An internal audit is an analysis of a business that’s intended to identify opportunities to add value for stakeholders and improve operations. These audits can include processes, procedures, operations, current economic conditions, established controls, company culture, ethics, and product and service quality. They can assess any risks the business faces. The auditors make any recommendations for improvements after the analysis.

As per the provisions of Section 138 of the Companies Act, 2013, with rule 13 of the Companies (Accounts) Rules, 2014, specific organizations or companies have an internal audit applicability under the Companies Act 2013. Below, we have given those companies that must appoint an internal auditor,

• All Listed Companies: Every company listed on a stock exchange in India is required to have an internal audit function.
• Unlisted Public Companies: Unlisted public companies meeting any of these criteria during the previous financial year also need an internal audit:
  • Turnover of ₹200 Crore or more.
  • Paid-up share capital of ₹50 Crore or more.
  • Outstanding loans/borrowings exceeding ₹100 Crore from banks/financial institutions at any point.
  • Outstanding deposits exceeding ₹25 Crore at any point.
• Internal audit applicability for Private Companies: Private companies meeting any of the following criteria in the preceding financial year can do the internal audits:
  • Turnover of ₹200 Crore or more.
  • Outstanding loans/borrowings exceeding ₹100 Crore from banks/financial institutions at any point.

Note: Even if your company doesn't fall under the mandatory criteria, an internal audit function can offer significant benefits, such as improved risk management, better compliance, and enhanced stakeholder trust. The table below concisely captures the companies and their criteria for internal audit applicability,

Internal Audit Types:

• Auditing operations: An operational audit evaluates the efficiency of an enterprise's internal operations and activities. It assesses how money, time, and labour are hired to satisfy the organisation's goals. The goal is to find inefficiencies, delays, and possibilities for higher productivity.
• Compliance Audit: A compliance audit refers to the process done to check that an organisation adheres to all applicable laws, regulations, guidelines, and standards of its industry. The audits help businesses avoid legal penalties, reputational damage, and financial losses by ensuring all processes and policies align with legal requirements and internal standards.
• Financial Audit: A financial audit ensures the credibility and validity of an organisation's financial transactions, statements, and records. It verifies whether financial reporting complies with predetermined accounting standards such as GAAP (Generally Accepted Accounting Principles) or IFRS (International Financial Reporting Standards). Through such an audit, fraud, misstatements, or errors are detected, and transparency and credibility are provided in financial reporting.
• IT Audit (Information Systems Audit): An IT audit checks an organisation's information generation infrastructure, including cybersecurity, statistics management, and gadget controls. It guarantees that IT systems are reliable, secure, and compliant with records protection coverage. IT audits enable organisations to protect against cyber attacks, data breaches, and unauthorised access, protecting confidential business and customer data.
• Environmental Audit: An ecological audit quantifies an organisation's environmental impact and degree of compliance with environmental policies. It computes pollution control, energy consumption, waste management, and environmental activities. Environmental audits help businesses minimise ecological impact, enhance corporate social responsibility, and adhere to government environmental regulations.
• Forensic Audit: A forensic audit is a specific audit to examine financial fraud, embezzlement, or illegal activity in an organisation. It studies transaction history, financial records, the history of transactions, and internal controls to identify fraudulent activities. The results of forensic audits are typically used as proof in court and corporate investigations, understanding organisations to correct mistakes and increase financial security.
• Performance Audit: A performance audit evaluates how well and efficiently an organisation achieves its strategic goals. It regularly performs resource performance audits, analyses key performance indicators (KPIs), and assesses the company's overall performance. To guarantee accountability, effective resource use, and continuous improvement in service delivery, performance audits are routinely carried out in government agencies, non-profit organisations, and big businesses.

Internal Audit offers several advantages to businesses:

• Independence and Unbiased Opinion: Being conducted by a third-party, Internal Audit provides an unbiased assessment of the business, enabling auditors to offer impartial opinions and recommendations to the management for improvement.
• Customizable Focus: Internal Audit can be tailored to address specific areas of concern or focus that management wants to verify, providing flexibility in meeting the organization’s needs and priorities.
• Risk Mitigation: Internal Audit plays a crucial role in identifying and mitigating risks associated with non-compliance, clerical errors, and fraud. By proactively identifying these risks, businesses can take appropriate measures to prevent or minimize their impact.
• Efficiency Improvement: Through the check points and evaluations conducted during Internal Audit, businesses can identify areas for improvement and enhance operational efficiency. This leads to streamlining processes, reducing redundancies, and optimizing resource allocation.
• Financial Reliability and Integrity: Continuous improvement through Internal Audit helps establish financial reliability and integrity within the organization. By identifying and rectifying weaknesses or gaps in financial processes, businesses can ensure accurate reporting, compliance with regulations, and trustworthiness in financial matters.
• Compliance with Laws and Regulations: Internal Audit ensures that businesses adhere to the laws and regulations of the land, such as the Company Act, Income Tax, VAT, GST, Excise, Labor law, and others. This helps organizations avoid penalties, legal issues, and reputational damage.
• Establishing Procedures: Internal Audit assists in the establishment and documentation of procedures, policies, and controls. This formalized framework enables businesses to maintain consistency, transparency, and accountability in their operations.

Overall, Internal Audit acts as a valuable tool for businesses, providing insights, recommendations, and assurance to management, while helping to mitigate risks, improve efficiency, and ensure compliance with laws and regulations.

The key deliverables of an Internal Audit process typically include:

• Audit Plan: A comprehensive audit plan outlining the scope, objectives, and timelines of the audit.
• Audit Findings: A detailed report documenting the audit findings, including any non-compliance, deficiencies, or weaknesses in controls, processes, or procedures identified during the audit.
• Recommendations: Clear and actionable recommendations provided to management on how to address the identified issues and improve the organization’s operations, processes, and controls.
• Audit Report: A formal report summarizing the audit process, objectives, findings, and recommendations. The report may also include an executive summary, background information, methodology used, and any limitations encountered during the audit.
• Risk Assessment: A documented assessment of risks and vulnerabilities within the organization, highlighting areas that require attention and mitigation.
• Compliance Documentation: Verification and documentation of the organization’s compliance with relevant laws, regulations, and internal policies.
• Follow-up Reports: If applicable, follow-up reports may be delivered to track the progress of implementing the recommended actions and to ensure that the identified issues are effectively addressed.
• Communication and Presentation: Effective communication of audit findings, recommendations, and reports to key stakeholders, including management, board members, and relevant departments within the organization.
• Training and Awareness Materials: Provision of training and awareness materials to enhance the understanding of internal controls, compliance requirements, and risk management within the organization.
• Ongoing Support and Consultation: Continued support and consultation to management in implementing the recommended improvements, addressing any queries or concerns, and providing guidance on risk management and compliance matters.

The specific deliverables may vary depending on the organization’s requirements, the scope of the audit, and the objectives of the Internal Audit process. It is important to customize the deliverables to meet the unique needs and expectations of each organization.