In today’s complex business environment, organizations need to be well-prepared to face new challenges and adapt to market dynamics while remaining competitive and sustainable. In such a situation, an internal audit is important for all organizations regardless of size, structure, or industry. It helps in the identification and assessment of potential risks, improves efficiency, and ensures legal and ethical compliance.  Additionally, it helps the management in informed decision-making. This article delves into the meaning, benefits, and applicability of internal audit. Further, the scope of the internal audit and the procedure for the appointment of the internal auditor is also discussed. 

Let us begin by discussing the meaning of internal audit in detail. 

What is Internal Audit?

Internal audit is an independent consulting activity that adds value to an organization and improves its overall operations. In other words, it is a disciplined and systematic approach that brings improvement in the control processes of an organization and helps in the achievement of desired objectives. 

It is an audit on behalf of the management of an organization to check – 

  • whether the internal controls within the organization are adequate and effective;
  • the timeliness and accuracy of financial reports and other records; and
  • whether the different units of the organization comply with the policies and procedures or not. 

Therefore, Internal audit is a process that assesses different aspects of the business to ensure that it is operating ethically, efficiently, and in compliance with applicable rules and regulations. 

Section 138 of the Companies Act, 2013, and the Companies (Accounts) Rules, 2014 govern the internal audit of companies in India.

Scope of Internal Audit

The scope of internal audit is not prescribed specifically under the Companies Act, 2013 or the governing rules. 

However, Rule 13(2) of the Companies (Accounts) Rules, 2014 provides that the internal auditor shall formulate the – 

  • scope;
  • functioning;
  • periodicity; and
  • methodology 

for conducting the internal audit together with the audit committee (if any) or Board of directors of the company. 

Generally, the scope of an internal audit depends on the strength of the internal controls within an organization. If proper internal control systems are in place and effective, then the requirement for checking is reduced but if the internal control mechanism is weak then the scope widens, and extensive checking is required.

Broadly, internal audit includes –

  • Review and evaluation of financial transactions 
  • Assessment of procedures and operations of the organization 
  • Review of compliance with different laws and regulations 
  • Assessment of risk management processes 
  • Review of security and integrity of the IT systems 
  • Evaluation of environmental and social responsibility practices adopted by the organization 
  • Verification of adherence with internal policies and procedures by the employees, etc. 

Objectives of Internal Audit

The following are the objectives of Internal audit. 

Evaluation of Internal Control

Evaluation of the organization’s internal control is the primary goal of an internal audit. It involves evaluating the efficacy of an organization’s systems and procedures, data accuracy, and compliance with rules and regulations.

Further, internal auditors identify errors, provide recommendations, and assist in strengthening internal control procedures to reduce risks and improve efficiency. 

Safeguarding of Assets

Another objective of internal audit is to safeguard the assets of the organization. Internal auditors verify the ownership and existence of assets by physically inspecting the assets and reconciling the records. This helps in ensuring that the assets are not lost, misappropriated, or inaccurately recorded.  

Detection of Error

Internal audit also helps in the detection of errors in the preparation and maintenance of accounting records. It involves a comprehensive review of financial transactions that aids in identifying the inaccuracies and discrepancies in the records. 

Therefore, errors can be detected beforehand leading to the preparation of accurate financial statements. 

Prevention of Fraud

Internal audit also helps in the identification and prevention of fraud as it involves the assessment of internal controls of the organization. Further, it includes activities like monitoring transactions, checking division of work, risk assessment, etc. which promotes a culture of vigilance within the organization and keeps a check on its employees. 

Additionally, internal auditors identify and address the vulnerabilities which reduces the organization’s exposure to fraud and protects its assets and reputation in the market. 

Support to Management

Another objective of internal audit is to provide support to the management of an organization. Internal auditors conduct assessments of financial and operational controls of the organization which helps the management in several ways. 

It aids in – 

  • informed decision-making;
  • improving different processes; and 
  • enhancing the overall efficacy of the organization. 

Benefits of Internal Audit

The following are the benefits of internal audit. 

Effective Control

Internal auditing aids in the establishment of effective control over an organization’s operations. It enables management to monitor and regulate numerous processes and activities to ensure that they are in line with the aims and objectives of the organization. 

This control ensures that resources are spent efficiently, risks are minimized, and regulations and policies are followed. 

Improves Accountability

Internal audit also improves accountability within an organization. Internal auditors hold individuals and departments accountable for their actions and choices by monitoring and assessing processes and functions on a regular basis. 

This accountability promotes a culture of transparency and responsibility, encouraging ethical behavior and decreasing the likelihood of fraud. 

Improves Performance

Internal audit is an instrument for assessing and improving performance. Organizations can improve efficiency and effectiveness by identifying areas where improvements are required. These improvements can result in cost savings, better productivity, and a more competitive market position.

Helps in External Audit

The work of the internal auditor assists the external auditor like the statutory auditor in carrying out the audit. Internal and external audit procedures are nearly identical and therefore, external auditors review the internal audit report before commencing their audit. In simple words, an internal audit provides a base for conducting an external audit. 

However, external audit is ultimately the responsibility of the external auditor only. 

Optimum Utilization of Resources

Internal auditors identify inefficiency in the system and processes by assessing the utilization of financial, human, and operational resources. This information can be used to reallocate resources, reduce costs, and allocate resources to more strategic areas of the organization.

Therefore, internal audit assists organizations in the optimum utilization of their resources. 

Applicability of Internal Audit

According to Rule 13 of the Companies (Accounts) Rules, 2014, the following class of companies shall appoint an internal auditor – 

  • Listed Companies;
  • Unlisted Public Companies having- 
  1. Paid-up Share Capital of Rs. 50 Crores or more; or 
  2. Turnover of Rs. 200 Crores or more; or 
  3. Outstanding Loans/ Borrowings from Banks or Public Financial Institutions exceeding Rs 100 crore or more; or 
  4. Outstanding Deposits of Rs. 25 crores or more. 
  • Private Companies having- 
  1. Turnover of Rs. 200 Crores or more; or 
  2. Outstanding Loans/ Borrowings from Banks or Public Financial Institutions exceeding Rs 100 crore or more

Note – The above thresholds should be checked for the preceding financial year. 

Qualifications of Internal Auditor

According to Section 138(1) of the Companies Act, 2013, the following persons can be appointed as the internal auditor of a company –

  • Chartered Accountant (whether engaged in practice or not); or 
  • Cost Accountant (whether engaged in practice or not); 
  • Any other professional as may be decided by the Board of Directors. 

Also, the internal auditor can either be an individual or a partnership firm or a body corporate. He may or may not be an employee of the company. However, the statutory auditor of the company cannot be appointed as its internal auditor. 

Procedure for Appointment of Internal Auditor

The following is the procedure for the appointment of an internal auditor – 

Step 1: Obtain written consent and certificate from the prospective internal auditor, confirming his eligibility for appointment as the internal auditor of the company. 

Step 2: Issue a notice to convene a board meeting for the appointment of the internal auditor and determine his remuneration.

Step 3: Convene the board meeting and pass a resolution for the appointment of an internal auditor. Also, authorize the Company Secretary or a director to file the relevant form(s) with the Registrar of Companies (ROC). 

Step 4: Draft the minutes of the meeting and circulate them to all directors for their comments within 15 days of the board meeting.

Step 5: File the board resolution with the Registrar of Companies (ROC) within 30 days of passing the same. It shall be filed in Form MGT-14 along with prescribed fees. 

Step 6: Issue the official appointment letter to the internal auditor. 

Duty of Internal Auditor to Report Fraud

According to Section 143 of the Companies Act, 2013, if an auditor suspects that fraud is committed by the officers or employees of the company, he must report the same. The appropriate authority for reporting fraud varies based on the amount involved:

Fraud of Rs. 1 crore or more

Fraud involving the amount of Rs. 1 crore or more shall be reported to the Central Government. First, the auditor should inform the Board of Directors or Audit Committee within 2 days of his knowledge. The Board of Directors/ Audit Committee has 45 days to respond on the same. On the expiry of 45 days, the auditor should submit a report to the Central Government within 15 days along with the comments of the Board of Directors/ Audit Committee (if any). 

Fraud involving amounts less than Rs. 1 crore

For fraud under Rs. 1 crore, the auditor should report to the Board of Directors or Audit Committee within 2 days of his knowledge. The report should include details of the fraud, the approximate amount, and the parties involved. 

Further, this information, along with the corrective actions taken, must be disclosed in the Board Report of the Company. 

Penalty for Non-Compliance

The Companies Act, 2013 provides for the following penalties in case of non-compliance. 

General Penalty

The Companies Act, 2013 does not stipulate a specific penalty for failure to comply with internal audit provisions. Therefore, the general penalty given in Section 450 of the Act, applies i.e., 

  • Penalty of Rs. 10,000 for the company and its officers/ other persons in default; and 
  • In case of continuing default, an additional penalty of Rs. 1,000 per day which may extend up to Rs. 2 lakhs in case of a company and Rs. 50,000, in case of officer/ other persons in default. 

Penalty for Failure to Report Fraud

If an internal auditor fails to report fraud to the appropriate authority as mentioned above, then he shall be liable to a penalty of 

  • Rs. 5 lakhs in the case of a listed company; or 
  • Rs. 1 lakh in the case of other companies.

Limitations of Internal Audit

The following are the limitations of internal audit. 

Additional Manpower Requirement

One of the major limitations of internal audit is the requirement of a large team to effectively cover all elements of a business. In addition, internal audit becomes more complex as organizations grow and diversify, necessitating the addition of more auditors and additional resources. 

This puts a strain on the organization’s budget and is not always feasible for smaller businesses. 

Chances of Error

Human error is inherent in all processes. Therefore, despite the best efforts of the internal auditors, there are chances of errors in data collection, analysis, and reporting. These errors undermine the correctness of the audit results and reduce dependability which further leads to incorrect judgments or actions. 

Time Lag

Internal audit faces the limitation of beginning when the accounting ends. As a result, there is a time lag between recording and verification of accounting entries. This might lead to incorrect conclusions. 

Improper Division of Work

In some instances, there may be improper division of work within the members of the internal audit team. When audit responsibilities are unclear, some areas may receive more attention than others, while crucial functions may be overlooked. 

Lack of Management Support

The efficiency of internal audit is dependent on management’s support and collaboration. If management does not prioritize the findings and suggestions of the internal auditor, corrective measures suggested in the audit report cannot be implemented effectively.

Conclusion

In conclusion, internal audit is a vital component of corporate governance, ensuring transparency, accountability, and effective risk management within organizations. Its significance lies in its ability to enhance financial integrity, streamline operations, and foster compliance with regulatory standards. In a dynamic and ever-evolving business landscape, internal audit remains a cornerstone for organizational resilience and responsible leadership.