Internal
Audit
An internal audit evaluates your company's internal controls, governance, and risk management processes - mandatory for certain classes of companies under Section 138 of the Companies Act, 2013, and a powerful management tool for everyone else. It's not about ticking a compliance box - it's about catching inefficiencies, fraud risks, and control gaps before they become bigger problems. We assess your applicability, define the right scope, and deliver actionable findings your Board can act on.
SCOPING SESSION · AUDIT COMMITTEE CONSULTATION
Who needs an internal audit - and who's exempt
Section 138 applies by threshold, not by listing status alone. A few categories are carved out entirely - though we'd still recommend a voluntary review.
All Listed Companies
Mandatory regardless of size or thresholds.
Unlisted Public Co.
Turnover ≥ ₹200 Cr or paid‑up capital ≥ ₹50 Cr.
Private Companies
Turnover ≥ ₹200 Cr or borrowings ≥ ₹100 Cr.
One Person Companies
Specifically exempted under Section 138.
Small Companies
Capital ≤ ₹50L, turnover ≤ ₹2Cr, loans ≤ ₹1Cr.
Dormant Companies
No active business - exempt from Section 138.
What our internal audit covers
Our 5‑step process
Applicability & Scope Assessment
We determine whether Section 138 applies to you, and if not, recommend a scope tailored to your business needs and risk appetite.
Audit Planning with Audit Committee / Board
Scope, periodicity, and methodology are formulated in consultation with your Audit Committee or Board, as required by law.
Fieldwork & Process Walkthroughs
Our team reviews processes, interviews key personnel, and tests controls across selected functions and departments.
Findings & Risk Prioritisation
Observations are categorised by risk severity, with clear, practical recommendations for remediation.
Reporting to the Board
A structured Internal Audit Report is presented to the Board, with follow‑up tracking on action items.
Internal audit vs statutory audit
| Aspect | Internal Audit | Statutory Audit |
|---|---|---|
| Governing Section | Section 138 | Section 143 |
| Mandatory For | Threshold‑based companies | Every registered company |
| Conducted By | CA, CMA, or Board‑approved professional | Independent CA / CA firm (ICAI) |
| Reports To | Audit Committee / Board | Shareholders at AGM, then ROC |
| Primary Focus | Controls, risk, operations | Financial statement accuracy |
| Frequency | Quarterly / Half‑yearly / Annual | Annual |
A governance signal that pays for itself
Investor & Lender Confidence
Strong internal controls signal governance maturity - directly impacting valuation and term sheet negotiations at funding rounds.
Catch Problems Before They Scale
Identify fraud risks, process inefficiencies, and control gaps early - before they become costly to fix.
Stronger Financial Reporting
Better internal controls translate to cleaner books, fewer surprises during your statutory audit, and faster closings.
Voluntary Adoption, Real Edge
Even pre‑funding startups and growing private companies benefit from voluntary internal audits as a governance signal.
Builds a Scalable Foundation
Documented processes and controls make it easier to onboard new finance staff, auditors, and investors as you grow.
Penalty for non‑compliance
The Companies Act has no specific penalty clause for skipping a mandatory internal audit - but general Section 450 applies: an initial fine of up to ₹10,000 for the company and responsible officers, plus ₹1,000 for each additional day of continuing default. The offence is compoundable, but it's a flag that invites further regulatory scrutiny.