Assurance Gazette – Jan 2026 Edition

Welcome to the Assurance Gazette for January 2026 Edition This edition draws from the NFRA Staff Series publication on Risk and Response Memorandum (ROMM) – Revenue to highlight a much broader and more fundamental message for auditors: robust, structured, and logically linked audit documentation is not a formality, but the backbone of a defensible audit. The edition also features recently issued FAQs by ICAI on the accounting implications of India’s New Labour Codes, which have significant implications for employee benefit obligations such as gratuity and leave, and provide guidance on recognition, measurement, presentation, and tax aspects under Ind AS and Indian GAAP to support timely compliance and transparent financial reporting.

NFRA – Risk & Response Memorandum: ROMM Assessment – Revenue

Introduction

NFRA has consistently observed that many audit failures stem not from lack of work, but from lack of credible documentation evidencing procedures performed, judgments applied, and conclusions reached. In line with the Standards on Auditing, documentation must enable an independent experienced auditor to understand what was done, what was found, and what was concluded. The NFRA Staff Series on ROMM (assertion level) for revenue, though topic-specific in form, is in substance a model for how an audit file should be structured—showing an integrated flow from planning and risk assessment to audit responses and conclusions—and this article explains that architecture and how ROMM workpapers fit into it.

Key Highlights

As per NFRA’s expectations, a high-quality audit file must follow a clear, end-to end architecture that links planning, risk assessment, responses, execution, and conclusions. A properly documented audit area (such as Revenue, PPE, Loans, or Provisions) should begin with a Planning and Context section covering the business and regulatory environment, applicable financial reporting framework, preliminary analytics, and key judgment areas. This should flow into a structured Risk Assessment (ROMM) identifying inherent, control, and fraud risks, mapped to specific accounts and assertions with clear reasons and conclusions on which are significant or fraud risks. The file must then document the Response Design— whether controls will be relied upon, what substantive procedures will be performed, and why these responses are sufficient— followed by Execution and Evidence, including control testing, substantive testing, sampling rationale, results, and exceptions. Finally, a formal Conclusion section must demonstrate whether risks are adequately addressed, whether misstatements exist, and the overall conclusion for that audit area.