CARO 2020 Compliance Audit Checklist: Clause-by-Clause Guide for CA Firms

Published: 2026-03-23
Category: Compliance
Read Time: 16 minutes
Author: CORAA Team

---

CARO 2020 (Companies Auditor's Report Order) compliance isn't optional—it directly impacts your audit report and your defensibility with regulators and NFRA.

Yet many auditors struggle with CARO because:

• 36 clauses to address (up from 16 in CARO 2015)
• Varying applicability based on company size and sector
• Penalty for non-compliance: potential NFRA action
• No standard format for some clauses (requires judgment)

This guide gives you a practical, clause-by-clause approach plus automation strategies to cut CARO compliance time by 70%.

What is CARO 2020?

CARO stands for "The Companies (Auditor's Report) Order" issued under the Companies Act, 2013. It prescribes what the auditor must report on—beyond the standard audit opinion—in the auditor's report for companies subject to it.

CARO 2020 vs CARO 2015: What Changed

Aspect	CARO 2015	CARO 2020
Number of Clauses	16 clauses	36 clauses
Applicability	All companies > ₹50 Cr revenue	All companies > ₹1 Cr (mostly)
New Topics	-	Goodwill, CSR, Related Parties, Directors' Remuneration
Reporting Format	Reference clause number	More narrative in many clauses
Timeline	Auditor's report section	Usually separate paragraph (often called "CARO Report")
Effective Date	1 April 2015	1 April 2020 (for FY 2020-21 onwards)

Bottom line: You need to address more areas with more detail.

CARO 2020 Applicability: Who Must Comply?

Not all companies need CARO 2020 reporting. Your first step is determining applicability.

Applies to all companies EXCEPT:

1. Foreign companies
2. Holding or subsidiary of foreign company
3. Section 12A companies (exempt from income tax)
4. Entities covered by specific exemption orders
5. Banking Regulation Act, 1949 entities (banks, NBFCs are under different rules)

Practical applicability:

• ✅ Private limited manufacturing company (₹10 Cr revenue) → CARO applies
• ✅ Listed company → CARO applies
• ❌ Bank (covered by different audit standards) → CARO doesn't apply
• ✅ NGO/Trust (if registered as company) → May apply (check bylaws)
• ❌ Foreign subsidiary of Indian company → Doesn't apply

CARO 2020: Clause-by-Clause Audit Checklist

I'll walk through each clause and what you need to verify.

Clause 1: Property, Plant & Equipment (PP&E)

What you need to report on:

• Physical verification of PP&E was conducted by management during financial year
• Your opinion on adequacy of management's verification procedures
• Any discrepancies between physical verification and books (and status of reconciliation)

What to verify:

Audit checklist:
☐ Request management's PP&E register
☐ Obtain physical verification schedule (date, items verified)
☐ Select sample of items:
  - ₹5 Lakh+ each: 100% verification
  - ₹1-5 Lakh: 25% sample
  - <₹1 Lakh: 5% sample
☐ Physically inspect sample items (location, condition, existence)
☐ Check depreciation calculated correctly for verified items
☐ Identify discrepancies (missing, damaged, sold items)
☐ Verify management's follow-up on discrepancies
☐ Evaluate adequacy of management's verification procedures

Common errors auditors make:

• Treating management's verification as sufficient without own testing
• Not physically inspecting sample items
• Missing items sold but not recorded

CARO reporting:

Example language:
"We have verified the Fixed Assets Register maintained by the Company 
and have conducted physical verification of a sample of assets comprising 
₹X Crores. Physical verification was conducted during the year on [date]. 
No significant discrepancies were observed between physical verification 
and the books of account. The Company's procedures for physical 
verification are adequate."

(Or if issues found:)
"During our verification, we noted discrepancies in ₹X Lakh of assets 
(detailed schedule attached). These have been reconciled/adjusted by the 
Company."

Clause 2: Inventory

What to report:

• Physical verification conducted
• Sampling basis and coverage
• Discrepancies and their resolution
• Adequacy of verification procedures

Key audit steps:

☐ Obtain inventory register for full year
☐ Identify count dates (interim physical verification)
☐ Obtain physical count schedule(s)
☐ Attend at least one physical count
☐ Test sample items from count sheets to books
☐ Test sample items from books to count sheets
☐ Identify obsolete/slow-moving items
☐ Verify year-end inventory cutoff
☐ Check inventory valuation (cost vs. NRV)

Clause 2 reporting:

"The Company carried out physical verification of inventory during the 
financial year. We observed the physical verification conducted on [date] 
and verified a sample of [X]% of inventory items. No significant 
discrepancies were observed between physical inventory and books of account."

Clause 3: Loans, Advances & Guarantees

What to verify & report:

• Terms & conditions of significant loans/advances/guarantees
• Whether adequate to detect fraud
• Your assessment of adequacy

Definition (be precise):

• Loan: Money lent (by company TO others)
• Advance: Payment made before service rendered
• Guarantee: Company guaranteeing someone else's debt

Audit procedures:

☐ List all loans given (> ₹1 Lakh, or 5% assets, whichever is lower)
☐ Review loan agreements
☐ Check interest calculation and payment
☐ Verify loan disbursement from bank statements
☐ List all advances given (material items)
☐ Check settlement of advances
☐ List all guarantees/commitments
☐ Verify disclosure in financial statements
☐ Assess adequacy for fraud detection

Clause 3 reporting example:

"The Company has granted loans/advances to [ABC Ltd]/[Directors] 
amounting to ₹X Crores during the year. We have verified the terms, 
interest rates, and collection status. The loans are on arms-length 
basis and the Company has maintained adequate records. No issues 
requiring disclosure have been identified."

(Or if issues found:)
"The Company granted a guarantee to _____ Bank for ₹X Crores 
on behalf of [subsidiary]. The guarantee is adequately disclosed 
in the notes to financial statements."

Clause 4: Transactions with Related Parties

Report on:

• All related party transactions occurred
• Adequacy of disclosure in financial statements
• Whether on arms-length basis (or if not, what safeguards)

Key related party categories:

• Directors and key management personnel
• Companies where directors have interest (MOUs >50%)
• Relatives of directors living under same roof
• Entities under common control

Audit steps:

☐ Obtain/prepare related party list (update during audit)
☐ Identify ALL transactions:
  - Sales/purchases
  - Rentals
  - Loans/guarantees
  - Service agreements
  - Dividend payments
  - Compensation
☐ Test sample for commercial reasonableness (arms-length)
☐ Verify disclosure in notes to financial statements
☐ Check if any transactions not disclosed
☐ Assess management representation letter

Clause 4 reporting:

"The Company has entered into related party transactions with [list]. 
These transactions have been undertaken at arms-length basis and on 
normal commercial terms. All related party transactions have been 
adequately disclosed in Note [X] to the financial statements."

(Or if not at arms-length:)
"We note that certain related party transactions are not at arms-length 
basis. However, these have been disclosed in the notes and approved by 
the Board/Shareholders as required."

Clause 5: Directors' Remuneration

Report on:

• Remuneration paid complies with relevant provisions
• No excess payment without Shareholders' approval

Key compliance points:

• No director paid more than authorized (per Articles/Board approval)
• No unauthorized remuneration
• Compliance with Managerial Remuneration Limits (Section 197)
• Stock options disclosed if issued

Audit procedures:

☐ Obtain Directors' remuneration register
☐ Obtain Board resolutions authorizing remuneration
☐ Obtain Shareholders' resolutions (if required)
☐ Check Section 197 limits calculation
☐ Verify amounts paid per payroll
☐ Check disclosure in financial statements
☐ Verify no excess paid without approval

CARO Clause 5 reporting:

"The Company has paid remuneration to Directors in accordance with 
the Article of Association and Board approvals. No Director has been 
paid remuneration exceeding the limits stipulated in Section 197 of 
the Companies Act, 2013. The details are adequately disclosed in the 
notes to financial statements."

Clause 6: Deposits & Public Funds (if applicable)

Report on:

• Deposits from public were accepted/defaulted as per rules
• No default in repayment

Applies to: Companies accepting deposits from public

Audit steps:

☐ Identify if company accepted public deposits
☐ Obtain deposit register
☐ Check interest calculation and payment
☐ Verify maturity dates and repayment status
☐ Check compliance with deposit rules (RBI/DCA)
☐ Verify disclosure/provisions if default

Clause 7: Cost Records & Statutory Cost Audit (if applicable)

Report on:

• Whether cost records were maintained as required
• Any instances of default

Applies to: Manufacturing companies meeting size criteria

Audit steps:

☐ Check if cost records required for company
☐ Obtain cost audit report (if applicable)
☐ Review cost record files
☐ Note any exceptions or defaults

Clause 8: Statutory Dues - GST, Income Tax, etc.

Report on:

• Statutory dues paid/payable regularly
• No significant default (or if default, reasons)
• Disclosure if default significant

Key dues to check:

• GST (monthly)
• Income tax (quarterly advance, monthly TDS)
• Statutory contributions (PF, ESI, PT)
• Professional tax
• License fees
• Regulatory filings

Audit procedures:

☐ Prepare statutory due date calendar for FY
☐ For each due, check:
  - Return/challan filed on time?
  - Payment made on time?
  - Any demand notices issued?
☐ Note any defaults
☐ Assess significance (material defaults?)
☐ Obtain explanation from management
☐ Check disclosure in financial statements

CARO reporting:

"The Company has generally paid statutory dues regularly during the year. 
GST returns were filed on time and payments made as due. Income tax and 
provident fund contributions were paid as required. No significant defaults 
were noted."

(Or if issues found:)
"The Company had a GST payment default of ₹X Lakh in [month], which 
was resolved by [date]. An income tax demand of ₹X Lakh was raised for 
[previous year], which is under appeal."

Clause 9-16: Fraud, Directors Disqualification, Loans to Directors, etc.

[Continuing with remaining key clauses...]

Clause 9 (Fraud):

• Report any fraud detected
• Any element of fraud in management/employees
• Property diverted

Clause 10 (Director Disqualification):

• Any director disqualified under Section 164
• Continued as director despite disqualification

Clause 11 (Loans to Directors):

• Check if any loans given to directors (should be rare)
• Verify compliance if given

Clause 12-16 (CSR, Dividend, Borrowing Limits, Audit Committee):

• CSR spending adequacy (if applicable)
• Dividend payment compliance
• Company within borrowing limits
• Audit committee interaction

Creating CARO Compliance Checklist: Template

Use this to systematize your CARO compliance work:

CARO 2020 COMPLIANCE AUDIT CHECKLIST
=====================================

Engagement: [Client Name]
FY Ended: [Date]
Audit Period: [Dates]

Section 1: Applicability (Complete first)
☐ Company subject to CARO 2020? YES / NO
  (If NO, explain exception)
☐ Any specific exemptions apply? List: ___

Section 2: Property, Plant & Equipment (Clause 1)
☐ Physical verification conducted during year
☐ Management's verification procedures evaluated
☐ Sample of assets physically inspected
☐ Discrepancies identified and reconciled
☐ No exceptions to report / [Explain exceptions]
CARO Report Language: ___________

Section 3: Inventory (Clause 2)
☐ Physical verification conducted
☐ Sample tested from count sheets to books
☐ Cutoff testing completed
☐ Obsolescence provision adequate
☐ No exceptions / [Exceptions: ___]
CARO Report Language: ___________

[Continue for all relevant clauses...]

Final Section: CARO Report Compilation
☐ All applicable clauses addressed
☐ Report drafted and reviewed
☐ Compliance with prescribed format verified
☐ No unadjusted misstatements in CARO areas
☐ CARO report signed and dated

CARO 2020 Compliance Errors That Trigger NFRA Action

1. Missing clauses entirely (e.g., no mention of related parties)
2. Generic language ("No issues found") without specific testing
3. No evidence of procedures performed
4. Inconsistency with audit opinion (e.g., "no exceptions" but many audit adjustments made)
5. Inadequate disclosure of matters requiring reporting
6. Untimely filing (CARO report must accompany audit report)

Automating CARO 2020 Compliance with AI

CORAA's CARO Compliance Module automates:

Data extraction: AI extracts loan details, related parties, director information from company documents and bank statements automatically.

Clause testing: Pre-programmed procedures for each clause—auditor just reviews flagged items.

Documentation generation: AI drafts CARO report language based on audit procedures and findings.

Time savings: 60-70% reduction in CARO compliance time (typical 2 weeks → 4-5 days)

Implementation: 30-Day CARO Compliance Plan

Week 1: Determine applicability, obtain checklist, gather documents

Week 2: Perform Clause 1-5 procedures (PP&E, Inventory, Related Parties, etc.)

Week 3: Perform remaining clause procedures, identify exceptions

Week 4: Draft CARO report, review with partner, finalize

Conclusion

CARO 2020 compliance isn't just a reporting formality—it's your opportunity to demonstrate thorough audit testing and management of regulatory risks.

Key takeaways:

• CARO applies to most companies (determine applicability first)
• 36 clauses require specific testing and reporting
• Common errors trigger NFRA action
• AI automation can cut compliance time by 70%
• CARO report must be filed with audit report

---

Related Articles

• ISA 220 & CARO: Integrating Quality & Compliance Standards
• Companies Act Section 164: Director Disqualification Audit Procedures
• Related Party Transactions: Audit & Disclosure Comprehensive Guide
• CSR Audit Compliance: Schedule VII Verification for Auditors

Ready to Automate CARO Compliance?

CORAA's CARO module automatically extracts data, triggers clause-specific procedures, and drafts compliant CARO reports—eliminating manual review time and ensuring no clauses are missed.

[Start Free Trial] [Book Demo]