Internal Audit Applicability Under Companies Act, 2013

Internal Audit Applicability Under Companies Act, 2013. Internal audit plays an important role in ensuring that a company maintains effective internal controls, adheres to compliance requirements, and upholds the confidence of stakeholders. Under the Companies Act, 2013, the concept of internal audit has been formalized and made mandatory for certain classes of companies. Knowing about the Internal Audit Applicability Under Companies Act, 2013 is important for companies to avoid penalties, improve internal processes, and ensure transparency in financial operations.
What is an Internal Audit?
Internal audit refers to an independent examination of a company's internal controls, risk management mechanisms, and governance processes. It is conducted by a qualified professional who reviews various internal operations of the company to identify any gaps or risks. This function is essential for detecting potential frauds, ensuring financial accuracy, and suggesting improvements in business processes. The internal audit is distinct from a statutory audit because it is an internal mechanism aimed at enhancing the efficiency and compliance of an organization rather than reporting to external regulators.
The Companies Act, 2013 has made internal audit compulsory for specific companies based on their size, structure, and financial exposure. Internal audits are not just compliance obligations but are also important tools for achieving operational excellence and strategic control.
Scope of an Internal Audit
The scope of an internal audit is not rigidly fixed in the law. As per Rule 13 of the Companies (Accounts) Rules, 2014, it is the responsibility of the audit committee of the company or the board of directors to determine the scope, functioning, periodicity, and methodology of the internal audit. The law thus provides flexibility to companies to align the internal audit with their unique needs.
An internal audit may include checking the effectiveness of internal financial controls, risk management processes, operational efficiencies, fraud detection systems, and compliance with applicable laws and standards. The internal auditor may also review procurement systems, HR policies, IT security, and even inventory management. By assessing these core functions, internal audits help companies strengthen their internal frameworks.
Internal Audit Applicability: Who Should Appoint an Internal Auditor?
The Companies Act, 2013, through Section 138 read with Rule 13 of the Companies (Accounts) Rules, 2014, mandates internal audit for specific classes of companies. Knowing about the Internal Audit Applicability Under Companies Act, 2013 requires evaluating the nature of the company and its financial parameters.
Listed Companies
Every company whose securities are listed on a recognized stock exchange in India is mandatorily required to appoint an internal auditor. This is because listed companies handle public funds and must maintain the highest standards of transparency and governance.
Unlisted Public Companies
Unlisted public companies must appoint an internal auditor if they meet any of the following criteria during the preceding financial year:

The company has a turnover of Rs. 200 crore or more.

The paid-up share capital is Rs. 50 crore or more.

The company has outstanding loans or borrowings from banks or financial institutions exceeding Rs. 100 crore at any time during the year.

The company has outstanding deposits of Rs. 25 crore or more at any time.

Private Companies
Private companies are also required to appoint internal auditors if they satisfy any of the following conditions:

Turnover is Rs. 200 crore or more during the previous financial year.

Outstanding loans or borrowings exceed Rs. 100 crore from banks or financial institutions at any point in time.

Even if a company is not statutorily obligated, voluntary internal audits can enhance governance and business performance. Small companies that do not fall within the prescribed thresholds may still benefit from an internal audit setup.
Tabular Summary - Internal Audit Applicability

Company Type

Criteria for Internal Audit Applicability

Listed Companies

Mandatory for every listed company

Unlisted Public Company

Turnover ≥ Rs. 200 Cr OR Paid-up Capital ≥ Rs. 50 Cr OR Loans ≥ Rs. 100 Cr OR Deposits ≥ Rs. 25 Cr

Private Company

Turnover ≥ Rs. 200 Cr OR Loans ≥ Rs. 100 Cr

Role and Responsibilities of an Internal Auditor
The internal auditor serves as a watchdog for internal operations. The responsibilities include but are not limited to the following:
Independent Assessment
The internal auditor independently evaluates financial records, operational workflows, and the effectiveness of internal controls. This ensures that the management receives unbiased feedback about the organization's internal functioning.
Reporting and Recommendations
After completing the audit, the auditor prepares a detailed report of findings. This report is shared with the Board of Directors or the Audit Committee. It contains observations, risks identified, and suggested remedial actions.
Fraud Detection and Prevention
An internal auditor can spot inconsistencies in financial data or unusual business activities that might indicate fraudulent conduct. The auditor recommends controls to mitigate these risks.
Accuracy and Compliance
Internal auditors validate the integrity of financial statements by checking compliance with applicable accounting standards, laws, and internal policies. They play a major role in ensuring financial data accuracy and completeness.
Qualifications of an Internal Auditor
The Companies Act, 2013 does not specify a mandatory academic qualification but outlines general expectations for internal auditors. The qualifications typically accepted include:
Chartered Accountant (CA)
A CA is a preferred choice due to their expertise in accounting, audit, and finance. Most companies opt for practicing CAs to conduct internal audits.
Cost Accountant (CMA)
Cost accountants are suitable when cost control and cost analysis are major parts of the audit.
Certified Internal Auditor (CIA)
A CIA, certified by the Institute of Internal Auditors (IIA), is considered a global expert in internal auditing.
Internal Employees
Companies can appoint a qualified employee as an internal auditor, provided the person has sufficient experience and is not involved in the day-to-day financial operations.
Restriction on Statutory Auditors
Section 144(b) of the Companies Act, 2013 prohibits statutory auditors from performing internal audits. This prevents conflict of interest and ensures independence in the internal audit process.
Procedure for Appointment of an Internal Auditor
Appointing an internal auditor involves a defined process to ensure compliance with statutory requirements. The following steps need to be followed:
Selecting a Qualified Professional
The company must first identify a suitable professional who meets the eligibility requirements. The individual or firm must provide written consent to take up the assignment.
Board Meeting and Approval
The Board of Directors must pass a resolution approving the appointment. The matter should be listed in the board meeting agenda and properly documented in the minutes.
Issuing Appointment Letter
Once approved, the company should issue a formal letter of appointment specifying the auditor’s role, scope of work, tenure, and remuneration.
Filing Form MGT-14
According to Section 117 of the Companies Act, Form MGT-14 must be filed with the Registrar of Companies (ROC) within 30 days of passing the board resolution. This form notifies the ROC about the internal auditor's appointment.
Maintenance of Records
Certified copies of the board resolution, appointment letter, and MGT-14 acknowledgement must be preserved in the company’s records for future reference.
Penalties for Non-Compliance with Internal Audit Requirements
The Companies Act, 2013 does not explicitly state a separate penalty under Section 138 for failure to appoint an internal auditor. However, in such cases, Section 450 of the Companies Act applies.
As per Section 450:

A penalty of up to Rs. 10,000 may be imposed on the company and every responsible officer.

If the non-compliance continues, an additional penalty of Rs. 1,000 per day will be levied until the default is rectified.

These offences are compoundable, meaning they can be settled with the Registrar of Companies or Regional Director without court proceedings. Nevertheless, companies are advised to comply within time to avoid legal hassles.
Why Internal Audit is Important Even When Not Mandatory
Companies not covered under the mandatory criteria for internal audit applicability can still benefit by adopting internal audit voluntarily. Internal audits help in early identification of operational inefficiencies and financial irregularities. It also improves internal reporting systems, enables better compliance management, and contributes to better decision-making at the top level.
For startups and growing companies, internal audit frameworks provide structure and accountability. They promote financial discipline and help in building investor confidence. Therefore, having an internal audit mechanism, even when not required, is a wise business practice.
Conclusion
Internal Audit Applicability Under Companies Act, 2013 is important for ensuring legal compliance, corporate governance, and operational effectiveness. The appointment of a qualified internal auditor is not only a legal formality for specified companies but also a strategic tool for others to enhance business performance. Whether you run a listed company, an unlisted public company, or a private enterprise, reviewing your eligibility for internal audit applicability is essential. Following the prescribed process for appointment and fulfilling the required compliances under the Companies Act will help your organization avoid penalties and improve internal efficiency.
For end-to-end support with internal audit applicability, appointment procedures, and ROC filings, expert assistance from Compliance Calendar LLP ensures that your company remains compliant and audit-ready at all times. To connect with Compliance Calendar LLP experts, you can mail at info@ccoffice.in or Call/WhatsApp at +91 9988424211.
FAQs
Q1. What is internal audit under the Companies Act, 2013?
Ans. Internal audit is an independent management function that involves the examination, evaluation, and monitoring of internal controls, risk management, and governance processes within a company. Section 138 of the Companies Act, 2013 mandates internal audit for certain classes of companies to enhance transparency and compliance.
Q2. Which companies are mandatorily required to appoint internal auditors under Section 138?
Ans. As per Rule 13 of the Companies (Accounts) Rules, 2014, internal audit is mandatory for the following:

Listed companies

Unlisted public companies with:

Paid-up share capital ≥ Rs.50 crore, or

Turnover ≥ Rs.200 crore, or

Outstanding loans/borrowings from banks/public financial institutions ≥ Rs.100 crore, or

Outstanding deposits ≥ Rs.25 crore

Private companies with:

Turnover ≥ Rs.200 crore, or

Outstanding loans/borrowings ≥ Rs.100 crore

Q3. Who can be appointed as an internal auditor?
Ans. The internal auditor can be:

A chartered accountant (whether in practice or not),

A cost accountant, or

Any other professional as decided by the Board. The internal auditor may be an employee or an external professional/firm.

Q4. Is the internal auditor required to be independent of the company’s operations?
Ans. While independence is not explicitly mandated under Section 138, it is strongly recommended for effectiveness. An independent internal auditor provides unbiased assessments and supports better governance and compliance.
Q5. What is the frequency and scope of internal audit?
Ans. The scope, periodicity, and methodology of internal audit are determined by the company’s Board or Audit Committee. It can be conducted quarterly, half-yearly, or annually based on business complexity and risk assessment.
Q6. Are internal audit reports required to be submitted to the Registrar of Companies (RoC)?
Ans. No, internal audit reports are not required to be submitted to the RoC. However, the findings should be presented to the Board or Audit Committee for corrective action and oversight.
Q7. What are the consequences of non-compliance with internal audit requirements?
Ans. Non-compliance with Section 138 may attract penalties under the Companies Act. The company and its officers may be liable for penalties as per general provisions if internal audit is not conducted when required.

Internal audit plays an important role in ensuring that a company maintains effective internal controls, adheres to compliance requirements, and upholds the confidence of stakeholders. Under the Companies Act, 2013, the concept of internal audit has been formalized and made mandatory for certain classes of companies. Knowing about the Internal Audit Applicability Under Companies Act, 2013 is important for companies to avoid penalties, improve internal processes, and ensure transparency in financial operations.

What is an Internal Audit?

Internal audit refers to an independent examination of a company's internal controls, risk management mechanisms, and governance processes. It is conducted by a qualified professional who reviews various internal operations of the company to identify any gaps or risks. This function is essential for detecting potential frauds, ensuring financial accuracy, and suggesting improvements in business processes. The internal audit is distinct from a statutory audit because it is an internal mechanism aimed at enhancing the efficiency and compliance of an organization rather than reporting to external regulators.

The Companies Act, 2013 has made internal audit compulsory for specific companies based on their size, structure, and financial exposure. Internal audits are not just compliance obligations but are also important tools for achieving operational excellence and strategic control.

Scope of an Internal Audit

The scope of an internal audit is not rigidly fixed in the law. As per Rule 13 of the Companies (Accounts) Rules, 2014, it is the responsibility of the audit committee of the company or the board of directors to determine the scope, functioning, periodicity, and methodology of the internal audit. The law thus provides flexibility to companies to align the internal audit with their unique needs.

An internal audit may include checking the effectiveness of internal financial controls, risk management processes, operational efficiencies, fraud detection systems, and compliance with applicable laws and standards. The internal auditor may also review procurement systems, HR policies, IT security, and even inventory management. By assessing these core functions, internal audits help companies strengthen their internal frameworks.

Internal Audit Applicability: Who Should Appoint an Internal Auditor?

The Companies Act, 2013, through Section 138 read with Rule 13 of the Companies (Accounts) Rules, 2014, mandates internal audit for specific classes of companies. Knowing about the Internal Audit Applicability Under Companies Act, 2013 requires evaluating the nature of the company and its financial parameters.

Listed Companies

Every company whose securities are listed on a recognized stock exchange in India is mandatorily required to appoint an internal auditor. This is because listed companies handle public funds and must maintain the highest standards of transparency and governance.

Unlisted Public Companies

Unlisted public companies must appoint an internal auditor if they meet any of the following criteria during the preceding financial year:

The company has a turnover of Rs. 200 crore or more.
The paid-up share capital is Rs. 50 crore or more.
The company has outstanding loans or borrowings from banks or financial institutions exceeding Rs. 100 crore at any time during the year.
The company has outstanding deposits of Rs. 25 crore or more at any time.

Private Companies

Private companies are also required to appoint internal auditors if they satisfy any of the following conditions:

Turnover is Rs. 200 crore or more during the previous financial year.
Outstanding loans or borrowings exceed Rs. 100 crore from banks or financial institutions at any point in time.

Tabular Summary - Internal Audit Applicability

Company Type	Criteria for Internal Audit Applicability
Listed Companies	Mandatory for every listed company
Unlisted Public Company	Turnover ≥ Rs. 200 Cr OR Paid-up Capital ≥ Rs. 50 Cr OR Loans ≥ Rs. 100 Cr OR Deposits ≥ Rs. 25 Cr
Private Company	Turnover ≥ Rs. 200 Cr OR Loans ≥ Rs. 100 Cr

Role and Responsibilities of an Internal Auditor

The internal auditor serves as a watchdog for internal operations. The responsibilities include but are not limited to the following:

Independent Assessment

The internal auditor independently evaluates financial records, operational workflows, and the effectiveness of internal controls. This ensures that the management receives unbiased feedback about the organization's internal functioning.

Reporting and Recommendations

After completing the audit, the auditor prepares a detailed report of findings. This report is shared with the Board of Directors or the Audit Committee. It contains observations, risks identified, and suggested remedial actions.

Fraud Detection and Prevention

An internal auditor can spot inconsistencies in financial data or unusual business activities that might indicate fraudulent conduct. The auditor recommends controls to mitigate these risks.

Accuracy and Compliance

Internal auditors validate the integrity of financial statements by checking compliance with applicable accounting standards, laws, and internal policies. They play a major role in ensuring financial data accuracy and completeness.

Qualifications of an Internal Auditor

The Companies Act, 2013 does not specify a mandatory academic qualification but outlines general expectations for internal auditors. The qualifications typically accepted include:

Chartered Accountant (CA)

A CA is a preferred choice due to their expertise in accounting, audit, and finance. Most companies opt for practicing CAs to conduct internal audits.

Cost Accountant (CMA)

Cost accountants are suitable when cost control and cost analysis are major parts of the audit.

Certified Internal Auditor (CIA)

A CIA, certified by the Institute of Internal Auditors (IIA), is considered a global expert in internal auditing.

Internal Employees

Companies can appoint a qualified employee as an internal auditor, provided the person has sufficient experience and is not involved in the day-to-day financial operations.

Restriction on Statutory Auditors

Section 144(b) of the Companies Act, 2013 prohibits statutory auditors from performing internal audits. This prevents conflict of interest and ensures independence in the internal audit process.

Procedure for Appointment of an Internal Auditor

Appointing an internal auditor involves a defined process to ensure compliance with statutory requirements. The following steps need to be followed:

Selecting a Qualified Professional

The company must first identify a suitable professional who meets the eligibility requirements. The individual or firm must provide written consent to take up the assignment.

Board Meeting and Approval

The Board of Directors must pass a resolution approving the appointment. The matter should be listed in the board meeting agenda and properly documented in the minutes.

Issuing Appointment Letter

Once approved, the company should issue a formal letter of appointment specifying the auditor’s role, scope of work, tenure, and remuneration.

Filing Form MGT-14

According to Section 117 of the Companies Act, Form MGT-14 must be filed with the Registrar of Companies (ROC) within 30 days of passing the board resolution. This form notifies the ROC about the internal auditor's appointment.

Maintenance of Records

Certified copies of the board resolution, appointment letter, and MGT-14 acknowledgement must be preserved in the company’s records for future reference.

Penalties for Non-Compliance with Internal Audit Requirements

The Companies Act, 2013 does not explicitly state a separate penalty under Section 138 for failure to appoint an internal auditor. However, in such cases, Section 450 of the Companies Act applies.

As per Section 450:

A penalty of up to Rs. 10,000 may be imposed on the company and every responsible officer.
If the non-compliance continues, an additional penalty of Rs. 1,000 per day will be levied until the default is rectified.

Why Internal Audit is Important Even When Not Mandatory

Companies not covered under the mandatory criteria for internal audit applicability can still benefit by adopting internal audit voluntarily. Internal audits help in early identification of operational inefficiencies and financial irregularities. It also improves internal reporting systems, enables better compliance management, and contributes to better decision-making at the top level.

For startups and growing companies, internal audit frameworks provide structure and accountability. They promote financial discipline and help in building investor confidence. Therefore, having an internal audit mechanism, even when not required, is a wise business practice.

Conclusion

Internal Audit Applicability Under Companies Act, 2013 is important for ensuring legal compliance, corporate governance, and operational effectiveness. The appointment of a qualified internal auditor is not only a legal formality for specified companies but also a strategic tool for others to enhance business performance. Whether you run a listed company, an unlisted public company, or a private enterprise, reviewing your eligibility for internal audit applicability is essential. Following the prescribed process for appointment and fulfilling the required compliances under the Companies Act will help your organization avoid penalties and improve internal efficiency.

For end-to-end support with internal audit applicability, appointment procedures, and ROC filings, expert assistance from Compliance Calendar LLP ensures that your company remains compliant and audit-ready at all times. To connect with Compliance Calendar LLP experts, you can mail at info@ccoffice.in or Call/WhatsApp at +91 9988424211.

FAQs

Q1. What is internal audit under the Companies Act, 2013?

Ans. Internal audit is an independent management function that involves the examination, evaluation, and monitoring of internal controls, risk management, and governance processes within a company. Section 138 of the Companies Act, 2013 mandates internal audit for certain classes of companies to enhance transparency and compliance.

Q2. Which companies are mandatorily required to appoint internal auditors under Section 138?

Ans. As per Rule 13 of the Companies (Accounts) Rules, 2014, internal audit is mandatory for the following:

Listed companies
Unlisted public companies with:

Paid-up share capital ≥ Rs.50 crore, or
Turnover ≥ Rs.200 crore, or
Outstanding loans/borrowings from banks/public financial institutions ≥ Rs.100 crore, or
Outstanding deposits ≥ Rs.25 crore

Private companies with:

Turnover ≥ Rs.200 crore, or
Outstanding loans/borrowings ≥ Rs.100 crore

Q3. Who can be appointed as an internal auditor?

Ans. The internal auditor can be:

A chartered accountant (whether in practice or not),
A cost accountant, or
Any other professional as decided by the Board. The internal auditor may be an employee or an external professional/firm.

Q4. Is the internal auditor required to be independent of the company’s operations?

Ans. While independence is not explicitly mandated under Section 138, it is strongly recommended for effectiveness. An independent internal auditor provides unbiased assessments and supports better governance and compliance.

Q5. What is the frequency and scope of internal audit?

Ans. The scope, periodicity, and methodology of internal audit are determined by the company’s Board or Audit Committee. It can be conducted quarterly, half-yearly, or annually based on business complexity and risk assessment.

Q6. Are internal audit reports required to be submitted to the Registrar of Companies (RoC)?

Ans. No, internal audit reports are not required to be submitted to the RoC. However, the findings should be presented to the Board or Audit Committee for corrective action and oversight.

Q7. What are the consequences of non-compliance with internal audit requirements?

Ans. Non-compliance with Section 138 may attract penalties under the Companies Act. The company and its officers may be liable for penalties as per general provisions if internal audit is not conducted when required.