Internal Audit Applicability Under Companies Act, 2013 – Complete Guide for Businesses
Overview
Internal audit plays a crucial role in helping an organization achieve its objectives by adopting a systematic and disciplined approach to evaluate and enhance the effectiveness of risk management, internal controls, and governance processes. It identifies potential problem areas, reports them to management in an unbiased manner, and provides actionable insights for better decision-making.
As per Section 138 of the Companies Act, 2013, certain classes of companies are required to appoint an Internal Auditor if they meet any of the prescribed conditions. This ensures stronger financial oversight, improved compliance, and better operational efficiency within the organization.
An exhaustive guide on internal audit applicability, provisions, rules, procedures, and compliance in India by Tax Esquire.
What is Internal Audit?
Internal audit is a process in which a qualified professional evaluates a company’s internal controls, financial records, management practices, compliance, and risk areas, and provides recommendations to improve efficiency and overall performance.
● It is not the statutory audit that happens towards the end of the year.
● This process is ongoing throughout the year and customized according to your needs.
● It can be compared to preventive maintenance on your body because it is independent and very helpful.
The importance of internal audits is that they help you to:
● Enhance internal controls
● Detect any errors or frauds
● Improve efficiency
● Comply with the law
● Build stakeholders' trust
It functions as a proactive, corrective mechanism rather than review at the end of the financial year like statutory audit.
Who can be an Internal Auditor?
For being appointed as an Internal Auditor, the section 138 says that internal auditor can be either a Chartered Accountant or Cost Accountant or such other professional as may be decided by the Board of Directors. Further the explanation to Rule 13 of Companies (Accounts) Rules, 2014 says that, an internal auditor may or may not be an employee of the company. And Chartered Accountant or the Cost Accountant may or may not be engaged in practice.
As per Rule 13:The internal auditor may or may not be an employee of the company
Appointment Process of Internal Auditor
As per Section 138 of the Companies Act, 2013 read with Rule 13 of the Companies (Accounts) Rules, 2014, the internal auditor is appointed by the Board of Directors.
1. Select Eligible Candidate: A CA, CMA, or any other qualified professional (employee or external).
2. Obtain Consent: Take written consent and ensure eligibility.
3. Board Approval : Conduct Board Meeting and pass a resolution for appointment.
4. Issue Appointment Letter : Define scope, roles, timeline, and remuneration.
5. Set Audit Framework : Decide audit scope, frequency, and reporting structure.
Regulatory Requirements for Appointment of Internal Auditor
As per Section 138 of the Companies Act, 2013 read with Rule 13 of the Companies (Accounts) Rules, 2014, certain companies are mandatorily required to appoint an Internal Auditor.
Applicability & Threshold Limits
1. Listed Companies
● All listed companies must appoint an internal auditor (mandatory)
2. Unlisted Public Companies (if any one condition is met in preceding FY)
● Turnover ≥ ₹200 crore
● Paid-up share capital ≥ ₹50 crore
● Loans/borrowings ≥ ₹100 crore (at any time)
● Deposits ≥ ₹25 crore
3. Private Companies (if any one condition is met in preceding FY)
● Turnover ≥ ₹200 crore
● Loans/borrowings ≥ ₹100 crore (at any time)
✔ Key Regulatory Requirements
● Appointment Authority: Board of Directors (via Board Resolution)
● Eligible Persons: CA, CMA, or any other qualified professional
● Employment Status: Can be employee or external professional
● Practice Requirement: Not mandatory to be in practice
● Scope & Reporting: Defined by Audit Committee / Board
Important Compliance Points
● Statutory auditor cannot act as internal auditor
● No ROC filing required for appointment
● Mandatory compliance for eligible companies
● Non-compliance attracts penalty under Section 450
Qualifications for Internal Auditor Are?
The Companies Act 2013 doesn't specify any particular qualifications or requirements for internal auditors in India. It needs to be noted that internal audit plays an important role according to Section 138 for certain types of companies.
Chartered Accountant (CA): Chartered accountant degree is highly respected and provides valuable skills for internal audit purposes such as accounting and finance.
Cost Accountant (CMA): The cost accountant degree provides knowledge and expertise regarding cost management, which can be useful for internal audit purposes.
Certified Internal Auditor (CIA): It is a credential provided by the Institute of Internal Auditors (IIA) and signifies special expertise in the field of internal auditing.
Internal Employee: Rule 13 under Companies (Accounts) Rules, 2014, allows the appointment of internal auditor by a company from its employees having proper qualifications and experience.
Statutory Auditor: A statutory auditor cannot act as an internal auditor according to Section 144(b) of the Corporations Act 2013.
Internal Audit Types
Organizations must be able to evaluate their risk exposure, enhance their processes, and ensure they meet regulatory requirements. Depending on the purpose of the audit, there are different internal audit types that may be conducted.
Financial/Control Audits One type of internal audit is financial or control audits. This audit type examines an organization's internal control over financial reporting. These include evaluating the accuracy of accounting entries and verifying that there are proper controls in place to avoid any misstatements.
Compliance Audits Another type of internal audit is compliance audits. Organizations need to be aware of and adhere to all legal and regulatory requirements in which they operate.
Operational Audits: Operational audits review the effectiveness and efficiency of the operations performed by the company. The internal auditor reviews the operational process of the organization and checks if it performs effectively and efficiently or not.
IT Audits: Due to the growing dependency on information technology, organizations conduct IT audits to test the system of their organization and check whether it works effectively and efficiently or not.
Environmental audit: Environmental audit is basically carried out to analyze the impact of the company’s operations on the environment. Further, assessment of due compliance with applicable environmental law and regulations is also verified.
Performance audit: Performance audit evaluates the performance of a specific team, employee, department, etc.
Management audit: Management structure and working of the company is examined and analyzed.
Investigation audit: Investigation audits are aimed at investigation of targeted specific areas. The main purpose is timely detection of suspected errors/ frauds.
Scope of Internal Auditing
The Companies Act does not provide a specific scope of internal auditing. Rather:
Audit Committee or Board of Directors is responsible for determining:
1. Scope
2. Frequency
3. Approach
4. Reporting lines
Commonly, internal auditing includes:
● Systems for financial accounting
● Compliance with laws
● Efficiency in operations
● System for risk management
● Internal control systems
Penalty for Non-Compliance
The Companies Act does not prescribe a specific penalty for failure to appoint an internal auditor. Therefore, the general penalty under Section 450 applies:
● Base Penalty:
₹10,000 on the company and every officer in default
● Continuing Default:
₹1,000 per day after the first default
● Maximum Limit:
a. Company: ₹2,00,000
b. Officer / other person: ₹50,000
What are the Roles and Responsibilities of the Internal Auditor?
Following are the roles and responsibilities of the internal auditor appointed for carrying out his duties in the organization,
Independent Evaluations: Internal auditors perform an assessment of the organization's accounting procedures, internal controls, and risk management processes. This provides a fresh point of view that helps recognize any weakness.
Documentation and Recommendations: Internal auditors provide documentation of their work through audit reports, which are then submitted to the Board of Directors or Audit Committee. The report provides insights and recommendations about improving matters.
Prevention of Frauds: They are very important in helping to protect the interests of the business by identifying and preventing frauds. They investigate any suspicious activity and review internal controls to prevent frauds.
Accurate Financial Records and Compliance: The internal auditors carefully check the financial transactions made by the company. They help to maintain accurate and complete financial records.
Why Should You Choose Tax Esquire for Internal Audit?
With Tax Esquire, you get:
● Experienced internal audit services from CAs
● Tailored internal audit frameworks
● Audit based on risk assessment
● Dedicated reporting with practical recommendations
We assist organizations to maintain compliance, minimize risks, and enhance their performance.
Internal auditing as mandated by the Companies Act, 2013, is crucial for many Indian businesses. It brings about transparency and efficiency in organizational operations.
Regardless of whether the process is mandatory or voluntary, adopting an internal audit mechanism can be extremely beneficial to the financial standing of your organization.
Author: CA POONAM GUPTA & ADV LOKESH GUPTA
