Trusted by 10,000+ Businesses

Internal Audit Service in India: Mandate, Process and Expert CA Support

Reviewed by CA and CS Team, Patron Accounting LLP ICAI & ICSI Registered| 15+ Years Experience| Last Updated: Verify Credentials →

Section 138 Mandatory: Mandatory under Section 138, Companies Act 2013 for listed companies and prescribed private and public companies

Risk-Based Approach: Covering financial controls, operational efficiency, compliance, and fraud detection using risk-prioritised methodology

Expert CA-Led Team: Cross-industry experience across manufacturing, IT, NBFC, retail, healthcare, and e-commerce sectors

Pan-India Coverage: Four offices in Pune, Mumbai, Delhi, and Bengaluru delivering outsourced and co-sourced internal audit solutions

500+ clients | 1,000+ audit cycles completed | 4 offices across India

Call +91 945 945 6700 Email Us WhatsApp Us
15+ YearsIndustry Experience
CA & CSCertified Experts
4.9
Based on 500+ reviews

Get Free Consultation

Talk to a CA/CS expert today

🇮🇳 +91

Our team will get back to you shortly. No spam.

100% Secure No Spam Quick Response

Real Stories from Real People

Hear how teams across industries use Patron to save time, cut costs, & stay in control.

Fetching latest Google reviews…
Patron Accounting's internal audit team transformed our compliance posture. Their Audit Committee-ready reports gave our Board real confidence in our internal controls.
CF
CFO
Listed Manufacturing Company, Pune
★★★★★
2 months ago
We were struggling with Section 138 compliance as a newly listed company. Patron set up the entire internal audit framework from scratch and completed our first cycle on time.
CS
Company Secretary
Newly Listed NBFC, Mumbai
★★★★★
3 months ago
The fraud risk review uncovered a vendor payment irregularity worth INR 18 lakhs. Their forensic approach and swift action saved us significantly.
MD
Managing Director
Mid-Size Retail Chain, Delhi
★★★★★
1 month ago
Patron Accounting conducts our quarterly internal audit across all business units. Their MAP Tracker ensures our corrective actions are completed on schedule, not just documented.
VP
VP Finance
IT Company, Bengaluru
★★★★★
4 months ago

Join 10,000+ Satisfied Businesses

Join 500+ companies who trust Patron Accounting for risk-based internal audit services.

Talk to an Expert
10,000+Businesses ServedGST compliance and litigation support across India.
15+Years ExperienceDeep expertise in IP registration, GST & business compliance.
50,000+Documents FiledReturns, appeals, and filings handled accurately.
4.9★Client RatingTrusted by entrepreneurs, startups, and growing businesses.
ISO CertifiedProfessional standards and documented processes.
SSL SecureYour financial and business data is fully protected.

Internal Audit Service - Overview

📌 TL;DR - Internal Audit Services at a Glance

Internal audit under Section 138, Companies Act 2013 is mandatory for listed companies, unlisted public companies meeting prescribed thresholds, and private companies with turnover of INR 200 crore or more or borrowings exceeding INR 100 crore. The internal auditor must be a CA, CMA, or other professional approved by the Board. Non-compliance attracts penalty under Section 450. Patron Accounting provides risk-based internal audit starting at INR 9,999.

Internal audit is an independent, objective assurance and consulting activity that helps organisations improve operations, manage risk, and maintain strong governance. Under Section 138 of the Companies Act 2013, specific classes of companies are legally required to appoint a qualified internal auditor. For many others, internal audit is a strategic choice that protects assets and drives efficiency.

Patron Accounting's internal audit team combines regulatory expertise with a risk-based methodology to deliver findings that are practical, actionable, and directly aligned with your business objectives. Our engagement includes Charter preparation, Audit Committee-ready reports, and Management Action Plan tracking.

Content is reviewed quarterly for accuracy.

What is Internal Audit?

Internal audit is a risk management and governance function independently performed to provide management and the board with objective assurance that internal controls, compliance systems, and operational processes are working effectively. It is performed at the direction of management and is distinct from statutory or external audit.

Under ICAI Standards on Internal Audit (SIA), internal audit encompasses evaluation of financial controls, operational procedures, compliance with laws and regulations, and safeguarding of assets. The internal auditor reports findings to the Audit Committee or Board and recommends improvements without being responsible for implementing them.

Key Terms for Internal Audit:

Internal Audit vs Statutory Audit - Internal audit is voluntary or mandated by Section 138, focuses on risk and operational controls, and is conducted for management. Statutory audit is mandatory for all companies, focuses on financial statement accuracy, and the auditor issues an opinion for stakeholders.

Co-sourced vs Outsourced - Co-sourced means a CA firm supplements the in-house team. Outsourced means the entire function is conducted by an external firm. Both are permissible under Rule 13.

Risk-Based Audit - Prioritises audit resources on areas of highest business risk rather than following a fixed checklist. Aligned with ICAI SIA and IIA framework.

Section 144(b) - Statutory auditor cannot be appointed as internal auditor - independence must be maintained.

Section 450 - Penalty for non-compliance: INR 10,000 initial + INR 1,000 per day continuing default.

HIGH MED LOW S.138 Internal Audit
Section 138 Companies Act 2013

Who Must Get Internal Audit Done - Section 138 Applicability

1. All Listed Companies - Every company listed on any recognised stock exchange must appoint an internal auditor. No threshold criteria.

2. Unlisted Public Companies - Any One Criterion:

  • Turnover of INR 200 crore or more in preceding FY
  • Paid-up share capital of INR 50 crore or more
  • Outstanding bank loans/borrowings exceeding INR 100 crore at any point
  • Outstanding deposits of INR 25 crore or more

3. Private Companies - Either Criterion:

  • Turnover of INR 200 crore or more in preceding FY
  • Outstanding bank loans/borrowings exceeding INR 100 crore

Exemptions: OPCs, small companies (paid-up capital below INR 50 lakhs and turnover below INR 2 crores), and dormant companies are exempt. Companies below thresholds may voluntarily commission internal audit.

Patron Accounting's Internal Audit Services

ServiceWhat We Do
Risk-Based Internal AuditComprehensive audit of financial controls, operational processes, IT systems, and compliance using risk-prioritised approach aligned with ICAI SIA standards
Section 138 Compliance AuditStructured annual or periodic engagement specifically to meet mandatory Section 138 requirements with complete Audit Committee reporting
Outsourced Internal Audit FunctionEnd-to-end management of the internal audit function for companies preferring full outsourcing to an external CA firm
Co-sourced Internal AuditSupplementary audit support for companies with in-house teams needing specialised expertise in IT audit, fraud investigation, or regulatory compliance
Process and Operational AuditFocused review of specific business processes - procurement, inventory, payroll, accounts payable/receivable - to identify inefficiencies
Fraud Risk AssessmentIdentification of fraud risks, investigation of red flags, and development of preventive controls to protect company assets
Our Process

7-Step Internal Audit Process

Aligned with ICAI SIA Standards and IIA Global Standards. Section 138 mandates reporting to the Board. Rule 13, Companies (Accounts) Rules 2014 specifies scope formulation by Audit Committee in consultation with internal auditor.

Step 1

Scope and Objective Setting

The Audit Committee or Board defines audit scope, areas, frequency (quarterly, half-yearly, or annual), and reporting lines. Documented in a formal Internal Audit Charter.

Charter preparedScope defined
Charter Set01
Step 2

Risk Assessment and Audit Planning

Comprehensive risk assessment identifies business risks by function - finance, operations, HR, IT, procurement, compliance. Risk-ranked audit plan prepared prioritising high-risk areas.

Risks rankedPlan approved
HIGHMEDLOW
Risk Mapped02
Step 3

Audit Fieldwork and Evidence Collection

Review records, test controls, conduct process walkthroughs, interview staff, sample transactions, and verify compliance with Section 138 and applicable regulations.

Fieldwork completeEvidence collected
Verified03
Step 4

Observation and Gap Analysis

Findings documented with risk ratings (High/Medium/Low), root cause analysis, and potential financial or compliance impact. Each observation benchmarked against applicable law and best practice.

Gaps identifiedImpact assessed
HM
Analyzed04
Step 5

Draft Report and Management Response

Draft internal audit report shared with management for response. Management's corrective action commitments recorded against each observation.

Draft reviewedResponses recorded
Approved05
Step 6

Final Report to Audit Committee

Finalised report with management responses presented to Audit Committee or Board as required under Section 138, Companies Act 2013.

Report submittedBoard informed
ACSUBMITTED
Reported06
Step 7

Follow-Up and Closure

Track implementation of recommendations in the MAP Tracker across subsequent audit cycles. Ensure agreed corrective actions completed on schedule.

MAP trackedActions closed
Closed07

Documents Required for Internal Audit

DocumentPurpose
Incorporation documents + most recent financial statementsEntity background and financial overview
Board resolutions appointing internal auditor and defining scopeMandate and authority documentation
Previous internal audit reports + management action plansContinuity and follow-up verification
Organisational chart + list of key processesAudit universe and risk mapping
ERP / accounting system accessTransaction testing and data analytics
Significant contracts, vendor/customer agreementsCommercial risk and compliance review
GST returns, TDS challans, income tax filingsTax compliance verification
Bank statements + loan schedulesFinancial exposure assessment
HR records: payroll data, attendance, employee registersPayroll audit and HR compliance
Fixed asset register + inventory recordsAsset verification and stock audit
Internal policies, SOPs, process manualsControl framework assessment
Regulatory notices, pending legal mattersContingent liability and compliance risk

4 Common Internal Audit Challenges and Solutions

ChallengeImpactHow Patron Accounting Solves It
Management resistance or limited cooperationAudit seen as adversarialStructured onboarding, clear communication of audit value, and confidential management feedback channels ensure cooperation at all levels
Rapidly changing regulatory environmentAudit scope becomes outdatedDedicated compliance team tracks amendments to Companies Act, SEBI regulations, GST laws, and ICAI standards continuously
Limited in-house audit expertiseCannot build team cost-effectivelyFull outsourcing model provides CA-qualified team with no in-house investment in staffing, training, or audit software
Audit findings not acted uponRecommendations remain on paperManagement Action Plan (MAP) Tracker with defined timelines and follow-up audit rounds ensures implementation

Internal Audit Fees in India 2026

Fee ComponentAmount
SME Annual Internal Audit (single cycle, 2-3 areas)INR 25,000 per cycle
Mid-Size Quarterly Audit (4 cycles/year, 5-8 areas)INR 75,000 per quarter
Outsourced Internal Audit Function (complete)Custom quote based on scope
Fraud Risk InvestigationINR 50,000 onwards
IT / Systems AuditINR 40,000 per engagement
Patron Accounting Professional FeesStarting from INR 9,999 (Exl GST and Govt. Charges)

All fees and charges listed are indicative only and do not constitute a binding offer. Final amounts may vary depending on the volume of work and the complexity involved.

Professional service charges for drafting, filing, and representation are separate from the statutory fees. The exact fee depends on the complexity of the case, disputed amount, and number of hearings required. Contact us for a detailed quote.

Get a free Internal Audit consultation - Call +91 945 945 6700 or WhatsApp us. No-obligation assessment.

How Long Does Internal Audit Take?

StageEstimated Timeline
SME single-cycle annual audit (basic scope)5-10 business days
Mid-size company quarterly cycle10-15 business days per cycle
Large company comprehensive risk-based audit3-6 weeks per cycle
Fraud investigation (targeted)2-4 weeks
IT / Systems audit1-2 weeks per engagement
Internal Audit Charter setup (first engagement)5-7 additional business days

Important: First engagements require additional time for Charter preparation and risk assessment setup. Patron Accounting uses a project management approach to minimise disruption to day-to-day operations.

Key Benefits

Why Outsource Internal Audit to Patron Accounting?

Section 138 Compliance

Fulfil mandatory obligations and avoid Section 450 penalties (up to INR 10,000 initial + INR 1,000/day continuing default).

Independent Findings

External CA firm delivers bias-free observations unlike in-house staff who may face organisational pressure.

Cost Efficiency

Eliminates cost of hiring, training, and retaining dedicated audit staff, software licences, and infrastructure.

Fraud Prevention

Risk-based methodology identifies fraud red flags before they escalate, protecting shareholders and management.

Operational Improvement

Process audits uncover inefficiencies, cost leakages, and control gaps that translate directly into bottom-line savings.

Cross-Industry Expertise

Experience across manufacturing, IT/ITES, NBFC, retail, healthcare, construction, e-commerce, and NGO sectors.

Why Businesses Trust Patron Accounting

500+ Clients | 1,000+ Audit Cycles | 15+ Years Experience | Offices in Pune, Mumbai, Delhi, Bengaluru | 4.8/5 Client Rating | 10+ Industries Served

In-House Internal Audit vs Outsourced to Patron Accounting

FactorIn-House Internal AuditOutsourced to Patron Accounting
CostHigh - salary, benefits, training, softwareCost-effective - pay per scope, no fixed overhead
IndependenceRisk of management influence on findingsFully independent CA firm - objective reporting
Expertise DepthLimited to individual auditor's backgroundCross-industry CA team with specialist expertise
Regulatory CurrencyDependent on individual's continuing educationTeam tracks regulatory changes continuously
ScalabilityFixed capacity - cannot scale for complex auditsFlexible team size based on audit scope
Section 138 ComplianceMeets requirements if auditor is qualifiedFull Charter, reporting, MAP Tracker included
Board/Audit Committee ReportingVariable qualityStandardised Audit Committee-ready reports

Related Audit and Compliance Services

  • Statutory Audit Services - mandatory external audit for all companies under Companies Act 2013. Independent from internal audit per Section 144(b).
  • Tax Audit Services - Section 44AB audit for businesses above turnover thresholds. Coordinated with internal audit.
  • GST Audit Services - GST compliance review and GSTR-9C reconciliation. Often bundled with internal audit scope.
  • Secretarial Audit Services - Section 204 company law compliance audit. Complements internal audit governance scope.
  • Private Limited Company Compliance - comprehensive annual compliance including MCA filings and board meetings.

Legal Framework - Internal Audit in India

Law / StandardSectionProvision
Companies Act 2013Section 138(1)Mandates appointment of internal auditor for prescribed classes. Auditor may be CA, CMA, or other professional as decided by Board.
Companies Act 2013Section 144(b)Statutory auditor cannot be appointed as internal auditor - maintains independence of external audit.
Companies Act 2013Section 450Penalty: INR 10,000 initial + INR 1,000 per day for continuing default. Compoundable offence.
Companies (Accounts) Rules 2014Rule 13Specifies classes of companies requiring internal audit. Scope and methodology formulated by Audit Committee/Board in consultation with internal auditor. Effective 1 April 2014.
ICAI SIA StandardsSIA 1-20Standards on Internal Audit governing scope, methodology, documentation, and reporting.
SEBI LODR 2015Regulation 18Audit Committee of listed companies to review internal audit findings. Reports submitted to Audit Committee.

External Authority Link: Companies Act 2013 - Section 138 (CAIRR)

Frequently Asked Questions About Internal Audit

Get answers to common questions about internal audit applicability, auditor eligibility, penalties, and the audit process under Section 138.

Quick Answers

What is internal audit? Independent assurance activity evaluating internal controls, risk management, and governance to help management improve operations.

Under which section is it required? Section 138, Companies Act 2013, read with Rule 13, Companies (Accounts) Rules 2014.

Turnover limit for private companies? INR 200 crore or more, or bank borrowings exceeding INR 100 crore.

Can statutory auditor do internal audit? No. Section 144(b) prohibits this to maintain independence.

Patron Accounting starting fee? INR 9,999 (Exl GST and Govt. Charges).

Crossed the Section 138 Threshold? Act Now

If your company meets any Section 138 mandatory criteria based on the preceding financial year, compliance is required immediately.

  • Turnover crossed INR 200 crore: Internal auditor appointment mandatory
  • Bank borrowings exceeded INR 100 crore: Compliance triggered immediately
  • IPO or listing on stock exchange: Internal audit required from listing date
  • Section 450 penalty: INR 10,000 initial + INR 1,000 per day for continuing non-compliance

Call +91 945 945 6700 or WhatsApp us for a free compliance review.

Start Your Internal Audit Engagement - Starting at INR 9,999

Internal audit is no longer just a statutory box to tick. For businesses operating in India's compliance-sensitive environment, a well-structured internal audit function is a competitive advantage. It prevents fraud, identifies cost leakages, strengthens governance, and builds credibility that investors and lenders demand.

Patron Accounting's internal audit team brings CA-qualified expertise, cross-industry experience, and a risk-based methodology that goes beyond compliance to deliver measurable business value. Whether you need to meet mandatory Section 138 requirements or elevate an existing audit function, we provide the Charter, the reports, and the follow-through your Audit Committee can rely on.

Book a Free Consultation - No Obligation.

Internal Audit Services Across India

Get your mandatory Section 138 internal audit done by expert CAs at Patron Accounting offices across India.

Internal Audit Service by City
Expert Section 138 compliance from Patron Accounting
Pune
Maharashtra
Mumbai
Maharashtra
Delhi
NCR
Gurugram
Haryana
Bangalore
Karnataka
Chennai
Tamil Nadu
Hyderabad
Telangana
Kolkata
West Bengal
Related Services
End-to-end audit and compliance services
Statutory Audit
India
Tax Audit Service
India
GST Audit Service
India
Secretarial Audit
India
Pvt Ltd Compliance
India
Appointment of Auditor
India

Content Created: March 2026  |  Last Updated:  |  Next Review: April 2027  |  Reviewed By: CA & CS Team, Patron Accounting LLP

This page is reviewed annually to reflect amendments to Section 138, Rule 13, ICAI SIA revisions, SEBI LODR changes, and MCA notification updates. Freshness Tier 2 - Annual Review.

10,000+
Happy Clients

Helping businesses stay compliant and stress-free.

15+
Years Experience

Deep expertise in GST, Income Tax, ROC & business compliance.

50,000+
Documents Filed

Returns, registrations, and filings handled accurately.

4.9★
Client Rating

Trusted by entrepreneurs, startups, and growing businesses.

ISO
Certified

Professional standards and documented processes.

SSL
Secure

Your financial and business data is fully protected.