Section 143 fraud reporting: when your auditor is forced to report to the board and MCA
Section 143(12) takes the decision out of the auditor's hands. ₹1 crore is the line. Below it, the audit committee. Above it, the Central Government via ADT-4. The chilling effect is the point.
Section 143(12) of the Companies Act 2013 is the most uncomfortable provision in the auditor-management relationship. It requires the statutory auditor to report fraud to the Central Government — bypassing the company's own board and audit committee — when the auditor has reason to believe that a fraud involving an amount of ₹1 crore or more has been or is being committed against the company by its officers or employees.
The reporting is direct to the MCA via Form ADT-4. The board does not get to influence whether the report is made. The audit committee does not get to negotiate the timing. Once the auditor's threshold is crossed, the report is mandatory within 60 days.
That mechanic is the point. The provision exists because in earlier corporate frauds — the ones that produced the Companies Act 2013 — auditors who suspected fraud raised the issue to management and the matter ended there. By the time it surfaced externally, the damage was several multiples larger.
What the section actually says
Section 143(12) requires: 'if an auditor of a company in the course of the performance of his duties as auditor, has reason to believe that an offence of fraud involving such amount or amounts as may be prescribed, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government within such time and in such manner as may be prescribed.'
The prescribed amount is ₹1 crore (Rule 13 of the Companies (Audit and Auditors) Rules 2014). The prescribed form is ADT-4. The prescribed timing is 60 days from the auditor's knowledge of the fraud, with an interim communication to the audit committee or the board within the first 45 days.
Below the ₹1 crore threshold, Section 143(12)(b) requires the auditor to report the matter to the audit committee or the board, depending on which body the company has constituted. The board or audit committee then reports the matter to shareholders in the board's report.
What counts as fraud
The Companies Act definition of fraud — Section 447 — is broad. It covers any act, omission, concealment of fact, or abuse of position committed by any person, with intent to deceive, gain undue advantage, or injure the interests of the company, its shareholders, creditors, or any other person.
Mistakes are not fraud. Negligence is not fraud. Aggressive accounting positions are not necessarily fraud. The element of intent — the dishonesty — is what distinguishes fraud from error.
For Section 143(12) purposes, the standard is 'reason to believe.' Not 'proved.' The auditor does not have to establish fraud to the standard a court would require. The auditor has to have a reasonable basis for believing fraud has occurred. That is a much lower threshold and is intentional. The point is to trigger external reporting at the suspicion stage, not after a full forensic investigation.
What triggers reporting in practice
Four categories of trigger come up most often.
Forensic findings during the audit. The auditor's procedures identify transactions that do not have economic substance, vendor invoices that match shell-company patterns, employee accounts with unexplained credits, or asset transfers that bypass approval matrices. Forensic accountants have a vocabulary for these — round-tripping, layering, asset stripping, related-party diversion.
Whistleblower complaints. An employee comes forward with a specific allegation about a colleague or a senior. The auditor is required to investigate the allegation. If the investigation produces 'reason to believe,' the Section 143(12) trigger is met. Whistleblower complaints from senior people — finance heads, head of internal audit, board secretaries — are taken more seriously because the complainant has access to the underlying records.
Regulatory revelations. Income tax searches, GST investigations, ED actions, SFIO inquiries, or RBI inspections produce findings that come to the auditor's attention. Where those findings indicate fraud over ₹1 crore, the auditor's Section 143(12) responsibility kicks in independently of the regulator's own action.
Management circumvention of controls. During IFC testing, the auditor identifies that management has overridden controls in specific cases. Where the override is associated with material misstatement and the auditor concludes the override was deliberate, fraud reporting may be triggered. Management override is a specific risk under SA 240 and the auditor is required to design procedures responsive to it.
The auditor's documentation
Once Section 143(12) is in play, the auditor's documentation discipline becomes intense. Every conversation, every document reviewed, every conclusion reached is recorded in the working paper file with timing. The basis for the auditor's 'reason to believe' is documented in a fraud memo. The communication to the audit committee (within 45 days) is documented. The ADT-4 filing (within 60 days, where applicable) is the final document.
If the auditor concludes that the threshold for reporting is not met, that conclusion is documented with equal rigor. An auditor who reaches the conclusion that no fraud reporting is required can be second-guessed by a peer reviewer or by NFRA. The documentation supporting the conclusion is the auditor's defence.
The chilling effect on the auditor-management relationship
Section 143(12) changes the nature of the auditor's role from a verifier to a reporter. The auditor cannot keep a fraud finding within the company. The audit committee cannot ask the auditor to delay. The CEO cannot negotiate the disclosure language.
This is uncomfortable for management. A founder we worked with described it as 'the auditor turning state's witness against my company.' That framing is wrong but the discomfort is real. The auditor's professional duty under the Companies Act is to the public interest and the shareholders, not to the management. Section 143(12) makes that hierarchy concrete.
The discomfort runs in the other direction too. An auditor who triggers Section 143(12) on a client knows that the engagement is materially affected. The client may not re-appoint the firm. The story may get out and the firm's other clients may take note. The cost of getting Section 143(12) wrong — either reporting where it was not warranted or failing to report where it was — is high in both directions.
Why the provision is structured this way
Before the Companies Act 2013, auditors who identified fraud raised it to management and to the audit committee. Management's response was within management's control. In the Satyam case, the auditors had concerns for several years before the fraud became public. Internal raising of concerns did not produce external action.
Section 143(12) removed the management filter from the reporting chain. The auditor reports directly to the MCA. The board can read about it in the same ADT-4 filing the regulator reads. The information asymmetry — management knows the auditor's findings but the regulator does not — is broken.
The cost is the relationship. The benefit is that the regulator now has visibility into frauds at the suspicion stage rather than at the discovery stage years later.
What companies can do
The pre-fraud-reporting situation is the one that companies can actually manage. Once the auditor has 'reason to believe,' the reporting clock starts and management's options are limited to ensuring the disclosure is complete and accurate.
Before that point, three things help.
Build a credible whistleblower mechanism. Section 177 requires listed and prescribed unlisted companies to have a whistleblower policy. The policy should provide for anonymous reporting, protection for the reporter, and a clear escalation path to the audit committee. A company that handles internal complaints well surfaces fraud earlier, at lower amounts, before the Section 143(12) threshold is crossed.
Invest in internal audit and forensic readiness. Internal audit findings often pre-empt external audit findings. A company whose internal audit catches a ₹40 lakh purchase-fraud and remediates it before the statutory audit avoids the chain of consequences. The auditor still reports the matter under the below-threshold provisions of Section 143(12)(b), but the matter is contained.
Engage with the auditor early when something is suspected. A company that proactively brings a suspected issue to the auditor's attention — with documentation of the company's own investigation, remediation steps, and any actions taken against employees involved — gives the auditor a fuller picture. The auditor's eventual conclusion on whether Section 143(12) applies is more informed. The auditor's documentation of the company's cooperative posture goes into the working paper file.
Where Section 143(12) is triggered, the strategy is damage limitation. Accept the disclosure. Work with the auditor on the ADT-4 narrative. Brief the board and the shareholders before the regulator's response arrives. Bring in counsel to manage the parallel SFIO or police inquiry that may follow.
The provision is not a regulatory trap. It is a forcing function that converts management's discretion into mandatory reporting. The companies that get hurt by it most are the ones that did not realize the discretion had been removed.
References
