This article is written by Pruthvi Ramkanta Hegde. This article highlights the aspects of internal audit, internal auditor, and Rule 13 of the Companies (Account) Rules 2014, along with the types of auditing as per the Companies Act, 2013.

It has been published by Rachit Garg.

It is always believed that a company’s financial stability reflects the company’s trust and responsibilities. Accordingly, Section 138 of the Companies Act, 2013 is significant for maintaining the financial status of the company. It states that financial operations are conducted with the utmost confidence and good faith. Through Notification No. S.O. 902(E) issued on 27 March, 2014, Section 138 of the Companies Act, 2013, was made effective by the Ministry of Corporate Affairs (MCA). It came into effect on 1st April, 2014. In order to maintain good financial practices in any organisation, Section 138 plays a prominent role in this regard.

Download Now

The auditor is like a financial detector who plays a very important role in checking the financial records and transparency of an organisation, government, or other entity. An auditor may be any qualified professional individual who determines the financial statements of such an organisation or any individual to ascertain the accuracy, compliance with laws and regulations, and integrity and reliability of the financial information. An auditor has the option to be an independent practitioner or an employee of any organisation. An auditor who is part of the company or works for the company is referred to as an internal auditor, but in case an auditor who gives services independently to any organisation or company is called an external auditor. The suggestion given by the internal auditor is significant because it will help build trust in monitoring, reporting and decision-making.

Eligibility of an individual to be appointed as an internal auditor of the company

Under the guidelines enumerated in Section 138 of the Companies Act, 2013, and additional details provided in Rule 13 of the Companies (Accounts) Rules 2014, an eligible individual is considered to be an internal auditor of the company. Those persons are as follows:

Chartered accountant

One of the eligible persons for the appointment as an internal auditor of the company is a chartered accountant. It is not an issue that such a person may be in practice or not; they are eligible to act as an internal auditor for the company, provided with one condition that such person must be registered with the Institute of Chartered Accountants of India (ICAI). 

Cost accountant  

The company can appoint a cost accountant and such a person is eligible to be appointed as an internal auditor of the company. One of the requirements is that such individuals should be members of the Institute of Cost Management of India (ICMAI).

Other professionals

According to Section 138, any individual who is a qualified professional who possesses reasonable knowledge and requisite qualifications in the auditing field can be appointed as an internal auditor of the company. Meanwhile, the internal auditor of the company may or may not be an employee of the company.

An internal audit is a regular checkup done by the internal auditor of the company. The main purpose of the internal audit is auditing, reviewing, and assessing the company’s financial operations and affairs. The auditor will find any areas where things might go wrong or not comply with the provisions of the company rules and statutory rules. This will help to regulate the company’s internal processes smoothly. Thereby, the internal audit keeps the company away from risk and uncertainties. The main intention is to provide effective suggestions and problem solving alternatives for development to optimise the company’s operational activity and financial production.

An internal auditor may be any qualified professional individual, including a chartered accountant, a cost accountant, or any other professional appointed by the company’s board as they deem fit, who can become an internal auditor of the company. In order to appoint such a person as an internal auditor, there are some established procedures. The appointment of the internal auditor involves the following procedures:

  • Companies initially need to approach the qualified auditor and must obtain a consent letter from the newly proposed auditor to confirm their willingness and eligibility to serve as the company’s internal auditor.
  • After obtaining a consent letter from the auditor, the company needs to obtain board approval by issuing notice for a board meeting.
  • The company has to submit the MGT-14 e-form as required under the Companies Act 2013 in order to formalise the appointment of an internal auditor.
  • The company has to send an official letter to internal auditors informing them of their appointment with the company. 

The internal audit plays a significant role in the healthy progress of the company. It contributes to the overall effectiveness and efficiency of the company. 

The major reasons are as follows:

  • In order to assess the company’s internal control and financial reliability, an internal audit is required to be conducted. 
  • Internal auditing helps to identify and assess risks that the company may face in its operations.
  • The internal audit keeps the company out of any legal issues or regulatory fines by fulfilling compliance with relevant laws and regulations.
  • Internal audits provide assurance regarding the accuracy and reliability of financial information. It is more important for stakeholders, including investors, as it ensures that provided financial information is true and accurate.
  • The internal auditor helps to develop the company’s efficiency by recommending necessary changes in process, control and overall governance practises.
  • By reviewing and evaluating the company’s internal processes, an internal audit aims to enhance operational efficiency of the company. 

Rule 13 of the Companies (Accounts) Rules, 2014, states that companies need to appoint an internal auditor. That includes:

Listed companies

All companies listed on the stock exchange must appoint an internal auditor. Listed companies are those companies whose shares are traded on stock exchanges.

Unlisted public companies

Criminal litigation

Unlisted public companies are those that are not traded on stock exchanges. They need to appoint an internal auditor if they meet any of the following criteria in the preceding financial year:

  • Paid-up share capital: If the company’s paid-up share capital was 50 crore or more during the previous financial year.
  • Turnover: If the company achieved a turnover of Rs. 200 crore or more during the previous financial year.
  • Loans and borrowings: If the company’s outstanding loans or borrowings from banks or public financial institutions exceeded Rs. 100 crore or more at any point during the previous financial year.
  • Deposits: If the company has had outstanding deposits of Rs. 25 crore or more at any point during the previous financial year.

Private companies

Private companies that are not publicly traded should appoint an internal auditor if they meet either of the following criteria during the previous financial year: 

  • Turnover: If the company achieved a turnover of Rs. 200 crores or more.
  • Loans and borrowings: If the company had outstanding loans or borrowings from banks or public financial institutions exceeding Rs. 100 crore or more at any time during the previous financial year.

Limitations under Section 138

According to Section 138 of the Companies Act, 2013, read under Rule 13 of the Companies (Account) Rules, 2014, companies that are listed need to appoint an internal auditor. Meanwhile, there are some exceptions provided under Section 138 of the Companies Act. Accordingly, there is no such compulsion upon such companies to appoint an internal auditor as per the provision. Such companies are as follows:

One-person company

Companies that operate with a single individual who acts as both shareholder and director are generally referred to as one-person companies. These companies are slightly different from other companies. Even if these companies do not make a lot of money or substantial funds, these solo running businesses are not obligated to hire someone as an internal auditor of the company. This rule is made handy because it encourages and provides benefits to smaller businesses that have invested with narrow sources.

Small companies

Small companies are also exempted from the appointment of an internal auditor. Section 2(85) of the Companies Act, 2013, defines a small company as a company that excludes public companies and which meets up these criterias that the company shall not exceed its paid-up capital of Rs. 50 lakhs in the prior financial year; further companies total sales must not exceed Rs. 2 crores in the immediate prior financial year; and along with these loans borrowed, the due amount must not exceed the limit of Rs. 1 crore. However, the definition does not include holding companies or subsidiary companies, companies registered under Section 8 and companies governed by any special legislation.

Dormant companies

Dormant companies are those whose establishment is mainly with regards to upcoming events and such companies do not actively hold the assets; therefore, Section 138 does not apply to such companies. 

Companies formed for charitable purposes

As the word says, the company formed for charitable purposes is also exempted from the process of appointing an internal auditor. Section 8 of the Companies Act, 2013, states that those companies formed for charitable purposes are not generally formed for the sole purpose of earning a profit. These companies are often referred to as Section 8 Companies. If such companies fall under the conditions specified under Rule 13 of the Companies (Accounts) Rules, 2014, they might appoint an internal auditor for the auditing purpose.

In order to maintain the company’s operational health, transparency, and accountability, auditing plays a significant role. The Companies Act states the different types of auditing with different rules that companies need to comply with these established standards. The different types of audits are as follows:

Statutory audit 

One of the most applicable and common types of audit is a statutory audit. Most of the companies abide by this type of audit. One of the important aspects of the statutory audit is to ascertain and determine whether the accuracy and clarity of the financial information, statements and financial affairs of the company are going in the right direction or not. A statutory audit is linked to the annual financial operations of the company. The audit assists in structuring the financial operations of the company, thereby contributing to establishing clarity and accuracy in the financial statement. Every company has a compulsion to undergo this type of audit in accordance with Section 139 of the Companies Act, 2013.  

Appointment procedure 

The statutory auditor will be appointed by the company’s shareholders. In order to appoint the statutory auditor, an appointment needs to be made at the company’s annual general meeting. One of the requirements for the appointment of a statutory auditor is that they must be a qualified chartered accountant and must be registered with the Institute of Chartered Accountants of India (ICAI).

Power, scope and functions of the statutory auditor

One of the primary functions of the statutory auditors is to determine and verify the accuracy, compliance completeness and clarity of the company’s financial records, such as the balance sheet, profit and loss accounts, cash flow statements, and other relevant financial statements. The examined records must be consistent with accounting standards and the essential principles of accounting. Further, auditors need to regulate the internal, financial and accounting practises to determine the occurrence of any ambiguous or inconsistent transactions that might happen in the company. Once the audit report is framed by the auditor, they must hand it over to the shareholders of the company. The report must cover suggestions, recommendations and opinions of the auditors with regards to the financial structure and also include information about the company’s financial statements. Auditors need to inform shareholders or other stakeholders of the company and must be informed if any variations or uncertainties occur in the audited report of the company.

Cost audit 

A cost audit is a specialised form of audit that is primarily applicable to certain industries, such as manufacturing and mining, where the accurate calculation and reporting of the costs are crucial factors. Section 148 of the Companies Act, 2013, deals with the requirement of the cost audit. It mandates that companies engaged in specific industries, as may be prescribed by the government, are required to conduct a cost audit. 

Rule 3 of the Companies (Cost Records and Audit) Rules 2014

The specific industries and thresholds for mandatory cost audits are determined through the rules framed under Section 148 of the Companies Act, subject to Rule 3 of the Companies (Cost Records and Audit) Rules, 2014, which specifies the industries and circumstances that trigger the requirement of the cost audit. 

For instance, industries engaged in the production of goods like steel, cement, pharmaceuticals, etc., often fall under the head of cost audit if they meet specified criteria.

Scope, power, and functions of the cost auditor

  • Cost auditors focus on reviewing the company’s cost records, cost accounting systems, and production process. They ensure that costs associated with manufacturing or producing goods are accurately calculated, allocated, and reported in accordance with cost accounting standards.
  • Cost auditors aim to verify that the company’s cost statements and reports are in compliance with applicable laws and statutes. 
  • The findings of the cost audit are reported to the company’s management and regulatory authorities, such as the Central Government. The audit report provides insights into cost efficiency, compliance, and areas where improvements may be needed.
  • Companies subject to a cost audit are required to submit a cost compliance report to the government, as specified under Rule 6 of the Companies (Cost Record and Audit) Rules, 2014. The report summarises the findings of the audit.

Secretarial audit

A secretarial audit is a specialised form of audit that concentrates on a company’s compliance with legal and regulatory requirements related to corporate governance, board meetings, and other key aspects of corporate administration. The primary objective of this audit is to ensure that the company adheres to these rules and fulfils its legal obligations. The Companies Act, 2013, states requirements for the secretarial audit under Section 204.

Rule 9 of the Companies (Appointment and Remuneration of Managerial Personnel) Rules 2014

Rule 9 of the Companies (Appointment and Remuneration of Managerial Personnel) Rules, 2014, covers the classes of companies that are subject to the secretarial audit. The rule typically includes paid-up capital turnover and other prescribed criteria.

Scope, power, and function of the secretarial auditor

  • Secretarial auditors need to review and examine the various aspects of a company’s corporate governance, compliance with the Companies Act, 2013, and adherence to the regulations issued by the regulatory authorities.
  • The auditors need to examine whether the company is complying with laws and regulations in concern with board meetings, appointment and remuneration to directors, related party transactions, and other governance matters. 

Internal auditing in a company has covered a wide range of areas that serve specific purposes in determining and improving a company’s progress. Some of the common types of internal audits include the following:

Financial audit

This audit acts as a checkup on the company’s economic matters. The main purpose is to look closely at the financial matters, records and transactions of the company so that every piece of information is accurate and follows the rules. One of the main areas covered by the financial audit is the examination of the financial statements. This includes the balance sheet, income statement, and cash flow statement. The audit ensures that these statements accurately represent the company’s financial position, performance and cash flow. The significant part of the financial audit is that it involves verifying expenses incurred by the company. It includes an elaborate examination of various expenses such as operating expenses, capital expenses and other costs associated with business operations. The audit intends to confirm that expenses are accurately recorded and align with the company’s financial policies. A financial audit reviews the budgeting process of the company. This covers assessing how well the company plans and manages its financial resources, ensuring that budgets are real, aligned with strategic goals, and effectively monitored. This audit is like a fact check for a company’s monetary matters. Audits aim to verify the precision of financial information and compliance. It entails validating the accounting standards and requirements, which involves confirming that the company follows Generally Accepted Accounting Principles (GAAP) or International Financial Reportings Standards (IFRS) and complies with relevant legal and regulatory frameworks.

Operational audit

An operational audit checks how smoothly different transactions and activities of the company are carried out. It ensures that work processes are well organised without allowing unnecessary delays. It covers workflow efficiency, quality control, resource utilisation, product assessment, risk management, compliance with policies, technology and tool usage; it also checks employee training and the overall operational development of the organisation. Operational audits focus on optimising various processes within the organisation. This involves evaluating the efficiency of workflows and streamlining procedures to enhance overall productivity. An operational audit may extend its scope to assess the customer experience. This covers evaluating the customer facing process, service delivery, and responsiveness to customer needs. Improving the overall customer experience is important for customer satisfaction and loyalty. Assessing the integration of innovation and technology in the operational process is crucial. This involves reviewing the use of advanced technologies, automation and digital tools to enhance operational efficiency. Recommendations may be provided to leverage technology for improved outcomes. This audit may examine the company’s preparedness for crises and risks. This covers evaluating contingency plans, risk management targets and the effectiveness of protocols in place to address unforeseen events that may affect the operations.

Investigation audit

This type of audit focuses on determining the particular department or areas within a company to detect errors and potential fraud. Its primary responsibility is to uncover any irregularities or fraudulent activities that will occur in that particular organisation. The mere existence of investigation audits acts as a deterrent to potential wrongdoers within the company. Knowing that there are checks in place discourages employees from engaging in fraudulent activities.

Compliance audit

A compliance audit is conducted to make sure that a company is following the rules and guidelines set by laws, regulations and its own internal policies. It pays special attention to whether the company is meeting the standards set by the government, internal rules and industry it operates in. The main purpose is to ensure that the organisation is doing things the right way and not violating any established rules. A compliance audit involves a meticulous review of documentation to confirm that the company has well equipped policies and procedures in place. It includes verifying that employees are aware of these documents and that they are accessible to those who need them. Further, this audit assesses the effectiveness of training programmes in relation to compliance. This audit ensures that employees receive adequate training on relevant laws, regulations and any internal policies of the organisation. One of the most significant factors of this audit is that it enhances data protection and privacy, especially with the rise of stringent data protection regulations. Compliance audit hopes the company can safeguard the sensitive data by collecting, storing and processing data by ensuring that it in accordance with privacy laws. Ethical standards are one of the most important aspects of compliance. The audit will examine whether such an organisation has a code of ethics in place and assess how well employees follow such ethical guidelines in their routine activities. In many industries, companies engage with third parties or outsiders, such as partners or vendors. A compliance audit may extend  its scope to evaluate the compliance practices of these third parties by ensuring that they also adhere to relevant regulations and standards.

Supply chain audit

This type involves a thorough examination of the entire process that brings products or services from the initial production stage to their ultimate users, customers. The main purpose of the audit is to evaluate and enhance the efficiency, reliability and overall performance of the supply chain and procurement practises within the company. For instance, supply chain relationships with vendors are a critical focus area. It involves assessing how well the company collaborates with its suppliers. The audit covers certain factors to examine, such as communication, accuracy and the quality of products or services provided by vendors. Establishing strong and mutually beneficial relationships is essential for a smooth and effective supply chain between organisations and vendors. 

Environmental audit

An environmental, health, and safety (EHS) audit is a thorough determination conducted to ensure that a company is following rules regarding the environment, health and safety in the workplace. The main goal is to ensure the company follows and guarantees compliance with regulations and sets standards designed to protect the wellbeing of employees, the community and the environment. Examining workplace safety is one of the significant  aspects of an EHS audit. It entails inspecting the physical work environment to identify potential hazards and ensuring that safety measures are in place in the workplace. The audit further involves the company’s impact on the environment. This covers determining practices that may affect air and water quality, waste disposal, and energy consumption. The audit covers whether the company is keeping people safe and taking care of the environment. It makes sure that workers have the right gear, machines are in good shape, and safety rules are followed to avoid any accidents. The audit also covers how the company deals with things that can be harmful to the environment and how they handle dangerous stuff. This includes where companies keep it, how they move it, and how they get rid of it, all following the rules. It is important to do this well to prevent accidents, keep the environment safe and protect everyone in the company and the community. They also check if the company is ready for emergencies. Checking if there are good plans for emergencies, effective ways to evacuate people, and clear ways to communicate in case something unexpected happens that could harm people, their health or the environment.

Management audit

A management audit is one of the types of audit that plays an important role in assuring the efficiency of a company’s operational and organisational structure. It serves as a comprehensive determination of how the company is managed and organised by assessing various aspects related to leadership, decision taking, and overall managerial effectiveness. The main purpose of a management audit is to evaluate leadership within the organisation. That involves assessing the capabilities of top level executives, supervisors  and managers. This audit helps to make a decision with regards to leadership styles, the decision making process and the ability of leaders to use the company towards its goals. Further, this audit covers an analysis of decision making processes. This covers determining the decision making process, stakeholder participation and efficiency in the decision making process.

Section 138 of the Companies Act plays a crucial role in appointing internal auditors to certain lists of companies. The companies that meet the criteria stated in Rule 13 of the Companies (Accounts) Rules 2014 are required to appoint an internal auditor. Such companies mandatorily need to appoint an internal auditor to review their financial processes, control, and compliance. This requirement helps to ensure transparency and good governance in business operations. The Companies Act does not expressly state the duties and responsibilities of the internal auditor. Therefore, companies have the flexibility to appoint professionals with such knowledge as internal auditors. They are not limited to particular qualifications or professions. However, the Central Government is empowered to make rules to specify how often and how the internal audit of the company should be done, as well as how the results should be reported to the company’s board of directors.

Who can be appointed as an internal auditor for the company?

An internal auditor may be a professional with knowledge and expertise, including a chartered accountant or any other professional. An internal auditor may also be an individual or a firm.

Is Section 138 applicable to every company?

No, Section 138 is not applicable to every company. However, Section 138 is only applicable to those companies that fall under Rule 13 of the Companies (Accounts) Rules 2014.

Is it necessary for the internal auditor to be an employee of the company?

No, Section 138 of the Companies Act doesn’t specify that the internal auditor must be an employee of the company. An internal auditor may be either an employee or an external professional like a Chartered Accountant (CA) or Cost and Work Accountant (CMA).

What are the penalties outlined in the Companies Act, 2013, for non-compliance with the appointment of internal auditors? 

The Companies Act, 2013, does not contain specific penalty provisions for non-compliance with the appointment of internal auditors. Instead, it includes penalties in the general provision stated in Section 450 of the Act. That includes a fine of Rs. 10,000/- in case an employee, company, or any other member of the company is responsible for disobeying or not complying with the internal audit requirements. In case of continued non-compliance, Rs. 1000/- per day may be charged, with a maximum limit of Rs. 2 lakh for the company and Rs. 50,000/- for the officer responsible for the non-compliance.

Will an internal auditor be appointed as an employee of the company?

According to the Companies Act, 2013, the internal auditor may be appointed as an employee of the company. But the appointment of an internal auditor as an employee is not compulsory; internal auditors can audit externally.

As per the Companies Act, 2013, who has the authority to determine scope, functioning, periodicity and methodology of internal auditors?

According to the Companies Act, 2013, the Audit Committee of the Company or Board has the authority to determine the scope, functioning, periodicity and methodology of the internal auditors. There is no particular time period for conducting an internal audit but it is significant to conduct the audit quarterly so that such a compliance is determined correctly without any deviations in the company.


Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.



By admin

Leave a Reply

Your email address will not be published. Required fields are marked *