SEPTEMBER 04, 2024

By Vijay Kumar

THE CAG - Comptroller and Auditor General of India has recently audited the performance of the internal audit of the CGST Department.

Section 2 (13) of the CGST Act defines "Audit" as the examination of records, returns and other documents maintained or furnished by the registered person under this Act or the rules made thereunder or under any other law for the time being in force to verify the correctness of turnover declared, taxes paid, refund claimed and input tax credit availed, and to assess his compliance with the provisions of this Act or the rules made thereunder".

As per Section 65 of the CGST Act, the Commissioner or any officer authorised by him, by way of a general or a specific order, may undertake audit of any registered person for such period, at such frequency and in such manner as may be prescribed.

Internal Audit helps to assess the level of compliance by taxpayers. The CBIC had issued detailed instructions for conducting Internal Audit in the Goods and Services Tax Audit Manual (GSTAM) in July 2019. The internal audit provisions of the Department envisaged selection of taxpayers based on risk assessment, using GST data, done by the Director General of Analytics and Risk Management (DGARM).

The Directorate General of Audit (DG Audit) under CBIC, Ministry of Finance, Department of Revenue is responsible -

1. to monitor the performance and pendency related to internal audit in the Audit Commissionerates;

2. to evolve a mechanism for assessing and ensuring audit quality assurance by sample review of major audit reports; setting standards and norms for evaluating the quality of audit and to bring about uniformity in the audit system across the country;

3. and to study the level of compliance including recovery of dues relating to important audit objections/points at all India, Zonal and Commissionerate level.

Further, the GST Audit Manual provides the method of selection of units/taxpayers for internal audit. It provides that the selection of registered persons would be done based on the risk evaluation method prescribed by the DG (Audit) in consultation with the Directorate General of Analytics and Risk Management (DGARM). Based on the risk methodology, a list of units is communicated to the Audit Commissionerates by DGARM / DG (Audit), for the purpose of conducting internal audit for the audit year. The Audit Commissionerates may select the units to be audited in a particular year after reviewing the list, in the context of local risk perceptions and parameters.

Internal Audit is an important oversight function of the Department. But how does the CAG come into picture here? CAG's role as independent external auditors under Section 16 of the CAG (DPC) Act, 1971 perhaps encompasses evaluation of the internal audit functions of the Department towards suggesting systemic improvements.

As per Article 149 of the Constitution,

DUTIES AND POWERS OF THE COMPTROLLER AND AUDITOR-GENERAL.

The Comptroller and Auditor-General shall perform such duties and exercise such powers in relation to the account of the Union and the States and of any other authority or body as may be prescribed by or under any law made by Parliament and, until provision in that behalf is so made, shall perform such duties and exercise such powers in relation to the accounts of the Union and of the States as were conferred on or exercisable by the Auditor-General of India immediately before the commencement of this Constitution in relation to the accounts of the Dominion of India and of the Provinces respectively.

In pursuance of this constitutional provision, THE COMPTROLLER AND AUDITOR-GENERAL'S (DUTIES, POWERS AND CONDITIONS OF SERVICE) ACT, 1971 was enacted. Section 16 of the Act provides for audit of the receipts into the consolidated fund of India.

16. It shall be the duty of the Comptroller and Auditor-General to audit all receipts which are payable into the Consolidated Fund of India and of each State and of each Union territory having a Legislative Assembly and to satisfy himself that the rules and procedures in that behalf are designed to secure an effective check on the assessment, collection and proper allocation of revenue and are being duly observed and to make for this purpose such examination of the accounts as he thinks fit and report thereon.

As per the 'Regulations on Audit and Accounts (Amendments) 2020', Audit of receipts includes an examination of the systems and procedures and their efficacy mainly in respect of:

a. identification of potential tax assessees, ensuring compliance with laws as well as detection and prevention of tax evasion;

b. exercise of discretionary powers in an appropriate manner including levy of penalties and initiation of prosecution;

c. appropriate action to safeguard the interest of the Government on the orders passed by appellate authorities;

d. any measures introduced to strengthen or improve revenue administration;

e. amounts that may have fallen into arrears, maintenance of records of arrears and action taken for recovery of the amounts in arrears;

f. pursuit of claims with due diligence and to ensure that these are not abandoned or reduced except with adequate justification and proper authority.

In exercise of all these powers, the CAG embarked upon the mission of finding out the effectiveness of internal audit in the Central GST and requested (January 2021, October 2021, November 2022) DG (Audit) to provide pan-India Commissionerate wise and taxpayer wise details of the units planned for and audited during 2018-19, 2019-20, and 2020-21. However, DG (Audit) informed (August 2020, February 2021) that the aforesaid information was not available with them and DGARM prepares a list of risky taxpayers and sends the same directly to the respective Audit Commissionerates. DG (Audit) further informed (November 2021) that the aforesaid details may be obtained from the concerned Audit Commissionerates.

CAG requested the DGARM (February 2021) to provide the list of all India GST taxpayers forwarded to the Audit Commissionerates during the period 2018-19, 2019-20 and 2020-21. Reply was awaited (January 2024).

CAG also requested the Chairman, CBIC (November 2022) to provide consolidated data of internal audits planned and executed. However, the same had not been provided (January 2024).

CAG requested (February 2023) the Ministry to provide the pan-India Commissionerate wise and taxpayer-wise details of the units planned for and audited during 2018-19, 2019-20, and 2020-21 without any further delay so that an important compliance verification function of the Department could be assessed. Since consolidated details of internal audit were neither provided to CAG nor they were available with DG (Audit), CAG could not examine the efficacy of the monitoring functions of DG (Audit) and the internal audit function of the Department. Requesting each Audit Commissionerate separately for information was leading to delays and non-receipt of information in time.

CAG, in its Report No. 7 of 2024 of August 2024, observed:

The Ministry had also informed the CAG about shortage of officers in the Audit Commissionerates, especially in the grade of inspectors whose working strength was less than 50 per cent of the sanctioned strength in most of the Audit Commissionerates.

In view of persistent short coverage of internal audit units due to shortage of officers in the Audit Commissionerates, CAG recommends that the Ministry may enhance the availability of human resources in the Audit Commissionerates and ensure optimal utilisation of resources for internal audit.

It was not easy for the CAG to get access to GST data from the GST department. After all, who would like to give information to Audit? It was stated in the 40th Meeting of the GST Council on 12th June 2020:

Comptroller and Auditor General of India, in his letter dated 28/09/2018, requested the Finance Minister to impress upon the States and CBIC the need for regular and structured flow of data and issue suitable directions to all States/UTs and CBIC to formalize the data sharing protocol. CAG has been emphasizing on the need for unrestricted access to all GST data of all taxpayers. The matter was placed before the GST Council in its 35th meeting held on 21st June 2019.

The Council referred the issue of data sharing with officers of CAG by the Central and State Tax administrations in GST regime to the Law Committee for further deliberations. The matter was discussed in the next meeting of the GST Law Committee meeting held on 28th June 2019 in which officers from the CAG office also participated. However, no consensus could be reached with respect to sharing of GST data with CAG. The issue was further deliberated in the meeting of the GST Law Committee held on 7th November 2019 and the Law Committee recommended that as was the practice before introduction of GST in Centre as well as most of the States, jurisdiction based digital access to GST data should be given to audit officers for conduct of audit. Since this was only a continuance of the existing practice, CBIC (Systems) has started providing jurisdiction-based digital access to audit officers from December.

The Uttar Pradesh GST told the CAG that the issue of data sharing protocol with the Comptroller and Auditor General of India has been referred to GST Council. Until the matter is decided, it will be proper, to wait for access to GSTN and data dump.

The CAG did not accept this reply as Section 18 of the CAG's DPC Act, 1971 provides that CAG has the mandate to access any record, accounts and other documents that are relevant to his inquiry. Further, as per Section 16 of the CAG's DPC Act, 1971, it shall be the duty of the CAG to audit all receipts which are payable into the Consolidated Fund of India and of each State. It has been further clarified in Regulation 181 of the Regulations on Audit and Accounts, 2007 that every Department or entity shall establish and implement a mechanism to ensure that data, information and documents that are required by Audit are made available to CAG. Thus, not providing access to GST data to CAG is violation of the provisions of CAG's DPC Act.

In an Audit report, the CAG mentioned, Audit was provided access to the GST returns data in February 2021, in GSTN's premises.

Now CAG has access and they are finding fault with the GST Audit!

CAG has clarified that not providing access to GST data to CAG is violation of the provisions of CAG's DPC Act. But what is the punishment for that violation?

Until next week