HomeServicesAudit & AssuranceStatutory Audit under Companies Act

Audit & Assurance · Statutory & Financial Audits

Statutory Audit under Companies Act

Every company incorporated in India — private or public, dormant or operating, profitable or loss-making — must have its books of account audited every single year under the Companies Act 2013.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Every company incorporated in India — private or public, dormant or operating, profitable or loss-making — must have its books of account audited every single year under the Companies Act 2013. This is not optional and there is no turnover threshold below which it does not apply. PNPC Global has conducted statutory audits for companies across manufacturing, services, technology, trading, and NBFC sectors since 1986. We do not treat the statutory audit as a compliance formality to be rushed through in the last week before the AGM — we treat it as the annual discipline that protects your directors, satisfies your shareholders and lenders, and gives your business a clean, defensible financial record.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Statutory Audit under Companies Act is

A statutory audit under the Companies Act 2013 is the independent examination of a company's books of account, financial statements, and underlying records by a Chartered Accountant holding a valid Certificate of Practice, appointed as the company's auditor under Section 139. The audit culminates in an Auditor's Report under Section 143, which is annexed to the financial statements filed with the Registrar of Companies (RoC) in Form AOC-4. The auditor expresses an opinion on whether the financial statements give a "true and fair view" of the company's state of affairs, profit or loss, and cash flows, and whether they comply with the applicable Accounting Standards (Ind AS or AS, depending on the company's classification) notified under Section 133.

Unlike a tax audit under Section 44AB of the Income-tax Act — which is turnover-triggered and applies only above prescribed thresholds — the Companies Act statutory audit applies to every company registered under the Act, regardless of turnover, profit, or activity level. A private limited company with zero revenue in its first year, a dormant company that has not commenced operations, and a large operating company with hundreds of crores in turnover are all equally obligated to appoint an auditor and complete a statutory audit every financial year. The only relief available is for One Person Companies and small companies under certain provisions, which still require an audit but have simplified reporting formats such as the abridged Companies (Auditor's Report) Order applicability.

The statutory auditor's role extends well beyond signing a report. Under Section 143, the auditor must verify that proper books of account have been kept, that the Balance Sheet and Profit & Loss Account agree with the books, that all information and explanations necessary for the audit were obtained, and — for larger companies — report specifically on the adequacy and operating effectiveness of Internal Financial Controls (IFC) over financial reporting under Section 143(3)(i). The auditor must also comment under the Companies (Auditor's Report) Order 2020 (CARO 2020) on matters such as fixed asset verification, inventory physical verification, loans granted or taken, statutory dues, related party transactions, and fraud reporting obligations under Section 143(12) if any fraud is noticed or has reason to believe has occurred.

The auditor is appointed by shareholders at the AGM for a term of five consecutive years in a single appointment — the earlier requirement to seek annual shareholder ratification of that appointment at every subsequent AGM was removed by the Companies (Amendment) Act 2017, so a validly appointed auditor now holds the full five-year term without needing yearly re-ratification (subject still to mandatory rotation for certain classes of companies under Section 139(2)), and the appointment is intimated to the RoC in Form ADT-1. The auditor cannot be removed before the expiry of term except by special resolution and prior approval of the Central Government under Section 140, which reflects the independence the law intends the statutory auditor to have from company management. This independence is precisely what gives the statutory audit its value to banks, investors, tax authorities, and other stakeholders who rely on audited financial statements rather than management-prepared, unverified numbers.

When a statutory audit under the Companies Act applies

Every Private Limited Company, Public Limited Company, One Person Company, Section 8 Company, and Producer Company incorporated under the Companies Act — audit is mandatory from the first financial year, irrespective of turnover or profit

Companies with nil or minimal transactions in their first year — a dormant company or a company with no revenue still requires an audited nil financial statement and a full auditor's report

Companies preparing for their AGM, where audited financial statements must be laid before shareholders under Section 129 before the annual return (MGT-7) and financial statements (AOC-4) can be filed with the RoC

Companies approaching a bank for a loan, a line of credit, or a working capital facility — banks routinely require the last 2-3 years of audited financial statements as a lending condition

Companies preparing for an equity fundraise, where investors conduct financial due diligence and expect clean, audited financial statements as the baseline document

Companies undergoing a change in auditor, whether due to term completion, mandatory rotation (for listed companies and certain classes of public companies), resignation, or removal — requiring a fresh appointment process under Section 139

Companies with related party transactions, inter-corporate loans, or complex group structures, where CARO 2020 reporting and Ind AS related-party disclosures require careful audit attention

Companies facing an MCA inspection, an Income-tax scrutiny, or a lender's due diligence request — where the quality and independence of the statutory audit becomes directly relevant to the outcome

What a statutory audit is not, and where it differs from other engagements

Not a substitute for a tax audit under Section 44AB of the Income-tax Act — a company crossing the tax-audit turnover threshold needs both a Companies Act statutory audit and a separate tax audit, often (though not necessarily) performed by the same CA firm

Not applicable in the same mandatory form to LLPs — LLPs are governed by the LLP Act 2008, where audit is triggered only if turnover exceeds ₹40 lakh or contribution exceeds ₹25 lakh, unlike companies where audit applies from Day 1 regardless of size

Not applicable to sole proprietorships or unregistered partnership firms under the Companies Act framework at all — those entities are outside the Companies Act's audit mandate entirely, though a tax audit may still apply based on turnover

Not a one-time exercise — it is an annual, recurring statutory obligation for the entire life of the company, ending only on formal strike-off, dissolution, or winding up

Not the same as an internal audit — internal audit (mandatory under Section 138 for certain classes of companies based on turnover, borrowings, or paid-up capital thresholds) is a management-facing, operational control review; the statutory audit is an independent, shareholder-facing opinion on the financial statements

Not a service where PNPC can simultaneously serve as your accounting/bookkeeping provider and your statutory auditor for the same entity in the same year without addressing independence considerations under Section 141 — we structure engagements to preserve auditor independence

Structure Comparison

Statutory Audit under Companies Act vs other audit and assurance engagements

FeatureCompanies Act Statutory AuditTax Audit (Sec 44AB)Internal Audit (Sec 138)GST Audit / ReconciliationConcurrent / Bank Audit
Governing lawCompanies Act 2013, Section 143Income-tax Act 1961, Section 44ABCompanies Act 2013, Section 138CGST Act 2017 (self-certification post-2021 amendment)RBI guidelines / bank-specific mandate
Trigger for applicabilityMandatory for every registered company, no thresholdTurnover/receipts threshold — varies by presumptive scheme and cash transaction levelsPrescribed class of companies by turnover, borrowings, or paid-up capitalNot separately mandated since Sec 35(5) omission — self-reconciliation via GSTR-9C in many casesAs required by bank / RBI directive for banks and NBFCs
Who appoints the auditorShareholders at AGM, under Section 139The assessee (business owner) engages the tax auditorBoard of Directors / Audit CommitteeNot a separate statutory appointmentBank / RBI appoints or mandates
Reporting formatAuditor's Report under Sec 143 + CARO 2020 + IFC reportForm 3CA/3CB and Form 3CDInternal audit report to Audit Committee/BoardReconciliation statement, self-certifiedBank-prescribed formats (LFAR, etc.)
Filed withRoC via AOC-4 (annexed to financial statements)Income-tax e-filing portalInternal — Board/Audit Committee recordGST portal where applicableRBI / bank management
Independence requirementStatutory — Section 141 disqualifications apply strictlyStatutory — similar independence norms applyCan be in-house or outsourced; less statutory independence rigidityNot applicable in the same wayHigh — RBI-mandated independence
FrequencyEvery financial year, without exceptionEvery financial year, if threshold crossedAnnual, per Board-approved planAnnual where applicableAs mandated (annual, quarterly, or concurrent)
Consequence of defaultCompany + officers penalised under Sec 147; audit report itself may be qualifiedPenalty under Section 271B, up to prescribed limitsPenalty for non-compliance with Sec 138 read with rulesPenal interest, notices on mismatchesRegulatory action against the bank/NBFC

These engagements are frequently confused with one another. A private limited company with turnover above the tax-audit threshold needs both a statutory audit under the Companies Act and a tax audit under the Income-tax Act — they are not interchangeable and often (though not compulsorily) performed together by the same CA firm for efficiency. Applicability thresholds and formats change with amendments; confirm current applicability for your specific company class with PNPC before assuming any of the above is or is not required for your entity.

How it works
#Stage & What PNPC DoesCA Advice Portals Never GiveTimeline
1Auditor Appointment / Continuation Check — Confirming PNPC's eligibility and independenceBefore accepting any audit engagement, we verify our own independence under Section 141 — no business relationship, no indebtedness, no conflicting engagement with the company that would compromise the audit opinion. We also verify whether this is a fresh appointment (ADT-1 required within 15 days of AGM) or a continuing engagement within an existing 5-year term.Week 1
2Engagement Letter & Audit Planning — Scope, materiality, and risk assessment documented upfrontWe do not begin fieldwork without a signed engagement letter defining scope, responsibilities, and fee. We assess audit risk at the planning stage — identifying high-risk areas specific to your business (related party transactions, revenue recognition complexity, inventory valuation, loan covenants) rather than applying a generic audit program to every client.Week 1–2
3Understanding the Business & Internal Controls — Walkthroughs, not just checklistsWe walk through your actual transaction cycles — sales, purchases, payroll, cash — to understand how controls actually operate, not just how the policy manual says they should. For companies where Internal Financial Controls reporting under Section 143(3)(i) applies, we test control design and operating effectiveness formally, with documented testing — not a one-line assertion.Week 2–3
4Books of Account Review & Trial Balance ReconciliationWe reconcile the trial balance to the general ledger, bank statements, GST returns, and TDS returns before substantive testing begins. Mismatches between GST turnover and books turnover, or between TDS deducted per 26AS and books, are caught here — not discovered by the tax department later.Week 3–4
5Substantive Testing — Vouching, verification, and confirmationSample-based vouching of significant transactions, physical verification coordination for fixed assets and inventory where material, bank balance confirmations, and third-party balance confirmations for significant debtors/creditors. We size our samples to actual risk and materiality for your company — not a fixed percentage regardless of context.Week 4–6
6Related Party Transactions & Section 188 Compliance CheckWe specifically test whether related party transactions were entered on arm's length terms, whether the required Board/shareholder approvals under Section 188 were obtained where applicable, and whether AS-18/Ind AS 24 disclosures are complete. This is a CARO 2020 and audit-report focus area that generic bookkeeping-linked audits often gloss over.Week 5–6
7CARO 2020 Reporting — Point-by-point compliance verificationFor companies to which CARO 2020 applies, we work through each of its clauses — fixed assets, inventory, investments/loans/guarantees, deposits, cost records, statutory dues, defaults in loan repayment, utilisation of funds raised, fraud reporting, and more — with evidence for each conclusion, not a boilerplate 'not applicable' response.Week 6
8Internal Financial Controls (IFC) Reporting — Where applicableFor companies where IFC reporting under Section 143(3)(i) is not exempted, we document our understanding of the control environment, test key controls, and form a documented conclusion on design and operating effectiveness — supported by working papers that would withstand a quality review, not a template attestation.Week 5–6, in parallel with substantive testing
9Draft Financial Statements & Auditor Query ResolutionWe share a draft set of observations and queries with management well before the report is finalised — giving you time to provide explanations, locate missing documentation, or make correcting entries, rather than a last-minute qualification in the final report that surprises the Board.Week 6–7
10Management Representation Letter & FinalisationWe obtain a formal Management Representation Letter — a standard auditing requirement — confirming management's responsibility for the financial statements and specific representations made during the audit, and finalise the audit opinion (unmodified, qualified, adverse, or disclaimer, as the evidence supports).Week 7
11Board Approval, AGM, and Auditor's Report SigningThe audited financial statements are approved by the Board, adopted by shareholders at the AGM, and the Auditor's Report is signed and dated by the engagement partner along with their membership number and UDIN (Unique Document Identification Number) generated on the ICAI portal — mandatory for every audit report since 2019.Week 7–8, timed to your AGM date
12AOC-4 Filing Support — Coordinating with your MCA compliance teamWe provide the signed financial statements, auditor's report, and CARO annexure in the format required for AOC-4 filing, and coordinate with your company secretary or MCA filing team (PNPC, if we also handle your MCA compliance) to ensure the filing is made within 30 days of the AGM.Within 30 days of AGM
13Post-Audit Advisory — Management letter and process improvementBeyond the signed report, we issue a management letter (where warranted) flagging control weaknesses, process gaps, or recurring reconciliation issues observed during the audit — actionable points for the next financial year, not just a pass/fail opinion.Post-AGM, before next year's planning begins

Realistic timeline for a mid-sized private company with reasonably organised books: 6-8 weeks from engagement letter to signed audit report, timed backward from your AGM date (which, under Section 96, must generally fall within 6 months of financial year end for subsequent AGMs — the first AGM gets a longer window of up to 9 months from the end of the first financial year). Companies with disorganised books, incomplete reconciliations, or first-time audits typically need a longer runway — PNPC recommends starting audit planning at least 8-10 weeks before your intended AGM date, and earlier still if this is your company's first statutory audit.

Document Checklist
Statutory & Constitutional Documents

Certificate of Incorporation, Memorandum of Association, and Articles of Association — and any amendments made during the year

Latest Master Data extract from MCA21 confirming current directors, registered office, and authorised/paid-up capital

Copy of the previous year's signed audited financial statements and Auditor's Report, including CARO annexure — for comparative figures and continuity

Board resolution appointing PNPC as statutory auditor (fresh appointment) or confirming continuation within the existing term, and a copy of Form ADT-1 filed with the RoC

Register of Members, Register of Directors and KMP, and Register of Charges maintained under the Companies Act

Books of Account & Trial Balance

Complete trial balance for the financial year, with opening balances agreeing to the prior year's closing audited figures

General ledger and subsidiary ledgers (sales register, purchase register, cash book, bank book) for the full financial year

Bank statements for all operating accounts, fixed deposit accounts, and any escrow/current accounts held during the year

Bank Reconciliation Statements for each bank account as at year-end

Fixed Asset Register with additions, disposals, depreciation computation, and net block reconciling to the Balance Sheet

Inventory records — stock registers, valuation basis, and physical verification records where inventory is material to the business

Statutory Compliance Cross-Reconciliation

GST returns filed during the year — GSTR-1, GSTR-3B, and GSTR-9/9C if applicable — for reconciliation of book turnover to GST turnover

TDS returns filed (Form 24Q, 26Q, 27Q as applicable) and Form 26AS/AIS for the company, to reconcile TDS deducted and TDS credit claimed

Advance tax challans paid during the year and provision for income tax as computed in the books

PF and ESI challans and returns, where the company is registered and has applicable headcount

Professional Tax payment records for the state(s) of operation, where applicable

Any notices, orders, or correspondence received from GST, Income-tax, MCA, or other regulatory authorities during the year

Related Party & Investment Documentation

Details of all related party transactions during the year — nature, parties involved, amounts, and terms — with supporting Board/shareholder approvals under Section 188 where applicable

Loans and advances given or taken during the year, including loans to/from directors, with terms of repayment and interest, and compliance with Section 185/186 restrictions

Details of investments held — in subsidiaries, associates, joint ventures, or other companies — with supporting purchase documentation and valuation basis

Corporate guarantees or securities given on behalf of any other entity, with Board approval documentation

Details of any share allotments, transfers, or buybacks during the year, with Form PAS-3/SH-4 filing evidence

Revenue, Expense & Contract Documentation

Sample of significant sales invoices, purchase invoices, and expense vouchers for vouching purposes — PNPC will specify the sample based on materiality once the trial balance is reviewed

Major contracts or agreements entered into during the year — customer contracts, vendor agreements, lease deeds, loan agreements

Payroll records, including employment contracts for key managerial personnel, and details of director remuneration with Board/shareholder approval where required

Details of any contingent liabilities, pending litigation, or claims against the company not acknowledged as debt

Insurance policies covering company assets, and details of any insurance claims made or received during the year

Governance & Board Documentation

Minutes of all Board meetings and the Annual General Meeting held during the financial year

Attendance registers for Board meetings, confirming compliance with the maximum 120-day gap requirement between meetings

Director's Report and any disclosures required to be made by directors under Section 184 (interest in other entities) and Section 164 (non-disqualification)

Secretarial Audit Report, if applicable to the company (mandatory for certain classes of public companies) — for cross-reference with financial audit findings

Whistle-blower or vigil mechanism records, if the company has instituted one under Section 177

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
First Statutory AuditFirst financial year after incorporation, even with nil/minimal activityAuditor appointed at first Board meeting within 30 days of incorporation; ADT-1 filed within 15 days of that appointment. First audit establishes opening balances and accounting policies that carry forward for the company's entire life — we set these up carefully rather than accepting whatever the incorporation portal's default chart of accounts produced.Incorrect opening balances or accounting policy choices in Year 1 create reconciliation problems and qualified opinions in every subsequent year until corrected.
Annual Audit CycleFinancial year end (31 March for most companies)Planning begins 8-10 weeks before AGM. Trial balance review, substantive testing, CARO 2020 and IFC reporting (where applicable), draft report and query resolution, Board approval, AGM adoption, signed report with UDIN, AOC-4 filing support.Late-started audits compress into rushed, higher-risk fieldwork close to the AGM deadline, increasing the chance of errors, qualified opinions, or a missed AGM/AOC-4 deadline with per-day RoC penalties.
Auditor Rotation / Reappointment5-year term expiry, or mandatory rotation trigger for applicable company classes under Section 139(2)We track the appointment term from Day 1 and flag reappointment or rotation requirements well ahead of the AGM where the term expires, including preparing the outgoing/incoming auditor handover documentation and NOC where relevant.Continuing to act as auditor beyond the appointed term without fresh shareholder approval is itself a Companies Act non-compliance, and the resulting financial statements can be challenged as improperly audited.
Change in Auditor (Resignation/Removal)Auditor resigns, is removed, or engagement is not renewedResignation requires Form ADT-3 filed by the outgoing auditor within 30 days, stating reasons. Removal before term expiry requires special resolution and Central Government approval under Section 140. We advise on the proper procedure whichever direction the change is happening.Improper removal or unfiled ADT-3 exposes the company to MCA scrutiny and can taint the credibility of the audit trail during investor or lender due diligence.
Qualified / Adverse Opinion IssuedMaterial misstatement, scope limitation, or non-compliance identified during auditWe discuss draft qualifications with the Board before the report is finalised — wherever the underlying issue can be legitimately corrected (missing documentation located, an entry corrected, a disclosure added) before finalisation, we give management that opportunity. Where the qualification is warranted, we explain its downstream implications for banking covenants, investor perception, and regulatory scrutiny.An unexplained or poorly communicated qualified opinion can trigger loan covenant breaches, investor confidence issues, and closer regulatory attention, compounding the original problem.
Fraud Reporting TriggerAuditor identifies suspected or actual fraud during the auditSection 143(12) requires the auditor to report fraud of a specified value to the Central Government (via Form ADT-4) and lower-value fraud to the Audit Committee/Board. We handle this reporting obligation strictly per the prescribed procedure and thresholds, and advise the company on remedial steps in parallel.Auditors who fail to report fraud as required face their own professional and regulatory consequences; companies that do not cooperate with this process face escalated regulatory action.
Dormant / Non-Operating CompanyCompany incorporated but not yet trading, or has ceased operations without formal closureA nil-activity company still requires a full statutory audit and nil financial statements every year unless formally granted dormant company status under Section 455, which itself requires an application and has its own conditions and limited-duration renewal.Assuming 'no activity means no audit needed' is one of the most common and costly misconceptions among founders — it leads to accumulated non-filing, RoC penalties, and eventual director disqualification risk under Section 164(2).
Strike-off, Winding-Up, or MergerCompany closure, NCLT winding-up, or scheme of merger/demergerFinancial statements up to the date of closure/merger must still be audited. For voluntary strike-off (STK-2), a statement of accounts certified by a CA (not older than 30 days from the application) is required. For mergers under Sections 230-232, audited financial statements of the transferor and transferee companies form part of the NCLT scheme documentation.Attempting strike-off or merger without properly audited closing financial statements results in RoC/NCLT rejection of the application and delays the entire closure or restructuring timeline.
Frequently asked
Is a statutory audit under the Companies Act mandatory for every company, even a small one with low turnover?

Yes. Unlike a tax audit, which is triggered only above specified turnover thresholds under Section 44AB of the Income-tax Act, the Companies Act statutory audit under Section 139/143 applies to every company registered under the Act — Private Limited, Public Limited, One Person Company, Section 8 Company, and Producer Company — regardless of turnover, profit, or even whether the company has commenced business. There is no small-company or low-turnover exemption from the audit requirement itself, though the reporting format (such as CARO applicability) can differ by company size and class.

Practitioner noteWe regularly meet founders who assume that a company with no revenue in Year 1 has no compliance obligation. It is one of the most common — and costly — misconceptions in the incorporation-to-compliance journey. We flag this explicitly at every incorporation engagement.
What is the difference between a Companies Act statutory audit and an Income-tax audit?

They are governed by entirely different laws and serve different purposes. The statutory audit under the Companies Act examines whether the financial statements give a true and fair view and comply with applicable Accounting Standards, and the report is filed with the RoC alongside AOC-4. The tax audit under Section 44AB of the Income-tax Act examines whether the business's accounts comply with income-tax provisions, is triggered by turnover/receipt thresholds, and results in Form 3CA/3CB and Form 3CD filed with the Income-tax Department. A company above the tax-audit threshold needs both audits — they are not substitutes for each other, though PNPC often performs both for efficiency where we are engaged for both.

Practitioner noteSome smaller companies below the tax-audit threshold assume they are exempt from any audit. They are still required to complete the Companies Act statutory audit — the exemption, if any, applies only to the separate tax audit requirement.
Who can be appointed as a statutory auditor of a company?

Only a Chartered Accountant holding a valid Certificate of Practice from the Institute of Chartered Accountants of India (ICAI), or a firm where the majority of partners are practising CAs, can be appointed as statutory auditor under Section 141 of the Companies Act. The appointee must not be disqualified under Section 141(3) — which includes being an officer or employee of the company, holding a business relationship with the company beyond what is permitted, being indebted to the company beyond prescribed limits, or providing certain prohibited non-audit services to the company under Section 144.

Practitioner noteSection 144 restricts a statutory auditor from providing certain services — like internal audit, investment advisory, and book-keeping — to the same company they audit. We structure our engagements to respect this line, sometimes involving a different PNPC-affiliated CA for audit versus accounting/advisory work on the same client, to keep the audit independent and defensible.
How is the statutory auditor appointed, and what is the term of appointment?

The first auditor is appointed by the Board of Directors within 30 days of incorporation, holding office until the conclusion of the first AGM. Thereafter, the auditor is appointed by shareholders at the AGM, typically for a term of five consecutive years, subject to conditions under Section 139. The appointment (or reappointment) must be intimated to the Registrar of Companies in Form ADT-1 within 15 days of the AGM at which the appointment was made.

Practitioner noteWe track the appointment term for every audit client from Day 1. Many companies lose track of when their auditor's five-year term technically expires, and continue with the same firm without a fresh shareholder resolution — a technical non-compliance we help correct before it becomes an issue in due diligence.
What is mandatory auditor rotation, and does it apply to my company?

Section 139(2) mandates rotation of the statutory auditor for listed companies and certain classes of unlisted public companies and private companies meeting specified paid-up capital or borrowing thresholds prescribed under the Companies (Audit and Auditors) Rules. Where it applies, an individual auditor cannot be reappointed for more than one term of five consecutive years, and an audit firm cannot be reappointed for more than two terms of five consecutive years each, with a mandatory cooling-off period thereafter. Most small and mid-sized private companies fall below the prescribed thresholds and are not subject to mandatory rotation, but this should be confirmed for your specific company, not assumed.

Practitioner noteWhether mandatory rotation applies depends on paid-up share capital, and separately on aggregate borrowings from banks/financial institutions/public deposits, as prescribed under the Rules — thresholds that companies cross as they grow. We monitor this for growing clients so a rotation trigger doesn't arrive as a surprise close to an AGM.
What is CARO 2020, and does it apply to every company?

The Companies (Auditor's Report) Order 2020 (CARO 2020) requires statutory auditors to report on specific matters — fixed asset verification, inventory, loans and guarantees, deposits, cost records, statutory dues, defaults in repayment of loans, utilisation of funds raised through IPO/further issue, fraud reporting, and several other clauses — as an annexure to the main audit report. CARO 2020 applies to most companies but has specific exemptions, including for One Person Companies, small companies (as defined under Section 2(85)), and certain private companies meeting specified paid-up capital, borrowings, and turnover thresholds simultaneously.

Practitioner noteThe CARO exemption for private companies requires meeting several conditions together — capital, borrowings, and revenue thresholds — not just being a private company. We check CARO applicability formally at the start of every audit engagement rather than assuming exemption; getting this wrong means an incomplete audit report.
What is Internal Financial Controls (IFC) reporting, and is it mandatory?

Under Section 143(3)(i), the statutory auditor must report on whether the company has adequate internal financial controls with reference to financial statements, and whether such controls are operating effectively. This reporting requirement has an exemption for private companies that meet specific conditions on turnover, borrowings, and are not a subsidiary/holding of a public company, as notified through amendments to the reporting requirements. Where it does apply, IFC reporting requires the auditor to test control design and operating effectiveness formally, not just express a general opinion.

Practitioner noteIFC testing is one of the more resource-intensive parts of a statutory audit where it applies. We scope this carefully at the planning stage — over-scoping wastes client time and fees; under-scoping produces an unsupportable conclusion. We confirm applicability for your company before starting fieldwork.
What happens if a company does not appoint a statutory auditor or does not get its accounts audited?

Non-compliance with the audit requirement is a serious default under the Companies Act. The company cannot validly adopt its financial statements at the AGM, cannot file AOC-4 (which requires the auditor's report as an annexure), and accumulates RoC late-filing penalties of ₹100 per day per form with no cap under Section 403. Beyond the direct filing consequence, non-audited or non-filed financial statements over multiple years can trigger director disqualification under Section 164(2) and expose the company to MCA strike-off action under Section 248.

Practitioner noteWe have taken on companies that went two to three years without a proper statutory audit — usually because the founders assumed 'no activity, no audit needed.' Reconstructing multiple years of audited financials retrospectively, alongside RoC penalty regularisation, is materially more expensive and time-consuming than staying current year by year.
Can the same CA firm handle both our bookkeeping/accounting and our statutory audit?

This requires careful handling under Section 141 and Section 144 independence provisions. A statutory auditor is restricted from providing certain 'not permitted' services — including book-keeping and accounting — to the company it audits, to preserve the independence that gives the audit opinion its value. PNPC structures engagements so that where we provide accounting/bookkeeping services to a client, the statutory audit for that entity is either performed by a different independent engagement team within our practice with appropriate safeguards, or we recommend an independent CA firm for the audit — whichever properly preserves independence for your specific situation.

Practitioner noteWe take this seriously because sophisticated lenders and investors specifically check for auditor independence during due diligence. An audit opinion from a firm with an obvious independence conflict carries materially less weight — sometimes none at all — in a funding round or credit assessment.
How long does a typical statutory audit take, and when should we start?

For a mid-sized private company with reasonably organised books, PNPC typically completes the audit — from engagement letter to signed report — in 6 to 8 weeks. This should be planned backward from your AGM date. Under Section 96, subsequent AGMs must generally be held within 6 months of the financial year end (so by 30 September for a 31 March year-end, subject to any extension the RoC may grant); a company's very first AGM has a longer window — up to 9 months from the end of its first financial year. We recommend starting audit planning at least 8-10 weeks before the intended AGM date. First-time audits, or audits of companies with disorganised books or incomplete reconciliations, need a longer runway.

Practitioner noteThe single biggest driver of audit delay we see is companies starting the process too close to the AGM deadline, with a trial balance that has never been reconciled to GST returns or TDS filings during the year. Reconciliation issues discovered in week 6 instead of week 1 compress an already tight timeline.
What is UDIN, and why does every audit report need one?

UDIN (Unique Document Identification Number) is an 18-digit unique number generated by the Chartered Accountant on the ICAI's UDIN portal for every audit report, certificate, and specified document signed in their capacity as a practising CA. Mandated by ICAI since 2019, UDIN allows regulators, banks, and other stakeholders to verify the authenticity of a CA-signed document and check it was not forged or issued by an unauthorised person. An audit report without a valid UDIN can be treated as invalid by the authority relying on it.

Practitioner noteWe generate UDIN for every audit report and certificate PNPC issues, at the time of signing — not retroactively. Anyone relying on our audit report — a bank, an investor, the RoC — can verify it directly on the ICAI portal.
What is a qualified opinion, and what does it mean for our company?

An unqualified ("clean") opinion means the auditor concludes the financial statements give a true and fair view without exception. A qualified opinion means the auditor found a specific, material issue — a departure from an Accounting Standard, insufficient audit evidence for a particular item, or a scope limitation — that is significant enough to flag, but not pervasive enough to invalidate the entire financial statements. An adverse opinion or disclaimer of opinion are more serious outcomes, used when misstatements or scope limitations are pervasive. A qualification is disclosed in the audit report and can affect loan covenants, investor confidence, and regulatory scrutiny.

Practitioner noteWe discuss any potential qualification with the Board well before the report is finalised — wherever the underlying issue can be legitimately resolved (a missing confirmation obtained, an entry corrected, a disclosure completed) before we sign, we give management that opportunity. A qualification should never be a surprise sprung at the AGM.
Does a company with no operations or a 'shell' company still need a statutory audit?

Yes, unless the company has formally obtained dormant company status under Section 455 of the Companies Act — which itself requires a specific MCA application (Form MSC-1) and comes with its own conditions and periodic renewal. Absent that formal status, a company with zero transactions during the year still requires a full statutory audit resulting in nil (or near-nil) financial statements, and the auditor's report and CARO annexure (where applicable) must still be issued and filed.

Practitioner noteWe have seen many companies incorrectly self-classify as 'dormant' without the formal MCA application, and skip audit and filings on that assumption. Without the Section 455 order in hand, the audit and filing obligations remain fully in force, and penalties accrue as usual.
What is Section 143(12) fraud reporting, and when does it apply?

Section 143(12) requires the statutory auditor, if during the audit they have reason to believe that an offence involving fraud has been or is being committed against the company by its officers or employees, to report the matter. Where the amount involved is at or above the threshold prescribed under the Rules, the auditor reports directly to the Central Government via Form ADT-4 within the prescribed timeline. Below that threshold, the matter is reported to the Audit Committee or Board, and disclosed in the Board's Report.

Practitioner noteThis is a serious, non-discretionary obligation for the auditor once the reason-to-believe threshold is met — it is not something we can be asked to overlook. We explain this obligation to every new audit client at the engagement stage so there is no surprise if it is ever triggered.
Can a private company's statutory auditor be a relative of one of the directors?

The Companies Act does not automatically disqualify a director's relative from being the statutory auditor purely on the basis of the relationship — the disqualifications under Section 141(3) are specifically about business relationships, employment, indebtedness, and holding of securities, not familial relationship per se. However, appointing a director's close relative as auditor raises independence concerns that sophisticated investors, banks, and regulators will scrutinise closely during due diligence, even where it is technically permitted.

Practitioner noteWe advise clients to think beyond bare legal compliance here. Even where technically permitted, an audit by a closely related CA carries less credibility with an investor or lender than an audit by a genuinely independent firm — and that credibility gap can matter more than the fee saved.
What documents does PNPC need from us to start the statutory audit?

At a minimum: the trial balance and general ledger for the year, bank statements and reconciliations, the fixed asset register, GST and TDS returns filed during the year, details of related party transactions and loans, Board/AGM minutes, and the prior year's signed audited financial statements for comparatives. The full document checklist is more extensive and depends on your business — PNPC provides a tailored document request list at the engagement letter stage based on your company's specific transaction types and complexity.

Practitioner noteThe single biggest time-saver in an audit is a trial balance that has already been reconciled to GST and TDS filings before we start fieldwork. We increasingly do this reconciliation as part of our monthly accounting retainer for clients, which materially compresses the year-end audit timeline.
What is the auditor's responsibility versus management's responsibility for the financial statements?

Under Section 134(5) and the standard audit report format, management (the Board of Directors) is responsible for the preparation and fair presentation of the financial statements, for maintaining adequate accounting records, safeguarding assets, and preventing and detecting fraud. The auditor's responsibility is to express an independent opinion on those financial statements based on the audit evidence obtained — the auditor does not prepare the financial statements and is not responsible for detecting every instance of fraud or error, only for planning and performing the audit to obtain reasonable (not absolute) assurance that the statements are free of material misstatement.

Practitioner noteThis distinction matters practically: if your books are in poor shape, the statutory audit is not the mechanism that fixes them — it is the mechanism that reports on them as they stand. We recommend clients invest in proper monthly bookkeeping through the year rather than treating the annual audit as the only checkpoint for financial accuracy.
How does PNPC charge for statutory audit — what determines the fee?

Statutory audit fees are structured based on the complexity and scale of the engagement — transaction volume, number of related party transactions, whether CARO and IFC reporting apply, quality of books provided, number of locations/branches, group structure, and whether this is a first-time or continuing audit. PNPC provides a written scope and fee estimate before the engagement letter is signed — there are no surprise charges once the fee is agreed, except for genuinely out-of-scope work identified and separately agreed during the audit.

Practitioner noteWe do not price statutory audits as a race-to-the-bottom commodity service. A properly resourced audit — with real substantive testing, not a rubber-stamp review — costs more than the cheapest available quote, and it is the audit opinion your bank and investors will actually rely on.
What is the difference between the Auditor's Report and the Director's Report?

The Auditor's Report is prepared and signed by the independent statutory auditor and expresses an opinion on the financial statements. The Director's Report is prepared and signed by the Board of Directors (management) and covers the company's operational performance, state of affairs, dividend recommendation, related party transaction disclosures, and various other statutory disclosures required under Section 134. Both are annexed to the financial statements filed in AOC-4, but they are authored by different parties with different responsibilities and perspectives.

Practitioner noteWe frequently see draft Director's Reports that inadvertently make statements inconsistent with what the audited financial statements actually show. We review the Director's Report for consistency with our audit findings before finalisation, even though drafting it is management's responsibility, not ours.
If our company operates in both India and the UAE, does the statutory audit cover both entities?

No — a Companies Act statutory audit covers only the Indian company registered under the Act. A UAE entity (Mainland LLC or Free Zone company) is governed by UAE Commercial Companies Law and, where applicable, UAE Corporate Tax audit/assurance requirements, which are entirely separate from the Indian Companies Act framework. Where the two entities have intercompany transactions, both audits need to be aware of and consistently reflect those transactions, including any transfer pricing documentation required under Section 92C of the Indian Income-tax Act.

Practitioner notePNPC's Dubai office coordinates with our India audit teams for clients with both an Indian company and a UAE entity, so intercompany transactions, related-party disclosures, and transfer pricing positions are consistent across both sets of audited financials — rather than each auditor working in isolation and producing conflicting figures.
What is the difference between AS (Accounting Standards) and Ind AS, and which applies to my company?

Indian Accounting Standards (Ind AS), converged with IFRS, are mandatory for specified classes of companies based on net worth and listing status — broadly, listed companies and larger unlisted companies meeting prescribed net worth thresholds, along with their holding, subsidiary, joint venture, and associate companies. Companies not covered by the Ind AS roadmap continue to follow the older Accounting Standards (AS) notified under the Companies (Accounting Standards) Rules. Most small and mid-sized private companies currently follow AS rather than Ind AS, but this changes as the company's net worth grows or if it becomes part of a group where a holding/subsidiary company is Ind AS-applicable.

Practitioner noteWe check Ind AS applicability at the start of every audit engagement, not just once at incorporation — a company that crosses the net worth threshold, or becomes a subsidiary of an Ind AS-applicable company, moves into the Ind AS framework and needs to restate comparatives and adjust accounting policies accordingly. This transition needs to be planned for, not discovered mid-audit.
Can the statutory auditor also value our company's shares for a fundraise or ESOP grant?

Generally, this should be approached carefully. While not always an absolute Section 141/144 disqualification depending on the specific facts, valuation work for a company by its own statutory auditor can raise independence and objectivity concerns, particularly where the valuation feeds directly into related-party or FEMA pricing-guideline compliance that the same auditor will later need to independently assess. PNPC typically recommends a valuation be performed by a different qualified professional — a SEBI-registered Merchant Banker or a separate CA — from the entity's statutory auditor, to keep both engagements independent and defensible in due diligence.

Practitioner noteWe flag this proactively for fundraising clients. An investor's legal team reviewing diligence documents will specifically check who performed the valuation relative to who is the statutory auditor — keeping them separate avoids an unnecessary due-diligence flag.
What is a limited review, and is it different from a statutory audit?

A limited review is a lower-assurance engagement — typically used for quarterly financial results of listed companies under SEBI's Listing Obligations and Disclosure Requirements (LODR) — involving inquiry and analytical procedures rather than the full substantive testing of a statutory audit. It provides negative assurance ("nothing has come to our attention...") rather than the positive opinion ("gives a true and fair view") of a full audit. Most private companies do not require limited reviews unless they have listed debt securities or other specific regulatory triggers.

Practitioner noteWe occasionally get asked whether a limited review can substitute for the annual statutory audit to save cost. It cannot — they serve entirely different purposes and neither the Companies Act nor the RoC will accept a limited review report in place of the Section 143 statutory audit report for AOC-4 filing.
What happens during an audit if we discover an error from a prior year?

Prior period errors are addressed under the applicable Accounting Standard (AS-5 or Ind AS 8, as applicable) — material prior period errors are generally corrected by restating the comparative figures presented, with appropriate disclosure of the nature and amount of the correction, rather than being run through the current year's profit and loss as an ordinary item. The current year's auditor will assess the materiality of the error and the adequacy of its correction and disclosure as part of forming the current year's opinion.

Practitioner noteWe treat prior period error discovery as a normal, manageable part of the audit process — not something to be hidden or minimised. Transparent correction with proper disclosure protects the company's credibility far more than an attempt to bury the adjustment in the current year's numbers.
Does a startup that has raised VC funding face additional statutory audit scrutiny?

Not additional statutory requirements beyond the standard Companies Act audit, but in practice, VC-funded companies typically have more related party transactions (with the founders, ESOP trusts, or affiliated entities), more complex share capital structures (CCPS, multiple funding rounds), and investor-nominee directors who scrutinise the financial statements closely — all of which naturally increase the audit's substantive testing focus in those specific areas, even though the underlying legal framework is the same as for any other company.

Practitioner noteFor funded startups, we pay particular attention to ESOP accounting (fair value expensing under Ind AS 102/AS), CCPS classification as equity versus liability, and related-party approvals for founder transactions — areas that generate the most investor and auditor questions in our experience.
What is the Board's responsibility if the statutory auditor resigns mid-year?

If the statutory auditor resigns before completing their term, the outgoing auditor must file Form ADT-3 with the RoC within 30 days, stating the reasons for resignation. The Board must then fill the casual vacancy — for a reason other than disqualification, the Board can appoint a new auditor within 30 days, subject to approval by shareholders within 3 months at a general meeting; if the vacancy is due to disqualification, only the shareholders in general meeting can fill it, within 3 months.

Practitioner noteA mid-year auditor resignation, especially one citing reasons like management non-cooperation or disagreement on accounting treatment, is a serious signal that lenders and investors will specifically probe. If your company is going through this, the reason stated in ADT-3 and how promptly the vacancy is filled both matter for how the situation is perceived externally.
Is a statutory audit required for a company that has applied for voluntary strike-off (STK-2)?

Yes, in a modified sense. A company applying for voluntary strike-off under Section 248(2) via Form STK-2 must submit a statement of accounts reflecting assets and liabilities, made up to a date not more than 30 days before the date of application, and this statement must be certified by a Chartered Accountant. While this is not necessarily the full annual statutory audit process, it requires a CA-certified financial position, and any outstanding regular statutory audits for prior years generally need to be current and filed before a clean strike-off application can proceed.

Practitioner noteWe routinely find companies attempting strike-off with 2-3 years of pending statutory audits and RoC filings. The strike-off route requires the compliance record to be substantially in order — attempting to skip straight to closure without first regularising past-due audits and filings is one of the most common reasons an STK-2 application gets rejected or delayed.
How does PNPC ensure audit quality and not just compliance box-ticking?

Every PNPC statutory audit follows documented audit planning with risk assessment specific to the client's business, substantive testing sized to actual materiality rather than a fixed template percentage, formal working papers supporting every conclusion in the report, and a partner-level review before any report is signed. We generate UDIN for every signed report on the ICAI portal, maintaining the traceability and accountability the profession requires. We treat the audit as a genuine independent examination — not a formality performed to unlock the AOC-4 filing.

Practitioner noteThe market has no shortage of firms willing to sign an audit report for a nominal fee with minimal actual testing. That approach produces a report of little value to a bank or investor conducting real diligence, and it exposes the company (and the signing CA) to real risk if the numbers are later challenged. We do not operate that way.
Can PNPC audit a company across multiple states or with multiple branches?

Yes. For companies with operations across multiple states — common for GST-registered businesses with multiple state registrations, warehouses, or branch offices — PNPC coordinates audit fieldwork across locations, either through our own teams across Chennai, Bangalore, and Hyderabad or through appropriately supervised local verification where a branch does not have a dedicated PNPC office nearby. Branch-level verification is consolidated into a single company-wide audit opinion.

Practitioner noteMulti-location audits need careful planning on inventory verification timing and inter-branch reconciliation in particular — we scope this explicitly at the planning stage rather than treating a multi-branch company the same as a single-location business.
What is materiality in an audit, and how is it decided?

Materiality is the threshold above which a misstatement, individually or in aggregate, could reasonably be expected to influence the economic decisions of users relying on the financial statements. Auditors set a materiality benchmark at the planning stage — commonly a percentage of revenue, total assets, or profit before tax, adjusted for qualitative factors specific to the business — and use it to determine sample sizes, the significance of identified misstatements, and which items warrant more intensive testing.

Practitioner noteMateriality is a professional judgment, not a mechanical formula, and we document our basis for the materiality figure we use on every engagement. A loss-making startup and a stable profitable trading company will have very different materiality considerations even at similar revenue levels.
What happens if the statutory auditor and the company disagree on an accounting treatment?

The auditor's role is to form an independent opinion, not to simply accept management's preferred accounting treatment. Where PNPC and a client's management genuinely disagree on the correct treatment under applicable Accounting Standards, we first work through the technical position with supporting documentation and, where relevant, cite the specific Standard provision. If disagreement persists on a material item, the audit report will be appropriately qualified to reflect it — we do not sign an unqualified opinion on a treatment we believe is not compliant, regardless of client preference.

Practitioner noteThis independence is precisely what makes an audit opinion valuable to a third party relying on it. A firm willing to change its opinion under client pressure produces a report that protects nobody — least of all the company's own directors, who bear personal liability for the accuracy of financial statements laid before shareholders.
Does PNPC provide statutory audit services for NBFCs and other RBI-regulated entities?

Yes, with the additional regulatory layer that applies to RBI-regulated entities such as NBFCs — including RBI-specific reporting requirements, prudential norm compliance verification (capital adequacy, asset classification, provisioning), and any RBI-mandated auditor eligibility criteria that go beyond the standard Companies Act requirements. NBFC audits require the auditor to be familiar with RBI Master Directions in addition to the Companies Act framework.

Practitioner noteNBFC statutory audits are meaningfully more specialised than a standard trading or services company audit — asset classification and provisioning testing in particular requires RBI-specific expertise. We scope and price these engagements to reflect that additional complexity.
How far in advance should we engage PNPC for our statutory audit?

We recommend engaging your statutory auditor — whether PNPC or otherwise — at the start of the financial year, or at minimum 8-10 weeks before your intended AGM date, particularly for a first-time audit or a company with any degree of transactional complexity. Early engagement allows for planning-stage risk assessment, interim testing during the year rather than compressing everything into a post-year-end sprint, and materially reduces the chance of audit delays affecting your AGM and AOC-4 filing deadlines.

Practitioner noteClients who engage us early in the year, and who use our accounting retainer service for ongoing monthly reconciliation, consistently have smoother, faster year-end audits than those who engage an auditor for the first time only after the financial year has already closed.
Why PNPC Global
FeatureVolume Audit Firm / Portal-Linked CAGeneric Local CA PracticePNPC Global
Audit Planning & Risk AssessmentMinimal or templated — same checklist for every clientBasic — general understanding of the businessFormal risk assessment specific to your business model, sector, and transaction complexity, documented at the planning stage
Substantive Testing DepthThin sampling to meet minimum documentation requirementsReasonable but often reactive to what management providesSample sizes and testing scope sized to actual materiality and risk — with documented working papers supporting every conclusion
CARO 2020 / IFC ReportingBoilerplate 'not applicable' responses where possibleGenerally covered but not always deeply testedPoint-by-point evidenced conclusions on every applicable CARO clause and formally tested IFC design/effectiveness where required
Independence DisciplineFrequently blurred — same firm does books, audit, and everything elseVariable — depends on firm size and client relationshipsStructured to preserve Section 141/144 independence, including recommending a separate firm where appropriate for the client's own protection
Query Resolution & CommunicationMinimal contact until the report is ready to signDirect but often only reactive to client queriesDraft observations and queries shared well before finalisation, giving management real time to respond — no last-minute surprises at the AGM
Cross-Border CoordinationNot offeredNot offeredIndia-UAE coordination through PNPC's Dubai office for clients with related entities in both jurisdictions
Fee TransparencyLow headline fee, scope often expands with hidden chargesGenerally transparent but informalWritten scope and fee agreed before the engagement letter is signed — no surprise charges for in-scope work
Post-Audit ValueSigned report, engagement closedMay offer informal adviceManagement letter flagging control weaknesses and process improvements — actionable input for the next financial year, not just a pass/fail opinion

What the PNPC package includes

  1. 01

    Formal audit planning with documented risk assessment specific to your business, sector, and transaction complexity

  2. 02

    Trial balance reconciliation to GST returns, TDS returns, and bank statements before substantive testing begins

  3. 03

    Substantive testing — vouching, verification, and third-party confirmations — sized to real materiality, not a fixed template percentage

  4. 04

    CARO 2020 applicability assessment and point-by-point evidenced reporting on every applicable clause

  5. 05

    Internal Financial Controls (IFC) design and operating-effectiveness testing where Section 143(3)(i) applies, with documented working papers

  6. 06

    Related party transaction testing for arm's-length terms and Section 188 approval compliance

  7. 07

    Draft observations shared with management well before the report is finalised — real time to respond, not a last-minute surprise

  8. 08

    Management Representation Letter obtained as standard practice, and UDIN generated on the ICAI portal for every signed report

  9. 09

    Coordination with your MCA compliance team for timely AOC-4 filing within 30 days of the AGM

  10. 10

    Post-audit management letter flagging control weaknesses and process improvement opportunities for the year ahead

  11. 11

    India-UAE audit coordination through PNPC's Dubai office for clients with entities in both jurisdictions

  12. 12

    Auditor independence safeguards — including recommending a separate CA firm where PNPC also provides accounting services, to protect the credibility of your audit opinion

Speak directly with a PNPC Chartered Accountant about your statutory audit. Not a form-filling service, not a rubber-stamp signature — a practising CA firm that has conducted independent statutory audits since 1986, and that treats the audit opinion as something your bank, your investors, and your own directors can actually rely on.

← Back to Audit & Assurance
Talk to a CA