Internal Audit Applicability: Is It Mandatory for Your Business To Appoint Internal Auditior?
You may think your business is too small for internal audits. Or maybe you believe audits are only for listed companies. But what if you’re already legally required to have one and you don’t even know it?
Many Indian businesses fall under the internal audit applicability without realising it. Miss the signs, and you risk penalties, compliance issues, and financial blind spots.
In this blog, let’s break down exactly when internal audit becomes mandatory, who it applies to, and why it matters more than you think.
What is Internal Audit?
Internal audit is a process where a qualified professional reviews your company’s internal systems, finances, operations, compliance, and risk, and gives suggestions for improvement. The aim is to ensure everything is in order and running as expected.
This is not the same as a statutory audit (done at year-end). Internal audits happen throughout the year and are often tailored to your business needs.
Think of it as a preventive health check-up for your company, regular, independent, and useful.
Why Does the Internal Audit Applicability Matter?
First, let’s get the legal part out of the way. If your business crosses certain financial limits or falls into specific categories, you must appoint an internal auditor. It’s not optional. Ignoring this can lead to serious penalties.
But beyond that, the applicability of internal audit is important because it helps your business:
- Detect fraud and errors early
- Improve internal processes
- Build trust with investors and lenders
- Prepare better for external audits
- Aids in more accurate financial reporting
So, even if it is not mandatory for your business yet, it’s something you might want to consider seriously.
The Legal Framework: Section 138 of the Companies Act, 2013
The Companies Act, 2013 (Section 138) and Rule 13 of the Companies (Accounts) Rules, 2014 lay down when internal audits become mandatory.
According to this rule, certain companies must appoint a Chartered Accountant, Cost Accountant, or any other qualified professional to carry out an internal audit. This rule came into effect from 1st April 2014.
Now let’s talk about internal audit applicability limits.
What Are The Key Roles of An Internal Auditor?
- Risk Assessment – Assess the effectiveness of the company’s risk management system and identify potential risks.
- Compliance – Ensure the organization complies with relevant laws, regulations, and policies.
- Internal controls – It also assesses the internal control that protects the company’s assets and aims to strengthen them.
- Fraud detection and prevention – They play a crucial role in safeguarding the company’s assets by detecting and preventing fraudulent activities.
Internal Audit Applicability: Who Must Appoint an Internal Auditor?
The internal audit applicability limits depend on the type of company and some financial thresholds. Here’s a breakdown:
1. Listed Companies
If your company is listed on a stock exchange, then an internal audit is compulsory. No exceptions.Â
As per the recent update from SEBI for listed companies in India, RPTs (Related-Party Transactions) for listed companies now require certification by the CEO and CFO to the audit committee. This is to confirm that the terms between them are in the company’s best interest.Â
2. Unlisted Public Companies
If your unlisted public company fits any of the below, you must appoint an internal auditor:
- Turnover of ₹200 crore or more during the last financial year
- Paid-up share capital of ₹50 crore or more during the last financial year
- Outstanding loans or borrowings from banks or public financial institutions exceeding ₹100 crore at any point in time during the last financial year
- Outstanding deposits of ₹25 crore or more at any point in time during the last financial year
Even if you meet just one of these, the applicability of internal audit kicks in.
3. Private Companies
In the case of private limited companies, internal audit becomes mandatory if:
- Turnover is ₹200 crore or more during the last financial year, OR
- Loans or borrowings from banks or public financial institutions exceeded ₹100 crore at any point of time during the last financial year
Notice that for private companies, only two factors are checked: turnover and loans. If you meet either one, an internal audit is required.
Internal Audit Applicability: LLP vs Private Limited vs Public Companies
| Company Type | Is Internal Audit Mandatory? | Applicability Criteria |  Key Insights |
|---|---|---|---|
| LLP (Limited Liability Partnership) | Not mandatory under the Companies Act | No specific internal audit requirement under LLP Act | LLPs may still conduct internal audit voluntarily for governance, lenders, or investor requirements |
| Private Limited Company | Mandatory if any one threshold is met | – Turnover ≥ ₹200 crore in the previous FY – Loans/Borrowings ≥ ₹100 crore at any time during the previous FY | Small and early-stage startups usually fall outside mandatory limits. Compliance triggered mainly for mid- to large-sized private companies |
| Unlisted Public Company | Mandatory if any one threshold is met | – Paid-up Share Capital ≥ ₹50 crore – Turnover ≥ ₹200 crore – Loans/Borrowings ≥ ₹100 crore at any time – Deposits ≥ ₹25 crore at any time | Most growing public companies fall under mandatory internal audit due to wider compliance expectations |
| Listed Public Company | Always mandatory | No financial threshold — applies automatically once listed | Listed entities have the strictest governance norms; internal audit is compulsory irrespective of size |
Internal Audit Applicability: Voluntary vs Mandatory Compliance
Many companies that aren’t legally bound still go for internal audits. Why? Because the benefits are real. Internal audit helps:
- Find weaknesses before they become costly problems.
- Ensure compliance with tax laws and regulations.
- Improve decision-making with clear data.
- Boost investor confidence
That’s why even startups, MSMEs, and family-run businesses are now exploring internal audits voluntarily.Â
Internal audit isn’t a cost—it's a compass. It tells you where risks hide, and where your business can grow smarter
Applicability of Internal Financial Control & Reporting (ICFR)
Alongside internal audit, there’s another requirement under Section 134(5) of the Companies Act: internal financial control (IFC). All companies are expected to develop proper IFC systems to ensure reliable financial reporting.
For listed and unlisted public companies and the below-mentioned Private Companies, the applicability of internal financial control reporting is mandatory. They must state in their board report whether IFC systems are adequate and working properly.
Applicability of IFC for Private Companies:
- Which is not a small company or a one-person Company; or
- Has a turnover of more than 50 crore as per the latest audited financial statement, or borrowings of more than 25 crore from a bank or financial institutions or any body corporate at any point in time during the financial year; or
- Which has committed a default in filing the financial statements under section 137 of the Companies Act, 2013, or an annual return under section 92 of the Companies Act, 2013.
Internal Financial Control (IFC) Applicability Matrix
| Company Type | Trigger Criteria | Thresholds | IFC Reporting Mandatory? | Remarks & Insights |
|---|---|---|---|---|
| Listed Company | All listed entities as per Companies Act, 2013 | No financial threshold; applies automatically once listed | Yes | Must report in Board’s Report under Section 134(5) on adequacy and operating effectiveness of IFC |
| Unlisted Public Company | Turnover, borrowings, or filing defaults | Any ONE of the following: Turnover > ₹50 crore (latest audited FS) Borrowings > ₹25 crore from bank/FI/body corporate at any time in FY Default in filing financial statements under Sec. 137 or annual return under Sec. 92 | Yes | IFC ensures effective internal controls over financial reporting; separate from internal audit requirements |
| Private Company | Not a small company/OPC OR financial triggers met | Any ONE of the following: Turnover > ₹50 crore (latest audited FS) Borrowings > ₹25 crore from bank/FI/body corporate at any time in FY Default in filing under Sec. 137 or Sec. 92 | Yes | Small companies and OPCs exempt unless thresholds crossed or defaults made |
| Small Company / OPC | Meets criteria under Sec. 2(85) or Sec. 2(62) | Exempt unless thresholds above are crossed | No | May still voluntarily adopt IFC for governance improvements |
| Voluntary IFC Implementation | Board decision or best-practice adoption | No legal threshold | Optional | Often adopted by growing businesses to prepare for future compliance needs |
How Did M S N A & Associates Performed Risk Based Internal Audit?
Understanding Internal Audit Applicability and Eligibility of Internal Auditors
The Companies Act gives companies some flexibility. The internal auditor can be:
- A Chartered Accountant (CA)
- A Cost Accountant
- Or any other professional decided by the Board
They can either be an employee of the company or an external consultant. However, they cannot be the same person doing your statutory audit. There must be independence. M S N A & Associates LLP offers internal auditing services in India. Talk to our team today if you want any assistance with Internal Auditing for your company.
How To Appoint Internal Auditor?
Appointing an internal auditor isn’t a complex process, but it must follow the proper steps to stay compliant with the applicability of internal audit rules.Â
- First, the company must get written consent from the proposed auditor.
- Then, a board resolution should be passed in a meeting. If required, Form MGT-14 must be filed with the Registrar of Companies (ROC).
- After that, a formal appointment letter is issued, clearly stating the scope, time period, and fees.Â
If there’s an audit committee, they must approve the appointment before it’s finalized.
Internal Audit Applicability Under Companies Act: Penalties for Non-Compliance
If your business is required to have an internal audit and you skip it, penalties can follow.
As per Section 450 of the Companies Act:
- The company and every officer responsible can be fined ₹10,000
- If the issue continues, there’s a daily fine of ₹1,000
- The total penalty can go up to ₹2,00,000
In short, non-compliance isn’t worth the risk, especially when internal audits can actually protect your business.
What Is The Scope and Frequency of Internal Audit Under Internal Audit Applicability?
There’s no fixed format when it comes to internal audits. The scope and frequency usually depend on what the company needs and are decided by the Board or Audit Committee.Â
As per the applicability of internal audit, businesses can choose to conduct audits quarterly, half-yearly, or even monthly, based on their size and complexity.
The internal audit may cover areas like:
- Order to Cash
- Procure to Pay (Procurement)
- Fixed Assets Management
- Book Closure Process
- Statutory Compliance
- Treasury and Banking operations
- Inventory Management
- Information Technology General Controls
- Any other risks perceived by management
Penalties for Non-compliance with Internal audits
The Companies Act 2013 has no specific penalty section for non-compliance with internal audits mandated under Section 138. However, Section 450 applies in such cases.
- The company and any officer deemed responsible for non-compliance can be penalised.
- The initial penalty can be up to ₹10,000.
- If the non-compliance continues, an additional fine of ₹1,000 can be levied for each additional day.
-  Offences under Section 450 are compoundable. This means the company can approach the relevant authority and settle the penalty without going to court.
Final Thoughts on the Internal Audit Applicability for Your Business
If your business meets any of the conditions we discussed, the internal audit applicability isn’t optional; it’s the law. But even if it’s not mandatory, an internal audit offers real value. It gives you better oversight, improved financial control, and peace of mind.
Not sure if your company falls under the internal audit limits? Firms like ours can guide you through the rules and help you stay compliant, without making things complicated.
FAQs Related To Internal Audit Applicability
What is the purpose of internal audit as per companies act 2013?
According to the Companies Act 2013, an Internal audit ensures early detection of financial risk , compliance and internal control effectiveness.
What happens if a company skips mandatory internal audits?
According to section 450, the company can be penalised if a mandatory internal audit was not conducted.
How often internal audit should be conducted?
Internal audits can be done quarterly, half-yearly, annually, or sometimes, depending on the complexity of the business.
Is CA mandatory for internal audit?
Yes, the internal auditor should be a CA, Cost accountant or other related professional.Â
Is internal audit mandatory of private companies?
Yes, for some private companies whose turnover exceeds more than Rs 200 crore or borrowing exceeds Rs 100 crore, it is important to conduct internal audit.
Get Expert Help with Internal Audit Compliance
Discover more from MSNA & Associates LLP
Subscribe to get the latest posts sent to your email.
Pingback: How Internal Audit Is Conducted? Founder's Go-To Checklist
Pingback: 7 Essential Internal Controls for Manufacturing Companies in India
Pingback: Internal Audit for IT Firms: Essential Guidelines for Better Compliance - MSNA & Associates LLP
Pingback: Â AI and Auditing: Smarter Risk Detection with Human Oversight - MSNA & Associates LLP