages assessment under Section 14B, and cooperative, self-reported compliance is typically viewed more favourably than a department-discovered default, though EPFO's ultimate assessment is never guaranteed in advance.

Practitioner noteWe walk clients through both paths with the quantified numbers for each scenario before they decide. This is a judgment call involving legal exposure, cash flow timing, and reputational considerations — not a purely mechanical calculation.
Does this audit cover TDS on salary, or just PF/ESI/labour law?

The core scope is PF, ESI, and labour law compliance — wage classification, contribution accuracy, filing timeliness, contract labour exposure, and statutory registers. TDS on salary under Section 192 of the Income-tax Act is a related but distinct compliance area, generally covered under a separate TDS compliance review, though PNPC can combine both into a single payroll compliance engagement where that is more efficient for the client.

Practitioner noteWe often find it makes sense to combine the two reviews when the underlying data — the payroll register — is identical. Ask us to scope a combined engagement if TDS-on-salary assurance is also a concern.
How does the audit treat 'consultants' or 'retainers' who are functionally employees?

This is one of the more sensitive areas of the audit. Where an individual is engaged as a 'consultant' but works exclusively for the establishment, under its direction and control, with fixed hours and no independent business risk, EPFO and ESIC authorities can — and do — reclassify the relationship as employment for PF/ESI purposes, regardless of the label used in the engagement letter. We test the substance of these arrangements against established tests for employer-employee relationship, not just the contractual label.

Practitioner noteGenuine independent consultants with multiple clients and real business risk are not affected. The exposure is specifically for arrangements that look like disguised employment — a pattern we see often in services and technology companies scaling quickly with a mix of full-time and 'consultant' talent.
What are International Workers under the PF framework, and are they covered differently?

An 'International Worker' under the PF scheme is broadly either a foreign national working in India for an establishment covered under the EPF&MP Act, or an Indian employee who has worked or will work in a country with which India has a Social Security Agreement (SSA) and is eligible for benefits there. International Workers are generally covered under PF without the standard wage ceiling exemption — full salary is typically subject to contribution — unless a valid Certificate of Coverage under an applicable SSA exempts them from Indian PF for a defined period.

Practitioner noteFor our clients with UAE operations and cross-border staff movement, we specifically verify Certificate of Coverage documentation — a common gap is treating a seconded employee as exempt from Indian PF without the actual certificate on file to support that position.
How do the Labour Codes change PF and gratuity calculations?

The Code on Wages 2019, in force nationally since 21 November 2025, applies a uniform definition of 'wages' that requires excludable components (allowances such as HRA, conveyance, and similar items not treated as wages) to be capped at 50% of an employee's total remuneration. If excluded components exceed that cap, the excess is added back to 'wages' for the purpose of computing gratuity and bonus — meaning many CTC structures with a low basic-to-gross ratio now carry a materially higher gratuity and bonus cost than before the Codes took effect. Provident Fund itself is a partial exception for now: the EPF&MP Act 1952 has not yet been fully repealed, and full migration of PF to Chapter III of the Code on Social Security awaits a further notification and transition period, so PF contribution currently continues to be tested under the EPF&MP Act's existing wage-classification standard (including the Vivekananda Vidyamandir test) rather than the Code's 50% cap.

Practitioner noteThis is now current, live compliance — not a forward-looking planning exercise. We test CTC structures against the 50% cap for gratuity and bonus purposes as part of every audit, and separately flag clients whose PF wage base will also need remodelling once the PF transition notification is issued, so that restructuring is not left to the last minute a second time.
We use a third-party payroll processing vendor. Doesn't that mean compliance is already their responsibility?

A payroll vendor processes what it is instructed to process, based on the wage structure and inputs the client provides — it does not independently audit whether the CTC structure is legally compliant, whether contract labour exposure exists, or whether historical filings were accurate. Statutory liability for PF, ESI, and labour law compliance rests with the establishment and its officers in default, not the payroll vendor, regardless of the vendor's own service-level commitments.

Practitioner noteWe have conducted several of these audits precisely because a company assumed vendor-processed payroll meant compliance was assured, only to discover wage misclassification the vendor had simply replicated month after month exactly as configured at onboarding.
What documents will PNPC need from us to begin the audit?

At minimum: monthly payroll registers for the audit period, PF ECR and ESI contribution filings with proof of deposit, employee master data with CTC break-up, contractor agreements and licences if contract labour is used, and any prior EPFO/ESIC correspondence. The full document checklist is shared and reviewed at the scoping consultation, tailored to your specific business and the audit's purpose.

Practitioner noteThe single biggest driver of audit turnaround time is the completeness of the initial document set. We front-load the request specifically to avoid a slow, piecemeal fieldwork phase.
How long does the audit take?

A full audit covering 2–3 years for a mid-sized establishment (roughly 100–500 employees) typically takes 5–6 weeks from data receipt to final report. A narrower pre-transaction diligence scope, covering a shorter period with headline findings only, can often be completed in 2–3 weeks against a tighter deadline. Multi-location establishments, larger contract labour populations, or incomplete historical records extend the timeline.

Practitioner noteIf you have a hard deadline — a term sheet closing date, a notice response date — tell us upfront. We scope the audit depth to fit the deadline rather than compress a full-depth audit into an unrealistic window, which risks missing material findings.
What does this audit cost?

Fees are scoped based on headcount, audit period length, number of locations, and whether contract labour exposure needs to be separately mapped. PNPC provides a written scope and fixed fee quote after the initial scoping consultation — there is no standard published rate because the effort varies significantly between a 50-employee single-location services company and a 500-employee multi-state manufacturing operation with extensive contract staffing.

Practitioner noteWe do not price this as a per-employee mechanical calculation — the effort is driven far more by the number of distinct wage structures, locations, and contractor relationships than by headcount alone.
Can this audit be used as part of investor or acquirer due diligence?

Yes — this is one of the most common triggers for the engagement. Investor and acquirer legal teams routinely include PF/ESI/labour law compliance as a diligence checklist item, and an independently commissioned audit report, prepared ahead of the transaction rather than reactively during diligence, materially strengthens the seller's or target company's negotiating position and reduces the risk of last-minute price adjustment or escrow holdback tied to labour compliance findings.

Practitioner noteWe recommend commissioning this audit as soon as a transaction becomes a realistic prospect — not after term sheet signing, when the diligence clock is already running and there is far less room to remediate findings before the buyer's own advisors find them independently.
Does the audit cover bonus and gratuity compliance as well?

Yes, as part of the broader labour law scope. We test bonus computation against the eligibility and minimum percentage requirements now carried under the Code on Wages 2019 (which has consolidated and repealed the erstwhile Payment of Bonus Act 1965), verify the applicable annual return filing, and review gratuity provisioning under the Code on Social Security 2020 (which has consolidated and repealed the erstwhile Payment of Gratuity Act 1972) — including whether an actuarial valuation is being obtained where required and whether the gratuity fund (if maintained through a trust) is being managed correctly.

Practitioner noteGratuity is frequently under-provisioned in growing companies that have not yet had an employee cross the 5-year eligibility threshold — the liability is real and accruing even before the first payout, and lenders/investors increasingly expect it to appear correctly in the financial statements.
What is a Section 7A inquiry and how is it different from this audit?

A Section 7A inquiry is a formal, quasi-judicial proceeding initiated by the EPFO Regional Provident Fund Commissioner to determine the amount of PF dues payable by an establishment — it is an adversarial, department-led process with statutory notice, hearing, and appeal rights. PNPC's audit is a voluntary, client-commissioned, non-adversarial review conducted before any such proceeding begins (or, if a Section 7A notice has already been received, to prepare a considered response to it).

Practitioner noteAn establishment that has already conducted its own audit and knows its numbers walks into a Section 7A hearing in a fundamentally different position than one encountering the department's assessment for the first time at the hearing itself.
Are there penalties beyond interest and damages for PF/ESI non-compliance?

Yes. Beyond Section 7Q interest and Section 14B damages, the EPF&MP Act and the Code on Social Security 2020 (which now houses the ESI framework) both provide for prosecution of the employer and, in the case of a company, every officer in default, for continued or wilful non-compliance — with imprisonment and fine as possible consequences in serious or repeated cases. Directors, particularly those designated as 'occupier' or responsible officer under the applicable statute, carry personal exposure that is not limited by the corporate veil in these specific statutory contexts.

Practitioner noteThis personal-liability dimension is why we always recommend the Board or the responsible officer personally review the audit findings, rather than delegating the review entirely to the HR or finance team — the exposure ultimately attaches to named individuals, not just the entity.
How does PNPC's audit differ from what an EPFO/ESIC department inspector would check?

A department inspection is adversarial by design — its purpose is to identify recoverable dues on behalf of the fund, not to advise the establishment. PNPC's audit applies the same statutory tests an inspector would apply, but from an advisory posture: we identify gaps before the department does, quantify exposure honestly (including items an inspector might miss), and — critically — help design the remediation and disclosure strategy, which a department inspector has no role or incentive to do.

Practitioner noteWe tell clients plainly: our job is to find every issue an inspector would find, and several an inspector typically would not — because our incentive is to protect you from the worst-case discovery, not to minimise the finding to make the report look better.
Do you also audit minimum wages compliance as part of this engagement?

Yes. Minimum wage compliance now sits under the Code on Wages 2019 (in force since 21 November 2025, which has consolidated and repealed the erstwhile Minimum Wages Act 1948) and introduces, for the first time, a national floor wage below which no state can set its minimum wage. We verify that wages paid to each employee category meet or exceed the applicable state-notified minimum wage for the relevant scheduled employment and skill category, and that wage revisions notified periodically by the state government have been correctly implemented and are not lagging behind the current notification or the national floor wage.

Practitioner noteState minimum wage notifications are revised periodically and vary by zone within a state in several jurisdictions — a common gap in multi-location establishments is applying a single state-wide rate when the applicable notification is actually zone- or district-specific.
What is a 'contribution period' under the ESI framework and why does it matter to the audit?

The ESI framework — now administered under the Code on Social Security 2020, which has consolidated and repealed the standalone ESI Act 1948 — defines two fixed contribution periods each year: 1 April to 30 September, and 1 October to 31 March. An employee whose wages are within the ESI ceiling at the start of a contribution period remains covered for that entire period even if a wage revision takes them above the ceiling mid-period; coverage and contribution obligations only change at the start of the next contribution period. Payroll systems that stop ESI deduction the exact month wages cross the ceiling, rather than at the end of the contribution period, are non-compliant.

Practitioner noteThis is a frequent, low-visibility finding — it usually affects only a handful of employees per year but compounds across multiple years and multiple employees into a real, quantifiable shortfall we specifically test for.
Can PNPC conduct this audit for our UAE branch or group entity as well as the India entity?

PF, ESI, and the Indian labour law framework tested in this audit apply specifically to establishments operating in India under Indian statute — the UAE has its own distinct labour law, WPS (Wage Protection System), and end-of-service gratuity framework governed by UAE Labour Law and, for Free Zone entities, the relevant Free Zone Authority's employment regulations. PNPC's Dubai office conducts an analogous payroll and labour compliance review under UAE rules, coordinated with the India-side audit for group entities operating in both jurisdictions.

Practitioner noteFor clients with both an Indian entity and a UAE entity, we scope both reviews together so the group gets a single consolidated payroll and labour compliance picture rather than two disconnected reports from two different advisors.
What if we've never had a PF or ESI inspection and assume we're fully compliant?

The absence of a departmental inspection is not evidence of compliance — EPFO and ESIC inspect a relatively small proportion of registered establishments in any given period, and wage misclassification in particular can persist undetected for years precisely because it does not trigger an obvious filing discrepancy; the ECR is filed correctly against whatever wage base is fed into it, it is simply the wrong base.

Practitioner noteSome of the largest exposures we have quantified have been at long-established, well-run companies that had never been inspected and had, in good faith, assumed that meant everything was correct.
Does the audit look at gig workers or platform workers differently?

The Code on Social Security 2020, in force since 21 November 2025, introduces a distinct statutory category for gig workers and platform workers, with a framework for social security contributions from aggregators — separate from the traditional employee-employer contribution model. Where a client engages gig or platform-style workers, we assess the arrangement both for potential employee misclassification risk (where a 'gig' arrangement is in substance a disguised employment relationship) and for the aggregator's compliance posture against the Code's gig-worker social security framework.

Practitioner noteDetailed operational rules for aggregator contribution rates and the welfare board mechanism have continued to be clarified even after the Code came into force, so we treat this as an active compliance area requiring a current-rules check at the time of each audit, not a settled, static framework.
How does PNPC handle confidentiality during the audit, given it involves sensitive payroll and personal data?

The engagement is governed by a signed engagement letter with explicit confidentiality terms, consistent with the professional and ethical standards Chartered Accountants are bound by under the Chartered Accountants Act 1949 and ICAI's Code of Ethics. Payroll and employee personal data shared with us is used solely for the audit engagement and is not disclosed to any third party without client authorisation, except where legally compelled.

Practitioner noteFor due diligence engagements specifically, we agree upfront with the client exactly what level of detail (aggregate findings versus employee-identifiable detail) will appear in any report shared with a prospective investor or acquirer.
What is the difference between 'damages' under Section 14B and a 'penalty' more generally?

Section 14B damages are a specific, EPF&MP Act-defined civil consequence for delayed payment of dues, computed on a graded scale based on the period of default — they are compensatory-punitive in nature but distinct from criminal penalties. Separately, both the EPF&MP Act and the Code on Social Security 2020 (which now houses the ESI framework) provide for prosecution — fine and/or imprisonment — as a criminal consequence for wilful default, false statements, or obstruction, which is a different legal track entirely and generally reserved for more serious or repeated non-compliance.

Practitioner noteWe are careful to distinguish these clearly in our findings report because clients sometimes read 'damages' as the worst-case outcome, when in fact prosecution exposure — while less commonly invoked — is the more serious tail risk in deduction-not-deposited cases.
Should a company with no current PF/ESI issues still commission this audit periodically?

Many well-governed companies do, on an annual or biennial cycle, precisely because payroll systems, CTC structures, headcount, and contractor relationships change continuously, and each change is a fresh opportunity for a compliance gap to be introduced even where the baseline was clean. Boards and Audit Committees increasingly treat this as good governance practice alongside — not instead of — the statutory internal audit.

Practitioner noteWe recommend clients think of this the same way they think of a statutory audit refresh — a clean report last year is evidence of compliance last year, not a guarantee for this year if anything has changed in between.
Can the audit findings be used to negotiate down the damages EPFO would otherwise assess?

A well-documented, self-conducted audit with a transparent, voluntary disclosure to EPFO puts the establishment in a materially stronger position during any subsequent Section 7A hearing or damages assessment than an establishment with no independent analysis, since it demonstrates good-faith compliance effort and provides a defensible computation basis. That said, the final quantum of damages assessed under Section 14B remains within EPFO's statutory discretion and is not something PNPC or any advisor can guarantee in advance.

Practitioner noteWe represent clients in these discussions and hearings, but we are always careful not to promise a specific reduced outcome — what we can promise is a well-prepared, well-evidenced position going into the process.
What is the role of the 'occupier' under the Factories Act in this audit, and why does it matter for manufacturing clients?

The 'occupier' concept — originally defined under the Factories Act 1948 and now carried forward into the Occupational Safety, Health and Working Conditions Code 2020, which has consolidated and repealed that Act — is the person who has ultimate control over the affairs of the factory, typically a designated director for a company, and carries personal statutory responsibility for compliance with the applicable provisions, including registers relevant to this audit (overtime, leave with wages, accident records). For manufacturing clients, we specifically verify the occupier is correctly and currently designated, since an outdated or incorrect occupier designation is itself a compliance gap independent of the payroll findings.

Practitioner noteWe have seen factories continue operating for years with an occupier designation naming a director who has since resigned or changed role — a paperwork gap that becomes a real problem the moment an inspector asks who is legally responsible.
Will PNPC also help fix the payroll system configuration after the audit, or only report the findings?

Both, if the client wants it. The audit itself is a diagnostic report, but PNPC works directly with the client's payroll team or vendor to correct wage component classification, ECR filing workflows, and contractor compliance monitoring processes identified as gaps — and many clients transition onto PNPC's ongoing payroll processing retainer afterward for continuous assurance rather than repeating a full audit each year.

Practitioner noteA report that sits in a drawer without process remediation guarantees the same findings resurface at the next audit or, worse, at the next inspection. We push clients toward the remediation step, not just the report.
Why choose PNPC for this audit instead of relying solely on our payroll vendor's self-certification?

A payroll vendor's self-certification tests whether the vendor processed what it was told to process correctly — it does not independently test whether the wage structure itself, the contract labour arrangements, or the historical filing discipline comply with the underlying law. PNPC has represented manufacturing and services clients before EPFO, ESIC, and state labour authorities since 1986; our audit is conducted by practising Chartered Accountants who understand both the statutory framework and how enforcement authorities actually apply it in practice.

Practitioner noteThe clients who come to us after a vendor self-certification are, almost without exception, the ones who discover a gap the vendor's own process was never designed to catch — because the vendor's incentive is operational continuity, not independent compliance verification.
Why PNPC Global

PNPC's PF, Payroll & Labour Law Audit vs a payroll vendor's self-certification

DimensionPNPC AuditPayroll Vendor Self-Certification
IndependenceIndependent Chartered Accountant review, no operational conflictVendor certifying its own processing accuracy
Wage-base classification testingTests every component against statutory and case-law standardsAssumes the wage structure provided at onboarding is correct
Contract labour / principal-employer exposureExplicitly mapped and quantifiedTypically out of scope entirely
Quantified exposure (interest + damages)Computed under Section 7Q and Section 14BNot typically computed
Regulatory representation capabilityCan represent the establishment before EPFO/ESIC directlyGenerally no representation mandate or authority
Due diligence readinessReport structured for investor/acquirer legal reviewNot designed for third-party diligence use
Remediation supportWorks with payroll team/vendor to fix root causeLimited to its own processing scope

What the PNPC package includes

  1. 01

    Scoping consultation to define audit period, entities, and specific purpose (assurance, diligence, notice response)

  2. 02

    Full three-way reconciliation — payroll register, ECR/ESI filings, and bank remittance

  3. 03

    Wage classification testing against the Supreme Court's Vivekananda Vidyamandir standard, component by component

  4. 04

    Quantified exposure computation — contribution shortfall, Section 7Q interest, Section 14B damages estimate

  5. 05

    Contract labour and principal-employer liability mapping across all active vendor relationships

  6. 06

    Bonus, gratuity, and statutory register review across the Code on Wages, Code on Social Security, and applicable Shops & Establishments/OSH Code registers

  7. 07

    Draft findings walkthrough with management before the report is finalised

  8. 08

    Prioritised remediation roadmap distinguishing immediate, historical, and process-level fixes

  9. 09

    Voluntary disclosure and EPFO/ESIC representation support where exposure is identified

  10. 10

    Optional transition onto PNPC's ongoing payroll processing retainer for continuous compliance assurance

Talk to a PNPC Chartered Accountant before EPFO does — a self-commissioned audit today is a negotiating position; a department-discovered gap tomorrow is a liability.

← Back to Audit & Assurance
Talk to a CA