Saturday, January 27, 2024

Internal Audit as per Companies Act in India

What is Internal Audit?

Internal audit is a systematic and independent examination of a company's processes, controls, and governance mechanisms. Think of it as a detective work within the company to ensure everything is running smoothly. The primary goal is to continuously and critically evaluate how the company functions, suggest improvements, and add value to strengthen overall governance.

Example: Suppose a company has a process for approving expenses. Internal audit would scrutinize this process to ensure that it's efficient, prevents fraud, and complies with company policies.

  1. 2013 - Section 138: Incorporated into Companies Act based on recommendations.

    • Example: A financial services firm must comply with Section 138, appointing internal auditors to evaluate risk management and control systems.

Applicability of Internal Audit:

Different types of companies are required to appoint internal auditors based on specific criteria.

CategoryCriteria for Applicability
Listed companiesAll listed companies
Unlisted public companies(i) Paid-up share capital of ₹50 crore or more OR (ii) Turnover of ₹200 crore or more OR (iii) Loans/borrowings exceeding ₹100 crore OR (iv) Deposits exceeding ₹25 crore
Private companies(i) Turnover of ₹200 crore or more OR (ii) Loans/borrowings exceeding ₹100 crore

Example: A private software development company with a turnover of ₹250 crore must appoint an internal auditor.

Who Can be Appointed as an Internal Auditor?

The choice of internal auditors is flexible, allowing for diverse expertise.

  1. Chartered Accountant
  2. Cost Accountant
  3. Any other professional as decided by the board

Example: A pharmaceutical company might choose a professional with a background in regulatory compliance as its internal auditor.

Requirements or Conditions for Internal Audit:

Internal audit is subject to certain requirements or conditions to ensure its effectiveness:

  1. Independence and Objectivity:

    • Internal auditors must be independent to provide unbiased assessments.
    • Example: An internal auditor should not have any financial or personal ties to the departments they are auditing.
  2. Professional Competence:

    • Internal auditors should possess the necessary skills and knowledge for the tasks at hand.
    • Example: A technology company appoints an internal auditor with expertise in cybersecurity for a thorough assessment of its data protection measures.
  3. Continuous and Comprehensive Evaluation:

    • Internal audit should be an ongoing process, regularly evaluating various aspects of the company.
    • Example: Rather than conducting an annual audit, a manufacturing company opts for quarterly internal audits to promptly identify and address any emerging risks.
  4. Alignment with Regulatory Standards:

    • Internal audit processes must align with regulatory standards and guidelines.
    • Example: An e-commerce company's internal audit procedures are designed to comply with data protection laws and regulations.
  5. Documentation and Reporting:

    • Internal auditors are required to document their findings and provide comprehensive reports.
    • Example: A report detailing control weaknesses in the procurement process is submitted to the audit committee for review and action.

Objectives and Scope of Internal Audit Function:

The internal audit function has broad objectives, focusing on improving governance and risk management.

  • Enhancing internal controls for effective risk management.

    • Example: The internal auditor identifies weaknesses in the cybersecurity measures to mitigate the risk of data breaches.
  • Understanding the organization's governance structure.

    • Example: Assessing whether the board's decisions align with the company's long-term strategy and goals.
  • Providing value additions for improvement in governance processes.

    • Example: Recommending changes in the procurement process to streamline operations and reduce costs.

Regulatory Compliances relating to Internal Audit:

There are specific steps companies must follow to comply with internal audit regulations.

  1. Filing of Resolution:

    • The appointment of internal auditors requires a resolution passed at a board meeting.
    • Example: A manufacturing company passes a resolution to appoint an internal auditor, and Form MGT-14 is filed with the Registrar within 30 days.
  2. Reporting under Companies (Auditor's Report) Order 2020:

    • Auditors are required to report on whether the company's internal audit system is in accordance with its size and business activities.
    • Example: An e-commerce company's auditor reports on the effectiveness of its internal audit system in preventing financial irregularities.

Standards on Internal Audit:

The Institute of Chartered Accountants of India (ICAI) provides guidelines through 'Standards on Internal Audit.'

Example: An internal auditor, following ICAI's standards, ensures the thoroughness and quality of their audit, providing a roadmap for effective internal control.

Punishment and Compounding:

Penalties exist for non-compliance with internal audit regulations.

  • A fine of up to ₹10,000 for the company and officers in default.

    • Example: A company faces a fine for failing to appoint an internal auditor despite being mandated by law.
  • An additional fine of ₹1,000 per day for a continuing default.

    • Example: A company delayed appointing an internal auditor, incurring daily fines until compliance.
  • Offences under this section are compoundable under section 441 of the act.

    • Example: The company, realizing its mistake, opts to settle the matter through compounding rather than facing prolonged legal proceedings.


While Section 138 makes internal audit mandatory for certain companies, the author believes that internal audit is crucial for all organizations, regardless of size. It helps in better control over risk-prone areas, prevents cash leakage, and minimizes the risk of fraud.

Example: A small startup, though not legally obligated, chooses to have an internal audit to ensure financial integrity and business sustainability. They appoint an external professional with expertise in start-up operations and financial management.

In conclusion, internal audit is not just a legal requirement; it's a strategic tool for organizational excellence. Whether through an external professional or an in-house expert, the internal audit function contributes significantly to a company's success.