This article discusses internal audit, the role of internal auditors, and Rule 13 of the Companies (Account) Rules 2014. It also explores various types of auditing per the Companies Act, 2013.
It is always believed that a company’s financial stability reflects the company’s trust and responsibilities. Accordingly, Section 138 of the Companies Act, 2013 is significant for maintaining the financial status of the company. It states that financial operations are conducted with the utmost confidence and good faith. Through Notification No. S.O. 902(E) issued on 27 March, 2014, Section 138 of the Companies Act, 2013, was made effective by the Ministry of Corporate Affairs (MCA). It came into effect on 1st April, 2014. In order to maintain good financial practices in any organisation, Section 138 plays a prominent role in this regard.
Who is an Auditor?
An auditor serves as a financial examiner, playing a crucial role in scrutinizing the financial records and transparency of an organization, government, or other entities. The auditor, typically a qualified professional, assesses the financial statements of an organization or individual to verify accuracy, compliance with laws and regulations, and the integrity and reliability of financial information. Auditors can operate as independent practitioners or be employed by organizations. If part of the company, an auditor is referred to as an internal auditor, while an external auditor provides independent services. The insights offered by internal auditors are significant, contributing to trust in monitoring, reporting, and decision-making.
Eligibility Criteria for Appointment as an Internal Auditor:
Under the provisions outlined in Section 138 of the Companies Act, 2013, and additional specifications in Rule 13 of the Companies (Accounts) Rules 2014, individuals meeting certain criteria are considered eligible for appointment as internal auditors of a company. These individuals include:
- A chartered accountant is eligible to be appointed as an internal auditor, whether or not they are in practice.
- The prerequisite is that the individual must be registered with the Institute of Chartered Accountants of India (ICAI).
- A cost accountant is eligible for appointment as an internal auditor.
- The requirement is that such individuals must be members of the Institute of Cost Management of India (ICMAI).
- As per Section 138, any qualified professional possessing reasonable knowledge and requisite qualifications in the auditing field can be appointed as an internal auditor.
- The internal auditor may or may not be an employee of the company.
What is Internal Audit?
Internal audit constitutes a routine examination conducted by the company’s internal auditor. The primary objective of internal audit is to scrutinize, evaluate, and assess the financial operations and affairs of the company. The auditor identifies areas where discrepancies may occur or where compliance with the company’s rules and statutory regulations might be lacking. This process facilitates the smooth regulation of the company’s internal processes, steering it clear of risks and uncertainties. The overarching aim is to offer valuable suggestions and alternative problem-solving approaches for improvement, optimizing the company’s operational efficiency and financial output.
Process for Appointment
The appointment of an internal auditor, who can be any qualified professional such as a chartered accountant, a cost accountant, or any professional deemed suitable by the company’s board, follows specific procedures. The steps involved in the appointment process are as follows:
- The company initiates contact with the qualified auditor and secures a consent letter from the proposed auditor, confirming their willingness and eligibility to serve as the internal auditor for the company.
- Following the receipt of the consent letter, the company proceeds to obtain board approval by issuing a notice for a board meeting.
- To formalize the appointment of an internal auditor under the Companies Act, 2013, the company is required to submit the MGT-14 e-form.
- An official letter is sent to the internal auditors, notifying them of their appointment within the company.
Why Internal Audit is Essential for a Company
Internal audit plays a crucial role in fostering the healthy progress of a company and contributes to its overall effectiveness and efficiency. The key reasons for its importance are outlined below:
- Assessment of Internal Control and Financial Reliability: Internal audit is necessary to evaluate the internal control mechanisms and financial reliability of the company.
- Identification and Assessment of Risks: Internal auditing aids in identifying and assessing risks that the company may encounter in its operational activities.
- Ensuring Legal Compliance: Internal audit prevents the company from encountering legal issues or regulatory fines by ensuring compliance with relevant laws and regulations.
- Assurance of Financial Accuracy: Internal audits provide assurance regarding the accuracy and reliability of financial information. This is particularly crucial for stakeholders, including investors, as it ensures the veracity of provided financial information.
- Efficiency Improvement: Internal auditors contribute to enhancing the company’s efficiency by recommending necessary changes in processes, controls, and overall governance practices.
- Operational Efficiency Enhancement: By reviewing and evaluating the company’s internal processes, internal audit aims to improve the operational efficiency of the company.
Rule 13 of the Companies (Accounts) Rules, 2014
Rule 13 of the Companies (Accounts) Rules, 2014, mandates the appointment of an internal auditor for certain categories of companies, which include:
- All companies listed on the stock exchange are required to appoint an internal auditor. Listed companies are those whose shares are traded on stock exchanges.
Unlisted Public Companies:
- Unlisted public companies, that are not traded on stock exchanges, must appoint an internal auditor if they meet any of the following criteria in the preceding financial year:
- Paid-up Share Capital: The company’s paid-up share capital was 50 crore or more during the previous financial year.
- Turnover: The company achieved a turnover of Rs. 200 crore or more during the previous financial year.
- Loans and Borrowings: The company’s outstanding loans or borrowings from banks or public financial institutions exceeded Rs. 100 crore or more at any point during the previous financial year.
- Deposits: The company had outstanding deposits of Rs. 25 crore or more at any point during the previous financial year.
Private companies that are not publicly traded are required to appoint an internal auditor if they meet any of the following criteria during the preceding financial year:
- Turnover: The company achieved a turnover of Rs. 200 crores or more.
- Loans and Borrowings: The company had outstanding loans or borrowings from banks or public financial institutions exceeding Rs. 100 crore or more at any time during the previous financial year.
Limitations under Section 138:
While Section 138 of the Companies Act, 2013, mandates the appointment of an internal auditor for listed companies, there are exceptions provided under the same section. The following companies are exempt from the compulsory appointment of an internal auditor:
One-Person Company (OPC):
- OPCs, operating with a single individual acting as both shareholder and director, are exempt from the obligation to appoint an internal auditor. This exemption is beneficial for smaller businesses with limited resources.
- Small companies, as defined by Section 2(85) of the Companies Act, 2013, are exempt from appointing an internal auditor. To qualify as a small company, certain criteria must be met regarding paid-up capital, total sales, and loans borrowed.
- Dormant companies, which are primarily established for upcoming events and do not actively hold assets, are not subject to the provisions of Section 138.
Companies Formed for Charitable Purposes:
- Companies formed for charitable purposes, commonly known as Section 8 Companies, are exempt from the mandatory appointment of an internal auditor. However, if such companies meet the conditions specified under Rule 13 of the Companies (Accounts) Rules, 2014, they may choose to appoint an internal auditor for auditing purposes.
Diverse Forms of Audits as per the Companies Act, 2013
To uphold operational health, transparency, and accountability, auditing assumes a pivotal role. The Companies Act delineates various audit types, each adhering to distinct regulations that companies must comply with. The following are the different types of audits prescribed by the Act:
A statutory audit is widely recognized as one of the most prevalent and essential audit types, with a majority of companies adhering to its practices. One crucial aspect of the statutory audit is to validate and ensure that the company’s financial information, statements, and overall financial matters are on the correct course. This form of audit is intricately linked to the annual financial activities of the company, playing a pivotal role in organizing and enhancing the company’s financial operations. By doing so, it contributes significantly to establishing transparency and precision in the financial statements. As per the mandate outlined in Section 139 of the Companies Act, 2013, every company is obligated to undergo this specific type of audit.
The company’s shareholders are responsible for selecting the statutory auditor. To finalize the appointment, the selection process occurs during the company’s annual general meeting. A key prerequisite for choosing a statutory auditor is that the individual must be a certified chartered accountant and hold registration with the Institute of Chartered Accountants of India (ICAI).
Power, scope, and functions of the statutory auditor
One of the key responsibilities of statutory auditors is to verify and validate the accuracy, compliance, completeness, and transparency of the company’s financial records, including the balance sheet, profit and loss accounts, cash flow statements, and other pertinent financial statements. The scrutinized records should align with established accounting standards and fundamental accounting principles. Additionally, auditors must oversee internal, financial, and accounting practices to identify any potentially unclear or inconsistent transactions within the company. After compiling the audit report, auditors are obligated to present it to the company’s shareholders. The report should encompass suggestions, recommendations, and opinions from auditors regarding the financial structure, along with information about the company’s financial statements. Auditors are required to promptly communicate any discrepancies or uncertainties in the audited report to shareholders or other stakeholders of the company.
A cost audit is a specialized audit designed for specific industries, notably in manufacturing and mining, where precise calculation and reporting of costs are pivotal. Section 148 of the Companies Act, 2013, addresses the necessity of a cost audit. It stipulates that companies involved in designated industries, as determined by the government, must undergo a cost audit.
Rule 3 of the Companies (Cost Records and Audit) Rules 2014
The industries and criteria necessitating mandatory cost audits are established by the regulations outlined in Section 148 of the Companies Act, guided by Rule 3 of the Companies (Cost Records and Audit) Rules, 2014. This rule outlines the industries and situations that activate the obligation for a cost audit. As an illustration, industries involved in manufacturing goods such as steel, cement, pharmaceuticals, etc., frequently become subject to cost audits when they meet specified conditions.
Scope, power, and functions of the cost auditor
Cost auditors concentrate on examining the company’s cost records, cost accounting systems, and production procedures, ensuring accurate calculation, allocation, and reporting of expenses related to manufacturing or producing goods in adherence to cost accounting standards.
Their objective is to confirm that the company’s cost statements and reports align with relevant laws and regulations. The outcomes of the cost audit are communicated to the company’s management and regulatory bodies, such as the Central Government. The audit report offers insights into cost-effectiveness, compliance, and areas warranting improvement.
Entities subjected to a cost audit must furnish a cost compliance report to the government, as specified in Rule 6 of the Companies (Cost Record and Audit) Rules, 2014, summarizing the audit findings.
A secretarial audit is a distinct type of audit that focuses on a company’s adherence to legal and regulatory mandates concerning corporate governance, board meetings, and fundamental aspects of corporate management. The main aim of this audit is to verify the company’s compliance with these regulations and fulfill its legal responsibilities. Section 204 of the Companies Act, 2013, outlines the criteria for conducting a secretarial audit.
Rule 9 of the Companies (Appointment and Remuneration of Managerial Personnel) Rules 2014
Rule 9 of the Companies (Appointment and Remuneration of Managerial Personnel) Rules, 2014, encompasses the categories of companies that are liable to undergo a secretarial audit. This rule generally incorporates factors such as paid-up capital, turnover, and other specified criteria.
Scope, power, and function of the secretarial auditor
Secretarial auditors are required to scrutinize and assess multiple facets of a company’s corporate governance, ensuring compliance with the Companies Act, 2013, and adherence to regulations stipulated by regulatory authorities. Their examination encompasses verifying whether the company conforms to laws and regulations on board meetings, director appointments and remuneration, related party transactions, and other governance-related concerns.
Types of Internal Audit Practice in Company
Internal auditing within a company encompasses a diverse array of domains, each strategically designed to fulfill specific purposes aimed at assessing and enhancing the company’s overall trajectory. Delving into these various internal audit types is crucial for not only ensuring compliance but also fostering continual improvement and operational excellence. Here are some prevalent categories of internal audits:
This audit serves as a comprehensive examination of a company’s financial affairs. Its primary objective is to scrutinize the financial records, transactions, and matters of the company to ensure accuracy and adherence to regulations. A key focus area of the financial audit involves a meticulous review of financial statements, encompassing the balance sheet, income statement, and cash flow statement. The audit aims to guarantee that these statements faithfully depict the company’s financial position, performance, and cash flow.
A significant aspect of the financial audit involves scrutinizing the company’s incurred expenses. This encompasses a detailed analysis of various expenditures, including operating expenses, capital expenses, and other costs associated with business operations. The audit’s purpose is to affirm the accurate recording of expenses, ensuring alignment with the company’s financial policies.
Additionally, a financial audit delves into the company’s budgeting process, assessing how effectively it plans and manages financial resources. It ensures that budgets are realistic, aligned with strategic goals, and subject to efficient monitoring. Considered a fact-check for a company’s monetary matters, financial audits aim to verify the precision of financial information and compliance.
These audits entail validating adherence to accounting standards and requirements, ensuring the company follows Generally Accepted Accounting Principles (GAAP) or International Financial Reporting Standards (IFRS), and complies with relevant legal and regulatory frameworks.
An operational audit assesses the seamless execution of various transactions and activities within the company, ensuring well-organized work processes without unnecessary delays. It encompasses the evaluation of workflow efficiency, quality control, resource utilization, product assessment, risk management, policy compliance, technology and tool usage, employee training, and overall operational development. The primary focus of operational audits is to optimize diverse processes within the organization, evaluating workflow efficiency and streamlining procedures to enhance overall productivity.
Expanding its scope, an operational audit may assess the customer experience, examining customer-facing processes, service delivery, and responsiveness to customer needs. Enhancing the overall customer experience is crucial for fostering customer satisfaction and loyalty. The integration of innovation and technology within operational processes is a key aspect, involving a review of advanced technologies, automation, and digital tools to improve operational efficiency. Recommendations may be provided to leverage technology for enhanced outcomes.
Furthermore, this audit may scrutinize the company’s preparedness for crises and risks. This involves evaluating contingency plans, risk management targets, and the effectiveness of protocols in place to address unforeseen events that could impact operations.
This audit type concentrates on identifying specific departments or sections within a company to identify errors and potential fraud. Its main purpose is to uncover any irregularities or fraudulent activities occurring within that specific organization. The primary role of investigation audits is to act as a deterrent to potential wrongdoers within the company. The presence of checks in place serves as a discouragement, dissuading employees from participating in fraudulent activities.
A compliance audit is conducted to verify that a company adheres to the rules and guidelines established by laws, regulations, and its internal policies. It particularly focuses on whether the company meets the standards set by the government, internal regulations, and the industry in which it operates. The primary objective is to ensure that the organization is conducting its operations under established rules and is not in violation of any regulations. A compliance audit involves a thorough examination of documentation to confirm that the company has well-defined policies and procedures in place. This includes verifying that employees are familiar with these documents and that they are accessible to those who require them. Additionally, the audit evaluates the effectiveness of training programs related to compliance. It ensures that employees receive adequate training on relevant laws, regulations, and any internal policies of the organization. Data protection and privacy are significant considerations in this audit, especially in light of stringent data protection regulations. The compliance audit aims to ensure that the company can safeguard sensitive data by collecting, storing, and processing it under privacy laws. Ethical standards are a crucial aspect of compliance, and the audit examines whether the organization has a code of ethics in place and assesses how well employees adhere to ethical guidelines in their daily activities. In many industries, companies engage with third parties or external entities, such as partners or vendors. The scope of a compliance audit may extend to evaluating the compliance practices of these third parties, ensuring that they also adhere to relevant regulations and standards.
Supply chain audit
This category of audit involves a comprehensive examination of the entire process responsible for bringing products or services from their initial production stage to their ultimate users or customers. The primary objective of this audit is to assess and improve the efficiency, dependability, and overall performance of the company’s supply chain and procurement practices. For example, a crucial aspect of focus is the relationships within the supply chain with vendors. This entails evaluating how effectively the company collaborates with its suppliers. The audit addresses specific factors for examination, such as communication, accuracy, and the quality of products or services provided by vendors. Establishing robust and mutually beneficial relationships is vital for ensuring a seamless and effective supply chain between organizations and their vendors.
An environmental, health, and safety (EHS) audit is a comprehensive evaluation conducted to ensure a company’s adherence to regulations concerning environmental protection, workplace health, and safety. The primary objective is to confirm that the company complies with regulations and established standards aimed at safeguarding the well-being of employees, the community, and the environment. One crucial aspect of an EHS audit is the examination of workplace safety. This involves scrutinizing the physical work environment to identify potential hazards and ensuring the implementation of safety measures in the workplace. The audit also assesses the company’s impact on the environment, encompassing practices that may influence air and water quality, waste disposal, and energy consumption. It ensures that the company prioritizes the safety of individuals and environmental care. The audit verifies that workers have appropriate gear, that machinery is well-maintained, and that safety protocols are followed to prevent accidents. Additionally, the audit evaluates how the company manages substances harmful to the environment and its procedures for handling hazardous materials, including storage, transportation, and disposal, all in compliance with regulations. It is crucial to perform this effectively to prevent accidents, maintain environmental safety, and protect everyone within the company and the surrounding community. The audit also checks the company’s preparedness for emergencies, including the presence of comprehensive emergency plans, efficient evacuation procedures, and clear communication methods in case of unforeseen events that could pose risks to people, their health, or the environment.
A management audit stands out as a crucial audit type that ensures the operational and organizational structure of a company is efficient. It involves a thorough examination of how the company is managed and organized, encompassing various aspects related to leadership, decision-making, and overall managerial effectiveness. The primary objective of a management audit is to assess leadership within the organization, evaluating the capabilities of top-level executives, supervisors, and managers. This audit aids in decision-making regarding leadership styles, the decision-making process, and leaders’ ability to steer the company toward its goals. Additionally, the audit delves into an analysis of decision-making processes, scrutinizing factors such as the decision-making process itself, stakeholder participation, and the efficiency of the decision-making process.
Section 138 of the Companies Act plays a pivotal role in the appointment of internal auditors for specific categories of companies. Companies that meet the criteria outlined in Rule 13 of the Companies (Accounts) Rules 2014 are obligated to designate an internal auditor. This mandatory appointment of an internal auditor serves to scrutinize the company’s financial processes, control mechanisms, and adherence to regulations, contributing to the promotion of transparency and good governance in business operations. Although the Companies Act doesn’t explicitly outline the duties and responsibilities of internal auditors, companies possess the flexibility to appoint professionals with relevant knowledge in this role, without being restricted to specific qualifications or professions. However, the Central Government has the authority to establish rules delineating the frequency and manner of internal audits, along with the requirements for reporting audit findings to the company’s board of directors.
Frequently Asked Questions (FAQs)
Who qualifies for the role of an internal auditor in a company?
An individual with professional knowledge, such as a chartered accountant or any other qualified professional, can serve as an internal auditor. The role of an internal auditor may be fulfilled by an individual or a professional firm.
Does Section 138 apply to all companies?
No, Section 138 is not universally applicable to all companies. Its scope is limited to companies falling within the purview of Rule 13 of the Companies (Accounts) Rules 2014.
Is it mandatory for the internal auditor to be a company employee?
No, Section 138 of the Companies Act does not mandate that the internal auditor must be a company employee. The internal auditor can be either an employee or an external professional, such as a Chartered Accountant (CA) or Cost and Work Accountant (CMA).
What penalties exist for non-compliance with internal auditor appointments under the Companies Act, 2013?
The Companies Act, of 2013, does not specify penalties exclusively for non-compliance with internal auditor appointments. Instead, penalties are covered under the general provision outlined in Section 450 of the Act. It includes a fine of Rs. 10,000 for non-compliance, with an additional daily charge of Rs. 1,000 (capped at Rs. 2 lakh for the company and Rs. 50,000 for the responsible officer) in case of prolonged non-compliance.
Must an internal auditor be hired as a company employee?
As per the Companies Act, 2013, an internal auditor may be appointed as a company employee, but it is not obligatory; external audits by non-employee internal auditors are permissible.
Who has the authority to determine the scope, functioning, periodicity, and methodology of internal auditors according to the Companies Act, 2013?
The Audit Committee of the Company or the Board is authorized by the Companies Act, 2013, to determine the scope, functioning, periodicity, and methodology of internal auditors. While there is no specific timeframe mandated for internal audits, quarterly audits are crucial for accurate compliance assessment within the company.