Internal Audit (IA) and Internal Financial Controls (IFC) are essential pillars of modern corporate governance, supporting organizations in strengthening financial integrity, operational efficiency, and risk management. These frameworks, governed in India by the Companies Act, 2013, are designed to enhance transparency, accountability, and the reliability of financial reporting.
Internal Audit serves as an independent assurance mechanism, assessing the effectiveness of internal controls, governance processes, and risk management practices. Under Section 138 of the Companies Act, 2013, IA is mandatory for specific categories of companies such as listed entities, certain unlisted public companies, and private companies meeting defined financial thresholds.
Internal Financial Controls (IFC), introduced under Sections 134(5)(e) and 143(3)(i), require companies to maintain systems ensuring orderly business conduct, adherence to policies, safeguarding of assets, detection of fraud, accuracy of accounting records, and preparation of reliable financial statements. While directors are responsible for implementing IFC across all companies, auditors must report on IFC effectiveness for entities meeting statutory criteria.
Both IA and IFC reinforce stakeholder trust, support regulatory compliance, and promote strong governance by mitigating financial and operational risks and improving overall business resilience.
| Category of Company | Applicability Criteria | Internal Audit Mandatory? |
|---|---|---|
| Listed Companies | All listed entities | Yes |
| Unlisted Public Companies | Any one: • Paid-up share capital ≥ ₹50 crore • Turnover ≥ ₹200 crore • Loans/borrowings ≥ ₹100 crore • Deposits ≥ ₹25 crore |
Yes |
| Private Companies | Any one: • Turnover ≥ ₹200 crore • Loans/borrowings ≥ ₹100 crore |
Yes |
| Other Companies | Not meeting thresholds | Not Mandatory (Voluntary Recommended) |
Directors’ Responsibility (Section 134(5)(e)) applies to all companies—every entity must establish and maintain adequate Internal Financial Controls
| Category of Company | Applicability Criteria | IFC Audit Required? |
|---|---|---|
| Listed Companies | All listed entities | Yes |
| Unlisted Public Companies | Any one: • Turnover ≥ ₹50 crore • Loans/borrowings ≥ ₹25 crore |
Yes |
| Private Companies | Any one: • Turnover ≥ ₹50 crore • Loans/borrowings ≥ ₹25 crore |
Yes |
| Exempt Entities | OPCs, Small Companies, and private companies below thresholds | No (Directors’ responsibility still applies) |