Internal Audit Applicability Under Companies Act

Internal Audit Applicability Under Companies Act, 2013

Are you a business owner, director, or compliance officer in India wondering whether your company needs an internal audit? The internal audit applicability Companies Act is a critical topic under the Companies Act, 2013, designed to enhance corporate governance, ensure financial transparency, and safeguard stakeholder interests. Introduced under Section 138 and supported by Rule 13 of the Companies (Accounts) Rules, 2014, this provision mandates internal audits for specific classes of companies, making it a cornerstone of regulatory compliance.

If you’re seeking clarity on which companies must comply, how the process works, and what’s at stake, you’ve landed in the right place. This detailed guide will walk you through everything you need to know about internal audit applicability Companies Act, including eligibility criteria, qualifications of auditors, procedures, penalties, and recent updates as of March 21, 2025. Whether your company is listed, unlisted, or private, this 3000+ word blog post will equip you with the knowledge to stay compliant and optimize your operations. Let’s get started!

What is Internal Audit Applicability Under Companies Act, 2013?

The internal audit applicability Companies Act refers to the legal requirement for certain companies in India to appoint an internal auditor and conduct regular internal audits as mandated by Section 138 of the Companies Act, 2013. Unlike statutory audits, which are mandatory for all companies and focus on external reporting, internal audits are an independent, internal process aimed at evaluating a company’s risk management, internal controls, and governance practices.

The Companies Act, 2013, enacted on April 1, 2014, introduced this provision to strengthen corporate accountability and operational efficiency. Rule 13 of the Companies (Accounts) Rules, 2014, further specifies the classes of companies subject to this requirement, ensuring that larger or financially significant entities maintain robust oversight. An internal auditor—typically a Chartered Accountant (CA), Cost Accountant, or other board-approved professional—assesses processes, identifies risks, and provides recommendations to the board or audit committee.

Why Does Internal Audit Applicability Matter?

Understanding internal audit applicability Companies Act is essential for several reasons:

  1. Regulatory Compliance: Non-compliance can lead to penalties and legal repercussions under the Act.
  2. Risk Management: Internal audits identify vulnerabilities in financial and operational systems, mitigating risks like fraud or mismanagement.
  3. Stakeholder Trust: Transparent governance builds confidence among investors, shareholders, and regulators.
  4. Operational Efficiency: Audits pinpoint inefficiencies, helping companies optimize processes and cut costs.
  5. Legal Safeguards: Compliance protects directors and officers from personal liability in case of oversight failures.

In short, internal audits are not just a legal checkbox—they’re a strategic tool for sustainable growth.

Which Companies Fall Under Internal Audit Applicability?

The internal audit applicability Companies Act doesn’t apply to every company. Section 138, read with Rule 13, outlines specific criteria based on size, turnover, and financial thresholds. Here’s a breakdown:

1. All Listed Companies

  • Applicability: Every company listed on a stock exchange in India (e.g., BSE, NSE) must appoint an internal auditor, regardless of size or turnover.
  • Reason: Publicly traded companies face higher scrutiny and accountability to shareholders.

2. Unlisted Public Companies

Unlisted public companies must conduct internal audits if they meet any one of these criteria in the preceding financial year:

  • Paid-Up Share Capital: ₹50 crore or more.
  • Turnover: ₹200 crore or more.
  • Outstanding Loans/Borrowings: Exceeding ₹100 crore from banks or public financial institutions at any point.
  • Outstanding Deposits: ₹25 crore or more at any point.

3. Private Companies

Private companies are subject to internal audits if they meet any one of these thresholds in the preceding financial year:

  • Turnover: ₹200 crore or more.
  • Outstanding Loans/Borrowings: Exceeding ₹100 crore from banks or public financial institutions at any point.

Key Notes

  • Preceding Financial Year: Applicability is assessed based on the last audited financial statements.
  • Grace Period: Existing companies meeting these criteria on April 1, 2014, had six months to comply (by October 1, 2014). New companies must comply immediately upon crossing thresholds.
  • Exemptions: Small companies, one-person companies (OPCs), and dormant companies are generally exempt unless specified otherwise.

If your company fits these categories, internal audits are non-negotiable.

Objectives of Internal Audit Under Companies Act

The internal audit applicability Companies Act serves multiple purposes, aligning with India’s broader corporate governance goals:

  1. Strengthen Internal Controls: Ensure systems are robust to prevent errors or fraud.
  2. Promote Compliance: Verify adherence to laws, regulations, and internal policies.
  3. Enhance Risk Management: Identify and mitigate financial, operational, and compliance risks.
  4. Improve Governance: Provide independent insights to the board and audit committee.
  5. Protect Stakeholders: Safeguard the interests of shareholders, creditors, and employees.

By mandating internal audits, the Act aims to foster transparency and accountability in India’s corporate sector.

Who Can Be an Internal Auditor?

Under the internal audit applicability Companies Act, the internal auditor must meet certain qualifications:

  • Eligible Professionals: A Chartered Accountant (CA), Cost Accountant, or other professional as decided by the Board of Directors (e.g., Company Secretary or Certified Internal Auditor).
  • Independence: Can be an employee or an external professional/firm, but must not be the company’s statutory auditor (to avoid conflicts of interest).
  • Appointment: The Board of Directors or Audit Committee appoints the internal auditor, defining their scope and terms.

The Act doesn’t mandate specific certifications beyond these, giving companies flexibility to choose based on expertise and needs.

Scope of Internal Audit Under Companies Act

While the Companies Act, 2013, doesn’t prescribe a fixed scope, Rule 13(2) empowers the Audit Committee or Board, in consultation with the internal auditor, to determine:

  • Scope: Areas like financial reporting, operational efficiency, compliance, and risk management.
  • Functioning: How the audit integrates with company processes.
  • Periodicity: Frequency (e.g., quarterly, semi-annually, or annually).
  • Methodology: Techniques like sampling, process reviews, or data analysis.

Common areas covered include:

  • Verification of financial records.
  • Assessment of internal controls.
  • Compliance with tax laws, labor laws, and the Companies Act.
  • Evaluation of IT systems and cybersecurity (increasingly relevant in 2025).

This flexibility allows tailoring audits to a company’s size, industry, and risks.

How to Appoint an Internal Auditor: Step-by-Step Process

Appointing an internal auditor under the internal audit applicability Companies Act involves a structured process:

Step 1: Assess Applicability

  • Review your company’s financials (turnover, capital, loans, deposits) against Rule 13 criteria.

Step 2: Board Resolution

  • Convene a Board meeting to propose and approve the appointment.
  • Draft a resolution (sample below):
    • “RESOLVED THAT pursuant to Section 138 of the Companies Act, 2013, and Rule 13 of the Companies (Accounts) Rules, 2014, [Name], Chartered Accountant, is appointed as Internal Auditor for FY 2025-26 at a remuneration of ₹[Amount], subject to mutual agreement.”

Step 3: File Form MGT-14 (Public Companies Only)

  • Submit a certified copy of the resolution to the Registrar of Companies (ROC) within 30 days (Section 117 applies to public companies).

Step 4: Issue Appointment Letter

  • Provide the internal auditor with an engagement letter outlining scope, responsibilities, and fees.

Step 5: Define Scope and Plan

  • Collaborate with the auditor to finalize the audit plan and timeline.

Step 6: Commence Audit

  • The auditor begins work, reporting findings to the Board or Audit Committee.

This process ensures legal compliance and operational readiness.

Roles and Responsibilities of an Internal Auditor

Under the internal audit applicability Companies Act, the internal auditor’s duties include:

  1. Risk Assessment: Identify financial, operational, and compliance risks.
  2. Control Evaluation: Test the effectiveness of internal controls.
  3. Compliance Checks: Ensure adherence to applicable laws and policies.
  4. Process Improvement: Recommend enhancements to operations and systems.
  5. Reporting: Submit detailed reports to the Audit Committee or Board, highlighting findings and suggestions.

The auditor acts as an advisor, not an executor, providing objective insights to management.

Types of Internal Audits

The internal audit applicability Companies Act supports various audit types, depending on company needs:

  • Financial Audit: Focuses on accuracy of financial statements and records.
  • Operational Audit: Reviews efficiency of business processes.
  • Compliance Audit: Verifies adherence to legal and regulatory requirements.
  • Environmental Audit: Assesses environmental impact and compliance (e.g., for manufacturing firms).
  • IT Audit: Evaluates cybersecurity and technology controls (critical in 2025).

Companies can customize these based on their industry and risks.

Penalties for Non-Compliance

Failing to comply with internal audit applicability Companies Act triggers penalties under Section 450 (general penalty provision), as Section 138 doesn’t specify unique fines:

  • Company: ₹10,000 initial penalty + ₹1,000 per day of continued violation (max ₹2 lakh).
  • Officers in Default: ₹10,000 initial penalty + ₹1,000 per day (max ₹50,000).
  • Legal Action: Serious breaches may lead to prosecution by the ROC.

Non-compliance risks reputational damage, operational disruptions, and director liability, making adherence critical.

Benefits of Internal Audit Applicability

Complying with internal audit applicability Companies Act offers tangible advantages:

  1. Fraud Prevention: Early detection of irregularities protects assets.
  2. Improved Efficiency: Streamlined processes boost profitability.
  3. Regulatory Assurance: Avoid fines and legal hassles.
  4. Stakeholder Confidence: Transparent reporting attracts investors.
  5. Strategic Insights: Data-driven recommendations guide decision-making.

Even companies not mandated to conduct internal audits often adopt them voluntarily for these benefits.

Recent Updates to Internal Audit Applicability (2025)

As of March 21, 2025, key updates include:

  • Companies (Amendment) Act, 2017: Clarified that internal auditors can be appointed by the Board or an authorized person, not just the Board directly.
  • Companies (Accounts) Amendment Rules, 2018: Expanded eligible professionals beyond CAs and Cost Accountants to board-approved experts.
  • Digital Reporting: Increased emphasis on e-filing and integration with MCA21 portal for compliance tracking.
  • CARO 2020 Integration: Statutory auditors must now consider internal audit reports under Clause 14, enhancing oversight (effective FY 2020-21 onward).

These updates reflect India’s push for digitized, flexible compliance frameworks.

Challenges in Implementing Internal Audit Applicability

Companies face hurdles in adhering to internal audit applicability Companies Act:

  1. Cost Concerns: Hiring qualified auditors can strain budgets, especially for mid-sized firms.
  2. Scope Ambiguity: Lack of a fixed scope requires customization, which can confuse boards.
  3. Resistance: Management may view audits as intrusive or resource-intensive.
  4. Skill Gaps: Finding auditors with industry-specific expertise can be tough.

Partnering with experienced professionals or firms can mitigate these challenges.

Tips for Effective Internal Audit Compliance

To navigate internal audit applicability Companies Act successfully:

  1. Assess Early: Check applicability annually based on financials.
  2. Choose Wisely: Select an auditor with relevant expertise (e.g., IT audits for tech firms).
  3. Define Scope Clearly: Work with the auditor to align audits with company goals.
  4. Leverage Technology: Use audit software for efficiency and accuracy.
  5. Act on Findings: Implement recommendations promptly to maximize benefits.

Proactive planning ensures compliance and value.

Real-Life Insights: What Companies Experience

Online forums and reports reveal practical perspectives:

  • A listed company in Delhi noted internal audits caught ₹2 crore in accounting errors, saving them from penalties.
  • A private firm with ₹250 crore turnover found audits “tedious but essential” for loan approvals.
  • Some complain of high costs (₹50,000–₹2 lakh annually), but most agree the long-term benefits outweigh expenses.

These experiences underscore the practical impact of compliance.

Internal Audit vs. Statutory Audit: Key Differences

AspectInternal AuditStatutory Audit
MandateSpecific companies (Section 138)All companies (Section 139)
PurposeRisk management, internal controlsFinancial statement accuracy
AuditorInternal/external professionalIndependent CA/firm
FrequencyBoard-defined (e.g., quarterly)Annual
ReportingTo Board/Audit CommitteeTo shareholders/ROC

Understanding these distinctions clarifies their complementary roles.

Frequently Asked Questions (FAQs) About Internal Audit Applicability Companies Act

1. Is internal audit mandatory for all companies?

No, only listed companies, certain unlisted public companies (e.g., turnover ≥ ₹200 crore), and private companies meeting thresholds (e.g., loans > ₹100 crore) must comply.

2. What happens if we don’t appoint an internal auditor?

You risk penalties under Section 450: ₹10,000 initially + ₹1,000 daily (up to ₹2 lakh for the company, ₹50,000 per officer).

3. Can the statutory auditor be the internal auditor?

No, this is prohibited to maintain independence.

4. How often should internal audits occur?

The Board or Audit Committee decides—typically quarterly, semi-annually, or annually.

5. Where do we file internal audit compliance?

No separate filing is required, but public companies file the appointment resolution in Form MGT-14 with the ROC.

Conclusion: Master Internal Audit Applicability for Success

The internal audit applicability Companies Act is more than a regulatory obligation—it’s a pathway to stronger governance, reduced risks, and enhanced credibility. As of March 21, 2025, compliance remains vital for listed and qualifying unlisted/private companies under Section 138. By understanding thresholds, appointing qualified auditors, and acting on findings, you can turn this requirement into a competitive advantage.

Ready to check your company’s applicability or streamline your audit process? Review your financials, consult the MCA portal (mca.gov.in), and take the first step toward compliance.