Expert verified Preparing for an internal audit in India doesn’t have to be stressful.
With the right checklist, planning, and understanding of compliance laws, your business can breeze through it. Here’s a guide to assist you with it.
What Are Internal Audits & What Do Auditors Look Into?
Internal audit is a continuous, independent function that adds value by improving company operations.
It assures management and board that risks, controls, and governance are effective, while also offering advice to improve them.
Though shaped by regulations, the scope of internal audit is set by management and the board to meet internal control needs.
The applicability of internal audits vary by nature of the organisation. Under the Companies Act 2013, certain companies must appoint an internal auditor. For others, it’s a best practice.
What Internal Auditors Look Into?
Unlike external audits, internal audits are broader, ongoing, and cover more than just financials, supporting overall compliance and efficiency. Here are some key focus areas:
- Internal Controls: They are assessed to ensure they effectively safeguard assets, ensure accurate financial reporting, promote efficiency, and support compliance.
- Risk Management: The focus is on helping management identify key risks, assess their impact and likelihood, and evaluate the adequacy of mitigation strategies in place.
- Compliance: They verify adherence to laws (e.g., Companies Act, GST, Income Tax, FEMA, SEBI) and ensure internal policies like HR, procurement, and IT are followed.
- Financial Reporting: Reviews ensure financial data is accurate, complete, properly supported, and in line with accounting standards.
- Operational Efficiency: Key processes are examined for effectiveness and resource use, with waste and bottlenecks flagged.
- Asset Safeguarding: Physical and intangible assets are checked for proper protection and verified against records.
- Fraud Prevention: Auditors identify fraud risks and assess the control environment’s strength in deterring misconduct.
How to Prepare for an Internal Audit in India: Step-by-Step Approach & Timeline
In order to prepare for an internal audit, your organisation must follow a methodical approach. Here’s a step-by-step guide:
Step 1: Start Early & Plan (4–8 Weeks Before Audit)
- Ask the internal auditor or audit firm for the audit plan or scope
- Clarify what areas will be audited (finance, HR, compliance), what documents are needed, and audit timelines
- Form an audit prep team including heads from finance, operations, HR, and IT.
- Designate a coordinator, typically the Finance Controller
- Review past audit reports and address unresolved issues
- Understand applicable laws:
- Companies Act 2013 (e.g. Section 138 for internal audit)
- GST, Income Tax, TDS/TCS provisions
- Labour laws like PF, ESI, Shops and Establishment
- Industry-specific rules like RBI for NBFCs, SEBI for listed companies
Step 2: Document Gathering & Organization (3–4 Weeks Before)
Create a master checklist of critical documents. Make sure documentation is labeled, up-to-date, and accessible.
Use folders or drive links that auditors can easily access.
Master checklist example:
| Category | Key Documents |
| Financial Records | Bank statements, ledgers, trial balances, GST returns (GSTR-1/3B), TDS challans. |
| Statutory Filings | MCA-21 forms (AOC-4, MGT-7), RBI/SEC filings (if applicable). |
| Contracts & Policies | MoA/AoA, vendor/lease agreements, HR policies, board minutes. |
| Transaction Proofs | Invoices, purchase orders, delivery challans, payment vouchers. |
| Compliance Records | PF/ESI returns, PT registration, factory licenses (if applicable). |
Step 3: Review Internal Controls (2–3 Weeks Before)
Test controls yourself:
- Verify approval hierarchies for expenses and purchases
- Check bank reconciliation statements for discrepancies
- Confirm physical inventory matches accounting records
Review your company’s internal policies such as:
- Standard Operating Procedures (SOPs)
- Employee handbook
- Approval workflows and access control policies (especially IT)
- Confirm whether policies are up-to-date and actually followed
Identify gaps:
- Unreconciled GST input credits
- Delayed or missing TDS payments
- Missing PF or ESI deductions for employees
Step 4: Conduct a Pre-Audit Mock Check (1–2 Weeks Before)
- Perform an internal walkthrough to simulate the audit
- Conduct sample testing of 30–50 transactions across functions
- Do compliance spot-checks:
- Match GST return entries to the books
- Check if TDS certificates like Form 16A are issued
- Confirm ROC filings are complete and accurate
- Look for red flags and fix them before suit such as:
- Unexplained expenses or unapproved payments
- Missing or outdated documents
- Inventory mismatches
- Outdated internal policies
Step 5: Train Staff & Prepare Logistics (1 Week Before)
- Brief employees on how to handle auditor questions clearly and honestly
- Show teams where to find documents, both physical and digital
- Explain what the auditor may ask and assign a clear point of contact
- Remind staff to stay calm, clear, and cooperative
- Allocate resources:
- Set up a dedicated room for auditors
- Provide system access in read-only mode
- Share a point-of-contact list for each department
- Ensure IT systems (e.g. Tally, SAP, Zoho) are audit-ready with data access and backups
- Prevent technical delays by testing systems in advance
Step 6: During the Audit (Be Responsive)
- Hold daily huddles to quickly address auditor queries
- Provide requested documents without delay using pre-arranged folders
- Document discussions and maintain minutes of what auditors ask and conclude
Step 7: Post-Audit Follow-Up
- Review the draft audit report and verify accuracy of findings
- Create an action plan with owners and timelines for each issue
- Implement required changes such as automating TDS or fixing approval workflows
- Use the audit report to fix weak areas and update outdated policies
- Train staff on improved practices and strengthen internal controls
Internal Audit Preparation Checklist for Indian Businesses
Here’s a downloadable checklist that can help you easily prepare for in internal audit:
Why Choose PKC for Internal Audits?
✅Comprehensive GRC solutions ensuring regulatory compliance confidence
✅Expert team delivering streamlined audit processes efficiently
✅Personalized consulting approach tailored to business complexities
✅Real-time continuous audit capabilities using advanced software
✅Risk management integration with operational integrity enhancement
✅TDS, GST, EPF/ESI compliance preventing costly penalty exposures
✅Board-level reporting ensuring direct senior management accountability
✅Quarter-wise audit scheduling for high-risk area monitoring
✅Strategic recommendations beyond compliance for operational optimization
Top 10 Mistakes to Avoid When Preparing for an Internal Audit in India
Here are some of the most common mistakes that you must be aware of while preparing for an internal audit:
- Ignoring Past Audit Findings: Failing to resolve previous audit issues can lead to repeated non-compliance and hefty penalties.
- Disorganized Documentation: Poor record-keeping can result in poor audit outcomes.
- Weak Internal Controls: Lack of internal checks can enable fraud and cause operational losses.
- Last-Minute Rush: Starting audit prep late leads to missed filings and financial inaccuracies.
- Departmental Silos: Poor interdepartmental coordination creates critical compliance gaps.
- Overlooking India-Specific Compliance: Ignoring local laws risks penalties under tax and corporate regulations.
- Untrained Staff: Inadequate employee training delays audits and confuses auditors.
- Digital Compliance Negligence: Mishandling digital records and signatures can void contracts and lose tax credits.
- Underestimating Fraud Risks: Ignoring fraud controls invites embezzlement and regulatory probes.
- Failing to Document Fixes: Fixing issues without evidence leads to repeated audit flags.
Frequently Asked Questions
1. What documents are auditors likely to request?
Financial records (ledgers, bank statements), statutory filings (GSTR-1, MCA forms), and transaction proofs (invoices, contracts). Ensure all have valid signatures and HSN codes.
2. How to test internal controls effectively before internal audit?
Validate approval hierarchies, perform surprise asset checks, and reconcile bank/GST statements monthly. Use maker-checker controls for high-risk areas like payments.
3. What staff training is needed pre-audit?
Train teams on process workflows (e.g., “How to file GSTR-3B?”) and document retrieval. Conduct mock Q&As to prevent contradictory statements.
4. How to handle past audit findings?
Maintain a corrective action tracker with deadlines. Provide evidence of fixes (e.g., updated policies) to avoid “repeat findings” in reports.
