Financial Reporting & Audit Requirements
Internal Audit (IA) & Internal Financial Controls (IFC) – DBI Guide Summary
Internal Audit (IA) and Internal Financial Controls (IFC) are essential pillars of modern corporate governance, supporting organizations in strengthening financial integrity, operational efficiency, and risk management. These frameworks, governed in India by the Companies Act, 2013, are designed to enhance transparency, accountability, and the reliability of financial reporting.
Internal Audit serves as an independent assurance mechanism, assessing the effectiveness of internal controls, governance processes, and risk management practices. Under Section 138 of the Companies Act, 2013, IA is mandatory for specific categories of companies such as listed entities, certain unlisted public companies, and private companies meeting defined financial thresholds.
Internal Financial Controls (IFC), introduced under Sections 134(5)(e) and 143(3)(i), require companies to maintain systems ensuring orderly business conduct, adherence to policies, safeguarding of assets, detection of fraud, accuracy of accounting records, and preparation of reliable financial statements. While directors are responsible for implementing IFC across all companies, auditors must report on IFC effectiveness for entities meeting statutory criteria.
Both IA and IFC reinforce stakeholder trust, support regulatory compliance, and promote strong governance by mitigating financial and operational risks and improving overall business resilience.
Internal Audit (IA) Applicability – Companies Act, 2013
| Category of Company | Applicability Criteria | Internal Audit Mandatory? |
|---|---|---|
| Listed Companies | All listed entities | Yes |
| Unlisted Public Companies | Any one: • Paid-up share capital ≥ ₹50 crore • Turnover ≥ ₹200 crore • Loans/borrowings ≥ ₹100 crore • Deposits ≥ ₹25 crore |
Yes |
| Private Companies | Any one: • Turnover ≥ ₹200 crore • Loans/borrowings ≥ ₹100 crore |
Yes |
| Other Companies | Not meeting thresholds | Not Mandatory (Voluntary Recommended) |
Internal Financial Controls (IFC) Applicability – Directors’ & Auditors’ Reporting
Directors’ Responsibility (Section 134(5)(e)) applies to all companies—every entity must establish and maintain adequate Internal Financial Controls
| Category of Company | Applicability Criteria | IFC Audit Required? |
|---|---|---|
| Listed Companies | All listed entities | Yes |
| Unlisted Public Companies | Any one: • Turnover ≥ ₹50 crore • Loans/borrowings ≥ ₹25 crore |
Yes |
| Private Companies | Any one: • Turnover ≥ ₹50 crore • Loans/borrowings ≥ ₹25 crore |
Yes |
| Exempt Entities | OPCs, Small Companies, and private companies below thresholds | No (Directors’ responsibility still applies) |
- Companies Act, 2013 requires the management of companies to only use an accounting software that has a feature of recording the Audit Trail and ensure that such logs have been operational throughout the year and cannot be disabled.
- Auditor's reporting responsibility in relation to Audit trail:
- The auditor must report on three aspects
- 1) Whether the accounting software has the feature of Audit Trail and the same has been in operation throughout the year and for all transactions;
- 2) Whether the feature of the Audit Trail has been tampered with; and
- 3) Whether the Audit Trail has been retained as per legal requirements.
- 9. Tax audit requirements apply where business turnover exceeds the prescribed threshold of INR 10 million (or INR 100 million relaxed limit subject to digital/cash transaction conditions)
- 10.In India, companies are allowed to follow a different statutory year-end than the fiscal year-end (31 March), provided they satisfy the condition of Section 2(41) of the Companies Act, 2013
Co-CEO - Professional Services, Entity Setup & Management and
Corporate Functions