Audit
July 16, 2026

Understanding Internal Audit Requirements Under the Companies Act, 2013

Explore the internal audit requirements set forth by the Companies Act, 2013, and their implications for corporate governance and compliance.

Internal audits play a crucial role in ensuring that companies comply with regulatory requirements and maintain effective governance practices. The Companies Act, 2013 lays down specific internal audit requirements that organizations must adhere to, particularly in the context of corporate compliance and risk management. Understanding these requirements is essential for Chief Information Security Officers (CISOs), compliance officers, and auditors to effectively navigate the complexities of corporate governance.

Overview of the Companies Act, 2013

The Companies Act, 2013 is a landmark legislation in India that governs the registration, regulation, and dissolution of companies. It replaced the earlier Companies Act, 1956 and introduced several reforms aimed at enhancing corporate governance, transparency, and accountability.

Key aspects of the Act include:

  • Corporate structure: Outlines the framework for the formation and operation of companies in India.

  • Regulatory authority: Establishes the Ministry of Corporate Affairs (MCA) as the primary regulatory body.

  • Compliance requirements: Specifies various compliance obligations for companies, including internal audits, corporate social responsibility, and financial disclosures.

Internal Audit: Definition and Purpose

An internal audit is an independent assessment of a company's operations and controls, designed to evaluate the effectiveness of risk management, control, and governance processes. The primary objectives of internal audits include:

  • Risk assessment: Identifying potential risks that could impact the organization.

  • Control evaluation: Assessing the adequacy and effectiveness of internal controls.

  • Compliance assurance: Ensuring adherence to laws, regulations, and internal policies.

Internal Audit Requirements Under the Companies Act, 2013

The Companies Act, 2013 mandates internal audits for certain classes of companies. The specific requirements are outlined in Section 138 of the Act, which states that companies meeting certain criteria must appoint an internal auditor.

Applicability of Internal Audit

Internal audit requirements are applicable to:

  • Listed companies: All companies listed on stock exchanges.

  • Public companies: Unlisted public companies with a paid-up share capital of ₹10 crore or more.

  • Private companies: Private companies with a paid-up share capital of ₹50 crore or more.

  • Turnover: Companies with a turnover of ₹100 crore or more.

  • Outstanding loans: Companies with outstanding loans or borrowings from banks or financial institutions of ₹50 crore or more.

Appointment of Internal Auditors

The internal auditor must be a qualified professional, such as a Chartered Accountant (CA) or a Cost Accountant, and must be appointed by the Board of Directors. The appointment should be approved by the company’s audit committee, if applicable.

Role and Responsibilities of Internal Auditors

The internal auditor's role encompasses various responsibilities, including:

  • Evaluating risk management practices: Assessing the company's risk management framework.

  • Reviewing financial statements: Ensuring the correctness and compliance of financial records.

  • Assessing compliance: Evaluating adherence to laws, regulations, and internal policies.

  • Reporting findings: Providing insights and recommendations to the Board and management.

Internal Audit Reports and Disclosure

The findings from internal audits must be documented in a report, which should be submitted to the Board of Directors. The report typically includes:

  • Findings: A summary of the audit results and identified issues.

  • Recommendations: Suggested actions to address any weaknesses or gaps.

  • Follow-up actions: A plan for monitoring the implementation of recommendations.

The internal audit report is a vital tool for ensuring transparency and accountability within the organization.

Comparison of Internal Audit Requirements for Different Company Types

Understanding the differences in internal audit requirements for various types of companies can help organizations comply with the Companies Act, 2013. The following table outlines the key distinctions:

Company TypePaid-up Capital RequirementTurnover RequirementLoans/Borrowings RequirementInternal Audit Mandate
Listed CompaniesAnyAnyAnyMandatory
Unlisted Public Companies₹10 Crore or moreAnyAnyMandatory
Private Companies₹50 Crore or more₹100 Crore or more₹50 Crore or moreMandatory
Other CompaniesNot applicableNot applicableNot applicableNot mandatory

Challenges and Best Practices in Internal Audits

Implementing an effective internal audit function can present challenges, including:

  • Resource constraints: Limited availability of qualified internal auditors.

  • Integration of technology: Difficulty in leveraging advanced technology for audits.

  • Regulatory changes: Keeping up with evolving regulations and compliance requirements.

To overcome these challenges, organizations should consider the following best practices:

  • Invest in training: Continuous professional development for internal auditors.

  • Leverage technology: Utilize AI-powered auditing tools to enhance efficiency.

  • Establish clear communication: Foster collaboration between auditors, management, and the Board.

Key takeaways

  • The Companies Act, 2013 mandates internal audits for specific classes of companies.

  • Internal auditors must be qualified professionals, typically CAs or Cost Accountants.

  • The internal audit report is essential for ensuring transparency and accountability in governance.

  • Understanding the differences in internal audit requirements across company types is crucial for compliance.

  • Organizations should invest in technology and training to enhance their internal audit functions.

#companies act 2013
#internal audit
#corporate governance
#compliance
#risk management
#auditor responsibilities
#indian regulations

Ready to operationalize your compliance program?

ComplianceHQ unifies your regulations, controls, evidence, risks and audits — powered by AI. Start free or book a personalized demo.