Overview
The business environment today is becoming increasingly competitive and aggressive given the complex legal & regulatory framework required to be followed by the start-ups. Irrespective of the success and growth of the business, it is always exposed to a certain level of risk throughout its life, but what really differentiates a start-up from its competitors is having proper control systems in their place and their strategies towards deal with the potential threats. Speaking of internal control systems, one key approach to ensure good governance over the business activities and keep the stakeholders well-informed is an internal audit.
Internal audits have been always known to help start-up businesses effectively to get a clear picture of their business operations, with current risks & challenges. Though audits are principally considered to be part of bigger business organizations, however, the truth is even smaller organizations can benefit equally from them. Considering the fact the even smallest risks could bring an entire start-up down, internal audits could help the start-ups to understand their business and potential risks to timely overcome and improve rise their business policies and mechanisms, to achieve their business & organizational goals sooner.
Hence, Internal Audit is an independent function that involves a periodical & continuous examination of the functioning of a business organization with the primary intent to review processes and suggest improvements thereby helping start-ups to add value to their organization. It helps the start-up to assess the effectiveness of internal controls and tools of risk management implemented within the organization. Further, these audits not only help start-ups to bring positive changes, but they also help businesses to improve businesses and their underlying processes while making your business clients and stakeholders about the financial well-being of your start-up.
Internal Audit- Meaning & Purpose
Internal audit refers to an independent process of undertaking examination, review, and suggesting improvements through evaluation of the internal control processes, general corporate practices, processes, and methods. As provided above, an internal audit supports secure compliances with all the applicable rules & regulations on a start-up, helping to prepare accounts and records as per the applicable legal requirements and reporting.
For instance, a start-up may have a certain set of rules for managing rules for operations, such as placing orders, accepting deliveries, and making payments. Internal audits may also help to know whether the employees adhere to the internal operational standards.
The aims & objectives of the Internal Audit include the following-
i. To review the trustworthiness and integrity of the financial and operating information of an enterprise.
ii. To examine the measures applied to identify, measure, classify and report financial and operating information
iii. To warrant that there is an adequate economic and efficient use of resources available;
iv. To ensure that the start-up is compliant with policies, plans, procedures, laws, and regulations applicable to the company.
v. To ensure that there is an adequate internal control system in place including an effective accounting control system in the start-up.
vi. To verify the existence of assets and the means to review the means of safeguarding these assets
vii. To ensure that there exists a system in place to ensure that all foremost risks are appropriately identified and analyzed.
Applicability of Internal Audit
Rule 8 of The Companies (Meeting of the Board and its power), Rules 2014 prescribes the business entities that should compulsorily conduct an internal audit for which an internal auditor must be appointed by the Board of Directors through a board resolution passed at a valid board meeting either conducted physically or by audio-video as provided under S. 179(3) of the Companies Act 2013. Not only this, section 117 of the Act, the board resolution so passed must be filed with the ROC in MGT-14 within 30 days from passing the resolution. However, the requirement of filling resolution to the ROC shall not apply in the case of a private company.
Further, it shall be the responsibility of the Audit Committee of the Company or the Board of Directors to formulate the scope, functioning, periodicity, and methodology for conducting the internal audit.
Though, an internal audit could be conducted annually or quarterly as no specific time frame for conducting an internal audit has been prescribed, it is generally recommended to conduct an internal audit every quarter as it gives an assurance that all the compliances are being monitored properly with no frauds or deviations within the system.
Speaking of the eligible business entities, an internal audit is compulsory for all Listed and Producer companies even whether they meet the eligibility criteria or not. Rule 13 of the Companies (Accounts) Rules, 2014, provides for the following classes of companies that are mandated to appoint an internal auditor or a firm of internal auditors:
| Name of the Business Entity | Applicability |
| i. Every Public Company | Listed |
| ii. Unlisted Public Company | · Holding a paid-up share capital of Rs. Fifty crores or more during the immediately preceding financial year, or
· Having a turnover of Rs. Two Hundred crores or more during the immediately preceding financial year; or · Having outstanding loans or borrowings from banks or financial institutions with a balance exceeding Rs. One Hundred Crores at any point of time during the immediately preceding financial year; or · Having outstanding deposits of Rs. Twenty-Five crores or more at any point of time during the immediately preceding financial year |
| iii. Private Company | · Having a turnover of Rs. Two Hundred crores or more during the immediately preceding financial year; or
· Having outstanding loans or borrowings from banks or financial institutions with a balance exceeding Rs. One Hundred crores at any point of time during the immediately preceding financial year |
Who can undertake an Internal Audit?
Thus, the requirement of having a proper internal control system and adequate risk management tools has led to the creation of several positions within a start-up such as a regulatory compliance officer and compliance manager positions for an internal auditor.
An internal auditor is appointed under the provisions of S.138 of the Companies Act 2013 with the purpose to ensure the organization conforms to stringent & complex legal mandates. By qualification though, such an internal auditor could be a Chartered Accountant (CA) or a Cost Accountant, Company Secretary, or any other similar person as decided by the Board of Directors of the company for the purposes of internal auditing of the start-up’s business operations and activities.
While he is appointed by the Board of Directors of the company, he may or may not be an employee of the organization. However, it is necessary to understand that a statutory auditor appointed under the provisions of section 139 shall not be eligible to provide services as an internal auditor either directly or indirectly to the start-up company or its subsidiary or holding company.
How to appoint an internal auditor for the company?
Provided below is the procedure to be followed by start-up companies to appoint an internal auditor-
i. Obtain written consent -To be eligible for an appointment as an internal auditor, the company shall obtain written consent from the proposed new auditor.
ii. Send a notice of the Board meeting- Hold a valid board meeting by sending an advance intimation of the meeting to every director for the appointment of the internal auditor.
iii. Pass Board Resolution & file resolution – Pass an ordinary resolution for the appointment of the internal auditor by filling form MGT-14 with ROC within 30 days of passing the resolution.
iv. Send a letter of intimation – A letter of appointment of the auditor must be sent to the newly appointed internal auditor providing for the terms & conditions of his engagement.
Once the internal auditor is appointed he shall carry out an internal audit he shall draft the audit report providing his findings and review the accuracy of findings by discussing it with the management and issue his final report. He shall have access and authority to inspect the minutes of the board and minutes of any board committee (such as the audit committee) as well as of the minutes of General Meetings of the company, as he deems necessary for the fulfillment of his responsibilities.
What are the key responsibilities of an Internal Auditor?
The roles & responsibilities of an internal auditor might vary from function to function. However, provided below are some key roles & responsibilities of the internal auditor-
i. Assessing internal controls in the organization
An internal auditor helps the organization evaluate the effectiveness of risk management and internal control implemented in the start-up organization and suggest an improvement. Since the success of any organization depends on how effectively they manage risks, the auditor shall check upon the effectiveness of business operations, corporate governance processes, risk management, and systems of internal control across an organization. They provide the management and the board of directors insight into the operative effectiveness with which the activities are being carried out within the regulatory framework.
ii. Suggesting improvement in financial controls to the management –
The internal auditor helps in the management & improvement of the financial controls of an organization for better use of resources. If a manager is concerned about any particular area of responsibility, he could help the organization identify improvements.
iii. Assessing controls and advice all level managers-
As the scope of services of an internal auditor is wide enough to cover the area from the mailroom to the boardroom in the start-up organization, he undertakes evaluation of risks from the ground level and provides advisory to the managers & board of directors by reporting on the implementation of management policies at another level.
iv. Performing Risk Evaluation
The internal auditor shall identify all risks that may affect the well-being of the organization and anticipate possible future concerns and opportunities and finally offer assurance, advice, and insight whenever required.
v. Examining operations and approving information–
Every business organization seeks to strive hard while managing its valuable organizational resources, systems, processes, and people. Thus, internal auditors work closely with managers to examine & review operations before and reporting their findings.
vi. Coordination with other assurance providers-
Finally, the internal auditors also play an important role in coordinating with other assurance providers to assure the executive management and the board’s audit committee that risks are being managed effectively such as a statutory auditor or cost auditor, etc.
Primary Duties of the Internal Auditor
Provided below are some of the key roles played by an internal auditor in ensuring the success of an organization-
i. The internal audit shall strive to attend all the meetings with an intent to understand business mechanisms and issues that need consideration.
ii. To determine the position of the organization’s compliance with relevant rules and regulations.
iii. To investigate frauds through a fraud risk assessment that uses fraud deterrence principles and report it to the management & regulatory authorities.
iv. To understand and offer advice as an objective source of independent advice to help the organization to meet its objectives & goals.
v. To study, learn and understand the organization’s policy and guidelines.
vi. To identify the scope of audit and development of annual plans within the organization.
vii. To gather, analyze, evaluate and present accounting documentation, reports, data, and flowcharts.
viii. To conduct audits and undertake to follow up on audits to monitor the management’s intervention.
ix. To support and offer guidance to management on how to handle new opportunities.
x. To manage a variety of stakeholders and their expectations through regular communications.
xi. To examine and find –out the issues and challenges that need to be addressed by the
xii. Managers and suggesting improvements.
Penalty and punishment
Section 138 of the Companies Act 2013 does not prescribe any specific provision for penalty & prosecution for failure or breach of duties if any committed by the company or the internal auditor. Therefore, section 450 of the Act is applicable in the event of any failure to comply with Section 138.
Accordingly, in case any default of the provisions of section 138 of the Act is committed, a monetary fine up to Rs. 10,000 shall be levied on the company and every officer in default.
Where the contravention is continuous, a further fine of Rs.1000 on a per day basis shall also be applicable. Any default under provisions of section 138 shall be a compoundable offense under section 441 of the Companies Act, 2013.
Conclusion
The process of internal audit must be carried out by qualified, skilled, and experienced people who can work in accord with the Code of Ethics and the International Standards. The internal auditor should explain the importance of internal audits to the management & the board of directors and should also maintain the periodicity of internal audits either on a yearly/or quarterly basis in a proper manner that must provide an unbiased and objective view.
Regular Compliance & transparency in business processes helps to build client trust along with potentially improving the profitability of the company in the process. An internal audit helps in the identification of problems or any inefficiencies and in taking remedial steps. It can help to identify any frauds or misappropriation of funds or deliberate cost overruns or cases of mismanagement i.e. whether any particular vendor is being preferred over other low-cost suppliers. The process enables the identification and rectification of any lapses in procedures before any statutory audit takes place.
Therefore, internal auditors are considered experts in understanding organizational risks, offering assistance and advice to the management in understanding these issues, and recommending required changes in a start-up organization. For these reasons, all kinds of business organizations irrespective of their size and scale of business operations prefer to evaluate the efficacy of internal control, soundness of the financial system, the efficiency of business processes, etc. Rather than looking at it as a Compliance burden but as a basic necessity for the healthy growth of the start-up.
