Internal Audit is a cornerstone of corporate governance, risk management, and regulatory compliance in India. With evolving regulations and increasing scrutiny from stakeholders, companies must prioritize robust Internal Audit frameworks. This guide unpacks everything you need to know about Internal Audit requirements in India, including legal mandates, best practices, and actionable insights.

What is Internal Audit?

An Internal Audit is an independent, objective assurance function designed to add value and improve an organization’s operations. It evaluates the effectiveness of risk management, internal controls, and governance processes. In India, Internal Audits are mandated by statutes like the Companies Act, 2013, and sector-specific regulations (SEBI, RBI, GST).

Legal Framework for Internal Audit in India

1. Companies Act, 2013

The Companies Act, 2013, under Section 138 and the Companies (Accounts) Rules, 2014, mandates Internal Audits for specific classes of companies:

• Companies with a turnover of ₹200 crores or more in the previous financial year.

• Companies with outstanding loans or borrowings exceeding ₹100 crores.

• Companies accepting deposits under Section 73.

The Internal Auditor must be a Chartered Accountant (CA) or a firm of CAs.

2. SEBI Regulations

Listed entities must comply with SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, requiring Internal Audits to review financial controls and compliance with securities laws.

3. RBI Guidelines

Banks, NBFCs, and financial institutions follow RBI’s Master Directions, which mandate frequent audits of credit, operational, and IT risks.

4. Tax Laws

GST and Income Tax Act require businesses to conduct Internal Audits to ensure accurate tax filings and adherence to anti-evasion measures.

Scope & Objectives of Internal Audit in India

• Risk Management: Identify operational, financial, and compliance risks.

• Compliance: Ensure adherence to laws like Companies Act, GST, FEMA, and labor statutes.

• Operational Efficiency: Evaluate resource utilization and process effectiveness.

• Fraud Prevention: Detect and mitigate fraudulent activities.

• Financial Accuracy: Verify the reliability of financial reporting.

Key Requirements for Internal Audits

A. Mandatory for Specified Companies

• Large Companies: Turnover ≥₹200 crore, loans ≥₹100 crore, or deposit-taking companies.

• Listed Companies: Quarterly audits for financial disclosures.

• Banks/NBFCs: RBI mandates half-yearly audits of critical functions.

B. Appointment of Internal Auditors

• Must be a practicing CA or CA firm.

• Auditors must remain independent (not an employee or director).

• Listed companies require auditor rotation every 5 years.

C. Reporting Structure

• The Audit Committee oversees Internal Audit findings.

• Reports are submitted to the Board of Directors quarterly.

Internal Audit Process: Step-by-Step

1. Planning: Define scope, objectives, and timelines.

2. Fieldwork: Collect data, test controls, and interview stakeholders.

3. Reporting: Document findings, risks, and recommendations.

4. Follow-Up: Track implementation of corrective actions.

Standards Followed:

• Standards on Internal Audit (SIA) by ICAI.

• COSO Framework for risk management.

Benefits of Internal Audit for Indian Companies

• Risk Mitigation: Proactively address financial and operational risks.

• Regulatory Compliance: Avoid penalties from MCA, SEBI, or RBI.

• Improved Governance: Strengthen stakeholder trust.

• Fraud Detection: Save costs by identifying irregularities early.

Challenges in Implementing Internal Audits

1. Resource Constraints: SMEs struggle with hiring skilled auditors.

2. Regulatory Complexity: Frequent updates in laws like GST or Companies Act.

3. Lack of Awareness: Many companies undervalue preventive audits.

Best Practices for Effective Internal Audits

• Leverage Technology: Use data analytics tools for real-time monitoring.

• Training: Regularly upskill auditors on regulatory changes.

• Align with Strategy: Link audit goals to business objectives.

• Independent Oversight: Ensure auditors report directly to the Audit Committee.

FAQs on Internal Audit in India

Q1. Is Internal Audit mandatory for all companies in India?
No, only specified companies under the Companies Act, SEBI, or RBI regulations.

Q2. Can a non-CA conduct an Internal Audit?
No, only CAs or CA firms are legally authorized.

Q3. How often should Internal Audits be conducted?
Annually for most companies; quarterly for listed entities.

Conclusion

Internal Audit is not just a compliance exercise but a strategic tool for sustainable growth in India’s dynamic business environment. By adhering to the Companies Act, SEBI guidelines, and sector-specific mandates, organizations can mitigate risks, enhance transparency, and build stakeholder confidence.

Need Help? B K Goyal & Co LLP offers end-to-end Internal Audit services tailored to Indian regulations. Contact us today for a consultation! : M- 9971782649 | Email- [email protected]

Internal Links:

• Corporate Governance in India

• SEBI Compliance Checklist

External Links:

• Ministry of Corporate Affairs

• ICAI Standards