Expert verified The role of audit committee in internal audit in India is a critical one. They help ensure effective internal audits, foster transparency, and manage risks within organizations.
Explore with us how audit committees contribute to stronger internal audits and better organizational outcomes.
Breakdown of Audit Committees & the Legal Framework Governing Them
An Audit Committee in India is a specialized sub-committee of the Board of Directors.
It is often referred to as a “watchdog” since it’s primarily responsible for overseeing a company’s financial reporting process, statutory audit compliance, internal controls, and auditing activities.
Who Needs an Audit Committee?
In India, audit committees are mandatory for specific types of companies. including:
- All listed companies (companies listed on the stock exchange)
- Public companies that meet any one of the following criteria:
- Paid-up capital of ₹10 crore or more.
- Annual turnover of ₹100 crore or more.
- Outstanding loans, borrowings, debentures, or deposits exceeding ₹50 crore.
In some cases, private companies may also need to establish an Audit Committee if they meet these financial thresholds.
Composition of the Audit Committee
The composition of an audit committee is designed to ensure independence and objectivity. Its members must include:
- Minimum Members: Must have at least three members
- Independent Directors: Majority members (including the Chairperson) must be independent directors, meaning they are not involved in the daily management of the company.
- Financial Expertise: All members must be financially literate, with at least one having accounting or financial expertise.
- Chairperson: Must be an independent director, and they must be present at the Annual General Meeting (AGM) to answer any shareholder queries.
For listed companies, the composition is stricter:
- At least two-thirds of the members must be independent
- All members must be financially literate, with one having accounting expertise
Legal Framework Governing Audit Committees in India
Let’s take a look at the laws structuring the functioning of audit committees:
1. Companies Act, 2013 – Section 177
- Mandates certain categories of companies, including all listed companies, to have an audit committee. Also, public companies meeting certain financial thresholds are also required to form one.
- Committee must have a minimum of three directors, with a majority being independent directors. The chairperson must also be independent.
- Specifies the committee’s powers, including overseeing financial statements, and reviewing the company’s internal financial controls.
2. SEBI (LODR) Regulations, 2015
- Committee reviews financial disclosures to ensure accuracy and transparency.
- Evaluates auditor independence, preventing conflicts of interest, and ensures non-audit services don’t compromise objectivity.
- Audit Committee oversees the whistleblower mechanism for anonymous reporting of unethical or fraudulent activities.
3.Institute of Chartered Accountants of India (ICAI) Guidelines
- Provides (not mandatory) best practices and guidelines for audits, helping companies align with international standards and corporate governance norms.
4. Enforcement and Oversight
- National Financial Reporting Authority (NFRA): Regulates auditing standards and ensures compliance.
Securities and Exchange Board (SEBI): Enforces compliance with regulations and can penalize listed entities for non-compliance.
Key Role & Responsibilities of the Audit Committee in Internal Audit
The audit committee plays a central role in overseeing the internal audit function within a company. Here are their roles and responsibilities:
1. Oversight of Internal Audit Function
It holds the overall responsibility for internal audit function, making sure it operates independently and effectively and identifies weaknesses.
Key responsibilities include:
- Provide guidance on internal audit’s scope, resources, and access to necessary information.
- Evaluate whether the internal audit function has the right structure and capabilities to meet its objectives, ensuring alignment with business goals.
- Ensures that internal audit has the authority to carry out audits without interference from management, enabling unbiased results.
2. Approving Internal Audit Plans
It ensures that the audit plan is comprehensive and is in sync with the company’s strategic objectives and directed towards high-risk areas.
It reviews and approves the annual internal audit plan which defines:
- Areas of focus for the audit based on risk assessments
- Frequency of audits, and whether any area needs more frequent review
- Approach to be used for audits
3. Ensuring Independence of Internal Auditors
One of the core responsibilities of the audit committee is to safeguard the independence of internal auditors. This is needed for unbiased and objective assessments, that lead to reliable audit outcomes.
This includes:
- Ensuring internal auditors report directly to the committee and not to management
- Making sure internal auditors are not auditing areas where they may have conflicts of interest (e.g., auditing departments they were previously involved with)
- Ensuring auditors are free from any potential backlash for their internal audit findings
4. Appointing and Removing Internal Auditors
It is involved in the recommendation of appointment, evaluation, and removal of the Chief Internal Auditor (CIA) or the internal audit firm.
The main goal is to make sure that the internal auditors are competent and independent, strengthening the quality and integrity of the audit process.
This responsibility includes:
- Recommending the hiring of the CIA or the selection of an internal audit firm like PKC Management Consulting
- Regularly assessing the performance and independence of the internal audit function.
- If necessary, they have the authority to remove the internal auditor to maintain objectivity and credibility.
5. Overseeing Risk Management Through Audit
By overseeing risk management through internal audits,it helps proactively address financial, operational, and compliance risks. This safeguards the company from any losses.
The committee uses the internal audit findings to:
- Review how well the risk management framework is identifying and addressing risks.
- Identify new or emerging risks, ensuring these are handled by taking appropriate actions
6. Handling Whistleblower Complaints
A strong whistleblower policy is needed to build transparency and accountability. This prevents unethical practices and builds a culture of integrity within the company.
In this regard, the audit committee’s responsibilities include:
- Ensuring employees can report concerns directly to the Audit Committee, often anonymously
- Ensuring thorough, confidential, and impartial investigations into complaints, especially those concerning financial fraud or misconduct.
7. Reviewing Internal Audit Reports
Audit Committee regularly reviews internal audit reports to:
- Assess critical audit findings, including any weaknesses in internal controls or operational inefficiencies.
- Scrutinize how management is addressing the audit’s findings and ensure corrective actions are taken promptly.
- Track the status of unresolved issues, ensuring they are addressed in a timely manner.
8. Regular Interaction with Auditors
It maintains regular communication with both internal and external auditors. These meetings, which often occur without management present, allow auditors to:
- Discuss concerns, findings, or challenges they may face in their audits.
- Highlight any management resistance or issues affecting the audit process
9. Evaluation of Internal Controls
The audit committee evaluates the adequacy and effectiveness of the company’s internal controls, with a particular focus on:
- Identifying any weaknesses or breakdowns in financial or operational controls.
- Ensuring the internal controls are strong enough to prevent fraud and material misstatements.
How An Audit Committee Appoints an Internal Auditor?
As discussed above, one of the key roles of an audit committee is appointing an internal auditor. Here’s how this usually happens:
- Assessing Necessity: The Audit Committee first determines whether the appointment of an internal auditor is required under Section 138 of the Companies Act, 2013 for the company.
- Shortlisting Candidates: The committee identifies suitable candidates or firms, ensuring they are independent from management and possess the necessary expertise, experience, and knowledge of Indian accounting standards.
- Evaluating Proposals: If outsourcing, the committee reviews proposals from firms, considering factors like cost, value, and any potential conflicts of interest.
- Interviews: The committee may interview candidates to assess their approach to risk-based auditing, their handling of sensitive situations, and their overall fit for the company.
- Recommendation to the Board: Once the committee finalizes a candidate, it recommends the appointment to the Board of Directors for approval.
- Board Approval: The Board formally approves the internal auditor, following the committee’s recommendation.
- Formal Appointment: After Board approval, the appointment letter is issued.
How Audit Committees Review Internal Audit Reports?
Here’s how usually the audit committee evaluates the internal audit reports:
- Receive the Report Before the Meeting
The internal audit reports are submitted to the Audit Committee in advance of the scheduled meeting.
This allows the committee members time to review the content, flag concerns, and prepare questions for management.
- Understand the Risk Areas & Review Red Flags & Control Failures
The Audit Committee examines the internal audit findings to identify control gaps, policy violations, fraud risks, IT weaknesses, and operational inefficiencies.
Each issue is evaluated for its severity, root cause, and its occurrences in the past.
- Discussion with Internal Auditors:
The Audit Committee meets with the internal auditors to discuss the report in detail.
They question and request clarifications, in most cases without management present, to ensure transparency.
- Request Explanations & Action Plans from Management
The committee calls in department heads or the CFO to explain the issues and provide action plans with deadlines for resolution.
They expect a clear timeline for fixes.
- Track Follow-Ups from Previous Reports
The committee tracks unresolved issues from previous audits.
If past recommendations remain unaddressed, they raise concerns and escalate actions.
- Use Reports to Improve Risk Management
Beyond identifying problems, the committee uses the findings to strengthen internal controls, reduce fraud risks and improve governance
The committee treats internal audit reports as tools for ongoing improvement in risk management and operational efficiency.
Here’s an example of what the audit committee looks at in a report:
| Audit Report Section | Audit Committee Focus |
| Executive Summary | Key risks and highlights |
| Audit Scope | Was it thorough and risk-based? |
| Observations | Any high-risk issues or repeat problems? |
| Root Cause Analysis | Why did it happen? |
| Management Response | Are the fixes real and on time? |
| Follow-Up Items | Were past issues resolved or ignored? |
Challenges Faced by Audit Committees in India
❌Independence Compromises: Subtle pressure from management or promoters may compromise the Audit Committee’s objectivity, interfering with its ability to challenge financial or control issues effectively.
❌Resource Constraints: Audit Committee members often serve on multiple boards. This may limiting their ability to devote time and expertise to complex issues which require specialized knowledge.
❌Information Overload: Audit Committees often receive large volumes of financial reports close to meetings, reducing their ability to review and analyze the documents meaningfully.
❌Third-Party Risks: Limited oversight of critical third-party vendors exposes companies to potential conflicts, data breaches, or operational failures, as the committee may not always be aware of external risks.
❌Managing Whistleblower Complaints: Handling sensitive whistleblower complaints requires a high degree of confidentiality, impartiality, and legal understanding. This can be a challenging for the committee
❌Technology Gaps: Rapid digitalization introduces complex fraud risks that may outpace the Audit Committee’s ability to audit, especially in emerging technologies like AI or UPI.
Best Practices for Audit Committees Overseeing Internal Audits
✅ Risk-Based Audit Plans: Review and approve annual internal audit plans based on a comprehensive risk assessment that prioritizes high-risk areas like fraud and cybersecurity.
✅ Mandatory Private Meetings: Hold quarterly private meetings with internal auditors to discuss findings and issues candidly, without management’s presence.
✅ Whistleblower Vigilance: Oversee whistleblower mechanisms and ensure timely investigation of complaints, particularly those related to fraud or misconduct.
✅Tech-Driven Audits: Leverage advanced technologies like data analytics (Power BI, AI) to conduct real-time audits and detect anomalies more efficiently.
✅ Third-Party Audits: Collaborate with external specialist firms like PKC Management Consulting for areas outside the committee’s expertise, while ensuring overall oversight.
✅ Continuous Training: Ensure that Audit Committee members and internal auditors undergo regular training on evolving topics like Ind AS, cybersecurity risks, and ESG regulations to stay current with industry best practices.
✅Insist on Actionable Recommendations: Ensure that internal audit reports contain clear, actionable recommendations and hold management accountable for the timely and effective implementation of corrective actions.
FAQs on Role of Audit Committee in Internal Audit in India
1. What is the role of the audit committee in internal audit in India?
The audit committee oversees internal audits, ensuring that risks, controls, and compliance issues are properly reviewed. It acts as an independent layer between management and auditors to maintain accountability.
2. Is it mandatory to have an audit committee in Indian companies?
Yes, under Section 177 of the Companies Act, 2013, all listed and certain public companies must form an audit committee. This ensures strong internal controls and better corporate governance.
3. Who appoints internal auditors in Indian companies?
The audit committee is responsible for recommending the appointment, remuneration, and terms of internal auditors. This maintains independence and avoids conflict of interest.
4. How often should the audit committee meet with internal auditors?
SEBI mandates audit committees to meet at least four times a year. In practice, they often meet quarterly to review audit findings and risk assessments.
5. Can internal auditors report directly to the audit committee?
Yes, internal auditors can and should report directly to the audit committee for maximum independence. This avoids management interference and supports transparency.
