INTERNAL AUDIT

INTRODUCTION

Internal audit is a corporation department or entity responsible with conducting unbiased, independent examinations of systems, business organizations, and procedures. An internal audit department's role is to give an independent source of information to an organization's senior management and governing bodies about the following:

• The dangers that the organization faces
• Environment Control
• Operational Efficiency
• Observance of applicable laws and regulations

Internal Auditing Requirements Under Section 138 of the Companies Act, 2013

Legislative Context

Section 138 of the Companies Act, 2013 outlines the requirement for certain companies to undertake internal audits of their functions and activities. The clause emphasizes the importance of conducting internal audits by an internal auditor selected by the company. The method of conducting internal audits is to be prescribed by the Central Government.

GOAL, SCOPE & FUNCTION OF INTERNAL AUDIT

GOAL:

Internal audits seek to uncover gaps within the organization's processes and control environment so that they can be addressed as soon as feasible to avoid harm to the organization or its stakeholders. As a result, an organization's internal audit plan should be risk-driven, or customized to investigate the areas that pose the greatest danger to the company. An internal audit strategy should also include a component of an organization's strategic needs. Likewise, each internal audit purpose should be consistent with the audit plan.

SCOPE:

Internal Audits –

Compliance;

 Governance;

Internal Controls;

Process Improvement;

Risk Management;

External audits- of financial reports and internal financial reporting controls.

FUNCTION:

• Its actions should be overseen by the CEO or Board of Directors through its Audit Committee.
• Internal Audit members must be free of internal politics and unbiased in order to offer leadership with an objective source of information.
• Internal Audit collaborates with management to systematically review control actions over essential systems and processes, as directed by the Audit Committee.
• Internal audits are commonly used to describe the reviews conducted by Internal Audit. These audits may include an examination of a company's internal controls over corporate information.
• Internal controls in corporate governance, accounting, financial reporting, and IT general controls may be examined as part of these audits. Internal audits may also include assessing the effectiveness/efficiency of essential business processes such as supply chain management.
• Internal auditors are individuals who work in Internal Audit. Internal auditors may be in charge of all parts of a corporation or specialize according to their skill sets.

WHO CONDUCTS INTERNAL AUDIT

Internal Audits - Internal auditors, who are often firm employees, conduct internal audits. Companies that lack the necessary expertise or staff may outsource this to a third party.

External audits- are performed by external auditors, who are often members of a CPA firm. To preserve objectivity, external auditors and the firm they work for must be independent of the entity being audited.

TO WHOM IS THE AUDIT REPORTED?

Internal audits - Board of Directors and management members

External audits- are performed on shareholders and members from outside the company.

WHAT ARE THE DIFFERENT TYPES OF INTERNAL AUDITS?

While internal audits cover a large component of the organization's internal controls over financial reporting as they relate to generally accepted accounting principles (GAAP) affecting their financial statements. Many businesses also acknowledge the need for evaluations or audits that are not related to accounting or finance. Compliance (i.e., regulatory), environmental, information technology, operational, and performance audits are some of these main areas.

1. COMPLIANCE AUDITS -determine if laws, rules, policies, and procedures are being followed. Some of these restrictions may have a major financial impact on the company. Noncompliance with some laws, such as the Foreign Corrupt Practices Act (FCPA) or the General Data Protection Regulation (GDPR), can result in millions of dollars in fines or bar a corporation from doing business in certain jurisdictions.
2. ENVIRONMENTAL AUDITS-determine the environmental impact of a company's operations. They might also evaluate the company's adherence to environmental rules and regulations.
3. INTERNAL FINANCIAL AUDITS -can be undertaken to recalculate internal financial reporting for the company as a whole, budgets, capital assets, or projects. These can also be used to validate and verify billing, expenditures, or expense reimbursements.
4. INFORMATION TECHNOLOGY -audits examine information systems and the underlying infrastructure to assure the accuracy of their processing, the security and confidentiality of customer information or intellectual property, and the availability of support services. They will usually involve an evaluation of general IT controls such as logical access, change management, system operations, and backup and recovery.
5. OPERATIONAL AUDITS -evaluate the organization's control mechanisms for overall effectiveness and dependability.
6. PERFORMANCE AUDITS- determine whether the organization is fulfilling the metrics established by management in order to achieve the Board of Directors' goals and objectives.

AS PER COMPANIES ACT 2013

As per the Companies Act, 2013, internal auditing is defined as an independent, objective assurance and consulting activity that enhances the operations of an organization by adding value. Internal auditing assists companies in achieving their goals by systematically evaluating and enhancing the efficiency of risk management, control, and governance systems.

Company Classification and Appointment of Internal Auditor

Section 138(1) categorizes companies based on certain criteria and mandates the appointment of an internal auditor. The appointed internal auditor must be a chartered accountant, cost accountant, or another professional decided upon by the company's Board. Rule 13 further outlines the specific criteria for companies that must appoint an internal auditor or a firm of internal auditors:

• Listed Companies and Producer Companies: Mandatory internal audit for all listed companies.
• Unlisted Public Companies: Criteria include a paid-up capital of 50 crore rupees or more, a turnover of 200 crore rupees or more, outstanding loans and borrowings exceeding 100 crore rupees, and outstanding deposits of 25 crore rupees or more.
• Every Private Company: Criteria similar to unlisted public companies.

  ---

  Compliance and Punishment

Companies meeting the specified criteria must comply with Section 138 and Rule 13 within six months of the section's implementation. The section doesn't outline specific punishment provisions; instead, the penalties of Section 450 apply in case of violation. For contraventions, both the company and any defaulting officials can be penalized with fines up to Rs. 10,000, with an additional fine of Rs. 1,000 per day if the violation persists. Offenses under this section are compoundable as per the provisions of Section 441 of the Act.

In summary, Section 138 of the Companies Act, 2013, underscores the importance of internal audits for certain companies, ensuring systematic assessment and enhancement of internal controls, risk management, and governance systems.

ADVANTAGES OF INTERNAL AUDITING

Internal audit is technically a cost center in a firm; it does not produce income. A good internal audit function, on the other hand, can be critical to any organization's survival and development. Internal auditors, unlike external auditors, assess concerns other than financial statement reporting risk, such as the organization's reputation, operational efficiency, strategic growth, environmental impact, and employee treatment. Objective evaluations of an organization's processes and performance can provide useful insight that individuals who conduct or oversee the actual operations are unable to notice because to the paradigm or constrained perspective that comes with being a part of the activity being evaluated.