Audit & Assurance · Statutory & Financial Audits
Statutory Audit under Companies Act
Every company incorporated in India — private or public, dormant or operating, profitable or loss-making — must have its books of account audited every single year under the Companies Act 2013.
Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986
Every company incorporated in India — private or public, dormant or operating, profitable or loss-making — must have its books of account audited every single year under the Companies Act 2013. This is not optional and there is no turnover threshold below which it does not apply. PNPC Global has conducted statutory audits for companies across manufacturing, services, technology, trading, and NBFC sectors since 1986. We do not treat the statutory audit as a compliance formality to be rushed through in the last week before the AGM — we treat it as the annual discipline that protects your directors, satisfies your shareholders and lenders, and gives your business a clean, defensible financial record.
What it costs
No hidden charges. The exact figure is set in your engagement letter.
A statutory audit under the Companies Act 2013 is the independent examination of a company's books of account, financial statements, and underlying records by a Chartered Accountant holding a valid Certificate of Practice, appointed as the company's auditor under Section 139. The audit culminates in an Auditor's Report under Section 143, which is annexed to the financial statements filed with the Registrar of Companies (RoC) in Form AOC-4. The auditor expresses an opinion on whether the financial statements give a "true and fair view" of the company's state of affairs, profit or loss, and cash flows, and whether they comply with the applicable Accounting Standards (Ind AS or AS, depending on the company's classification) notified under Section 133.
Unlike a tax audit under Section 44AB of the Income-tax Act — which is turnover-triggered and applies only above prescribed thresholds — the Companies Act statutory audit applies to every company registered under the Act, regardless of turnover, profit, or activity level. A private limited company with zero revenue in its first year, a dormant company that has not commenced operations, and a large operating company with hundreds of crores in turnover are all equally obligated to appoint an auditor and complete a statutory audit every financial year. The only relief available is for One Person Companies and small companies under certain provisions, which still require an audit but have simplified reporting formats such as the abridged Companies (Auditor's Report) Order applicability.
The statutory auditor's role extends well beyond signing a report. Under Section 143, the auditor must verify that proper books of account have been kept, that the Balance Sheet and Profit & Loss Account agree with the books, that all information and explanations necessary for the audit were obtained, and — for larger companies — report specifically on the adequacy and operating effectiveness of Internal Financial Controls (IFC) over financial reporting under Section 143(3)(i). The auditor must also comment under the Companies (Auditor's Report) Order 2020 (CARO 2020) on matters such as fixed asset verification, inventory physical verification, loans granted or taken, statutory dues, related party transactions, and fraud reporting obligations under Section 143(12) if any fraud is noticed or has reason to believe has occurred.
The auditor is appointed by shareholders at the AGM for a term of five consecutive years in a single appointment — the earlier requirement to seek annual shareholder ratification of that appointment at every subsequent AGM was removed by the Companies (Amendment) Act 2017, so a validly appointed auditor now holds the full five-year term without needing yearly re-ratification (subject still to mandatory rotation for certain classes of companies under Section 139(2)), and the appointment is intimated to the RoC in Form ADT-1. The auditor cannot be removed before the expiry of term except by special resolution and prior approval of the Central Government under Section 140, which reflects the independence the law intends the statutory auditor to have from company management. This independence is precisely what gives the statutory audit its value to banks, investors, tax authorities, and other stakeholders who rely on audited financial statements rather than management-prepared, unverified numbers.
When a statutory audit under the Companies Act applies
Every Private Limited Company, Public Limited Company, One Person Company, Section 8 Company, and Producer Company incorporated under the Companies Act — audit is mandatory from the first financial year, irrespective of turnover or profit
Companies with nil or minimal transactions in their first year — a dormant company or a company with no revenue still requires an audited nil financial statement and a full auditor's report
Companies preparing for their AGM, where audited financial statements must be laid before shareholders under Section 129 before the annual return (MGT-7) and financial statements (AOC-4) can be filed with the RoC
Companies approaching a bank for a loan, a line of credit, or a working capital facility — banks routinely require the last 2-3 years of audited financial statements as a lending condition
Companies preparing for an equity fundraise, where investors conduct financial due diligence and expect clean, audited financial statements as the baseline document
Companies undergoing a change in auditor, whether due to term completion, mandatory rotation (for listed companies and certain classes of public companies), resignation, or removal — requiring a fresh appointment process under Section 139
Companies with related party transactions, inter-corporate loans, or complex group structures, where CARO 2020 reporting and Ind AS related-party disclosures require careful audit attention
Companies facing an MCA inspection, an Income-tax scrutiny, or a lender's due diligence request — where the quality and independence of the statutory audit becomes directly relevant to the outcome
What a statutory audit is not, and where it differs from other engagements
Not a substitute for a tax audit under Section 44AB of the Income-tax Act — a company crossing the tax-audit turnover threshold needs both a Companies Act statutory audit and a separate tax audit, often (though not necessarily) performed by the same CA firm
Not applicable in the same mandatory form to LLPs — LLPs are governed by the LLP Act 2008, where audit is triggered only if turnover exceeds ₹40 lakh or contribution exceeds ₹25 lakh, unlike companies where audit applies from Day 1 regardless of size
Not applicable to sole proprietorships or unregistered partnership firms under the Companies Act framework at all — those entities are outside the Companies Act's audit mandate entirely, though a tax audit may still apply based on turnover
Not a one-time exercise — it is an annual, recurring statutory obligation for the entire life of the company, ending only on formal strike-off, dissolution, or winding up
Not the same as an internal audit — internal audit (mandatory under Section 138 for certain classes of companies based on turnover, borrowings, or paid-up capital thresholds) is a management-facing, operational control review; the statutory audit is an independent, shareholder-facing opinion on the financial statements
Not a service where PNPC can simultaneously serve as your accounting/bookkeeping provider and your statutory auditor for the same entity in the same year without addressing independence considerations under Section 141 — we structure engagements to preserve auditor independence
Statutory Audit under Companies Act vs other audit and assurance engagements
| Feature | Companies Act Statutory Audit | Tax Audit (Sec 44AB) | Internal Audit (Sec 138) | GST Audit / Reconciliation | Concurrent / Bank Audit |
|---|---|---|---|---|---|
| Governing law | Companies Act 2013, Section 143 | Income-tax Act 1961, Section 44AB | Companies Act 2013, Section 138 | CGST Act 2017 (self-certification post-2021 amendment) | RBI guidelines / bank-specific mandate |
| Trigger for applicability | Mandatory for every registered company, no threshold | Turnover/receipts threshold — varies by presumptive scheme and cash transaction levels | Prescribed class of companies by turnover, borrowings, or paid-up capital | Not separately mandated since Sec 35(5) omission — self-reconciliation via GSTR-9C in many cases | As required by bank / RBI directive for banks and NBFCs |
| Who appoints the auditor | Shareholders at AGM, under Section 139 | The assessee (business owner) engages the tax auditor | Board of Directors / Audit Committee | Not a separate statutory appointment | Bank / RBI appoints or mandates |
| Reporting format | Auditor's Report under Sec 143 + CARO 2020 + IFC report | Form 3CA/3CB and Form 3CD | Internal audit report to Audit Committee/Board | Reconciliation statement, self-certified | Bank-prescribed formats (LFAR, etc.) |
| Filed with | RoC via AOC-4 (annexed to financial statements) | Income-tax e-filing portal | Internal — Board/Audit Committee record | GST portal where applicable | RBI / bank management |
| Independence requirement | Statutory — Section 141 disqualifications apply strictly | Statutory — similar independence norms apply | Can be in-house or outsourced; less statutory independence rigidity | Not applicable in the same way | High — RBI-mandated independence |
| Frequency | Every financial year, without exception | Every financial year, if threshold crossed | Annual, per Board-approved plan | Annual where applicable | As mandated (annual, quarterly, or concurrent) |
| Consequence of default | Company + officers penalised under Sec 147; audit report itself may be qualified | Penalty under Section 271B, up to prescribed limits | Penalty for non-compliance with Sec 138 read with rules | Penal interest, notices on mismatches | Regulatory action against the bank/NBFC |
These engagements are frequently confused with one another. A private limited company with turnover above the tax-audit threshold needs both a statutory audit under the Companies Act and a tax audit under the Income-tax Act — they are not interchangeable and often (though not compulsorily) performed together by the same CA firm for efficiency. Applicability thresholds and formats change with amendments; confirm current applicability for your specific company class with PNPC before assuming any of the above is or is not required for your entity.
| # | Stage & What PNPC Does | CA Advice Portals Never Give | Timeline |
|---|---|---|---|
| 1 | Auditor Appointment / Continuation Check — Confirming PNPC's eligibility and independence | Before accepting any audit engagement, we verify our own independence under Section 141 — no business relationship, no indebtedness, no conflicting engagement with the company that would compromise the audit opinion. We also verify whether this is a fresh appointment (ADT-1 required within 15 days of AGM) or a continuing engagement within an existing 5-year term. | Week 1 |
| 2 | Engagement Letter & Audit Planning — Scope, materiality, and risk assessment documented upfront | We do not begin fieldwork without a signed engagement letter defining scope, responsibilities, and fee. We assess audit risk at the planning stage — identifying high-risk areas specific to your business (related party transactions, revenue recognition complexity, inventory valuation, loan covenants) rather than applying a generic audit program to every client. | Week 1–2 |
| 3 | Understanding the Business & Internal Controls — Walkthroughs, not just checklists | We walk through your actual transaction cycles — sales, purchases, payroll, cash — to understand how controls actually operate, not just how the policy manual says they should. For companies where Internal Financial Controls reporting under Section 143(3)(i) applies, we test control design and operating effectiveness formally, with documented testing — not a one-line assertion. | Week 2–3 |
| 4 | Books of Account Review & Trial Balance Reconciliation | We reconcile the trial balance to the general ledger, bank statements, GST returns, and TDS returns before substantive testing begins. Mismatches between GST turnover and books turnover, or between TDS deducted per 26AS and books, are caught here — not discovered by the tax department later. | Week 3–4 |
| 5 | Substantive Testing — Vouching, verification, and confirmation | Sample-based vouching of significant transactions, physical verification coordination for fixed assets and inventory where material, bank balance confirmations, and third-party balance confirmations for significant debtors/creditors. We size our samples to actual risk and materiality for your company — not a fixed percentage regardless of context. | Week 4–6 |
| 6 | Related Party Transactions & Section 188 Compliance Check | We specifically test whether related party transactions were entered on arm's length terms, whether the required Board/shareholder approvals under Section 188 were obtained where applicable, and whether AS-18/Ind AS 24 disclosures are complete. This is a CARO 2020 and audit-report focus area that generic bookkeeping-linked audits often gloss over. | Week 5–6 |
| 7 | CARO 2020 Reporting — Point-by-point compliance verification | For companies to which CARO 2020 applies, we work through each of its clauses — fixed assets, inventory, investments/loans/guarantees, deposits, cost records, statutory dues, defaults in loan repayment, utilisation of funds raised, fraud reporting, and more — with evidence for each conclusion, not a boilerplate 'not applicable' response. | Week 6 |
| 8 | Internal Financial Controls (IFC) Reporting — Where applicable | For companies where IFC reporting under Section 143(3)(i) is not exempted, we document our understanding of the control environment, test key controls, and form a documented conclusion on design and operating effectiveness — supported by working papers that would withstand a quality review, not a template attestation. | Week 5–6, in parallel with substantive testing |
| 9 | Draft Financial Statements & Auditor Query Resolution | We share a draft set of observations and queries with management well before the report is finalised — giving you time to provide explanations, locate missing documentation, or make correcting entries, rather than a last-minute qualification in the final report that surprises the Board. | Week 6–7 |
| 10 | Management Representation Letter & Finalisation | We obtain a formal Management Representation Letter — a standard auditing requirement — confirming management's responsibility for the financial statements and specific representations made during the audit, and finalise the audit opinion (unmodified, qualified, adverse, or disclaimer, as the evidence supports). | Week 7 |
| 11 | Board Approval, AGM, and Auditor's Report Signing | The audited financial statements are approved by the Board, adopted by shareholders at the AGM, and the Auditor's Report is signed and dated by the engagement partner along with their membership number and UDIN (Unique Document Identification Number) generated on the ICAI portal — mandatory for every audit report since 2019. | Week 7–8, timed to your AGM date |
| 12 | AOC-4 Filing Support — Coordinating with your MCA compliance team | We provide the signed financial statements, auditor's report, and CARO annexure in the format required for AOC-4 filing, and coordinate with your company secretary or MCA filing team (PNPC, if we also handle your MCA compliance) to ensure the filing is made within 30 days of the AGM. | Within 30 days of AGM |
| 13 | Post-Audit Advisory — Management letter and process improvement | Beyond the signed report, we issue a management letter (where warranted) flagging control weaknesses, process gaps, or recurring reconciliation issues observed during the audit — actionable points for the next financial year, not just a pass/fail opinion. | Post-AGM, before next year's planning begins |
Realistic timeline for a mid-sized private company with reasonably organised books: 6-8 weeks from engagement letter to signed audit report, timed backward from your AGM date (which, under Section 96, must generally fall within 6 months of financial year end for subsequent AGMs — the first AGM gets a longer window of up to 9 months from the end of the first financial year). Companies with disorganised books, incomplete reconciliations, or first-time audits typically need a longer runway — PNPC recommends starting audit planning at least 8-10 weeks before your intended AGM date, and earlier still if this is your company's first statutory audit.
Certificate of Incorporation, Memorandum of Association, and Articles of Association — and any amendments made during the year
Latest Master Data extract from MCA21 confirming current directors, registered office, and authorised/paid-up capital
Copy of the previous year's signed audited financial statements and Auditor's Report, including CARO annexure — for comparative figures and continuity
Board resolution appointing PNPC as statutory auditor (fresh appointment) or confirming continuation within the existing term, and a copy of Form ADT-1 filed with the RoC
Register of Members, Register of Directors and KMP, and Register of Charges maintained under the Companies Act
Complete trial balance for the financial year, with opening balances agreeing to the prior year's closing audited figures
General ledger and subsidiary ledgers (sales register, purchase register, cash book, bank book) for the full financial year
Bank statements for all operating accounts, fixed deposit accounts, and any escrow/current accounts held during the year
Bank Reconciliation Statements for each bank account as at year-end
Fixed Asset Register with additions, disposals, depreciation computation, and net block reconciling to the Balance Sheet
Inventory records — stock registers, valuation basis, and physical verification records where inventory is material to the business
GST returns filed during the year — GSTR-1, GSTR-3B, and GSTR-9/9C if applicable — for reconciliation of book turnover to GST turnover
TDS returns filed (Form 24Q, 26Q, 27Q as applicable) and Form 26AS/AIS for the company, to reconcile TDS deducted and TDS credit claimed
Advance tax challans paid during the year and provision for income tax as computed in the books
PF and ESI challans and returns, where the company is registered and has applicable headcount
Professional Tax payment records for the state(s) of operation, where applicable
Any notices, orders, or correspondence received from GST, Income-tax, MCA, or other regulatory authorities during the year
Details of all related party transactions during the year — nature, parties involved, amounts, and terms — with supporting Board/shareholder approvals under Section 188 where applicable
Loans and advances given or taken during the year, including loans to/from directors, with terms of repayment and interest, and compliance with Section 185/186 restrictions
Details of investments held — in subsidiaries, associates, joint ventures, or other companies — with supporting purchase documentation and valuation basis
Corporate guarantees or securities given on behalf of any other entity, with Board approval documentation
Details of any share allotments, transfers, or buybacks during the year, with Form PAS-3/SH-4 filing evidence
Sample of significant sales invoices, purchase invoices, and expense vouchers for vouching purposes — PNPC will specify the sample based on materiality once the trial balance is reviewed
Major contracts or agreements entered into during the year — customer contracts, vendor agreements, lease deeds, loan agreements
Payroll records, including employment contracts for key managerial personnel, and details of director remuneration with Board/shareholder approval where required
Details of any contingent liabilities, pending litigation, or claims against the company not acknowledged as debt
Insurance policies covering company assets, and details of any insurance claims made or received during the year
Minutes of all Board meetings and the Annual General Meeting held during the financial year
Attendance registers for Board meetings, confirming compliance with the maximum 120-day gap requirement between meetings
Director's Report and any disclosures required to be made by directors under Section 184 (interest in other entities) and Section 164 (non-disqualification)
Secretarial Audit Report, if applicable to the company (mandatory for certain classes of public companies) — for cross-reference with financial audit findings
Whistle-blower or vigil mechanism records, if the company has instituted one under Section 177
| Phase | Triggered By | PNPC CA Guidance | Risk If Ignored |
|---|---|---|---|
| First Statutory Audit | First financial year after incorporation, even with nil/minimal activity | Auditor appointed at first Board meeting within 30 days of incorporation; ADT-1 filed within 15 days of that appointment. First audit establishes opening balances and accounting policies that carry forward for the company's entire life — we set these up carefully rather than accepting whatever the incorporation portal's default chart of accounts produced. | Incorrect opening balances or accounting policy choices in Year 1 create reconciliation problems and qualified opinions in every subsequent year until corrected. |
| Annual Audit Cycle | Financial year end (31 March for most companies) | Planning begins 8-10 weeks before AGM. Trial balance review, substantive testing, CARO 2020 and IFC reporting (where applicable), draft report and query resolution, Board approval, AGM adoption, signed report with UDIN, AOC-4 filing support. | Late-started audits compress into rushed, higher-risk fieldwork close to the AGM deadline, increasing the chance of errors, qualified opinions, or a missed AGM/AOC-4 deadline with per-day RoC penalties. |
| Auditor Rotation / Reappointment | 5-year term expiry, or mandatory rotation trigger for applicable company classes under Section 139(2) | We track the appointment term from Day 1 and flag reappointment or rotation requirements well ahead of the AGM where the term expires, including preparing the outgoing/incoming auditor handover documentation and NOC where relevant. | Continuing to act as auditor beyond the appointed term without fresh shareholder approval is itself a Companies Act non-compliance, and the resulting financial statements can be challenged as improperly audited. |
| Change in Auditor (Resignation/Removal) | Auditor resigns, is removed, or engagement is not renewed | Resignation requires Form ADT-3 filed by the outgoing auditor within 30 days, stating reasons. Removal before term expiry requires special resolution and Central Government approval under Section 140. We advise on the proper procedure whichever direction the change is happening. | Improper removal or unfiled ADT-3 exposes the company to MCA scrutiny and can taint the credibility of the audit trail during investor or lender due diligence. |
| Qualified / Adverse Opinion Issued | Material misstatement, scope limitation, or non-compliance identified during audit | We discuss draft qualifications with the Board before the report is finalised — wherever the underlying issue can be legitimately corrected (missing documentation located, an entry corrected, a disclosure added) before finalisation, we give management that opportunity. Where the qualification is warranted, we explain its downstream implications for banking covenants, investor perception, and regulatory scrutiny. | An unexplained or poorly communicated qualified opinion can trigger loan covenant breaches, investor confidence issues, and closer regulatory attention, compounding the original problem. |
| Fraud Reporting Trigger | Auditor identifies suspected or actual fraud during the audit | Section 143(12) requires the auditor to report fraud of a specified value to the Central Government (via Form ADT-4) and lower-value fraud to the Audit Committee/Board. We handle this reporting obligation strictly per the prescribed procedure and thresholds, and advise the company on remedial steps in parallel. | Auditors who fail to report fraud as required face their own professional and regulatory consequences; companies that do not cooperate with this process face escalated regulatory action. |
| Dormant / Non-Operating Company | Company incorporated but not yet trading, or has ceased operations without formal closure | A nil-activity company still requires a full statutory audit and nil financial statements every year unless formally granted dormant company status under Section 455, which itself requires an application and has its own conditions and limited-duration renewal. | Assuming 'no activity means no audit needed' is one of the most common and costly misconceptions among founders — it leads to accumulated non-filing, RoC penalties, and eventual director disqualification risk under Section 164(2). |
| Strike-off, Winding-Up, or Merger | Company closure, NCLT winding-up, or scheme of merger/demerger | Financial statements up to the date of closure/merger must still be audited. For voluntary strike-off (STK-2), a statement of accounts certified by a CA (not older than 30 days from the application) is required. For mergers under Sections 230-232, audited financial statements of the transferor and transferee companies form part of the NCLT scheme documentation. | Attempting strike-off or merger without properly audited closing financial statements results in RoC/NCLT rejection of the application and delays the entire closure or restructuring timeline. |
Is a statutory audit under the Companies Act mandatory for every company, even a small one with low turnover?
Yes. Unlike a tax audit, which is triggered only above specified turnover thresholds under Section 44AB of the Income-tax Act, the Companies Act statutory audit under Section 139/143 applies to every company registered under the Act — Private Limited, Public Limited, One Person Company, Section 8 Company, and Producer Company — regardless of turnover, profit, or even whether the company has commenced business. There is no small-company or low-turnover exemption from the audit requirement itself, though the reporting format (such as CARO applicability) can differ by company size and class.
What is the difference between a Companies Act statutory audit and an Income-tax audit?
They are governed by entirely different laws and serve different purposes. The statutory audit under the Companies Act examines whether the financial statements give a true and fair view and comply with applicable Accounting Standards, and the report is filed with the RoC alongside AOC-4. The tax audit under Section 44AB of the Income-tax Act examines whether the business's accounts comply with income-tax provisions, is triggered by turnover/receipt thresholds, and results in Form 3CA/3CB and Form 3CD filed with the Income-tax Department. A company above the tax-audit threshold needs both audits — they are not substitutes for each other, though PNPC often performs both for efficiency where we are engaged for both.
Who can be appointed as a statutory auditor of a company?
Only a Chartered Accountant holding a valid Certificate of Practice from the Institute of Chartered Accountants of India (ICAI), or a firm where the majority of partners are practising CAs, can be appointed as statutory auditor under Section 141 of the Companies Act. The appointee must not be disqualified under Section 141(3) — which includes being an officer or employee of the company, holding a business relationship with the company beyond what is permitted, being indebted to the company beyond prescribed limits, or providing certain prohibited non-audit services to the company under Section 144.
How is the statutory auditor appointed, and what is the term of appointment?
The first auditor is appointed by the Board of Directors within 30 days of incorporation, holding office until the conclusion of the first AGM. Thereafter, the auditor is appointed by shareholders at the AGM, typically for a term of five consecutive years, subject to conditions under Section 139. The appointment (or reappointment) must be intimated to the Registrar of Companies in Form ADT-1 within 15 days of the AGM at which the appointment was made.
What is mandatory auditor rotation, and does it apply to my company?
Section 139(2) mandates rotation of the statutory auditor for listed companies and certain classes of unlisted public companies and private companies meeting specified paid-up capital or borrowing thresholds prescribed under the Companies (Audit and Auditors) Rules. Where it applies, an individual auditor cannot be reappointed for more than one term of five consecutive years, and an audit firm cannot be reappointed for more than two terms of five consecutive years each, with a mandatory cooling-off period thereafter. Most small and mid-sized private companies fall below the prescribed thresholds and are not subject to mandatory rotation, but this should be confirmed for your specific company, not assumed.
What is CARO 2020, and does it apply to every company?
The Companies (Auditor's Report) Order 2020 (CARO 2020) requires statutory auditors to report on specific matters — fixed asset verification, inventory, loans and guarantees, deposits, cost records, statutory dues, defaults in repayment of loans, utilisation of funds raised through IPO/further issue, fraud reporting, and several other clauses — as an annexure to the main audit report. CARO 2020 applies to most companies but has specific exemptions, including for One Person Companies, small companies (as defined under Section 2(85)), and certain private companies meeting specified paid-up capital, borrowings, and turnover thresholds simultaneously.
What is Internal Financial Controls (IFC) reporting, and is it mandatory?
Under Section 143(3)(i), the statutory auditor must report on whether the company has adequate internal financial controls with reference to financial statements, and whether such controls are operating effectively. This reporting requirement has an exemption for private companies that meet specific conditions on turnover, borrowings, and are not a subsidiary/holding of a public company, as notified through amendments to the reporting requirements. Where it does apply, IFC reporting requires the auditor to test control design and operating effectiveness formally, not just express a general opinion.
What happens if a company does not appoint a statutory auditor or does not get its accounts audited?
Non-compliance with the audit requirement is a serious default under the Companies Act. The company cannot validly adopt its financial statements at the AGM, cannot file AOC-4 (which requires the auditor's report as an annexure), and accumulates RoC late-filing penalties of ₹100 per day per form with no cap under Section 403. Beyond the direct filing consequence, non-audited or non-filed financial statements over multiple years can trigger director disqualification under Section 164(2) and expose the company to MCA strike-off action under Section 248.
Can the same CA firm handle both our bookkeeping/accounting and our statutory audit?
This requires careful handling under Section 141 and Section 144 independence provisions. A statutory auditor is restricted from providing certain 'not permitted' services — including book-keeping and accounting — to the company it audits, to preserve the independence that gives the audit opinion its value. PNPC structures engagements so that where we provide accounting/bookkeeping services to a client, the statutory audit for that entity is either performed by a different independent engagement team within our practice with appropriate safeguards, or we recommend an independent CA firm for the audit — whichever properly preserves independence for your specific situation.
How long does a typical statutory audit take, and when should we start?
For a mid-sized private company with reasonably organised books, PNPC typically completes the audit — from engagement letter to signed report — in 6 to 8 weeks. This should be planned backward from your AGM date. Under Section 96, subsequent AGMs must generally be held within 6 months of the financial year end (so by 30 September for a 31 March year-end, subject to any extension the RoC may grant); a company's very first AGM has a longer window — up to 9 months from the end of its first financial year. We recommend starting audit planning at least 8-10 weeks before the intended AGM date. First-time audits, or audits of companies with disorganised books or incomplete reconciliations, need a longer runway.
What is UDIN, and why does every audit report need one?
UDIN (Unique Document Identification Number) is an 18-digit unique number generated by the Chartered Accountant on the ICAI's UDIN portal for every audit report, certificate, and specified document signed in their capacity as a practising CA. Mandated by ICAI since 2019, UDIN allows regulators, banks, and other stakeholders to verify the authenticity of a CA-signed document and check it was not forged or issued by an unauthorised person. An audit report without a valid UDIN can be treated as invalid by the authority relying on it.
What is a qualified opinion, and what does it mean for our company?
An unqualified ("clean") opinion means the auditor concludes the financial statements give a true and fair view without exception. A qualified opinion means the auditor found a specific, material issue — a departure from an Accounting Standard, insufficient audit evidence for a particular item, or a scope limitation — that is significant enough to flag, but not pervasive enough to invalidate the entire financial statements. An adverse opinion or disclaimer of opinion are more serious outcomes, used when misstatements or scope limitations are pervasive. A qualification is disclosed in the audit report and can affect loan covenants, investor confidence, and regulatory scrutiny.
Does a company with no operations or a 'shell' company still need a statutory audit?
Yes, unless the company has formally obtained dormant company status under Section 455 of the Companies Act — which itself requires a specific MCA application (Form MSC-1) and comes with its own conditions and periodic renewal. Absent that formal status, a company with zero transactions during the year still requires a full statutory audit resulting in nil (or near-nil) financial statements, and the auditor's report and CARO annexure (where applicable) must still be issued and filed.
What is Section 143(12) fraud reporting, and when does it apply?
Section 143(12) requires the statutory auditor, if during the audit they have reason to believe that an offence involving fraud has been or is being committed against the company by its officers or employees, to report the matter. Where the amount involved is at or above the threshold prescribed under the Rules, the auditor reports directly to the Central Government via Form ADT-4 within the prescribed timeline. Below that threshold, the matter is reported to the Audit Committee or Board, and disclosed in the Board's Report.
Can a private company's statutory auditor be a relative of one of the directors?
The Companies Act does not automatically disqualify a director's relative from being the statutory auditor purely on the basis of the relationship — the disqualifications under Section 141(3) are specifically about business relationships, employment, indebtedness, and holding of securities, not familial relationship per se. However, appointing a director's close relative as auditor raises independence concerns that sophisticated investors, banks, and regulators will scrutinise closely during due diligence, even where it is technically permitted.
What documents does PNPC need from us to start the statutory audit?
At a minimum: the trial balance and general ledger for the year, bank statements and reconciliations, the fixed asset register, GST and TDS returns filed during the year, details of related party transactions and loans, Board/AGM minutes, and the prior year's signed audited financial statements for comparatives. The full document checklist is more extensive and depends on your business — PNPC provides a tailored document request list at the engagement letter stage based on your company's specific transaction types and complexity.
What is the auditor's responsibility versus management's responsibility for the financial statements?
Under Section 134(5) and the standard audit report format, management (the Board of Directors) is responsible for the preparation and fair presentation of the financial statements, for maintaining adequate accounting records, safeguarding assets, and preventing and detecting fraud. The auditor's responsibility is to express an independent opinion on those financial statements based on the audit evidence obtained — the auditor does not prepare the financial statements and is not responsible for detecting every instance of fraud or error, only for planning and performing the audit to obtain reasonable (not absolute) assurance that the statements are free of material misstatement.
How does PNPC charge for statutory audit — what determines the fee?
Statutory audit fees are structured based on the complexity and scale of the engagement — transaction volume, number of related party transactions, whether CARO and IFC reporting apply, quality of books provided, number of locations/branches, group structure, and whether this is a first-time or continuing audit. PNPC provides a written scope and fee estimate before the engagement letter is signed — there are no surprise charges once the fee is agreed, except for genuinely out-of-scope work identified and separately agreed during the audit.
What is the difference between the Auditor's Report and the Director's Report?
The Auditor's Report is prepared and signed by the independent statutory auditor and expresses an opinion on the financial statements. The Director's Report is prepared and signed by the Board of Directors (management) and covers the company's operational performance, state of affairs, dividend recommendation, related party transaction disclosures, and various other statutory disclosures required under Section 134. Both are annexed to the financial statements filed in AOC-4, but they are authored by different parties with different responsibilities and perspectives.
If our company operates in both India and the UAE, does the statutory audit cover both entities?
No — a Companies Act statutory audit covers only the Indian company registered under the Act. A UAE entity (Mainland LLC or Free Zone company) is governed by UAE Commercial Companies Law and, where applicable, UAE Corporate Tax audit/assurance requirements, which are entirely separate from the Indian Companies Act framework. Where the two entities have intercompany transactions, both audits need to be aware of and consistently reflect those transactions, including any transfer pricing documentation required under Section 92C of the Indian Income-tax Act.
What is the difference between AS (Accounting Standards) and Ind AS, and which applies to my company?
Indian Accounting Standards (Ind AS), converged with IFRS, are mandatory for specified classes of companies based on net worth and listing status — broadly, listed companies and larger unlisted companies meeting prescribed net worth thresholds, along with their holding, subsidiary, joint venture, and associate companies. Companies not covered by the Ind AS roadmap continue to follow the older Accounting Standards (AS) notified under the Companies (Accounting Standards) Rules. Most small and mid-sized private companies currently follow AS rather than Ind AS, but this changes as the company's net worth grows or if it becomes part of a group where a holding/subsidiary company is Ind AS-applicable.
Can the statutory auditor also value our company's shares for a fundraise or ESOP grant?
Generally, this should be approached carefully. While not always an absolute Section 141/144 disqualification depending on the specific facts, valuation work for a company by its own statutory auditor can raise independence and objectivity concerns, particularly where the valuation feeds directly into related-party or FEMA pricing-guideline compliance that the same auditor will later need to independently assess. PNPC typically recommends a valuation be performed by a different qualified professional — a SEBI-registered Merchant Banker or a separate CA — from the entity's statutory auditor, to keep both engagements independent and defensible in due diligence.
What is a limited review, and is it different from a statutory audit?
A limited review is a lower-assurance engagement — typically used for quarterly financial results of listed companies under SEBI's Listing Obligations and Disclosure Requirements (LODR) — involving inquiry and analytical procedures rather than the full substantive testing of a statutory audit. It provides negative assurance ("nothing has come to our attention...") rather than the positive opinion ("gives a true and fair view") of a full audit. Most private companies do not require limited reviews unless they have listed debt securities or other specific regulatory triggers.
What happens during an audit if we discover an error from a prior year?
Prior period errors are addressed under the applicable Accounting Standard (AS-5 or Ind AS 8, as applicable) — material prior period errors are generally corrected by restating the comparative figures presented, with appropriate disclosure of the nature and amount of the correction, rather than being run through the current year's profit and loss as an ordinary item. The current year's auditor will assess the materiality of the error and the adequacy of its correction and disclosure as part of forming the current year's opinion.
Does a startup that has raised VC funding face additional statutory audit scrutiny?
Not additional statutory requirements beyond the standard Companies Act audit, but in practice, VC-funded companies typically have more related party transactions (with the founders, ESOP trusts, or affiliated entities), more complex share capital structures (CCPS, multiple funding rounds), and investor-nominee directors who scrutinise the financial statements closely — all of which naturally increase the audit's substantive testing focus in those specific areas, even though the underlying legal framework is the same as for any other company.
What is the Board's responsibility if the statutory auditor resigns mid-year?
If the statutory auditor resigns before completing their term, the outgoing auditor must file Form ADT-3 with the RoC within 30 days, stating the reasons for resignation. The Board must then fill the casual vacancy — for a reason other than disqualification, the Board can appoint a new auditor within 30 days, subject to approval by shareholders within 3 months at a general meeting; if the vacancy is due to disqualification, only the shareholders in general meeting can fill it, within 3 months.
Is a statutory audit required for a company that has applied for voluntary strike-off (STK-2)?
Yes, in a modified sense. A company applying for voluntary strike-off under Section 248(2) via Form STK-2 must submit a statement of accounts reflecting assets and liabilities, made up to a date not more than 30 days before the date of application, and this statement must be certified by a Chartered Accountant. While this is not necessarily the full annual statutory audit process, it requires a CA-certified financial position, and any outstanding regular statutory audits for prior years generally need to be current and filed before a clean strike-off application can proceed.
How does PNPC ensure audit quality and not just compliance box-ticking?
Every PNPC statutory audit follows documented audit planning with risk assessment specific to the client's business, substantive testing sized to actual materiality rather than a fixed template percentage, formal working papers supporting every conclusion in the report, and a partner-level review before any report is signed. We generate UDIN for every signed report on the ICAI portal, maintaining the traceability and accountability the profession requires. We treat the audit as a genuine independent examination — not a formality performed to unlock the AOC-4 filing.
Can PNPC audit a company across multiple states or with multiple branches?
Yes. For companies with operations across multiple states — common for GST-registered businesses with multiple state registrations, warehouses, or branch offices — PNPC coordinates audit fieldwork across locations, either through our own teams across Chennai, Bangalore, and Hyderabad or through appropriately supervised local verification where a branch does not have a dedicated PNPC office nearby. Branch-level verification is consolidated into a single company-wide audit opinion.
What is materiality in an audit, and how is it decided?
Materiality is the threshold above which a misstatement, individually or in aggregate, could reasonably be expected to influence the economic decisions of users relying on the financial statements. Auditors set a materiality benchmark at the planning stage — commonly a percentage of revenue, total assets, or profit before tax, adjusted for qualitative factors specific to the business — and use it to determine sample sizes, the significance of identified misstatements, and which items warrant more intensive testing.
What happens if the statutory auditor and the company disagree on an accounting treatment?
The auditor's role is to form an independent opinion, not to simply accept management's preferred accounting treatment. Where PNPC and a client's management genuinely disagree on the correct treatment under applicable Accounting Standards, we first work through the technical position with supporting documentation and, where relevant, cite the specific Standard provision. If disagreement persists on a material item, the audit report will be appropriately qualified to reflect it — we do not sign an unqualified opinion on a treatment we believe is not compliant, regardless of client preference.
Does PNPC provide statutory audit services for NBFCs and other RBI-regulated entities?
Yes, with the additional regulatory layer that applies to RBI-regulated entities such as NBFCs — including RBI-specific reporting requirements, prudential norm compliance verification (capital adequacy, asset classification, provisioning), and any RBI-mandated auditor eligibility criteria that go beyond the standard Companies Act requirements. NBFC audits require the auditor to be familiar with RBI Master Directions in addition to the Companies Act framework.
How far in advance should we engage PNPC for our statutory audit?
We recommend engaging your statutory auditor — whether PNPC or otherwise — at the start of the financial year, or at minimum 8-10 weeks before your intended AGM date, particularly for a first-time audit or a company with any degree of transactional complexity. Early engagement allows for planning-stage risk assessment, interim testing during the year rather than compressing everything into a post-year-end sprint, and materially reduces the chance of audit delays affecting your AGM and AOC-4 filing deadlines.
| Feature | Volume Audit Firm / Portal-Linked CA | Generic Local CA Practice | PNPC Global |
|---|---|---|---|
| Audit Planning & Risk Assessment | Minimal or templated — same checklist for every client | Basic — general understanding of the business | Formal risk assessment specific to your business model, sector, and transaction complexity, documented at the planning stage |
| Substantive Testing Depth | Thin sampling to meet minimum documentation requirements | Reasonable but often reactive to what management provides | Sample sizes and testing scope sized to actual materiality and risk — with documented working papers supporting every conclusion |
| CARO 2020 / IFC Reporting | Boilerplate 'not applicable' responses where possible | Generally covered but not always deeply tested | Point-by-point evidenced conclusions on every applicable CARO clause and formally tested IFC design/effectiveness where required |
| Independence Discipline | Frequently blurred — same firm does books, audit, and everything else | Variable — depends on firm size and client relationships | Structured to preserve Section 141/144 independence, including recommending a separate firm where appropriate for the client's own protection |
| Query Resolution & Communication | Minimal contact until the report is ready to sign | Direct but often only reactive to client queries | Draft observations and queries shared well before finalisation, giving management real time to respond — no last-minute surprises at the AGM |
| Cross-Border Coordination | Not offered | Not offered | India-UAE coordination through PNPC's Dubai office for clients with related entities in both jurisdictions |
| Fee Transparency | Low headline fee, scope often expands with hidden charges | Generally transparent but informal | Written scope and fee agreed before the engagement letter is signed — no surprise charges for in-scope work |
| Post-Audit Value | Signed report, engagement closed | May offer informal advice | Management letter flagging control weaknesses and process improvements — actionable input for the next financial year, not just a pass/fail opinion |
What the PNPC package includes
- 01
Formal audit planning with documented risk assessment specific to your business, sector, and transaction complexity
- 02
Trial balance reconciliation to GST returns, TDS returns, and bank statements before substantive testing begins
- 03
Substantive testing — vouching, verification, and third-party confirmations — sized to real materiality, not a fixed template percentage
- 04
CARO 2020 applicability assessment and point-by-point evidenced reporting on every applicable clause
- 05
Internal Financial Controls (IFC) design and operating-effectiveness testing where Section 143(3)(i) applies, with documented working papers
- 06
Related party transaction testing for arm's-length terms and Section 188 approval compliance
- 07
Draft observations shared with management well before the report is finalised — real time to respond, not a last-minute surprise
- 08
Management Representation Letter obtained as standard practice, and UDIN generated on the ICAI portal for every signed report
- 09
Coordination with your MCA compliance team for timely AOC-4 filing within 30 days of the AGM
- 10
Post-audit management letter flagging control weaknesses and process improvement opportunities for the year ahead
- 11
India-UAE audit coordination through PNPC's Dubai office for clients with entities in both jurisdictions
- 12
Auditor independence safeguards — including recommending a separate CA firm where PNPC also provides accounting services, to protect the credibility of your audit opinion
Speak directly with a PNPC Chartered Accountant about your statutory audit. Not a form-filling service, not a rubber-stamp signature — a practising CA firm that has conducted independent statutory audits since 1986, and that treats the audit opinion as something your bank, your investors, and your own directors can actually rely on.