Internal audit is a systematic and independent evaluation of an organization’s internal controls, risk management processes, and governance mechanisms. It is conducted by internal auditors who are employees of the organization or external consultants engaged specifically for this purpose.
Under the Companies Act, internal audit is not explicitly mandated for all companies in India. However, certain provisions and guidelines suggest the importance of internal controls and audit processes within organizations to ensure transparency, accountability, and effective risk management. Here’s an overview of internal audit as per the Companies Act, focusing on its relevance and implications:
Objectives of Internal Audit
- Evaluate Internal Controls: Assess the effectiveness and adequacy of internal controls in safeguarding assets, ensuring accuracy of financial reporting, and compliance with laws and regulations.
- Risk Management: Identify and evaluate risks faced by the organization, including operational, financial, and compliance risks, and recommend mitigating measures.
- Operational Efficiency: Review operational processes and procedures to enhance efficiency, effectiveness, and achievement of organizational objectives.
- Compliance: Ensure adherence to company policies, procedures, and regulatory requirements, including those related to financial reporting and corporate governance.
- Fraud Detection: Detect and prevent fraud or misconduct within the organization through proactive monitoring and investigation.
Key Components of Internal Audit
1. Audit Planning and Risk Assessment
- Define audit objectives, scope, and methodology based on risk assessment and materiality.
- Identify key risk areas and prioritize audit activities accordingly.
2. Audit Execution
- Conduct fieldwork, which includes gathering evidence, performing tests, and evaluating controls and processes.
- Use techniques such as interviews, document reviews, and data analysis to assess operations and compliance.
3. Reporting and Communication
- Prepare audit findings and recommendations in a formal audit report.
- Communicate findings to management and stakeholders, highlighting areas for improvement and corrective actions needed.
4. Follow-Up and Monitoring
- Track implementation of audit recommendations and verify effectiveness of corrective actions.
- Provide ongoing support and advisory services to management on risk management and control issues.
Types of Internal Audits
- Financial Audit: Focuses on financial transactions, accounting records, and compliance with accounting standards and policies.
- Operational Audit: Evaluates operational processes and efficiency across departments or functions to identify opportunities for improvement.
- Compliance Audit: Ensures adherence to laws, regulations, and internal policies governing the organization’s operations.
- Information Technology (IT) Audit: Reviews IT systems, controls, and security measures to protect data integrity and mitigate cyber risks.
Relevance of Internal Audit under the Companies Act
1. Corporate Governance Requirements
- Section 134(5)(f) of the Companies Act, 2013, requires the Board of Directors of certain companies to state in their directors’ responsibility statement that they have laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and operating effectively.
- While this does not explicitly mandate an internal audit, it emphasizes the need for robust internal controls and periodic evaluations thereof.
2. Financial Reporting and Compliance
- Section 143(3)(i) mandates the statutory auditor of a company to include in their audit report whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
- This requires companies to have effective internal controls over financial reporting, which may necessitate internal audit activities to ensure compliance and effectiveness.
3. Listed Companies and Other Entities
- SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 mandate certain listed companies to establish an internal audit function and report on its adequacy and effectiveness to the Audit Committee and the Board.
- Insurance companies and banks are also required by their respective regulators (IRDAI and RBI) to maintain internal audit functions as part of their regulatory compliance.
4. Fill in the ITR Form
- Accurate Financial Disclosure: Ensure all financial information provided in the bankruptcy petition is accurate and complete.
- Legal Guidance: Seek legal advice from a qualified bankruptcy attorney to navigate the complexities of the bankruptcy process.
- Timely Compliance: Comply with all court deadlines and requirements to avoid dismissal of the bankruptcy case.
- Asset Protection: Understand which assets are exempt and take steps to protect them within the bounds of the law.
- Post-Bankruptcy Planning: Develop a financial plan to rebuild credit and manage finances post-bankruptcy.
Role and Scope of Internal Audit under Companies Act
- Risk Assessment and Management: Conduct risk assessments to identify and prioritize risks faced by the company, including operational, financial, and compliance risks.
- Internal Controls Evaluation: Evaluate the adequacy and effectiveness of internal controls, including financial controls, operational controls, and compliance with company policies and regulatory requirements.
- Compliance Assurance: Ensure compliance with laws, regulations, accounting standards, and internal policies through regular audits and assessments.
- Operational Efficiency: Review operational processes and procedures to identify inefficiencies, weaknesses, and opportunities for improvement.
- Reporting and Recommendations: Prepare audit reports detailing findings, recommendations, and corrective actions for management and the Audit Committee to enhance governance and mitigate risks.
Benefits of Internal Audit
- Enhanced Controls and Governance: Strengthen internal controls and governance frameworks to mitigate risks and safeguard organizational assets.
- Improved Operational Efficiency: Identify inefficiencies in processes and recommend improvements to streamline operations and reduce costs.
- Risk Mitigation: Proactively identify and address risks to minimize their impact on the organization’s objectives and reputation.
- Compliance Assurance: Ensure compliance with regulatory requirements, industry standards, and internal policies through regular audits and assessments.
Implementation and Best Practices
- Establishment of Internal Audit Function: Companies may establish an internal audit department or engage external consultants to perform internal audit activities based on their size, complexity, and regulatory requirements.
- Audit Committee Oversight: The Audit Committee plays a crucial role in overseeing internal audit activities, reviewing audit plans, reports, and ensuring implementation of audit recommendations.
- Professional Standards: Internal auditors should adhere to professional standards and guidelines set by the Institute of Internal Auditors (IIA) or other relevant professional bodies.
- Continuous Improvement: Regularly review and update internal audit processes and methodologies to adapt to changing business environments, emerging risks, and regulatory requirements.
While internal audit is not universally mandated for all companies under the Companies Act, its importance in ensuring effective governance, risk management, and compliance cannot be understated. Companies, particularly listed entities and those in regulated sectors, should establish robust internal audit functions to enhance transparency, operational efficiency, and stakeholder confidence. By adhering to internal audit best practices and leveraging audit findings for continuous improvement, companies can strengthen their internal controls and achieve sustainable growth and compliance with regulatory expectations.
At Ujjwal Gupta & Co
We, at Ujjwal Gupta & Co, are dedicated to delivering personalized, high-quality solutions tailored to meet your financial and business needs. With our team of professionals and a client-first approach, we ensure that every challenge is met with expert guidance and strategic insight.
We are dedicated to ensuring your business’s success by providing best service practice available in the industry and that too at a cost effective pricing. Our team of experts is excited to work with you and provide the support you need to thrive in the Indian business landscape.
Our only motive is to create Value for Our Clients and accordingly, have a Client Value System at our Office.
So, let us help you navigate the complexities of finance and compliance, empowering you to focus on what matters most — growing your business. Get in touch today, and take the first step towards financial peace of mind.
An internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps a company assess and enhance the effectiveness of its risk management, control, and governance processes.
No, internal audit is not mandatory for all companies. However, under Section 138 of the Companies Act, 2013, internal audit is mandatory for:
- Listed companies.
- Public companies with a turnover of ₹200 crore or more, or loans exceeding ₹100 crore.
- Private companies with a turnover of ₹200 crore or more, or loans exceeding ₹100 crore.
- Certain categories of companies like banks, insurance, and NBFCs are also required to conduct internal audits as part of sectoral regulations.
The purpose of an internal audit is to provide an independent evaluation of the company’s internal controls, risk management processes, and governance systems. It identifies weaknesses or inefficiencies and suggests improvements to strengthen controls, reduce risk, and ensure regulatory compliance.
Internal audits can be conducted by an internal auditor, who may be an in-house professional or an independent firm. The internal auditor should have the necessary skills and expertise in auditing, risk management, and compliance. Unlike statutory auditors, internal auditors do not need to be Chartered Accountants (CAs), but they should have relevant qualifications such as those from the Institute of Internal Auditors (IIA).
The scope of an internal audit includes:
- Reviewing the internal controls and processes across various functions (finance, operations, IT, etc.).
- Assessing risk management practices.
- Checking for compliance with laws, regulations, and policies.
- Reviewing the effectiveness and efficiency of the business operations.
- Identifying fraud risks or irregularities and suggesting corrective actions.
- Internal audit is a continuous, risk-based review that focuses on improving the efficiency of internal processes and controls, while a statutory audit is an annual, legal requirement focused on the accuracy of financial statements.
- Internal audits are conducted by in-house auditors or consultants, whereas statutory audits must be conducted by external, independent auditors.
- Internal audit reports are used by management to improve internal systems, while statutory audit reports are shared with shareholders and regulatory authorities.
Key areas covered in an internal audit include:
- Financial controls (e.g., reviewing accounting systems, cash flow management, and financial reporting).
- Operational processes (e.g., efficiency of production, procurement, and inventory management).
- Compliance with regulatory requirements (e.g., tax laws, labor laws, and sector-specific regulations).
- Risk management and corporate governance.
- IT systems and data security.
- Fraud detection and prevention.
An internal auditor’s role includes:
- Identifying areas of weakness or risk within the company’s operations.
- Evaluating the adequacy of internal controls and making recommendations for improvement.
- Monitoring compliance with company policies and legal requirements.
- Reporting findings to management and the audit committee.
- Assisting in the mitigation of risks and providing solutions for operational inefficiencies.
A risk-based internal audit (RBIA) focuses on the areas of highest risk within an organization, rather than covering every aspect of the business in detail. By prioritizing risks (such as financial, operational, or reputational risks), internal auditors help management allocate resources more effectively to address areas that could have the most significant impact on the company’s success or compliance.
The benefits of internal audit include:
- Improved internal controls: Internal audit identifies weaknesses in internal processes and provides recommendations for improvement.
- Enhanced risk management: It helps organizations better understand and mitigate risks.
- Operational efficiency: Internal audit reviews can identify process inefficiencies and suggest ways to reduce costs or improve productivity.
- Compliance assurance: It ensures that the company adheres to statutory requirements and internal policies, reducing the risk of penalties.
- Fraud detection: By examining internal processes, internal audits can help detect or prevent fraud or other financial irregularities.
Why Choose UGC?
Client Centric Approach
Client is the key driver of our service offerings. Our approach to service offerings is based on a client centric and customized approach. Our specialized teams are a mix of technical and industry experience in order to serve clientele for their specific needs.
Team Work
We have built high performing teams supported by strong work ethic. Our team is a mix of experts, professionals and support staff from technical and varied academic, social and ethnic backgrounds. We believe diversification plays a vital role in motivating the team.
Quick Turnaround
We always endeavour for a quick turnaround time to serve our clientele. We are supported by an experienced and client focussed support teams to offer timely services to our clientele. In case of any business exigencies and time sensitive service requirements, you can always count on us.
Open Communications
We believe that open communication is the core principle in order to demonstrate trust, build long lasting and valuable relationships with clientele. We are committed to ensuring transparency in communication, service offerings and delivery. We provide professional services to our clients.
Client Value System
We value for the Client time and thus, we offer services that are value for money. Quality professional services are provided to our clients, so that they are able to achieve their desired results. We are a quality trademark in the industry and thus, our clients count on us always.
Quality in Delivering Work
Our service offerings are driven by quality and reviews at every level. We strive to provide a qualitative and value-added delivery to our clientele. At all times, we endeavour to provide exceptional client service by meeting client expectations and driving client satisfaction.