CORAA
Book a live demoStart free trial
Resources · Forensic audit pillar

Indian CA Guide to Forensic Audit.

A pillar guide to forensic audit for Indian Chartered Accountants. Statutory audit ends where fraud begins — but the same SA 240 journal-entry testing, related-party scrutiny and red-flag pattern recognition that anchor a quality audit are also the foundation of forensic investigation. This page covers when forensic vs statutory, six common fraud patterns with their AI detection signal, the ICAI FAFD course pathway, and the Section 143(12) handoff.

Statutory audit vs forensic audit

DimensionStatutory auditForensic audit
ObjectiveReasonable assurance on FSInvestigation of suspected fraud / loss quantification
TriggerStatutory mandate (annual)Specific suspicion / regulatory direction / litigation
StandardsICAI Standards on Auditing (SAs)ICAI Forensic Accounting and Investigation Standards (FAIS) + Indian Evidence Act + IT Act 2000
ScopeFS as a wholeFocused — specific transactions / individuals / period
OutputOpinion in audit reportForensic report with findings, quantification, evidence index
SamplingRisk-based sampling (SA 530)Often 100% population testing of in-scope data
Time horizonForward-looking — current FYBackward-looking — investigative period covered
ConfidentialityDisclosure to TCWG (SA 260)Often privileged; report to commissioning party only
Use of findingsAudit report; CARO; Sec 143(12)Disciplinary / civil / criminal proceedings; recovery suit

Six common fraud patterns — red flags + AI signal

The ACFE Report to the Nations consistently identifies three fraud categories: asset misappropriation (most frequent), financial statement fraud (largest dollar impact), and corruption. Below — six patterns from Indian audit experience with their typical red flags and AI detection approach.

1. Vendor billing fraud (shell-company invoicing)
Asset misappropriation
A fictitious or shell vendor is created in the master; invoices are raised for goods / services that were never delivered. Often involves collusion with the AP officer.
Red flags
  • Vendor address matches an employee address
  • Vendor PAN missing or recently registered
  • Invoices in round numbers with sequential numbering
  • No GRN / proof of delivery on file
  • Vendor only invoices below the approval-required threshold
  • Vendor activated and used within a short window
AI / analytics signal
Cluster analysis of vendor masters surfaces vendors with no purchase order history. Round-number + sequential invoice pattern flagged. Address-to-employee match via fuzzy string + PIN code comparison.
2. Payroll ghost employees
Asset misappropriation
Fictitious or terminated employees remain on the payroll master; their salary is diverted to bank accounts controlled by the perpetrator.
Red flags
  • Multiple employees with the same bank account number
  • Employees with no PF / ESI / PAN
  • No leave / attendance record
  • Salary credited consistently with no variation
  • Employee not present in HR master but in payroll
AI / analytics signal
Cross-reference of payroll master with HR master, PF / ESI returns, and biometric attendance data identifies anomalies.
3. Revenue recognition fraud — round-tripping
Financial statement fraud
Revenue is inflated by recording sales to related parties, customers who later return the goods, or fictitious customers. Often paired with year-end cut-off manipulation.
Red flags
  • Significant sales to new customers in the last 30 days of the year
  • Customers with no PAN / GSTIN
  • Revenue + corresponding receivable with no cash inflow for 6+ months
  • Substantial year-end provisions / write-offs in next period
  • Customer master shares ownership with the company (related party not disclosed)
AI / analytics signal
Sales timing analysis flags year-end cluster. Customer-master vs related-party register cross-match identifies undisclosed RPTs. Receivable ageing trend across years reveals systematic deterioration.
4. Expense classification fraud
Financial statement fraud
Capital expenditure (which would reduce profit slowly via depreciation) is classified as operating expense (which hits profit immediately) — or vice versa, to manipulate earnings.
Red flags
  • Large entries to "Miscellaneous Expenses" or "Other Expenses" near year-end
  • Expense entries that don't match supporting invoice classification
  • Capital invoices booked to revenue accounts
  • Frequent reclassifications mid-period
AI / analytics signal
Natural-language matching of expense narration to GL classification flags mismatches. SA 240 journal entry red flags applied to every JE.
5. Kickback / bribery
Corruption
Vendor pays a kickback to the employee approving the purchase. Often disguised as commission, marketing fee, or "consultancy".
Red flags
  • Marketing / consultancy fees paid to vendors not in the marketing business
  • Vendor invoices with descriptions like "Services as per agreement" with no scope detail
  • Payments to vendors in jurisdictions with weak enforcement
  • Cash-equivalent transactions just below thresholds
  • Common bank account between vendor and recipient
AI / analytics signal
Vendor master classification by business category vs paid expense category. Unusual expense-to-vendor combinations flagged.
6. Asset misappropriation through inventory
Asset misappropriation
Inventory is written off or "lost" but actually diverted. Stock records show consumption but no production output / sale.
Red flags
  • Inventory write-offs concentrated in a single warehouse or product
  • Material consumption not matched to production output
  • Stock-take adjustments at year-end without root cause analysis
  • Closing stock low after physical count, but FIFO records suggest higher value
AI / analytics signal
Inventory turnover ratio per SKU vs benchmark. Consumption-to-output ratio across periods. Variance analysis on stock-take adjustments.

ICAI FAFD course pathway

For CAs who want to formally enter the forensic practice, ICAI offers the Diploma / Certificate in Forensic Accounting and Fraud Detection (FAFD).

Eligibility
Member of ICAI (Associate or Fellow). Open to CAs in practice and in employment. No prior forensic experience required.
Content modules
Fraud schemes + red flags · investigation methodology · data analytics (Benford, CAATs) · digital forensics · legal — PMLA, IT Act 2000, IPC, Indian Evidence Act · interview techniques · evidence preservation · forensic report writing.
Format + assessment
Online + in-person blended delivery. Final assessment test typically held twice a year (e.g., January and July). Pass mark and passing standard set by ICAI.
Recognition + career
FAFD certificate holders are recognised by ICAI, enabled to take forensic-audit assignments from banks, courts, regulators (SEBI, RBI, IRDAI), corporates, and PSUs. Many work as expert witnesses.
How CORAA helps forensic engagements

100% of ledger transactions analysed, in seconds.

CORAA’s Scrutiny module applies SA 240 fraud red flags across every journal entry, vendor master, payroll register, and inventory movement — not a sample. The same engine flags the patterns above (round-number invoicing, shell-vendor address matches, payroll ghost employees, year-end revenue clustering, sequence anomalies) on a complete population. For a forensic engagement, this replaces weeks of manual data analysis with a one-click run that surfaces the highest-risk transactions for investigator follow-up.

Scrutiny module →SA 240 JE Risk ScorerNFRA enforcement tracker

Frequently asked questions

What is the difference between statutory audit and forensic audit?+
A statutory audit provides reasonable assurance on whether financial statements give a true and fair view in accordance with the applicable framework. A forensic audit is a focused investigation triggered by a specific suspicion of fraud — its goal is to determine whether fraud has occurred, who perpetrated it, the extent of loss, and to produce evidence admissible in legal or regulatory proceedings. Statutory audit follows SAs; forensic audit follows ICAI Forensic Accounting and Investigation Standards (FAIS).
What is the ICAI FAFD course?+
Forensic Accounting and Fraud Detection (FAFD) is an ICAI-administered post-qualification course for CAs. It covers fraud schemes and red flags, investigation techniques, evidence gathering, data analytics (including Benford's Law, CAATs), legal aspects (Prevention of Money Laundering Act, Indian Evidence Act, IT Act 2000), and reporting. The course is delivered through online + in-person modules with a final assessment. Holders of the FAFD certificate are recognised by ICAI as qualified forensic auditors.
How does SA 240 relate to forensic audit?+
SA 240 governs the statutory auditor's responsibility in respect of fraud. The statutory auditor must (a) assess fraud risk, (b) design responses, (c) test journal entries, (d) consider biases in estimates, and (e) report identified or suspected fraud under Section 143(12). A forensic audit takes over WHERE the statutory audit ends — when fraud is identified or strongly suspected, the entity (or regulator) commissions a forensic auditor to investigate. The two are sequential, not substitutes.
What is Benford's Law and how is it used?+
Benford's Law observes that in many naturally occurring datasets, the leading digit "1" appears in about 30% of numbers; "2" in about 18%; and so on. Numbers that don't follow this distribution are statistically anomalous. In forensic audit, Benford's analysis on expense invoice amounts, vendor invoices, journal entries can flag fabricated or manipulated data. It is a SCREENING tool — anomalies need follow-up investigation.
What is the standard forensic audit deliverable?+
A forensic audit report typically includes: (a) executive summary, (b) scope and methodology, (c) timeline of events, (d) findings — what happened, when, how, who, (e) quantification of loss, (f) evidence appendix (documents, screenshots, interviews), (g) recommendations for control improvement. The report is often used in disciplinary proceedings, civil litigation, or criminal prosecution — drafting precision and evidence preservation matter.
Are forensic audit findings admissible in court?+
Forensic audit findings are typically opinion evidence by an expert witness. Indian Evidence Act Section 45 allows expert opinion on matters of science / handwriting / fingerprints / accounting. The forensic auditor may be required to testify and have their methodology cross-examined. Evidence preservation (chain of custody, timestamping, hashing) is critical — any break in the chain weakens admissibility.
How does AI accelerate forensic audit?+
AI / data analytics replaces sampling with full-population testing. Where a traditional forensic audit might sample 100-200 transactions for review, an AI-assisted forensic audit applies pattern detection (Benford, anomaly clustering, fuzzy matching, network analysis) across 100% of transactions in seconds. This catches schemes that sampling misses — particularly small-value but high-volume frauds (payroll ghost employees, vendor billing fraud below the approval threshold).

Make every audit forensic-ready.

SA 240 fraud testing on 100% of transactions runs by default on CORAA — the same dataset can be re-purposed for a forensic engagement if needed.

Scrutiny moduleTalk to CORAASA 240 page