CA
Tax Tutor
A

Section 138 — Internal Audit

Think of internal audit as the company's own in-house health check — a continuous process of reviewing whether the business is following its own rules, managing risks, and keeping its finances in order. Section 138 makes this mandatory for certain companies, so it is no longer optional even if the promoters feel everything is running smoothly.

Who must appoint an internal auditor? Not every company — only prescribed classes of companies as defined under Rule 13 of the Companies (Accounts) Rules, 2014. The trigger conditions are: listed companies; unlisted public companies with paid-up share capital ≥ ₹50 crore OR turnover ≥ ₹200 crore OR outstanding loans/borrowings from banks/FIs ≥ ₹100 crore OR outstanding deposits ≥ ₹25 crore; and private companies with turnover ≥ ₹200 crore OR outstanding loans/borrowings ≥ ₹100 crore. If a company crosses any one of these thresholds, it is in. This is asked frequently as a 4-mark question — memorise the thresholds.

Who can be appointed? The internal auditor must be a Chartered Accountant (whether in practice or not), a Cost Accountant, or any other professional the Board decides is suitable — so even an MBA or engineer could qualify if the Board resolves it. Crucially, the internal auditor can be an employee of the company or an outside firm. The Central Government has the power to prescribe the manner and intervals of conducting the audit and how findings are reported to the Board. In practice, the Audit Committee (where it exists) or the Board itself sets the scope, frequency, and format of internal audit reports.

📊 Worked example

Example 1 — Does Rajesh & Co. Pvt. Ltd. need an internal auditor?

Rajesh & Co. Pvt. Ltd. has the following financials for FY 2024-25:

  • Paid-up share capital: ₹10 crore
  • Turnover: ₹185 crore
  • Outstanding bank loan: ₹110 crore
  • Fixed deposits from public: ₹5 crore

Step 1: Check each threshold for a private company.

  • Turnover ₹185 crore < ₹200 crore ❌
  • Outstanding loans ₹110 crore ≥ ₹100 crore ✅

Step 2: Even one condition being met is sufficient.

Answer: Yes, Rajesh & Co. Pvt. Ltd. must appoint an internal auditor under Section 138.

---

Example 2 — Who can be appointed as internal auditor at Meera Textiles Ltd. (listed)?

Meera Textiles Ltd. is a listed company. The Board is considering three candidates:

  • Mr. Sharma — CA (not in practice, works as Finance Manager in a sister company)
  • Ms. Iyer — ICWA / Cost Accountant in practice
  • Mr. Kapoor — MBA Finance, no professional qualification

Step 1: Listed companies must appoint under Sec 138. ✅

Step 2: CA (whether in practice or not) → Mr. Sharma qualifies ✅; Cost Accountant → Ms. Iyer qualifies ✅; Mr. Kapoor — only if the Board passes a resolution deciding his profession is suitable ✅ (permissible but rare in practice).

Answer: All three can be appointed, but Mr. Kapoor requires a specific Board resolution. Most exam answers should cite CA or Cost Accountant as the standard answer.

⚠️ Common exam mistakes

  • Don't confuse internal auditor with statutory auditor. Students write that only a CA in practice can be appointed — that rule applies to statutory audit (Sec 141). For internal audit, a CA who is not in practice also qualifies.
  • Don't say all companies must have an internal auditor. Only prescribed classes crossing specific thresholds are covered. Stating it as a universal requirement will lose marks.
  • Don't forget that even one threshold is enough. Students try to check if a company meets all conditions simultaneously. It is an OR condition — cross any single threshold and the section applies.
  • Don't mix up the thresholds for private vs. unlisted public companies. Private companies have only two triggers (turnover and loans); unlisted public companies have four (paid-up capital, turnover, loans, deposits). Writing the wrong set in the exam is a common error.
  • Don't ignore the Board's role in reporting. Students write that internal audit reports go to the Audit Committee only. The section says 'reported to the Board' — the Audit Committee gets involved through Rules, but the Board is the statutory recipient mentioned in the Act itself.
📖 Bare Act text — Section 138, Companies Act 2013 (click to expand)
(1) Such class or classes of companies as may be prescribed shall be required to appoint an internal auditor, who shall either be a chartered accountant or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the company. (2) The Central Government may, by rules, prescribe the manner and the intervals in which the internal audit shall be conducted and reported to the Board.
Test yourself
Practice questions on this section, AI-graded with citations.
⚡ Practice now →