Internal Audit Services in India –
Section 138 Compliance, ICFR Support & Risk-Based Reviews
Mid-size and large companies face growing operational complexity every year. Sound internal audit services are no longer optional. Section 138 of the Companies Act, 2013 mandates internal audit for specified classes of companies. Even smaller businesses use internal audit to catch leakage, plug control gaps, and protect cash flow.
Overview
Risk-Based Internal Audit Services Across India
We deliver risk-based internal audit services across India at N D Savla & Associates. Our internal audit firm covers Section 138 internal audit compliance, ICFR support, fraud-risk reviews, and process-level testing. Every engagement aligns with the ICAI Standards on Internal Audit and the Three Lines of Defence model.
Our internal audit India team brings practical risk insight rather than a checklist exercise. Our work cross-links naturally with statutory audit, GST audit, and income tax audit cycles.
The Service
What Internal Audit Actually Does
Internal audit is an independent, objective review of financial, operational, and compliance processes inside a company. Its purpose is to evaluate the effectiveness of internal controls, risk management, and governance. Internal audit services protect the business from preventable losses long before the statutory audit catches them.
The work follows the ICAI Standards on Internal Audit (SIAs) and supports management responsibility under Section 134(5)(e) of the Companies Act, 2013. Every Section 138 internal audit must produce a written report to the Audit Committee or the Board. The internal audit firm acts as the management's eyes inside the operations.
Statutory Framework
Section 138 Internal Audit — Applicability for FY 2025-26
Section 138 of the Companies Act, 2013, read with Rule 13 of the Companies (Accounts) Rules, 2014, prescribes who must appoint an internal auditor. Every company should check whether it falls inside Section 138 internal audit scope each year. Below is the working applicability framework.
| Type of Company | Threshold That Triggers Internal Audit | Reference |
|---|---|---|
| Listed Company | Always required — no threshold applies | Section 138 + Rule 13(1)(i) |
| Unlisted Public Company | Paid-up capital ≥ ₹50 crore, OR turnover ≥ ₹200 crore, OR outstanding loans/borrowings from banks ≥ ₹100 crore at any time during the previous FY, OR outstanding deposits ≥ ₹25 crore | Rule 13(1)(ii) |
| Private Company | Turnover ≥ ₹200 crore during the previous FY, OR outstanding loans/borrowings from banks/PFIs ≥ ₹100 crore at any time during the previous FY | Rule 13(1)(iii) |
| Producer / OPC / Section 8 / Other | Not mandated under Section 138 — but voluntary internal audit services often used for governance | Best Practice |
| LLPs and Partnership Firms | No statutory mandate — voluntary engagement only | Best Practice |
Coverage Areas
Scope of Our Internal Audit Services
Our internal audit services follow a risk-based audit plan. The plan covers financial, operational, compliance, and IT control areas. The scope is reviewed every year based on changes in business, risk environment, and Audit Committee priorities.
Financial Process Review
We test the core financial cycles — Procure-to-Pay, Order-to-Cash, Payroll, Treasury, and Financial Close. We sample journal entries, vendor payments, receivables, and bank reconciliations.
Our internal audit firm catches duplicate payments, unauthorised journal entries, and revenue cut-off errors.
Operational and Process Audit
We audit operational processes — procurement, inventory, manufacturing, dispatch, and customer service. We compare actual practice against documented SOPs.
This work integrates with our BPR practice when redesign is needed.
Compliance Audit
Compliance audit covers GST, TDS, Income Tax, FEMA, labour laws, and industry-specific licences. Internal audit services flag late filings, wrong rate applications, and exposure to penalty before the regulator does.
The compliance calendar review prevents repeat issues year on year.
Fraud Risk and Forensic-Style Review
Our internal audit India team performs targeted fraud-risk reviews. We test segregation of duties, vendor master integrity, expense reimbursement patterns, and ghost employee risk.
Where indicators emerge, the engagement escalates to forensic investigation.
ICFR / IFC Support
Internal audit services routinely test design and operating effectiveness of internal financial controls under Section 134(5)(e) and Section 143(3)(i).
We use a Risk Control Matrix to map every control to a financial assertion.
IT and ERP Controls
We review user access, segregation in ERP roles, master data integrity, and audit trail logs. Our internal audit firm supports the Companies Act audit-trail requirement under Rule 3(1).
We also cover spreadsheet controls and report integrity.
Our Approach
Our Internal Audit Methodology
We follow a structured four-step methodology aligned with ICAI Standards on Internal Audit. Every internal audit India engagement runs on a clear plan that the Audit Committee can sign off in advance.
Risk Assessment and Audit Plan
We map business processes to risks. We rank risks by likelihood and impact. Subsequently, we draft a risk-based annual audit plan. The plan goes to the Audit Committee for approval before fieldwork begins.
Process Walkthroughs and Control Mapping
We walk through each in-scope process with the responsible owner. We document the actual practice, identify key controls, and update the Risk Control Matrix. Control gaps surface even before formal testing begins.
Testing and Sampling
We test controls using statistical and judgemental sampling. Tests cover authorisation, segregation, reconciliation, and exception monitoring. Data analytics tests cover full populations for high-volume areas.
Reporting and Follow-up
We issue a clear report with findings, root cause, and management action plan. The report goes to the Audit Committee. We track every action item to closure in the next quarter — driving measurable improvement.
Key Differences
Internal Audit vs Statutory Audit — Quick Comparison
Many businesses confuse internal audit with statutory audit. However, the two serve very different purposes. The table below compares both at a glance.
| Aspect | Internal Audit | Statutory Audit |
|---|---|---|
| Purpose | Evaluates internal controls, processes, and risk management | Reports a true and fair view of financial statements |
| Frequency | Continuous — quarterly, monthly, or rolling cycles | Annual — at year-end |
| Reports To | Audit Committee or Board of Directors | Members (shareholders) of the company |
| Mandate Source | Section 138 of Companies Act 2013 + Rule 13 | Section 139 of Companies Act 2013 |
| Auditor Eligibility | CA, Cost Accountant, or any other qualified professional decided by the Board | Only Chartered Accountant in practice |
| Standards Followed | ICAI Standards on Internal Audit (SIAs) | Standards on Auditing (SAs) |
| Coverage | Operations, compliance, fraud risk, financial process, IT, ICFR | Financial statements and disclosures |
Value Delivered
Benefits of a Strong Internal Audit Function
Robust internal audit services pay for themselves several times over. The value goes well beyond Section 138 internal audit compliance. Below are the most concrete benefits our internal audit India clients see year on year.
- Early detection of control failures — issues surface during quarterly audits, not at year-end
- Reduced fraud and revenue leakage — segregation of duties testing prevents repeat losses
- Stronger ICFR for statutory audit — IFC testing reduces statutory audit time and queries
- Improved compliance — calendar tracking eliminates late filings and avoidable penalties
- Better data for management — periodic reports give the Board real visibility into operations
- Audit Committee confidence — independent assurance supports director responsibility under the Companies Act 2013
- Investor and lender comfort — a credible internal audit firm strengthens due diligence outcomes
Applicability
Industries and Entity Types We Serve
Our internal audit India practice serves a wide spread of sectors. Every engagement is tailored to the sector's risk profile and reporting needs.
Full Section 138 internal audit aligned with SEBI LODR governance requirements.
Rule 13 internal audit services with quarterly Audit Committee reporting.
Section 138 internal audit with operational, inventory, and warehouse audit coverage.
Risk-based internal audit India practice aligned with RBI master directions and concurrent audit cycles.
Voluntary internal audit firm engagement to professionalise controls before due diligence.
Donor-grade internal audit India coverage for grant utilisation and FCRA compliance.
Why N D Savla & Associates
Why Choose Us as Your Internal Audit Firm
Mid-size and large companies choose our internal audit services for four reasons. First, every engagement is led by a qualified Chartered Accountant — no junior-only fieldwork. Second, our internal audit firm follows ICAI Standards on Internal Audit, not generic checklists.
Third, we deliver findings with root cause and management action plans. The Audit Committee gets a clear path to closure, not just a list of issues. Fourth, our internal audit India team integrates Section 138 internal audit with adjacent services — statutory audit, ICFR, GST audit, and forensic review — under one accountable partner.
Related Services
Related Audit and Risk Advisory Services
Our wider practice supports every audit and risk-advisory need. Integrated coordination saves time across overlapping engagements.
Audit & Assurance Services
Statutory and assurance work for businesses across multiple statutes.
Audit Under Companies Act
Statutory audit under Section 139 and reporting under Section 143.
ICFR Audit & IFC Support
Internal financial controls testing under Section 134(5)(e) and 143(3)(i).
Risk Control Matrix (RCM)
Process-by-process control mapping aligned to financial assertions.
SOP Implementation
Documented standard operating procedures for every key process.
Business Process Reengineering
Process redesign where audit findings indicate structural gaps.
Concurrent Audit Services
Real-time transaction-level audit for banks, NBFCs, and high-volume cycles.
Stock Audit Services
Independent stock and inventory verification — bank-mandated and voluntary.
GST Audit
Independent GST audit for ITC reconciliation and GSTR-9C support.
Income Tax Audit
Section 44AB tax audit with Form 3CA, 3CB, and 3CD coverage.
White Collar Investigation
Forensic investigation when internal audit findings indicate fraud.
Corporate Governance
Board-level governance, DOA frameworks, and policy design.
Frequently Asked Questions
Internal Audit Services – FAQs
Looking for a Reliable Internal Audit Firm? Build Stronger Controls With N D Savla & Associates.
End-to-end internal audit services across India for listed, unlisted, and private companies. Section 138 internal audit · ICFR & IFC support · Process audit · Compliance audit · Fraud risk review · Audit Committee reporting.
Ready to strengthen your internal controls?
Talk to our internal audit team about Section 138 compliance, ICFR support, and risk-based reviews for FY 2025-26.
Get in Touch
