Think of an internal audit as a stress test for how your company actually runs, independent, objective, and looking at your processes, controls, and risks before anything goes wrong. Get it right, and problems surface here, months before they’d otherwise show up at statutory audit time.
An internal audit is an ongoing, independent evaluation of an organisation’s internal controls, risk management, and operations. A statutory audit is legally required and reports outward, to shareholders, to the ROC, on whether your financial statements are true and fair. An internal audit works the other way round: it’s management-driven, it looks forward instead of just certifying the past, and the whole point is helping your leadership team actually find weaknesses and fix them.
Every listed company needs one, full stop. Beyond that, Section 138 of the Companies Act, 2013, read with Rule 13, brings unlisted public and private companies in once they cross specific numbers in the preceding financial year. Run a private company? You’re in scope at ₹200 crore turnover or ₹100 crore in bank and institutional borrowings, whichever hits first. Unlisted and public? Two more tests apply on top: ₹50 crore paid-up capital, or ₹25 crore in outstanding deposits. Trip any single one of these wires and you’ve got six months to get an auditor appointed. LLPs sit outside Section 138 entirely, and one-person companies are exempt unless their own articles say otherwise. Plenty of growing SMEs, manufacturers, and multi-location businesses run internal audits well below these thresholds anyway, mainly because investors and lenders increasingly expect to see it in place before they commit capital.
The Board can appoint a Chartered Accountant, a Cost Accountant, or another professional it considers qualified, and the internal auditor doesn’t have to be an outside firm, an employee can do it, provided they’re independent enough from whatever they’re actually auditing. One restriction does apply: your statutory auditor can’t double as your internal auditor. Section 144 keeps the two functions separate on purpose.
Our risk-based internal audit covers process and control reviews, internal financial controls, revenue assurance, procurement and payables, inventory, statutory compliance, and fraud-risk checks. We agree an audit plan with management upfront, test the key controls and transactions against it, and report findings with a clear risk rating attached to each one.
You get a practical report, not a compliance formality: prioritised observations, root causes behind each one, and recommendations you can actually act on, plus follow-up tracking on whatever came up in previous audits. Done consistently, this is also what keeps statutory audit time from turning into a scramble, fewer surprises show up because the internal audit already caught them months earlier.
Our Strength Lies in Providing Real-World Practical Solutions
We plan every statutory audit around your AGM and ROC deadlines, so Form AOC-4 and MGT-7 are always filed on time. Our team works to a clear schedule and keeps you updated at each stage, so you never miss a statutory due date.
You get a thorough, Standards-compliant audit at transparent, competitive fees with no surprises. Because we deliver statutory audit, tax audit and ROC filing together, you save on duplicated effort and overall cost.
Our experienced team of Chartered Accountants, Company Secretaries and consultants handles the full compliance chain under one roof — statutory audit, tax audit, GST audit, internal financial controls and annual ROC filings — so everything stays coordinated and consistent.
AVS & Associates is a peer-reviewed CA firm founded by CA Vishnu Agrawal, with 25+ years of experience and five partners. We maintain the highest ethical and professional standards on every engagement, with complete client confidentiality.
How can help you