The Institute of Chartered Accountants of India has announced yesterday that members of the Institute can use digital signature for signing audit reports, all report related to any attestation engagement and certificates. However, the members of the institute need to ensure the compliance with all the requirements relating to signature prescribed in relevant law and regulation, Standards on Auditing and relevant announcement /clarification issued by the ICAI on matter including the requirement to mention UDIN.
Read the announcement below:
Auditing and Assurance Standards Board
The Institute of Chartered Accountants of India
Announcement for Attention of the Members
Use of Electronic Signature for Signing Audit Reports and Certificates
Attention of the members is invited to paragraph 46 (Signature of the Auditor) of SA 700(Revised), “Forming an Opinion and Reporting on Financial Statements”. The corresponding application guidance to this paragraph (paragraph A57) of SA 700(Revised) states as under:
―In some cases, law or regulation may allow for the use of electronic signatures in the auditor’s report.
It may be noted that the Information Technology Act, 2000 (“IT Act 2000”) contains provisions regarding the use of electronic signature for the authentication of electronic records. Relevant provisions of the IT Act 2000 are reproduced below:
“Section 2(ta): Definition of electronic signature Electronic signature means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature.
Section 3A: Electronic signature (1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which—
(a) is considered reliable; and
(b) may be specified in the Second Schedule.
(2) For the purposes of this section any electronic signature or electronic authentication technique shall be considered reliable if—
(a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person;
(b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such signature is detectable;
(d) any alteration to the information made after its authentication by electronic signature is detectable; and
(e) it fulfils such other conditions which may be prescribed.
(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated.
(4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule: Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless such signature or technique is reliable.
(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.
Section 4: Legal recognition of electronic records Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is–
(a) rendered or made available in an electronic form; and
(b) accessible so as to be usable for a subsequent reference.
Section 5: Legal recognition of electronic signatures Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of electronic signature affixed in such manner as may be prescribed by the Central Government.
Explanation.–For the purposes of this section, ―signed‖, with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression――signature‖ shall be construed accordingly.
Attention of the members is also invited to relevant provisions of the Indian Evidence Act, 1872 which are reproduced below:
“Section 3: Interpretation–clause Evidence — ―Evidence‖ means and includes––
(1) all statements which the Court permits or requires to be made before it by witnesses, in relation to matters of fact under inquiry; such statements are called oral evidence; (2) all documents including electronic records produced for the inspection of the Court; such documents are called documentary evidence.
Section 47A: Opinion as to digital signature where relevant When the Court has to form an opinion as to the electronic signature of any person, the opinion of the Certifying Authority which has issued the electronic Signature Certificate is a relevant fact.
Section 67A: Proof as to electronic signature Except in the case of a secure electronic signature, if the electronic signature of any subscriber is alleged to have been affixed to an electronic record the fact that such electronic signature is the electronic signature of the subscriber must be proved.
From the aforesaid provisions of the IT Act 2000 and the Indian Evidence Act, 1872, it may be concluded that these Acts allow use of electronic signature for authentication of various documents. The IT Act 2000 also prescribes certain conditions to be fulfilled for an electronic signature to be considered as reliable.
Accordingly, the members of ICAI may use electronic signature for signing audit reports, all reports issued pursuant to any attestation engagement and certificates. However, the members need to ensure compliance with all the requirements relating to signature prescribed in the relevant law or regulation, Standards on Auditing and relevant announcements/ clarifications issued by ICAI on the matter including the requirement to mention UDIN.
Please note that the requirement to mention UDIN is applicable both for manually and digitally signed reports/certificates including certificates uploaded online.
This Announcement will come into force from immediate effect.
Auditing and Assurance Standards Board Auditing and Assurance Standards Board