Audits are mandatory for all big corporations, but what is the applicability of internal audit for private companies?
Explore with us the criteria for internal audit applicability for private limited companies and
Internal Audits Statutory Requirements for Private Companies
In India, internal audits for private companies are governed by the Companies Act, 2013 along with various regulations issued by the Institute of Chartered Accountants of India (ICAI) and other regulatory bodies.
Section 138 of the Companies Act, 2013 mandates internal audits for certain classes of companies, including some private companies, based on specific criteria:
- Turnover threshold: Companies with annual turnover of INR 200 crore or more during the preceding financial year
- Outstanding loans/borrowings threshold: Companies with outstanding loans or borrowings from banks or public financial institutions exceeding INR 100 crore at any point during the preceding financial year
Apart from the above, internal audits may also be mandated when:
- Certain sector-specific regulators (Banking, Insurance, NBFCs, etc. may impose additional internal audit requirements for private companies.
- If a private company is a subsidiary of a listed company, the parent company’s audit committee might establish internal audit requirements for its subsidiaries as part of group-level governance.
Key Implementation Requirements for Internal Audit of Private Companies
For qualifying private companies, these are the requirements of an internal audit:
- The audit committee or board formulates the scope, functioning, and methodology of the internal audit
- The board must appoint an internal auditor.
- The internal auditor should be a Chartered Accountant (CA), cost accountant, or other professional as decided by the Board, ideally with expertise in financial and operational audits.
- A statutory auditor cannot be appointed as the internal auditor, as it may lead to a conflict of interest.
- The auditor can be a qualified individual from within the company (internal auditor) or an external professional or firm specializing in audits such as PKC Management Consulting.
- The auditor must operate independently, and report to either the audit committee or directly to the board of directors.
- Internal audits can be conducted quarterly (high-risk businesses), annually or bi-annually (stable businesses with lower risk exposure), based on company size, industry, and risk factors.
Role of Auditor in Conducting Private Limited Company’s Internal Audit
The primary responsibility of an internal auditor is to evaluate the effectiveness of internal controls, risk management, and operational processes to help management make informed decisions.
Here’s an overview of their role in a private company:
- Conducting Independent Assessments: Internal auditors evaluate the company’s financial and operational processes, risk management practices, and compliance with laws and regulations.
- Evaluating Internal Controls: Assess the effectiveness of internal control systems to ensure compliance with company policies and regulatory requirements.
- Risk Assessment and Management: Identify financial, operational, and compliance risks and suggest mitigation strategies to improve governance.
- Financial Review and Accuracy: Examine financial records, transactions, and reporting processes to ensure accuracy and transparency in financial statements.
- Compliance with Laws and Regulations: Ensure the company adheres to statutory and regulatory requirements, including the Companies Act, 2013, taxation laws, and industry-specific regulations.
- Fraud Detection and Prevention: Identify potential fraud risks, investigate suspicious transactions, and recommend preventive measures.
- Operational Efficiency and Cost Optimization: Evaluate business processes to enhance efficiency, reduce costs, and improve overall performance.
- Reporting and Recommendations: Prepare audit reports highlighting key findings, risks, and corrective actions, and present them to management or the Board of Directors.
Penalties for Non-compliance with Internal audits for Private Companies
Private companies that fail to comply with internal audit requirements under Section 138 of the Companies Act, 2013 face several penalties.
The severity of penalties vary depending on:
- Extent and duration of non-compliance
- Whether the non-compliance was intentional or unintended
- History of previous compliance violations
- Cooperation with regulatory authorities during investigation
The penalties may include:
- The company and officers in default may be fined up to INR 10,000, with an additional fine of ₹1,000 per day for continuing violations.
- The Ministry of Corporate Affairs (MCA) may investigate the company’s financial records.
- Persistent non-compliance could lead to the disqualification of directors under Section 164 of the Companies Act.
- If non-compliance results in incorrect financial reporting or tax evasion, the company may face tax penalties and scrutiny under the Income Tax Act, 1961.
- Errors in financial records due to the absence of an internal audit may lead to penalties under GST laws.
- If the company has outstanding loans or borrowings above INR 100 crore and fails to conduct internal audits, lenders may restrict credit facilities or demand additional disclosures.
Voluntary Internal Audit of Private Companies
Even when not mandatory, many private companies adopt internal audits as a best practice to strengthen governance.
Here are a few reasons for this:
- Improved Risk Management: Identifies financial, operational, and compliance risks before they escalate.
- Fraud Prevention & Detection: Reduces the risk of financial fraud, misappropriation, or internal theft.
- Operational Efficiency: Evaluates business processes and recommends cost-saving measures.
- Regulatory Preparedness: Ensures compliance with tax laws, GST, labor laws, and corporate regulations.
- Investor Confidence: Builds trust among investors, banks, and stakeholders.
Frequently Asked Questions
1. Is internal audit mandatory for all private companies in India?
No. Internal audit is mandatory only for certain private companies that meet the criteria specified under Section 138 of the Companies Act, 2013. However, companies that do not meet these criteria may still opt for a voluntary internal audit to strengthen their financial controls and governance.
2. Which private companies are required to conduct an internal audit?
A private company must conduct an internal audit if it meets any one of the following criteria:
- Turnover of INR200 crore or more in the preceding financial year.
- Outstanding loans or borrowings of ₹100 crore or more from banks or public financial institutions at any time during the preceding financial year.
3. Who can be appointed as an internal auditor for a private company?
An internal auditor can be a CA, Cost Accountant, or any other qualified professional. They can be an employee of the company or an external professional firm specializing in audits.
4. Can a private company voluntarily conduct an internal audit?
Yes. Even if a company is not legally required to conduct an internal audit, it can voluntarily get one done. This helps improve risk management, fraud detection and operational efficiency.
5. How frequently should internal audits be conducted?
The frequency of internal audits depends on the size of the company, industry in which it is operating, and associated risk factors. Most companies conduct audits quarterly, bi-annually and annually.
