CORAA
ലൈവ് ഡെമോ ബുക്ക് ചെയ്യുകസൗജന്യ ട്രയൽ ആരംഭിക്കുക
Resources · Peer Review · 31 Dec 2026

ICAI Peer Review Phase IV Readiness.

A practitioner readiness hub for ICAI Peer Review Phase IV. 19-item self-assessment across firm-level quality management, engagement documentation and reporting — anchored in the SAs and SQM 1 / SQM 2 that the peer reviewer will test. The mandate has been deferred more than once; the current Phase IV deadline is 31 December 2026 — confirm with the latest ICAI Peer Review Board announcement.

Deferment risk
Phase IV has been deferred more than once. Plan against the current ICAI-notified date but track Peer Review Board notifications. The work you do to be Phase IV-ready is the same work that’ll defend your file in any other quality review (NFRA inspection, ICAI disciplinary referral, regulator request).
Section 1 of 3 · 5 items

Firm-level quality management

Firm-level systems are reviewed first. A peer reviewer typically asks for the documented policies before sampling any engagement file.

  1. 1.1Documented firm-level quality-management policies and procedures (covering leadership, ethics, engagement acceptance, performance, resources, monitoring)?
    SQM 1
    A one-page policy is insufficient. Reviewer expects a documented manual with named owners for each component.
  2. 1.2Engagement quality review (EQR / EQCR) policy with triggers and named reviewers?
    SQM 2 / SA 220
    For listed audits and high-risk engagements, EQR is mandatory. Document who can be an EQR (independence + competence) and the trigger criteria.
  3. 1.3Annual independence confirmations from all partners and staff, retained?
    ICAI Code of Ethics + SA 220
    Reviewer asks for the signed confirmations; missing confirmations are a recurring finding.
  4. 1.4Continuing Professional Education (CPE) records for all members (60 CPE hours per 3-year block; 20 structured per year)?
    ICAI CPE Policy
    Maintain a firm-level CPE dashboard. Shortfall on any partner is a peer-review observation.
  5. 1.5Internal quality monitoring (cold file review) policy with annual coverage target?
    SQM 1
    At least one annual cold review per partner. Findings tracked to remediation.
Section 2 of 3 · 9 items

Engagement-level documentation

The reviewer samples 2-4 engagement files. The file you can defend is the file with proper SA 230 documentation.

  1. 2.1Engagement letter issued and accepted (signed) before fieldwork began?
    SA 210
    Per Section 26(7) of the CA Regulations 2024, engagement letter is mandatory. Predecessor-auditor communication on file (SA 210 para 11).
  2. 2.2Risk assessment under SA 315 (Revised 2020) — including ITGC understanding — documented?
    SA 315 (Revised 2020)
    A single-page "risk memo" is insufficient. Expect documented walkthroughs of significant business processes and IT-general-controls.
  3. 2.3Materiality computation with basis (benchmark, percentage, qualitative factors)?
    SA 320
    Overall, performance and trivial materiality all documented with the rationale. Revision during the audit recorded.
  4. 2.4SA 240 procedures — journal entry testing across the full period, fraud risk inquiries, management override?
    SA 240
    JE testing must be on the FULL period, not just year-end. Sampling methodology (or 100% coverage) documented.
  5. 2.5Audit sampling — formula, seed, sample size, sample selected, results extrapolated?
    SA 530
    Document the sampling formula AND the seed for reproducibility. A peer reviewer can re-run with the seed.
  6. 2.6Going concern assessment under SA 570 (Revised) — even if no doubt, the documented conclusion exists?
    SA 570
    Absence of going-concern doubt does NOT excuse documentation. The procedure must be performed and documented every engagement.
  7. 2.7Related-party identification and procedures (RPT register, transactions tested, arm's-length basis)?
    SA 550
    SA 550 procedures are frequent reviewer finding gaps. Test that the company's RPT disclosures are complete.
  8. 2.8Subsequent events review through to the date of the audit report (signed dated procedures)?
    SA 560
    Document the date the subsequent events review concluded — should match the audit report date.
  9. 2.9Management Representation Letter dated same as the audit report, covering all matters required by SAs?
    SA 580
    MRL is mandatory. Date of MRL = Date of audit report. Cover all SA-mandated representations.
Section 3 of 3 · 5 items

Reporting and sign-off

Final report quality — opinion form, modifications, EOM/OM paragraphs, CARO annexure.

  1. 3.1Audit report aligned with SA 700 (Forming an Opinion) and SA 705 (Modifications) — correct opinion form for the situation?
    SA 700 / SA 705
    The most common reviewer finding: an EOM paragraph being used where a qualified opinion is required. Read SA 706 carefully on the boundary.
  2. 3.2CARO 2020 annexure addressing all 21 clauses with proper basis (or "Not Applicable" with reason)?
    CARO 2020
    Each clause needs a substantive answer or a documented N/A reason. Reviewer checks the supporting working papers per clause.
  3. 3.3Key Audit Matters per SA 701 (for listed entities)?
    SA 701
    KAM section in the audit report must describe the specific matter, why it was a KAM, and what the auditor did. Generic KAMs are a finding.
  4. 3.4UDIN generated and inserted into the report before sign-off?
    ICAI UDIN Guidelines
    UDIN-less reports are professional misconduct. Generate UDIN on the same day the report is signed.
  5. 3.5Final audit file assembled and archived within 60 days of audit report date?
    SA 230
    SA 230 para 14 — final assembly within 60 days. Mid-audit edits after that date are restricted.
How CORAA helps with peer review

The audit trail a peer reviewer can reproduce.

The recurring peer review findings — inadequate SA 230 documentation, SA 240 JE testing not on full period, SA 530 sampling without a seed, missing UDIN — are the exact gaps CORAA closes. Every flag in CORAA links to the underlying transaction with a timestamp; every working paper preserves the formula and seed used; every output is reproducible. Reviewers can re-run the procedures and arrive at the same findings.

Working Papers module →SQM 1 ChecklistSA 530 Sampling Calculator

Frequently asked questions

What is ICAI Peer Review Phase IV?+
Peer review is the ICAI mechanism for ensuring that practising units (CA firms) maintain the quality of their attest work in compliance with the Standards on Auditing, Standards on Quality Management (SQM 1 / SQM 2), and applicable laws. Phase IV is the latest mandatory rollout phase that requires certain categories of practising units to obtain a peer review certificate by 31 December 2026.
Who is covered in Phase IV?+
Phase IV covers practising units (firms / sole practitioners) that audit the financial statements of entities not previously covered — typically expanding the perimeter to include firms auditing certain unlisted public companies, larger private limited companies, charitable trusts and cooperative societies. Refer the latest ICAI Peer Review Board announcement for the precise category list applicable to your firm.
What is the deadline?+
For Phase IV practising units, the peer review certificate must be obtained by 31 December 2026. The Phase IV mandate has been deferred multiple times — confirm the current deadline with the ICAI Peer Review Board before planning. After the deadline, a Phase IV practising unit cannot accept new audit engagements of in-scope entities without a valid peer review certificate.
How long does a peer review take?+
For a small to mid-sized firm, the peer review process typically takes 8-16 weeks from reviewer appointment to certificate issue. Phases: (1) reviewer empanelment and assignment, (2) initial questionnaire and policies submission, (3) sample-engagement selection, (4) on-site fieldwork (1-3 days), (5) preliminary findings, (6) firm responses and remediation, (7) final report and certificate.
Can the peer reviewer be from my own city?+
Yes — peer reviewers are empanelled across cities and assigned based on capacity, geographic considerations, and conflict-of-interest tests. There is no rule against same-city assignment, but reviewers must be independent of the firm being reviewed (no past association as partner / employee, no audit relationship with the reviewer's firm).
What are the most common peer review findings?+
Recurring observations: (1) inadequate SA 230 documentation; (2) missing or insufficient SA 315 risk assessment (often only a one-page memo); (3) SA 240 journal-entry testing not performed across the full period; (4) SA 550 related-party procedures missing or boilerplate; (5) MRL date mismatch with audit report date; (6) UDIN not generated; (7) CARO 2020 clause-wise working papers missing; (8) annual independence confirmations not on file; (9) CPE shortfall by a partner.
What happens if I fail peer review?+
If the peer reviewer issues an unsatisfactory report, the firm has an opportunity to respond and remediate. After response, the Peer Review Board may issue (a) a satisfactory certificate, (b) a satisfactory certificate with observations to be addressed in next review, or (c) require a follow-up review. Persistent failure can lead to inclusion in the Disciplinary Directorate referral.
Is peer review the same as NFRA inspection?+
No. Peer review is conducted by the ICAI Peer Review Board for ICAI quality assurance. NFRA inspection (Audit Quality Inspection Programme) is conducted by the National Financial Reporting Authority for audits of PIEs under Section 132 of the Companies Act 2013. The two are parallel — a firm auditing both ICAI-perimeter and NFRA-perimeter clients can be subject to both reviews.

Make every audit peer-review-ready.

CORAA captures the audit trail SA 230 expects — contemporaneously, immutably, reproducibly. The same trail satisfies peer review, NFRA inspection, and ICAI disciplinary defence.

Talk to CORAAPricingTrust Centre