This article covers the following areas 

√ Scope of Internal Audit

√ Applicable Provisions for appointment

√ Applicability of Internal audit

√ Procedure

√ Engagement Letter for Internal audit

√ Penalty for non-compliance

√ Draft Resolution for appointment-Annexure I

√ Draft Engagement Letter for Internal Audit- Annexure II


1. Scope of Internal Audit 

Internal Audit

Internal Audit is an independent function involving continuous and critical appraisal of the functioning of an organization with a view to suggest improvements thereto and add value to the governance mechanism of the organization. It helps the organization to evaluate the effectiveness of risk management and internal control implemented and provides recommendation for improvement. 

Internal auditors are not responsible for execution of company activities. However they provide the management and Board of directors an insight into operative effectiveness with which the activities are being carried out within the regulatory framework.  

2. Applicable Provisions for Appointment of Internal Auditor 

3. APPLICABILITY of Internal Audit 

Sec 138 of the Companies Act, 2013 

Rule 13 (1) of Companies (Accounts) Rules, 2014 

  • The following class of companies shall be required to appoint an internal auditor or a firm of internal auditors, namely:- 


Provided that an existing company covered under any of the above criteria shall comply with the requirements of section 138 and this rule within six months of commencement of such section.

Sl No  Provisions applicable  Coverage 
1  Sec 138  Internal audit 
2  Rule 13 of Companies (Accounts) Rule, 2014  Applicability of Internal Audit 
3  Rule 8 of the Companies (Meetings of Board and its powers) Rules, 2014  Power of Board 


  • The internal auditor may or may not be an employee of the company;  
  • The Internal auditor may be a CA/CWA or any other professional 
  • The Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate the scope, functioning, periodicity and methodology for conducting the internal audit.

Rule 8 of The Companies (Meeting of the Board and its power), Rules 2014 

  •  The board of directors shall appoint of internal auditors by means of resolution passed at board meeting conducted physically or by audio-video means as per sec 179(3)/Rule 8. 
  • As per Sec 117 the Board has to file resolution (passed in pursuance of sub-section (3) of section 179) with ROC in MGT-14 within 30 days from passing the resolution. 

4. Procedure to be followed by Company 

followed by Company

5. Engagement Letter for Internal audit services 

Standard on Internal Audit (SIA) 8 provides guidance in respect to terms of engagement of internal audit. The terms of the engagement should clearly mention the responsibility of the auditee vis a visthe internal auditor It shall sets out clarity on the scope, responsibility, authority, limitation, reporting, confidentiality and compensation of assurance service intended to be carried out. 

The internal auditor and the entity should agree upon the terms of engagement before commencement of services. Normally, it is the responsibility of the internal auditor to prepare the engagement letter and it shall be signed by both parties. Terms of engagement should be approved by the Board of directors or a relevant committee)  as may be authorized by the Board.   

6. Penalty 

Section dealt with  Quantum 
Sec 450  Company and every officer of the company who is in default or such other person shall be punishable with fine which may extend to ₹ 10,000/- and where the contravention is continuing one with a further fine which may extend to ₹ 1,000/– for every day after the first during which the contravention continues. 

 Annexure 1

7. Draft Resolution for appointment of Internal Auditor 


RESOLVE THAT pursuant to the provision of section 138 of the Companies Act, 2013 (“the Act”) to be read with applicable rules & regulations, as amended from time to time and with the consent of the Board be and is hereby accorded for the  appointment of M/s……………………,(qualification such as Chartered accountant having registration No.) as an Internal Auditor of the Company for the Financial year ……….. at remuneration as may be mutually agreed between the Internal auditor and Board.” 

 “RESOLVED FURTHER THAT the draft engagement letter for the appointment of internal auditor for the FY …….. as placed before the Board be and is hereby approved 

RESOLVED FURTHER THAT, be and is hereby, the Internal Auditor shall submit a detailed report to the Board and also shall submit all such records, information, and the document accessed during the conduct of the Internal Audit. 

RESOLVED FURTHER THAT Mr…………..(DIN…….),Director of the company be and is hereby authorized, on behalf of  the company , to do all acts deeds, matters and things as are considered necessary and expedite to give effect to this resolution “ 

For ……….. (Name of the Company) 

Annexure -II 

8. Format Of Engagement letter for Internal Audit Services 

To the Board of Directors of (Name of the Company) 


The objective and scope of the audit  

Your company have requested that me / us to carry out an audit of the internal financial controls over financial reporting of (Name of the Company ) (the ‘Company’) as at March 31, 20X1 [balance sheet date] in conjunction with our audit of the standalone and consolidated financial statements of the Company for the year ended on that date. 

 I am / We are pleased to confirm my / our acceptance and my / our understanding of the audit engagement by means of this letter. My / Our audits will be conducted with the objective of expressing our opinion under Section 143(3)(i) of the Companies Act, 2013 (“2013 Act”) on the adequacy of the internal financial controls system over financial reporting and the operating effectiveness of such controls as at March 31, 20X1 based on the internal control criteria established by you.  

Audit of internal financial controls over financial reporting 

 I / We will conduct our audit of the internal financial controls over financial reporting in accordance with the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting (“the Guidance Note”) and the Standards on Auditing issued by the Institute of Chartered Accountants of India (ICAI) and deemed to be prescribed by the Central Government in accordance with Section 143(10) of the 2013 Act, to the extent applicable to an audit of internal financial controls over financial reporting. These Guidance Note and Standards require that I / we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness as at the balance sheet date. 

 An audit of internal financial controls over financial reporting involves performing procedures to obtain audit evidence about the adequacy of the internal financial controls system over financial reporting and their operating effectiveness.  

The procedures selected depend on the auditor’s judgement, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error.  

 Inherent limitations in an audit of internal financial controls over financial reporting  

Because of the inherent limitations of internal financial controls over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal financial controls over financial reporting to future periods are subject to the risk that the internal financial control over financial reporting may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. 

 Management’s responsibility 

 My / Our audit will be conducted on the basis that the management and those charged with governance acknowledge and understand that they have responsibility:  

(a)  For establishing and maintaining adequate and effective internal financial controls based on [state criteria ] [for example, “the internal control over financial reporting criteria established by the Company considering the essential components of internal control stated in the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting issued by the Institute of Chartered Accountants of India”] for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information, as required under the Act.  

(b) To provide me / us with: 

(i) Access, at all times, to all information, including the books, account, vouchers and other records and documentation of the Company, whether kept at the head office of the company or elsewhere, of which management is aware that is relevant to the preparation of the financial statements such as records, documentation and other matters. This will include books of account maintained in electronic mode;  

(ii) All information, such as records and documentation, and other matters that are relevant to my / our assessment of internal financial controls; 

(iii) Management’s evaluation and assessment of the adequacy and effectiveness of the company’s internal financial controls, based on the control criteria [mention the control criteria] and all deficiencies, significant deficiencies and material weaknesses in the design or operations of internal financial controls identified as part of management’s evaluation.  

(iv) Additional information that I / we may request from management for the purpose of the audit. 

(v) Unrestricted access to persons within the entity from whom I / we determine it necessary to obtain audit evidence. This includes my / our entitlement to require from the officers of the Company such information and explanations as I / we may think necessary for the performance of my / our duties as auditor.  

(vi) Any communications from regulatory agencies concerning non-compliance with or deficiencies in financial reporting practices. 

 (vii) Management’s conclusion over the company’s internal financial controls based on the control criteria set above as at the balance sheet date [insert date] 

(viii) Informing me / us of significant changes in the design or operation of the Company’s internal financial controls that occurred during or subsequent to the date being reported on, including proposed changes being considered.  

(ix) Providing me / us with the component auditors’ report under section 143(3)(i) in the case of components that are companies covered under the Companies Act for the purposes of our reporting in the case of the consolidated financial statements of the Company.  

(c) As part of my / our audit process, I / we will request from management written confirmation concerning representations made to me / us in connection with the audit.  

I / We also wish to invite your attention to the fact that my / our audit process is subject to ‘peer review’ / ‘quality review’ under the Chartered Accountants Act, 1949 to be conducted by an Independent reviewer. The reviewer may inspect, examine or take abstract of my / our working papers during the course of the peer review. 


My / Our audit report will be issued pursuant to the requirements of Section 143(3)(i) of the Act. The form and content of my / our report may need to be amended in the light of my / our audit findings. 

Our opinion on the adequacy and operating effectiveness of internal financial controls over financial reporting in the case of the consolidated financial statements of the Company, in so far as it relates to subsidiary companies, jointly controlled companies and associate companies incorporated in India, will be based solely on the reports of the auditors of such companies. 

[Other relevant information]  

[Insert other information, such as fee arrangements, billings and other specific terms, as appropriate.] 

This letter should be read in conjunction with my / our letter dated ___ for the audit of the standalone and consolidated financial statements of the Company under the Act. 

 I / We look forward to full cooperation from your staff during my / our audits. 

 Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with, the arrangements for my / our audit of the internal financial controls over financial reporting including our respective responsibilities. 

Yours faithfully, 


(Name of the Member) 


(Name of the Firm)



Acknowledged on behalf of <Name of the Company> 

Name and Designation: 


Author Bio

More Under Company Law

One Comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Search Posts by Date

May 2021