Audits Under the Companies Act 2013 –
Statutory, Internal, ICFR, Secretarial, Cost Audit & Fraud Reporting
Audits under the Companies Act 2013 cover the full audit ecosystem applicable to every Indian company. The Act prescribes statutory audit under Sections 139 to 148, internal audit under Section 138, ICFR audit under Section 143(3)(i), secretarial audit under Section 204, and cost audit under Section 148 — every covered company runs a calendar of multiple audits each year.
Overview
End-to-End Audit Coverage Under the Companies Act 2013
N D Savla & Associates handles every audit type under the Companies Act 2013 for listed companies, public companies, large private companies, and group entities across Maharashtra and pan-India. We run statutory audits, internal audits, ICFR engagements, secretarial audit support, and CARO 2020 reporting under one integrated team — so the full annual audit calendar moves on a single coordinated workplan.
The Framework
The Companies Act 2013 Audit Framework
The Companies Act 2013 contains the most comprehensive audit framework in Indian corporate law. Chapter X covers audit and auditors with detailed provisions on appointment, powers, duties, and reporting. Each audit type is designed for a specific governance purpose, and together they deliver multi-angle assurance on the company's health:
- Statutory audit — true-and-fair-view assurance on financial statements (Sections 139–148)
- Internal audit — ongoing operational and compliance review (Section 138)
- ICFR audit — internal controls over financial reporting (Section 143(3)(i))
- Secretarial audit — Companies Act and other corporate-law compliance (Section 204)
- Cost audit — cost records of specified industries (Section 148)
- CARO 2020 reporting — additional auditor-report paragraphs under Section 143(11)
- Section 143(12) fraud reporting — reportable fraud findings to the Central Government
Applicability
Which Companies Need Which Audits?
Audit applicability follows distinct thresholds by company type, paid-up capital, turnover, and borrowings. Statutory audit applies to almost every company. Internal audit, ICFR, secretarial, and cost audit each carry their own triggers under Rule 13 of the Companies (Accounts) Rules 2014 and connected provisions:
- Statutory audit — almost all companies; first AGM appointment under Section 139, ADT-1 filing within 15 days
- Internal audit — every listed company; unlisted public companies with paid-up capital ≥ ₹50 cr, turnover ≥ ₹200 cr, loans ≥ ₹100 cr, or deposits ≥ ₹25 cr; private companies with turnover ≥ ₹200 cr or loans ≥ ₹100 cr
- ICFR audit — all companies except OPCs, small companies, and exempt private companies (turnover < ₹50 cr AND borrowings < ₹25 cr per MCA notification GSR 583(E))
- Secretarial audit — every listed company; public companies with paid-up capital ≥ ₹50 cr or turnover ≥ ₹250 cr
- Cost audit — specified manufacturing and regulated industries (cement, steel, sugar, fertilisers, pharmaceuticals etc.) above prescribed turnover thresholds
- CARO 2020 — all companies except those specifically exempted (small, OPC, etc.)
- Section 143(12) fraud reporting — every audited company; ADT-4 to the Central Government for fraud above ₹1 crore
Listed companies typically face all five audit types simultaneously; large unlisted public companies face most of them. Our team begins every engagement with a comprehensive applicability scan so no compliance trigger is missed.
Core Audit Pillars
Statutory Audit & Internal Audit — The Two Foundations
Statutory audit and internal audit are the two foundational engagements every applicable company must run each year. Their purposes are distinct, but findings flow between them — and both feed the Audit Committee and the Board.
Statutory Audit Under Sections 139 to 148
Section 139 governs auditor appointment — five-year term at the first AGM, with mandatory firm rotation every ten years and partner rotation every five years for listed companies. Section 143 prescribes auditor duties including true-and-fair-view, accounting standards compliance, books of account adequacy, and ICFR. The audit report must address every CARO 2020 paragraph and any Section 143(12) fraud finding. Our engagements include rotation tracking, ADT-1 compliance, and full Section 143 coverage.
Internal Audit Under Section 138
Internal audit is the ongoing operational and compliance review that reports directly to the Audit Committee. Scope covers operations, controls, risk management, and compliance — assessing governance effectiveness across the financial year. Internal audit findings often feed downstream into ICFR audit and statutory audit conclusions. Our team builds risk-based audit plans aligned with Audit Committee priorities, so every engagement delivers high-leverage governance assurance rather than routine ticking.
Audit Types
The Six Audit Streams Under the Companies Act
Beyond statutory and internal audit, three further audit types complete the framework — alongside CARO 2020 reporting and Section 143(12) fraud reporting that sit within the statutory audit itself. Large companies often run all of these in parallel each year.
Independent external audit on financial statements; Section 143 reporting with true-and-fair-view, accounting standards compliance, and ICFR.
Ongoing operational and compliance review reporting to the Audit Committee; risk-based methodology aligned to governance priorities.
Auditor's certification on internal controls over financial reporting using the COSO 2013 framework — RCM design, TOD, and TOE.
Form MR-3 by a Practising Company Secretary covering Companies Act, SEBI regulations, FEMA, labour laws, and stamp duty compliance.
Form CRA-3 by a Cost Accountant in practice for specified manufacturing and regulated industries above prescribed turnover thresholds.
Sec 143(11) CARO paragraphs on fixed assets, related parties, statutory dues, borrowings; Sec 143(12) fraud reporting in Form ADT-4.
Liability & Compliance
The Auditor & Director Liability Framework
The Companies Act 2013 imposes significant accountability for audit failures. Every engagement runs against a backdrop of statutory consequence — for both the auditor and the Board. Our methodology is built around the five accountability anchors below.
Section 147 Auditor Penalties
Penalty ranges from ₹25,000 to ₹5 lakh or four times the audit fee — whichever is less. Wilful default attracts up to ₹25 lakh and imprisonment up to one year. Rigorous quality control prevents every such consequence.
Director Liability Under Sections 166 & 134
Directors carry parallel liability — Section 166 imposes fiduciary duties of good faith and due care; Section 134 makes directors responsible for the financial statements. Fraudulent acts attract Section 447 with imprisonment up to 10 years.
Section 143(12) Fraud Reporting
Fraud above ₹1 crore is reported by the auditor to the Central Government in Form ADT-4. Smaller fraud is reported to the Audit Committee or Board. This obligation cannot be waived through the engagement letter.
CARO 2020 Comprehensive Reporting
Companies (Auditor's Report) Order 2020 supplements Section 143 with detailed paragraphs covering fixed assets, inventory, related parties, statutory dues, bank borrowings, and undisclosed income. Every paragraph is addressed systematically.
Integrated Annual Audit Calendar
From Q1 appointment and ADT-1 filing through Q3 ICFR walkthroughs and Q4 substantive procedures, our team coordinates every audit stream so reports are issued on time for Board approval, AGM, and AOC-4 / MGT-7 ROC filings.
Frequently Asked Questions
Audits Under the Companies Act – FAQs
Annual Audit Calendar Coming Up? Run Every Audit Under One Coordinated Team.
N D Savla & Associates handles statutory, internal, ICFR, secretarial, and cost audit coordination plus CARO 2020 and Section 143(12) reporting — all aligned to one annual calendar. Reach out to discuss your company's audit requirements.
Ready to plan your Companies Act 2013 audit calendar?
Talk to our team about statutory, internal, ICFR, secretarial, and cost audit coordination — under one integrated workplan.
Get in TouchF.A.Q.
Multiple audits potentially apply depending on company type and size. Specifically, statutory audit applies to almost every company. Additionally, internal audit, ICFR audit, secretarial audit, and cost audit each have their own applicability thresholds. Furthermore, listed companies typically face all five audit types simultaneously. Moreover, large unlisted public companies face most types. Therefore, our Tax Health Check team begins every engagement with a comprehensive applicability mapping.
Statutory audit and internal audit serve distinct purposes. Specifically, statutory audit is an independent external audit on financial statements under Sections 139-148. Additionally, statutory audit results in the auditor’s report on true-and-fair-view. Furthermore, internal audit under Section 138 is an ongoing operational and compliance review reporting to the Audit Committee. Moreover, our Statutory Audit and Internal Audit teams handle both engagements. Therefore, they complement rather than substitute each other.
ICFR audit under Section 143(3)(i) applies to all companies with limited exemptions. Specifically, MCA notification GSR 583(E) dated 13 June 2017 exempts One Person Companies, small companies, and private companies with turnover below ₹50 crore AND borrowings below ₹25 crore. Additionally, the exemption falls away if the company defaults in Section 137 or 92 filings. Furthermore, listed and most public companies always face ICFR audit. Moreover, our ICFR Audit and IFC Support engagement covers the complete COSO framework.
Each audit type requires specific professional qualifications. Specifically, statutory audit and ICFR audit must be conducted by a Chartered Accountant. Additionally, secretarial audit must be conducted by a Practising Company Secretary. Furthermore, cost audit must be conducted by a Cost Accountant in practice. Moreover, internal audit can be conducted by a CA, CMA, or even an internal team of qualified professionals. Therefore, the auditor’s qualification matches the audit’s scope.
CARO 2020 is the Companies (Auditor’s Report) Order 2020 issued under Section 143(11). Specifically, it requires the statutory auditor to report on additional matters in the audit report. Additionally, CARO covers fixed assets, inventory, related-party transactions, statutory dues, fraud, and many more areas. Furthermore, CARO 2020 expanded paragraphs on bank borrowings and undisclosed income compared to earlier orders. Moreover, every statutory audit completes a comprehensive CARO checklist. Therefore, CARO compliance forms a major part of modern audit work.
Section 143(12) prescribes a clear fraud-reporting protocol. Specifically, fraud above ₹1 crore is reported by the auditor to the Central Government in Form ADT-4. Additionally, smaller fraud is reported to the Audit Committee or Board. Furthermore, this reporting obligation cannot be waived or modified through the audit engagement letter. Moreover, our team applies rigorous fraud risk assessment in every audit. Therefore, structured fraud-detection procedures form a core audit discipline.
Independence rules limit which combinations are possible. Specifically, the statutory auditor cannot also serve as internal auditor of the same company. Additionally, the statutory auditor of a listed company cannot perform certain non-audit services restricted under Section 144. Furthermore, our firm maintains strict independence boundaries to ensure compliant engagement combinations. Moreover, our team can serve as statutory auditor with a separate firm handling internal audit. Therefore, comprehensive coverage is achievable through coordinated firm relationships.
