If you run a company in India - Pvt Ltd, OPC, or public - your statutory audit for FY 2025-26 is about to be different. Not dramatically different on the surface (the auditor still comes, reviews your books, issues a report), but significantly different in what the auditor checks, how they verify it, and what they report.
The changes come from multiple directions simultaneously: the Corporate Laws (Amendment) Bill 2026 (introduced 23 March 2026), the ICAI’s 60-audit limit per partner (effective April 2026), the Income Tax Act 2025 (replacing the 1961 Act from April 2026), the mandatory audit trail in accounting software, tighter CARO 2020 reporting, and the Code on Social Security 2020’s impact on employee benefit provisions.
This blog is our CA team’s practitioner analysis of what actually changed, what it means for the statutory audit process, and what every business should prepare for.
What Is Statutory Audit and Why Does 2026 Matter?
A statutory audit is the mandatory annual audit of a company’s financial statements conducted by an independent Chartered Accountant under Section 143 of the Companies Act, 2013. Every company - Pvt Ltd, OPC, Section 8, Public - must undergo statutory audit regardless of turnover, profit, or loss.
The auditor examines: whether the financial statements give a true and fair view, whether the company has maintained proper books of accounts, whether the company has adequate internal financial controls, and specific matters required by CARO 2020 (Companies Auditor’s Report Order).
2026 matters because multiple regulatory changes converge in the same financial year - each affecting different aspects of the audit. The auditor’s workload increases, the company’s preparation requirements increase, and the areas of audit scrutiny expand. Businesses using statutory audit services (know more) get guidance on preparing for all these changes simultaneously.
Key Terms You Should Know
Corporate Laws (Amendment) Bill 2026: Introduced on 23 March 2026 by the Finance Minister. Amends the Companies Act 2013 and the LLP Act 2008. Currently referred to a Joint Parliamentary Committee (JPC). Key provisions: expanded small company definition, decriminalisation of 12+ offences, relaxed auditor appointment, CSR threshold increase, buyback flexibility, and IFSC currency flexibility.
ICAI 60-Audit Limit: From April 2026, each CA partner can conduct a maximum of 60 tax audits per year. The limit is per partner - not per firm. Cannot be shared or distributed among partners. Excludes presumptive taxation audits (44AD, 44ADA, 44AE). Revised reports do not reduce the count.
Income Tax Act 2025: Replaces the Income Tax Act 1961 from April 2026. All sections renumbered. Form 3CD (tax audit report) cross-references change. Tax audit under Section 44AB gets a new section number. TDS, TCS, and capital gains sections all renumbered.
Audit Trail (Edit Log): All companies must maintain accounting software with an audit trail feature that records every edit to any transaction - with timestamp, user ID, and the change made. The audit trail cannot be disabled. The statutory auditor must verify the audit trail and report on compliance.
CARO 2020: Companies Auditor’s Report Order - requires the auditor to report on 21 specific matters including loans, fixed assets, inventory, fraud, and pending litigation. For FY 2025-26, reporting on IFC, audit trail, and related-party transactions is more scrutinised.
Small Company (Expanded Definition): The Corporate Laws (Amendment) Bill proposes expanding the small company definition - higher paid-up capital and turnover thresholds. Small companies enjoy simplified compliance: no mandatory cash flow statement, no internal auditor requirement, and simplified board report.
Who Is Affected by the 2026 Statutory Audit Changes?
- Every Pvt Ltd and OPC that undergoes statutory audit (all companies, regardless of turnover)
- Public companies with enhanced CARO and IFC reporting
- Companies approaching or exceeding the tax audit threshold (Rs 1 crore / Rs 10 crore)
- Companies with employee benefits (gratuity, PF, ESIC) - affected by Code on Social Security wage definition changes
- Companies using accounting software - audit trail compliance verification
- Companies currently classified as ‘small companies’ - expanded definition may bring new companies under simplified compliance
- CA firms and individual CAs managing audit portfolios - the 60-audit limit affects capacity planning
For company registration (know more) and entity structure selection considering audit requirements, we advise on the optimal structure from Day 1.
The Ten Changes That Actually Affect Your Statutory Audit
Change 1: Corporate Laws (Amendment) Bill 2026 - Decriminalisation of Minor Offences
What changed: 12+ minor procedural offences under the Companies Act (late filing, minor documentation lapses) are being moved from criminal penalties to civil penalties. Previously, a director could theoretically face prosecution for a missed ROC filing deadline.
Audit impact: Auditors previously noted certain non-compliances as potential criminal liabilities in the audit report. With decriminalisation, these become civil penalties - changing the severity classification in the auditor’s reporting on compliance with laws and regulations. The auditor’s emphasis of matter paragraph shifts from criminal risk to financial penalty risk.
Change 2: Expanded Small Company Definition
What changed: The Bill proposes higher paid-up capital and turnover thresholds for small company classification. More companies will qualify as small companies.
Audit impact: Small companies enjoy simplified compliance: no mandatory cash flow statement (only balance sheet and P&L), no requirement for internal audit, and simplified board report. The statutory auditor’s scope is narrower for small companies. However, the audit itself is still mandatory - just the reporting requirements are simplified. Companies that newly qualify as ‘small’ should discuss the scope change with their auditor.
Change 3: CSR Threshold Increase from Rs 5 Crore to Rs 10 Crore
What changed: The mandatory CSR net profit threshold increases from Rs 5 crore to Rs 10 crore. Companies with net profit between Rs 5-10 crore will no longer be required to spend 2% on CSR.
Audit impact: The auditor currently verifies CSR spending (CARO Clause xxi). With the higher threshold, fewer companies require CSR audit verification. Companies just below Rs 10 crore should plan carefully - the transition year may create ambiguity about whether the old or new threshold applies.
Change 4: ICAI 60-Audit Limit Per Partner (April 2026)
What changed: Each CA partner can conduct maximum 60 tax audits per year. The limit cannot be pooled or shared. Previously, large firms distributed the firm-wide limit (all partners’ combined quota) unevenly - senior partners taking 80+ audits while juniors took fewer.
Audit impact: This is an indirect impact on statutory audit. Many CA firms that handle both statutory and tax audits will reallocate partners. Businesses may find that their ‘regular’ audit partner is no longer available because the partner has hit the 60-audit cap. Companies should confirm partner allocation early in the year. This change also creates opportunity for mid-sized CA firms that previously lost clients to large firms.
Change 5: Income Tax Act 2025 - Section Renumbering
What changed: The new Income Tax Act 2025 (effective April 2026) replaces the 1961 Act. Every section is renumbered. Section 44AB (tax audit) gets a new number. Section 80C, 80D, etc. - all renumbered. Form 3CD cross-references change.
Audit impact: The statutory auditor verifies income tax compliance as part of the audit (TDS, advance tax, IT provisions). All working papers that reference IT Act sections must be updated. Form 3CD (tax audit report, filed alongside statutory audit for eligible companies) must use new section numbers from FY 2026-27. For FY 2025-26 (ending March 2026), the old Act still applies - but the transition requires dual mapping. See our tax planning framework (know more) for the IT Act 2025 transition strategy.
Change 6: Mandatory Audit Trail in Accounting Software
What changed: MCA requires all companies to maintain accounting software with an edit log (audit trail) that records every change to every transaction. The audit trail cannot be disabled during the financial year.
Audit impact: This is one of the most significant practical changes. The statutory auditor must: (a) verify that the audit trail feature was enabled throughout the year, (b) check that the audit trail was not tampered with, (c) report on any period where the audit trail was disabled or not available, and (d) note the audit trail compliance status in CARO reporting. Companies using software without audit trail capability (older versions of Tally, Excel-based accounting) must upgrade before the audit. Companies that disabled the audit trail mid-year face a reportable qualification.
Change 7: CARO 2020 - Tighter Reporting for FY 2025-26
What changed: CARO clauses on internal financial controls, fraud reporting, and related-party transactions are being applied more rigorously. The MCA has signalled enhanced scrutiny of CARO reports filed with ROC.
Audit impact: Auditors will spend more time on: (a) IFC documentation review (does the company have documented controls for procurement, payroll, sales, and financial reporting?), (b) fraud and whistle-blower assessment (Section 143(12) reporting of fraud above Rs 1 crore to the Central Government), (c) related-party transaction verification (arm’s length pricing, board approval), and (d) loan covenant compliance verification.
Change 8: Code on Social Security 2020 - Impact on Employee Benefit Provisions
What changed: The Code (effective November 2025) redefines wages (50% rule), extends gratuity eligibility to fixed-term employees after 1 year, and standardises PF/ESIC wage bases.
Audit impact: The auditor verifies employee benefit provisions (gratuity, leave encashment, PF, ESIC) as part of Ind AS 19 compliance. For March 2026 financials: (a) gratuity liability increases due to the 50% wage rule (higher salary base) and 1-year FTE eligibility (more employees covered), (b) PF and ESIC contribution verification uses the new wage definition, (c) the actuarial valuation must reflect these changes as Past Service Cost in the P&L. For gratuity compliance details, see our gratuity compliance timeline (know more). For payroll management (know more) services covering PF, ESIC, and gratuity compliance, we handle the audit-readiness of all payroll items.
Change 9: UDIN (Unique Document Identification Number) Verification
What changed: ICAI mandates UDIN for all audit reports, certificates, and attestations. From 2026, enhanced verification ensures every audit report has a valid UDIN that can be cross-verified on the ICAI portal.
Audit impact: Companies receiving the audit report should verify the UDIN on icai.org before filing with ROC or income tax. Invalid UDIN = invalid audit report. The auditor must generate UDIN within 60 days of signing the report. This adds a procedural step but strengthens audit report authenticity.
Change 10: Relaxed Auditor Appointment Rules (Proposed in Bill)
What changed: The Corporate Laws (Amendment) Bill proposes simplifying auditor appointment procedures for certain company categories. This may include reducing the notice period for appointment or allowing appointment without requiring prior approval in specific cases.
Audit impact: Once enacted, this will reduce administrative friction in auditor appointment - particularly beneficial for small companies and startups that currently find the formal appointment process burdensome. However, auditor independence requirements remain unchanged.
What the Auditor Checks Differently in FY 2025-26
| Audit Area | Previous Approach | FY 2025-26 Approach |
|---|---|---|
| Audit trail in software | Checked if accounting software was capable of audit trail; not mandatory to verify usage | Must verify: (a) audit trail was enabled all year, (b) not tampered, (c) report any period of non-availability. Qualification if audit trail was disabled. |
| Gratuity provision | Verified actuarial valuation using old wage definition (basic + DA only) | Verify actuarial valuation reflects 50% wage rule + 1-year FTE eligibility. Past Service Cost recognised as one-time P&L charge. |
| PF/ESIC compliance | Standard verification of contributions deposited by 15th of each month | Additional verification: wage base aligned with Code on Social Security definition. 50% rule applied to PF/ESIC wage base. |
| CARO reporting - IFC | Documentation review; managements assessment accepted with limited testing | Enhanced testing of IFC: procurement, payroll, sales, financial reporting controls. Must be documented, not just verbal. |
| CSR verification | 2% of net profit for companies above Rs 5 crore | Threshold transitions to Rs 10 crore (once Bill is enacted). Transition-year assessment for Rs 5-10 crore companies. |
| IT Act compliance | Sections referenced from IT Act 1961 | FY 2025-26 still under 1961 Act. But: IT Act 2025 takes effect April 2026 - auditor prepares for dual-reference period. |
| Fraud reporting (Section 143(12)) | Report fraud above Rs 1 crore to Central Government | Enhanced scrutiny: MCA has indicated more follow-up on Section 143(12) reports. Auditors will be more conservative in fraud identification. |
Step-by-Step: How to Prepare for Your FY 2025-26 Statutory Audit
Step 1: Upgrade Accounting Software (Immediately). Ensure your accounting software has audit trail (edit log) enabled and was active for the entire FY 2025-26. If you switched software mid-year, ensure both systems have audit trail for their respective periods. If you used Excel for any accounting, convert to software with audit trail capability.
Step 2: Update Wage Definitions for Employee Benefits (By March 2026). Apply the 50% wage rule to gratuity, PF, and ESIC calculations. If allowances exceed 50% of CTC, the excess is added to Basic + DA for all statutory calculations. Update the actuarial valuation for gratuity to reflect the new base + 1-year FTE eligibility.
Step 3: Document Internal Financial Controls (Before Audit). Prepare written IFC documentation for: procurement cycle (PO to payment), sales cycle (order to collection), payroll cycle (salary processing to disbursement), and financial reporting cycle (journal entries to financial statements). The auditor will test these controls - they need to be documented, not just practiced informally.
Step 4: Assess Small Company Status. Check if your company qualifies as a small company under the proposed expanded definition. If it does, discuss simplified compliance options with your auditor. Note: the Bill is still with JPC - use the current definition for FY 2025-26 filing, but plan for the expanded definition.
Step 5: Prepare IT Act Transition Documentation. For the FY 2025-26 audit (which uses the 1961 Act), ensure all section references are correct. Separately, begin mapping 1961 Act sections to 2025 Act sections for FY 2026-27. The auditor will appreciate a company that has proactively prepared this mapping.
Step 6: Confirm Auditor Partner Allocation. Contact your CA firm and confirm which partner will conduct your statutory and tax audit. With the 60-audit limit, partner reshuffling is expected. Early confirmation prevents last-minute auditor changes.
Step 7: Complete GST Annual Return Before Audit. GSTR-9 and GSTR-9C (for turnover above Rs 5 crore) should be filed before the statutory auditor begins. The auditor cross-checks GST data with financial statements. Unreconciled differences create audit qualifications. For GST annual return preparation, see our GST annual return guide (know more). For GST audit (know more) and statutory audit coordination, we handle both as an integrated service.
Documents Required for FY 2025-26 Statutory Audit
- Audited financial statements (Balance Sheet, P&L, Cash Flow, Notes to Accounts)
- Trial balance and general ledger for the full year
- Audit trail report from accounting software (full-year edit log)
- Bank statements and bank reconciliation for all accounts (as at 31 March 2026)
- Fixed assets register with additions, disposals, and depreciation schedule
- Inventory valuation report (with methodology and count records)
- Debtors and creditors ageing analysis
- Related-party transaction details with arm’s-length justification
- Actuarial valuation report for gratuity (reflecting 50% wage rule and FTE eligibility)
- PF, ESIC, PT, TDS monthly challan receipts and return filing confirmations
- GST return filing status (GSTR-1, 3B, 9, 9C) with reconciliation
- Internal financial controls documentation (procurement, sales, payroll, reporting cycles)
- Board resolutions and minutes for the financial year
- ROC filing status (annual return MGT-7/7A, financial statements AOC-4)
- CSR spending report (if applicable - net profit > Rs 5 crore or Rs 10 crore post-Bill)
- Income tax advance tax challans and TDS compliance certificates
- Loan agreements and covenant compliance documentation
- UDIN verification for previous year’s audit report (for continuity reference)
Timeline: Statutory Audit Calendar for FY 2025-26
| Milestone | Activity | Deadline |
|---|---|---|
| 31 March 2026 | Financial year ends. Books of accounts must be closed. Audit trail must have been active for entire year. | 31 March 2026 |
| April 2026 | Draft financial statements prepared. Actuarial valuation completed. Bank reconciliations finalised. Fixed asset register updated. | 30 April 2026 |
| May-June 2026 | Statutory auditor conducts fieldwork. Audit trail verified. IFC tested. CARO matters examined. Tax audit (if applicable) prepared. | 30 June 2026 |
| July-August 2026 | Audit report signed. UDIN generated. Financial statements finalised. | Before AGM date |
| September 2026 | AGM held (within 6 months of year-end). Financial statements adopted. Filed with ROC (AOC-4 within 30 days of AGM). | 30 September 2026 |
| 30 September 2026 | Tax audit report filed (Form 3CA/3CB + 3CD) for companies requiring tax audit. Form 3CEB for international transactions. | 30 September 2026 (or extended date) |
| 31 December 2026 | GSTR-9/9C (GST annual return) filed. Auditor cross-references GST data. | 31 December 2026 |
Cost Impact: What the Changes Mean for Audit Fees
| Company Size | Typical FY 2024-25 Audit Fee | Expected FY 2025-26 Fee | Why the Increase |
|---|---|---|---|
| Small Pvt Ltd (turnover < Rs 2 Cr) | Rs 25,000-50,000 | Rs 30,000-60,000 (+15-20%) | Audit trail verification + IFC documentation review. But small company relaxations may offset partially. |
| Mid-size Pvt Ltd (turnover Rs 2-50 Cr) | Rs 75,000-2,00,000 | Rs 90,000-2,50,000 (+15-25%) | Audit trail + enhanced CARO + employee benefit provision verification (50% rule) + IFC testing. |
| Large Pvt Ltd / Public (turnover > Rs 50 Cr) | Rs 3,00,000-10,00,000+ | Rs 3,50,000-12,00,000+ (+15-20%) | All changes apply. ICAI partner allocation constraints may affect pricing. Transfer pricing + IT Act 2025 mapping adds complexity. |
Note: The fee increase is driven by genuine additional audit work - not fee inflation. Companies that prepare thoroughly (audit trail ready, IFC documented, actuarial valuation updated) can reduce audit time and potentially negotiate the increase.
Common Mistakes Businesses Make During 2026 Statutory Audit
Mistake 1: Audit trail not enabled for the entire year. If your accounting software’s edit log was disabled even for one month, the auditor must report this. Solution: verify the audit trail is active on Day 1 of the financial year. Check quarterly.
Mistake 2: Gratuity provision using old wage definition. The actuarial valuation must use the Code on Social Security wage definition (50% rule). If your actuary used the old definition, the provision is understated - the auditor will flag this as a misstatement.
Mistake 3: IFC documentation exists only verbally. The auditor needs written documentation: process flow, authorisation matrix, segregation of duties, and exception handling. Verbal descriptions are not auditable.
Mistake 4: Assuming the Corporate Laws (Amendment) Bill is already law. The Bill is with JPC as of March 2026. The expanded small company definition and CSR threshold changes are NOT yet enacted. Use current definitions for FY 2025-26 filing. Plan for the new definitions once enacted.
Mistake 5: Not confirming auditor partner availability under the 60-audit limit. If your regular audit partner has hit the 60-limit, a different partner (potentially less familiar with your business) will conduct the audit. Confirm in April to avoid surprises in August.
Penalties for Statutory Audit Non-Compliance
| Non-Compliance | Penalty | Legal Provision |
|---|---|---|
| Not conducting statutory audit | Company: Rs 25,000 to Rs 5,00,000. Every officer in default: Rs 10,000 to Rs 1,00,000. | Section 147 Companies Act 2013 |
| Not filing financial statements with ROC | Company: Rs 1,000/day until filed. Director: Rs 1,00,000 + Rs 100/day until filed. (Proposed to be decriminalised under the Bill.) | Section 137 Companies Act 2013 |
| Tax audit not conducted (Section 44AB) | 0.5% of turnover or Rs 1,50,000 (whichever is lower). | Section 271B Income Tax Act |
| Audit trail not maintained in software | Reportable matter in audit report. Non-compliance with MCA proviso to Section 128. Can lead to regulatory scrutiny. | Proviso to Rule 3(1) of Companies (Accounts) Rules |
| Non-filing of CARO report | Part of the statutory audit report. If CARO clauses are not addressed, the audit report is incomplete - ROC may reject filing. | CARO 2020 (Order under Section 143(11)) |
| Auditor non-compliance (UDIN not generated) | ICAI disciplinary proceedings against the auditor. Audit report may be deemed invalid. | ICAI Guidelines on UDIN |
How Statutory Audit Connects with Tax Audit, GST Audit, and Payroll Compliance
The statutory audit for FY 2025-26 intersects with: (1) Tax audit (Section 44AB) - if the company’s turnover exceeds Rs 1 crore (or Rs 10 crore with 95% digital transactions), a separate tax audit is required. The statutory and tax auditor can be the same CA. Form 3CD cross-references financial statement data verified in the statutory audit. (2) GST compliance - the statutory auditor verifies GST ITC claimed in the books against GSTR-2B. GSTR-9/9C data must reconcile with financial statements. (3) Payroll compliance - PF, ESIC, PT, TDS, and gratuity provisions verified during statutory audit. The 50% wage rule change affects multiple payroll items simultaneously.
Key Takeaways
The 2026 statutory audit is not a single change - it is a convergence of multiple regulatory changes: Corporate Laws (Amendment) Bill, ICAI 60-audit limit, Income Tax Act 2025, mandatory audit trail, enhanced CARO, and Code on Social Security.
The three most impactful changes for most companies are: (a) mandatory audit trail verification (upgrade your software now), (b) employee benefit provision recalculation under the 50% wage rule (update your actuarial valuation), and (c) IFC documentation requirements (document your internal controls).
The Corporate Laws (Amendment) Bill 2026 is with JPC as of March 2026 - not yet enacted. Use current definitions for FY 2025-26. Plan for expanded small company definition and CSR threshold changes once the Bill passes.
The ICAI 60-audit limit affects audit availability. Confirm your audit partner allocation early. Mid-size CA firms gain opportunity as large-firm partners hit capacity limits.
Budget 10-20% more time for audit preparation. The additional work (audit trail verification, IFC testing, employee benefit recalculation) is genuine and cannot be shortcut. Companies that prepare thoroughly can reduce the audit fee impact.
Need Statutory Audit Services Under the New 2026 Rules?
Our CA team handles the complete FY 2025-26 statutory audit - including audit trail verification, CARO compliance, IFC assessment, employee benefit provision review, and tax audit coordination.
Explore our statutory audit services (know more) for comprehensive audit and assurance across Pune, Mumbai, Delhi, Bangalore, and all-India.
For queries, reach out at +91 945 945 6700 or WhatsApp us directly.
