Introduction
In India’s corporate landscape, private limited companies are often viewed as tightly knit, agile operations with less regulatory scrutiny than their publicly listed counterparts. However, as small and medium enterprises scale into mid-market and large corporations, the regulatory umbrella of the Ministry of Corporate Affairs (MCA) widens significantly.
Beyond the compulsory annual statutory audit, the concept of an Internal Audit becomes legally binding when a private company breaches specific growth parameters. Governed primarily by Section 138 of the Companies Act, 2013, read alongside Rule 13 of the Companies (Accounts) Rules, 2014, internal auditing bridges the gap between passive bookkeeping and active operational governance.
This comprehensive article covers the applicability thresholds, legislative intent, structural implementation, penalties for non-compliance, and strategic business benefits of internal audits for private entities in India.
The Legal Framework: Section 138 of the Companies Act, 2013
The formalisation of internal audits under the Companies Act, 2013, represented a major shift from the old 1956 regime. By codifying internal audits, the legislature shifted its focus from merely catching financial discrepancies after the fact to proactively identifying operational gaps, asset leakages, and fraudulent activities.
Understanding the Statutory Mandate
According to Section 138, specific classes of companies are required to appoint an internal auditor to review the company’s functions and activities. While listed public companies face an absolute mandate, private companies are evaluated based on structural financial metrics achieved in the preceding financial year.
Mandatory Thresholds for Private Limited Companies
Unlike unlisted public companies, which must track four distinct financial parameters (paid-up capital, turnover, borrowings, and outstanding deposits), private limited companies are evaluated on only two primary metrics.
If a private company meets either of the following conditions during the preceding financial year, an internal audit becomes legally mandatory:
1. The Turnover Test
The company’s annual gross turnover stands at ₹200 crore or more during the immediately preceding financial year.
2. The Borrowing Test
The company’s aggregate outstanding loans or borrowings from banks or Public Financial Institutions (PFIs) exceed ₹100 crore at any point in time during the immediately preceding financial year.
Mandatory Thresholds for Private Limited Companies
Unlike unlisted public companies, which must track four distinct financial parameters (paid-up capital, turnover, borrowings, and outstanding deposits), private limited companies are evaluated on only two primary metrics.
If a private company meets either of the following conditions during the preceding financial year, an internal audit becomes legally mandatory:
1. The Turnover Test
The company’s annual gross turnover stands at ₹200 crore or more during the immediately preceding financial year.
2. The Borrowing Test
The company’s aggregate outstanding loans or borrowings from banks or Public Financial Institutions (PFIs) exceed ₹100 crore at any point in time during the immediately preceding financial year.
Financial Threshold Comparison Table
| Feature / Metric |
Listed Public Companies (Figures in INR) |
Unlisted Public Companies (Figures in INR) |
Private Limited Companies |
|---|---|---|---|
| Paid-up Share Capital | Always Applicable | ≥ 50 Crores | Not Applicable |
| Turnover (Gross) | Always Applicable | ≥ 200 Crores | ≥ 200 Crores |
| Outstanding Loans / Borrowings | Always Applicable | ≥ 100 Crores | > 100 Crores |
| Outstanding Public Deposits | Always Applicable | ≥ 25 Crores | Not Applicable |
*Critical Compliance Note: For the borrowing parameter, the phrase “at any point of time” is crucial. Even if a private company borrows ₹105 crore in May but completely repays it by December, crossing that ₹100 crore threshold for a single day triggers mandatory internal audit compliance for the subsequent financial year.
Who Can Be Appointed as an Internal Auditor?
The regulatory framework provides considerable flexibility regarding who can lead the internal audit function. According to Rule 13 of the Companies (Accounts) Rules, 2014, the internal auditor can be:
- A practising Chartered Accountant (CA).
- A practising Cost Accountant (CMA).
- Any other qualified professional or firm explicitly selected by the company’s Board of Directors.
Internal vs. External Appointment
The law clarifies that the internal auditor may or may not be an employee of the company. Companies can choose to set up an in-house internal audit department or outsource the role to an external professional services firm.
To maintain independent oversight, Section 144(b) of the Companies Act, 2013 strictly prohibits a company’s Statutory Auditor from concurrently acting as its Internal Auditor. This separation ensures that the team evaluating day-to-day operations is independent of the team certifying the annual financial statements.
Core Components, Penalties, and Case Insights
1. Scope of Internal Audit
Under Section 138(2), the Board or Audit Committee defines the internal audit’s scope and frequency. Key areas include:
- Operations & Finance: Optimising supply chains and verifying data integrity across ERP systems to prevent asset misappropriation.
- Compliance & Risk: Monitoring tax filings (GST/Income Tax), employee benefits (EPF/ESI), and securing IT systems.
2. Non-Compliance Penalties (Section 450)
Failing to appoint an internal auditor triggers residual penalties under Section 450:
- Fines: A one-time penalty of ₹10,000, plus a continuing daily fine of ₹1,000 (capped at ₹2,000,000 for companies; ₹50,000 for officers).
- Business Impact: Risk of CARO non-compliance remarks, impaired bank credit lines, and RoC scrutiny.
Case Study: Turnaround at Beta Logistics Pvt. Ltd.
- The Issue: Beta Logistics crossed the ₹200 crore turnover threshold (reaching ₹215 crore), but failed to appoint an internal auditor, resulting in a CARO audit flag and RoC warnings.
- The Correction: The board appointed an external CA firm that discovered an IT-to-billing synchronisation gap draining 3% of billable revenue.
- The Outcome: The leak was plugged, recovering lost revenue, covering the audit costs, and regularising compliance via an RoC compounding application.
Why Opt for Voluntary Audits?
Smaller, fast-growing private companies often implement internal audits early to build investor trust ahead of VC/PE funding, streamline the due diligence process for a future IPO, and detect internal fraud before it scales.
Conclusion
Internal audits under Section 138 are tools for operational growth rather than just compliance checkboxes. Private companies approaching these financial limits must proactively assess their thresholds, formally appoint qualified professionals, and leverage audit insights to protect their bottom line and build long-term business resilience.
Disclaimer: This article provides general information existing at the time of preparation and we take no responsibility to update it with the subsequent changes in the law. The article is intended as a news update and Affluence Advisory neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this article. It is recommended that professional advice be taken based on specific facts and circumstances. This article does not substitute the need to refer to the original pronouncement.
CLICK HERE TO DOWNLOAD PDF
