Digging deep into documents is not just another task in a regulatory assessment – it is often the key to spotting hidden compliance gaps and avoiding risks that could slip through the cracks. Eye for detail is a must for reviewing documents. This, coupled with the right questions, can uncover what’s beneath the surface and bring out the ground realities which the management is out to rectify.

Welcome back to our blog series on regulatory assessment experiences. Or, audits, as they are called in common parlance. This four-part series is designed to equip both businesses and auditors with practical techniques to ensure that regulatory assessments go beyond ticking boxes, and actually help organisations strengthen their compliance processes and become more compliant. In the first of this blog series, we explored what it takes for a business to prepare for an assessment. On the second blog we have flipped the lens and examined the same process from an assessor’s point of view. In the third blog, we had shifted our focus to a critical phase of the regulatory assessment journey – the field visit.

In this blog we will dive head-on into the absolute essentials of what to look out for while reviewing documents shared by the business as proofs of compliance. When a business shares documents, the real challenge lies in knowing what to look for, how to verify it, and what questions to ask, without getting overwhelmed by volume or sidetracked by irrelevant details.

Regulatory Assessment – The Do’s and Don’ts

When reviewing any document, assessors should answer the following questions:

1. Does the document pertain to the correct entity?
2. Does the document pertain to the assessment period?
3. If it was a filing/ return submission related compliance, was it filed in the correct format and within the date stipulated by law?
4. If it was a compliance relating to record maintenance, was it being maintained in the correct format?
5. If it is a display related compliance, is it being displayed conspicuously and in a legible condition in the language(s) specified by law?

Answering these questions, every time a document is being checked, is very important to stay on track.

We will share some of our real life experiences here to try and make this a more interesting read. In this blog we are primarily focussing on reviewing compliance proofs from the point of view of auditing a manufacturing setup. Some of these suggestions will have to modified for other kinds of business units – such as warehouses or hospitals. Please feel free to reach out to us if you need support with such assessments.

Document review

One of the first steps should be placing reliance on the factory plan along with review of the factory license issued under the Factories Act, 1948. This not only confirms the specific compliance requirement of having an approved factory plan in place but also helps in getting an idea of the areas which one would need to visit during the field visit phase of the assessment. It also helps in co-relating and cross-checking other compliance points relating to having an approved plan and layout of the canteen area, hazardous waste storage area, petroleum storage area, etc within the approved factory plan.

Another critical and mandatory requirement for an operational factory is having a valid consent to operate under the Air (Prevention and Control of Pollution) Act, 1981 (‘Air Act’) and Water (Prevention and Control of Pollution) Act, 1974 (‘Water Act’). These consents come with a list of conditions that need to be followed. Although checking compliance with the various conditions involve and require a certain technical skillset, a dipstick check of such conditions can be done by cross verifying the data with the data in the environmental statement filed to the State Pollution Control Board (“SPCB”) in Form V every year. Similarly, compliance with conditions of an environmental clearance can be cross verified from the data filed in the half-yearly compliance statement. In both the examples, various test reports issued by third party testing agencies also serve as verification points.

Again, one of the tricky areas of an assessment are labour compliances. For example, if we are checking whether a worker is being paid minimum rates of wages or not, the following steps need to be ensured:

1. Ask for the muster roll-cum-wage register being maintained for a sample of 3 months.
2. Ask for the payslips of a few workers (selected randomly by the auditors) for the same months referred in point (i) above.
3. Ask for the bank statement to show salary disbursement to employees for the same months referred in point (i) above.

Once the above information is received, the flow of check should be as follows:

1. Check the statutory rate of minimum wages notified for the State for the half year in question.
2. Check whether the wage mentioned in the pay slip is more or equal to the notified rates of minimum wages.
3. Check the bank statement to verify whether the payment has been done as per the payslip and within the statutory due date for payment of wages.

If we string the above points, it would give us more context about the nuances of all the aspects of an assessment that we have covered in our previous blogs on this topic as well. Elaborating on this now with a few live examples:

1. The factory plan helped us in one of our field visits of a recent regulatory assessment. We were taken to an area where hazardous waste was being stored. The relevant compliances like displaying of details of the hazardous waste in Form 8, demarcation of the hazardous waste area, etc. were being done and we were close to noting that all aspects are compliant. However, while we were looking at a storm drain and checking whether it is dry and obstruction free (which, in fact, is also a compliance requirement under the conditions of the consents received under the Air Act and Water Act), one of the stakeholders brought up the name of the product being manufactured in that part of the factory. Now wait! We had not noticed the name of this product mentioned as a part of the factory license! We started delving deeper and it turned out that the location we were standing at, came within the purview of a different factory license. We quickly looked at the factory plan in our hand and there it was – we were standing beyond the boundary mentioned in the approved plan of the factory that we were assessing. This meant that hazardous waste being generated in one factory was being stored in another factory which did not have a hazardous waste authorisation and therefore was not an approved location for storage of hazardous waste.
2. In another instance, while assessing a factory unit, we received a copy of the registration obtained by the business as a Brand Owner under the Plastic Waste Management Rules 2016. However, instead of the registration being for that specific factory unit, we noted that the registration was obtained by the Registered Office for all locations taken together. This got highlighted as a non-compliance because as per the Plastic Waste Management Rules, 2016, an entity which has units in different states in a particular sub-category (in this case, they were Brand Owners), would require separate registrations for each of the units. Thus knowing the law and knowing what to look out for in the various documents become equally important.

Being Organised

Another very important step during the document review is to be ORGANISED! We touched upon this in our blog on ‘Preparing for an assessment – the regulatory assessor’s perspective’ [provide link].

1. This can start with hosting of all the review documents in a mutually accessible virtual data room.
2. A hierarchical folder structure not only becomes easily accessible but helps to pinpoint the document pertaining to each of the requirements.
3. Being organised helps in systematic exchange of documents between the business and the assessor at multiple stages of the assessment.

Once the document review is completed, we come to the preparation of the assessment report. Being organised plays a crucial part here as well. This phase involves clarifying issues, managing expectations and explaining the report to the relevant stakeholders. At this stage, discussions with the stakeholders often tend to go south as understandably, some of them may try to defend their non-compliance while those conducting the audit might be insisting otherwise. Organised documentation comes to our aid where we have to prove our position and back it up with supporting documents and reasons for marking some requirement as ‘non-compliant’.

Being receptive to the stakeholder’s views and opinions is very important but being assertive and ready with supporting documents is equally or rather more important to respectfully guide the stakeholder to the correct understanding. At the end of the day, decisionmakers in the business need to (and, want to) know the real situation on the ground.

Conclusion

In conclusion, an assessment is a dynamic process but is set within some standard rules which are extremely key in delivering an effective and well-prepared assessment report.

As we bring this series to a close, one thing stands out clearly –regulatory assessments, when approached with the right mindset, can do far more than just tick boxes. They can uncover hidden risks, drive process improvements, and strengthen compliance culture across the organisation.

Let us quickly summarise what we have learnt:

• Blog 1 highlighted the importance of early alignment within the business, thoughtful scoping, and proactive documentation.

• Blog 2 emphasised how assessors must approach their role with objectivity, rigour, and clarity, while building rapport with stakeholders.

• Blog 3 reminded us that field visits are not just walkthroughs — they are opportunities to spot blind spots and evaluate on-ground realities.

• Blog 4, finally, laid out the nuts and bolts of document review, showing how crucial it is to be systematic, detail-oriented, and contextual in reviewing compliance evidence.

Here are some key actionables to take away:

For Businesses:

1. Treat assessments as collaborative exercises, not confrontations.
2. Organise documentation centrally and keep it audit-ready.
3. Invest time in sensitising on-ground teams about compliance responsibilities.

For Assessors:

1. Spend time understanding the client’s business before diving in.
2. Be practical in your checks — focus on materiality and risk.
3. Communicate findings respectfully but clearly, with documented evidence.

At Lexplosion, our job is not just to identify non-compliances – it is to guide businesses towards resolving them in a way that is practical, risk-based, and sustainable. We hope this blog series has helped you see regulatory assessments in a new light – not as an obligation, but as a strategic tool for building stronger, more resilient organisations.

[1] From Lexplosion’s standpoint, the term regulatory audits is frequently used—both by us and our clients—to describe regulatory assessments conducted to evaluate compliance with applicable laws and regulations. It is important to clarify that when we use this term, we are not referring to audits that are expressly required under Indian statutory frameworks, such as tax audits under the Income Tax Act, secretarial audits under the Companies Act, or any other legally mandated audits. Instead, our usage pertains to broader compliance checks or reviews initiated either internally or externally to assess an organisation’s adherence to regulatory obligations.

Written by: Soham Thakur

Disclaimer

This content is intended for informational purposes only and does not constitute a legal opinion. Despite our efforts to maintain accuracy, we do not make representations, warranties or undertakings regarding the quality, completeness or reliability of the content. Readers are encouraged to seek legal counsel prior to acting upon any of the information provided herein. This content, including the design, text, graphics, their selection and arrangement, is Copyright 2024, Lexplosion Solutions Private Limited or its licensors. ALL RIGHTS RESERVED, and all moral rights are asserted and reserved.

For any clarifications, please reach out to us at 91-33-40618083 or inquiries@lexplosion.in. Refer to our privacy policy by clicking here.

Share this: