Rated 4.9/5 by 312+ Chennai clientsZero penalty record across all filings24-hour response · WhatsApp-first supportOffices: Maduravoyal, Nerkundram & Nolambur (upcoming)15+ years of expert tax & compliance consulting500+ active clients across 243 Chennai areasRated 4.9/5 by 312+ Chennai clientsZero penalty record across all filings24-hour response · WhatsApp-first supportOffices: Maduravoyal, Nerkundram & Nolambur (upcoming)15+ years of expert tax & compliance consulting500+ active clients across 243 Chennai areas
Internal Audit for hospitality firms in St Thomas Mount

St Thomas Mount Internal Audit — Chennai South

Internal Audit delivery for hospitality and aviation firms across St Thomas Mount — and a zero-penalty filing record

St Thomas Mount hospitality and aviation units around St Thomas Mount Cantonment — transparent scope, no surprises, and a filed acknowledgement back to you. Call 9566-068-468.

4.9
312+ Reviews
15+ Years
Zero Penalties
500+ Clients
Quick Answer

Who appoints the internal auditor and what is the role of the Audit Committee in St Thomas Mount, Chennai?

Under Section 138(1), the Board of Directors appoints the internal auditor on the recommendation of the Audit Committee where one is constituted under Section 177. For listed companies and Section 138 entities meeting Rule 6 thresholds, an Audit Committee is mandatory. Section 177(4) requires the Audit Committee to review the internal auditor's appointment, scope, frequency and findings. The internal auditor reports functionally to the Audit Committee and administratively to the CFO/MD.

Transparent Pricing

Internal Audit in St Thomas Mount — Plans & Pricing

Fixed fees · Zero hidden charges · Call 9566-068-468 for a custom quote.

MonthlyAnnualSave 2 Months
Single Cycle
Quarterly internal audit for one process cycle
₹15,000/year

  • Single Cycle Coverage (Revenue OR Procurement OR Payroll)
  • Quarterly Audit Report to Management
  • Walkthrough & Process Documentation
  • Testing of Design (ToD) on Key Controls
  • Sample-Based Substantive Testing
  • Observation Memos in FCCC Format
  • Entity Size: Turnover ≤ ₹10 crore
  • SIA 220 Compliance
  • Risk-Based Audit Universe Build
  • ICFR / IFC Opinion
  • Audit Committee Reporting Pack
  • ITGC Review
  • WhatsApp Document Pickup
  • Annual Summary Report
Starter
Risk-based audit on two cycles for SME
₹35,000/year

  • Two Cycle Coverage (Pick from Revenue / Procurement / Payroll / Inventory / Fixed Assets)
  • Risk Universe & Risk Register Build
  • Risk Heat Map (Inherent vs Residual)
  • Quarterly Audit Reports
  • Testing of Design (ToD) + Limited ToE
  • Substantive Testing & Analytical Review
  • Management Letter on Control Weaknesses
  • Entity Size: Turnover ≤ ₹50 crore
  • SIA 110-510 Compliance
  • COSO 5-Component Mapping
  • ICFR / IFC Audit Opinion
  • Audit Committee Pack
  • ITGC Deep Dive
  • WhatsApp Document Pickup
  • Annual IA Summary
Most Popular ⭐
Professional
Section 138 + ICFR + Audit Committee package
₹85,000/year

  • Full Risk-Based Audit on All Major Cycles
  • Risk Universe + Risk Register + Heat Map
  • Testing of Design + Operating Effectiveness (ToD + ToE)
  • Walkthroughs for Revenue / Procurement / Payroll / Inventory / Fixed Assets / Treasury
  • ICFR / IFC Review under ICAI Guidance Note 2015
  • COSO 2013 Five-Component Assessment
  • Quarterly Audit Committee Reporting Pack
  • Section 134(5)(e) Director's Report Input
  • CARO 2020 Clause 3(xviii) Coordination
  • Section 143(12) Fraud Risk Assessment
  • Whistleblower Cases Review (Section 177(9))
  • Entity Size: Turnover ≤ ₹200 crore
  • Section 138 Compliant
  • SIA 110-740 Full Coverage
  • Management Letter Each Quarter
  • Annual IFC Effectiveness Opinion
Premium
Listed-grade audit with ITGC and SOX-grade testing
₹250,000/year

  • Full Risk-Based Audit Across Risk Universe
  • ITGC Deep Dive — Access / Change / Operations / Development
  • SOD Conflict Matrix Build & Remediation
  • SOX 404-Grade ICFR Documentation & Testing
  • Walkthroughs for All Material Cycles + Treasury + FX
  • Detailed ToD + ToE with Statistical Sampling
  • Cybersecurity & DPDP Act 2023 Review
  • VAPT Coordination Support
  • CSR Section 135 Audit
  • ESG / BRSR Pre-Assurance Review
  • Related-Party Transactions Section 188 Audit
  • Quarterly Audit Committee Pack with KPIs
  • Section 134(5)(e) IFC Opinion Documentation
  • CARO 2020 Sign-Off Coordination
  • External Quality Assurance under SIA 740
  • Entity Size: Turnover ≤ ₹1000 crore (Listed / Public)
  • Listed-Co Bench
  • On-Site Audit Days Each Quarter
  • Dedicated Engagement Partner

Swipe to see all plans

Prices exclude GST. For enterprise pricing, call 9566-068-468.

Why FilingPro?

Why St Thomas Mount Clients Choose FilingPro

Expert Internal Audit in St Thomas Mount — qualified professionals, 15+ years experience, zero-penalty track record.

ToD + ToE with Statistical Sampling

Testing of Design through walkthrough and inspection; Testing of Operating Effectiveness through reperformance with statistically valid sample sizes — daily controls 25, weekly 5, monthly 2-3 instances per SIA 320.

ITGC Deep Dive on ERP

Oracle, SAP, Tally Prime, Microsoft Dynamics environments — ITGC reviewed across access management, change management, computer operations and program development. SOD conflict matrix built from ERP role profiles.

Section 134(5)(e) IFC Opinion

Annual IFC effectiveness opinion documentation prepared in the format expected by Audit Committee, statutory auditor and ROC — supporting the Section 134(5)(e) Director's Report assertion without rework.

CARO 2020 Coordinated

Internal audit reports made available to the statutory auditor with scope coverage analysis — supporting CARO 2020 Clause 3(xviii) consideration and Clause 3(xiv) adequacy reporting without last-minute scramble.

Section 177 Audit Committee Pack

Risk dashboard, observation status, FCCC finding memos, management responses, closure tracking and fraud indicators — packaged for the Audit Committee meeting under Section 177(8) at least four times a year.

Section 143(12) Fraud Risk Assessment

Fraud risk assessment integrated into audit planning under SIA 240. ₹1 crore reporting threshold tracked, sub-threshold matters escalated to Audit Committee under Section 177(9) whistleblower mechanism.

Key Benefits

What St Thomas Mount Clients Get

Every Internal Audit engagement delivers measurable, guaranteed outcomes — expert professionals, on time, every time.

ESG / BRSR Pre-Assurance Ready
Listed entities filing the Business Responsibility and Sustainability Report under SEBI LODR Regulation 34(2)(f) get pre-assurance review of identified core ESG metrics — energy, emissions, water, waste, gender pay parity, supplier ESG.
Cybersecurity & DPDP Act 2023 Coverage
Cybersecurity audit under ITGC includes VAPT coordination, incident response, BCP / DR, DPDP Act 2023 compliance, CERT-In 6-hour incident reporting and SEBI cybersecurity framework for listed entities.
Section 138 Statutory Compliance
For St Thomas Mount listed and threshold-bound entities, Section 138 read with Rule 13 compliance is fully discharged. No notice from ROC, no Section 450 general penalty exposure.
Audit Committee-Grade Quarterly Pack
Each quarter ends with a polished Audit Committee pack — risk dashboard, FCCC findings, management responses, closure status, fraud watch and KPIs. Directors come prepared, meetings move faster.
Clean ICFR Opinion for Director's Report
Annual IFC effectiveness opinion documentation supports the Section 134(5)(e) assertion in the Director's Report and Section 143(3)(i) statutory auditor opinion. No qualifications, no boilerplate.
CARO 2020 Sign-Off Smoothened
Internal audit work product made available to the statutory auditor in the format expected — Clause 3(xviii) consideration and Clause 3(xiv) adequacy reporting completed without delay.
Comparison

Internal vs Statutory

Why this matters here — In St Thomas Mount, the cluster of hospitality, aviation, logistics businesses that defines St Thomas Mount's commercial fabric; served by short connections to Guindy and Alandur and onward to central Chennai.

AspectInternalStatutory
DefinitionInternal pathway under internal auditStatutory pathway under internal audit
Trigger basisStatutory threshold or notified conditionAlternative condition prescribed by the operative section
Applicable section / ruleAs prescribed by the operative provisionAs prescribed by the alternative provision
Time limitPer statutory windowPer alternative statutory window
Compliance burdenLower / standardHigher / specialised
Documentation setStandard supporting documentsExtended supporting documents
Penalty exposure on defaultStandard penalty under the ActEnhanced penalty / disqualification consequence
ReversibilityReversible by amendment / withdrawalReversible only by separate statutory procedure
Typical use caseStandard internal audit pathwaySpecialised internal audit pathway
Cost implicationWithin standard fee bandMay attract specialist fees
Decision driverDefault for most situationsRequired where alternative condition holds
Practitioner noteConfirm eligibility before commencementDocument the trigger before engagement begins
Documents Required

Documents for Internal Audit

Share documents via WhatsApp to 9566-068-468. No office visit required for St Thomas Mount clients.

Audited financial statements of last 3 years and current year trial balance
GST returns — GSTR-1, GSTR-3B, GSTR-9 / 9C — for the audit period
Income Tax Returns, Form 3CD tax audit report and TDS challans / 24Q / 26Q
Prior year internal audit reports, management letters and Audit Committee minutes
Organisation chart, delegation of authority matrix and SOD register
Process documentation / SOPs for revenue, procurement, payroll, inventory, fixed asset and treasury cycles
Ready to Get Started?
WhatsApp your documents to 9566-068-468 — our team begins within 24 hours. No office visit needed.
Share Documents on WhatsApp Call @ 9566-068-468 Send Enquiry Online
Statutory Deadlines

Compliance deadlines that matter

Miss any of these and the next consequence kicks in automatically.

Deadlines in this neighbourhood — In St Thomas Mount, the business activity radiating outward from St Thomas Mount Cantonment and nearby commercial pockets.

Trigger eventDaysFormConsequence
Company crosses a Rule 13 threshold during the preceding financial year, making internal audit applicable30 daysBoard resolution appointing internal auditorContinued default attracts the general penalty under Section 450 and an adverse comment under CARO 2020 paragraph 3(xiv)
Board must, in consultation with the internal auditor and audit committee, define scope, functioning, periodicity and methodology30 daysBoard minutes recording approved internal audit charter and planUndefined scope leaves the audit committee unable to review adequacy and weakens the internal financial controls assessment
Audit committee to review internal audit findings before the next Board meeting7 daysAudit committee minutes recording review and follow-upUnreviewed findings remain unactioned and recur, undermining the directors' responsibility statement
Statutory auditor to consider internal audit reports before signing the audit report30 daysWorking-paper reference to internal audit reports consideredIf internal audit reports are unavailable or ignored, the statutory auditor reports adversely under CARO 2020 paragraph 3(xiv)(b)
Re-assessment of internal audit applicability at the start of each financial year against Rule 13 thresholds30 daysBoard note on applicability reviewMissing the reassessment means a newly-qualifying company operates the year without a mandated internal auditor
Close of each quarter for which the internal auditor is engaged to report to the audit committee45 daysInternal audit report for the quarterDelayed reporting deprives the audit committee of timely findings and weakens Section 177 oversight
Management to submit an action-taken report closing internal audit observations30 daysAction-taken report and updated control logOpen observations feed into the statutory auditor's internal financial controls opinion under Section 143(3)(i)

Deadline pressure points we see in St Thomas Mount: For St Thomas Mount engagements specifically — for St Thomas Mount IT-services firms managing export-LUT cycles alongside payroll and TDS.

Forms Library

Forms used in this engagement

Board Resolution - Internal AuditorBoard resolution appointing the internal auditor

Records the Board's decision to appoint a chartered accountant, cost accountant or other professional as internal auditor and fixes the terms of engagement. Unlike the statutory auditor, appointment of an internal auditor is not filed with the Registrar in Form ADT-1; it is a Board minute kept in the company's records.

Passed at the Board meeting when applicability is triggered Company Board (retained internally; not filed with the Registrar)
MGT-14 (where applicable)Filing of Board resolution with the Registrar where required

Where a Board resolution relating to the appointment or terms of an internal auditor falls within the matters requiring filing under Section 179(3) and the Companies (Meetings and Powers of Board) Rules 2014, it is filed in Form MGT-14. Private companies are exempt from filing many Section 179(3) resolutions, so this applies selectively.

Within thirty days of passing the resolution, where filing is required Registrar of Companies (MCA portal)
Internal Audit CharterInternal audit charter and engagement letter

Sets out the purpose, authority, independence, scope, reporting line and periodicity of the internal audit function, agreed between the Board, audit committee and internal auditor. It operationalises Rule 13(2) and aligns the engagement with the ICAI Framework Governing Internal Audits.

Approved before the audit cycle begins and reviewed annually Company Board and Audit Committee (internal record)
Risk-based Internal Audit PlanAnnual risk-based internal audit plan

Documents the risk assessment, auditable units, coverage and calendar for the year so that higher-risk processes receive priority. Prepared under the Standards on Internal Audit dealing with planning, it forms the basis on which the audit committee monitors coverage and frequency.

Prepared and approved at the start of the financial year Internal auditor, approved by Audit Committee
Internal Audit ReportPeriodic internal audit report to the audit committee

Communicates observations, root causes, risk ratings and recommendations to the audit committee or Board. Prepared in line with the Standards on Internal Audit dealing with reporting, it drives management action-taken reports and feeds the internal financial controls assessment.

Issued each quarter or at the periodicity fixed by the Board Internal auditor to Audit Committee / Board
Audit Committee MinutesAudit committee minutes recording review of internal audit

Evidence that the audit committee reviewed the adequacy of the internal audit function, discussed significant findings with the internal auditor and monitored follow-up, as required by Section 177. These minutes support the directors' responsibility statement and the statutory auditor's CARO reporting.

Recorded at each committee meeting that reviews internal audit Audit Committee (internal record)

Internal Audit in St Thomas Mount, Chennai 600016

Businesses registered in St Thomas Mount share the Chennai South jurisdiction, and their statutory matters route through the same Saidapet Division each time. Approvals, acknowledgements and queries for St Thomas Mount businesses tie back to the Saidapet Division, so our Internal Audit cadence accounts for how that office works. Statutory correspondence for St Thomas Mount businesses routes through the Saidapet Division, so we align every Internal Audit engagement to that jurisdiction from the start. Every St Thomas Mount engagement we open begins with the basics: PIN 600016, the Saidapet Division, and the coordinates 12.9925, 80.1939 that anchor the locality.

St Thomas Mount sustains a high flow of commerce for a commercial residential mix with airport proximity locality, and that flow is the raw material for the Internal Audit files we close here. Most commerce in St Thomas Mount — invoices, expenses, purchases and statutory records — eventually surfaces in the Internal Audit working file we maintain for clients here. The businesses clustered around Mount Railway Station in St Thomas Mount drive the bulk of the Internal Audit workload we see each cycle. Working in St Thomas Mount brings a logistical edge: proximity to Mount Railway Station and the St Thomas Mount Metro corridor keeps physical document handling fast.

logistics units around St Thomas Mount share recurring Internal Audit patterns — input-credit timing, vendor reconciliation, and sector-specific documentation. The logistics character of St Thomas Mount commerce influences everything from invoice formats to the supporting documents a Internal Audit review needs. Sector concentration matters: when St Thomas Mount leans toward logistics, the Internal Audit risks cluster around the same few line items each cycle. We have closed enough Internal Audit files for logistics firms near St Thomas Mount to know where the department usually probes.

Every Internal Audit file we open for St Thomas Mount is reconciled, reviewed by a qualified practitioner, and archived for seven years. Turnaround for St Thomas Mount Internal Audit is deterministic — fixed fee, a scoped timeline, and a same-business-day acknowledgement once filed. We keep a repeatable Internal Audit checklist for St Thomas Mount so nothing in the cycle is improvised or missed. Working papers for St Thomas Mount Internal Audit engagements stay archived and retrievable, which makes any later notice or query straightforward to answer.

We treat St Thomas Mount and Alandur as one catchment for Internal Audit, which keeps documentation and turnaround consistent. Proximity to Alandur means a St Thomas Mount engagement can extend across the locality cluster with no change in cadence. Businesses straddling St Thomas Mount and Alandur get a single Internal Audit point of contact rather than two. Coverage from St Thomas Mount naturally extends to Alandur, so group entities across the area share one Internal Audit workflow.

Sector signals in St Thomas Mount — seasonal retail swings and peak-period volumes — shape how we schedule Internal Audit work. Because we work repeatedly across St Thomas Mount, we can benchmark a new client's Internal Audit position against the locality norm. Each engagement in St Thomas Mount adds to a record of what the Chennai South jurisdiction expects, sharpening the next Internal Audit file. The longer we serve St Thomas Mount, the more precisely we predict where a Internal Audit file needs attention.

We onboard new St Thomas Mount entities onto a Internal Audit cadence that is audit-ready from the very first cycle. First-time Internal Audit for a St Thomas Mount business is where getting the basics right saves years of cleanup later. Shifting principal place of business to St Thomas Mount means updating jurisdiction to the Chennai South, and we manage the paperwork end-to-end. A startup setting up near Mount Railway Station in St Thomas Mount gets a Internal Audit foundation built for the Saidapet Division from day one.

4.9★
Average Rating
15+
Years Experience
500+
Active Clients
Zero
Penalty Instances
Expert Guide

Internal Audit in St Thomas Mount — Complete Guide

For listed and threshold-bound St Thomas Mount (600016) companies, FilingPro performs Internal Financial Controls testing under the ICAI Guidance Note on Internal Financial Controls Over Financial Reporting 2015 — adopting the COSO 2013 five-component framework. Both Testing of Design (ToD) and Testing of Operating Effectiveness (ToE) are documented with statistical sampling, supporting the Section 134(5)(e) Director's Report assertion and the Section 143(3)(i) statutory auditor opinion.

Internal Audit Services in St Thomas Mount, Chennai

Section 138 Companies Act risk-based internal audit for St Thomas Mount private and public companies — SIA-compliant methodology, COSO 2013 framework, quarterly Audit Committee reporting and ICFR support for the Section 134(5)(e) Director's Report assertion.

Section 138 Internal Auditor in St Thomas Mount — Risk-Based Methodology

Appointed under Section 138 read with Rule 13, our internal auditors build the St Thomas Mount entity's risk universe, score inherent and residual risk, prepare the heat map and design audit cycles around the highest-residual-risk processes — fully aligned with SIA 230.

ICFR / IFC Review in St Thomas Mount — Listed and Section 138 Companies

Internal Financial Controls testing under the ICAI Guidance Note IFC 2015 covers all five COSO components — Control Environment, Risk Assessment, Control Activities, Information & Communication and Monitoring — with full ToD and ToE documentation feeding the Section 134(5)(e) assertion.

Audit Committee Reporting & CARO 2020 Coordination in St Thomas Mount

Quarterly internal audit reports formatted for Audit Committee meetings under Section 177(8), with management responses, closure tracking and CARO 2020 Clause 3(xviii) coordination with the statutory auditor — ready for St Thomas Mount listed and threshold-bound entities.

Get Expert Help Today
Qualified professionals handle your Internal Audit in St Thomas Mount. WhatsApp documents — we begin within 24 hours. From ₹15,000/quarterly. Free consultation.
WhatsApp for Free Consultation Call @ 9566-068-468
From ₹15,000/quarterly
15+ years experience
Zero penalties guaranteed
Offices at Maduravoyal, Nerkundram & Nolambur (upcoming)
Key Facts — Internal Audit in St Thomas Mount
Section 138 mandatory internal audit applicability assessed for St Thomas Mount entities — listed, public ≥ ₹50 cr cap / ₹200 cr turnover / ₹100 cr borrowing / ₹25 cr deposits, private ≥ ₹200 cr turnover or ₹100 cr borrowing — under Rule 13.
Risk universe built and scored on inherent and residual risk — heat map presented to the Audit Committee under SIA 230 and ICAI risk-based audit methodology.
Testing of Design (ToD) and Testing of Operating Effectiveness (ToE) on key controls — preventive, detective and corrective — across revenue, procurement, payroll, inventory and fixed asset cycles.
COSO 2013 five-component framework — Control Environment, Risk Assessment, Control Activities, Information & Communication, Monitoring — applied per ICAI Guidance Note IFC 2015.
ITGC review for Access Management, Change Management, Computer Operations and Program Development — SOD conflict matrices built around ERP role profiles for St Thomas Mount clients.
Section 143(12) fraud risk assessment integrated — material fraud reporting threshold ₹1 crore tracked, Audit Committee escalation for sub-threshold matters.
Section 134(5)(e) Director's Report IFC assertion supported through annual IFC effectiveness opinion documentation — listed-co ready.
CARO 2020 Clause 3(xviii) coordination with the statutory auditor — internal audit reports made available with completed scope coverage analysis under Clause 3(xiv).
Walkthroughs documented for every material cycle at the start of each engagement — process narratives, control points and SOD inventory mapped to risk register.
Quarterly audit reports in FCCC format (Finding / Criteria / Cause / Consequence / Recommendation) under SIA 360, with management response columns and closure timelines tracked.
People Also Ask — Internal Audit in St Thomas Mount
Is internal audit mandatory for my company in St Thomas Mount?
Internal audit is statutory under Section 138 of the Companies Act 2013 read with Rule 13 if your St Thomas Mount entity is — (a) any listed company, (b) an unlisted public company with paid-up capital ≥ ₹50 crore or turnover ≥ ₹200 crore or borrowings ≥ ₹100 crore or deposits ≥ ₹25 crore at any time during the preceding financial year, or (c) a private company with turnover ≥ ₹200 crore or borrowings ≥ ₹100 crore. Below these thresholds, internal audit is voluntary but recommended.
Who can be appointed as internal auditor under Section 138?
Section 138(1) read with Rule 13(1) permits a Chartered Accountant, a Cost Accountant or such other professional as the Board may decide. The internal auditor may be an individual, a firm or a body corporate. The internal auditor cannot be the statutory auditor of the same company under Section 144 of the Companies Act 2013.
What is the difference between statutory audit and internal audit?
Statutory audit under Section 143 is an annual external audit expressing a true-and-fair opinion on the financial statements. Internal audit under Section 138 is a continuous, risk-based, internal assurance activity covering processes, controls, compliance and governance throughout the year, reporting to the Audit Committee. SA 610 governs the statutory auditor's use of internal audit work.
What is ICFR and why does my listed company need it?
Internal Financial Controls Over Financial Reporting (ICFR) is the system of policies and procedures providing reasonable assurance regarding the reliability of financial reporting. Section 134(5)(e) requires the Directors of every listed company to assert ICFR adequacy and operating effectiveness in the Director's Report. ICAI Guidance Note IFC 2015 adopts COSO 2013 as the benchmark — internal audit is the primary tool to test ICFR throughout the year.
How is the internal audit scope decided for my St Thomas Mount company?
Rule 13(2) of the Companies (Accounts) Rules 2014 places scoping responsibility on the Audit Committee or Board in consultation with the internal auditor. We build a risk universe of all business processes, score inherent and residual risk, present a heat map to the Audit Committee and design coverage cycles — high-risk processes audited every quarter, medium-risk half-yearly and low-risk annually with analytical review.
What is the role of the Audit Committee in internal audit?
Section 177(4) of the Companies Act 2013 mandates the Audit Committee to (a) review the adequacy of internal audit function including structure, staffing and frequency, (b) discuss audit findings with the internal auditor, (c) review observations and management responses, and (d) ensure follow-up. Section 177(8) requires meetings at least four times a year. The internal auditor has direct access to the Audit Committee Chairperson.
What ICAI Standards on Internal Audit (SIA) apply to internal audit assignments?

ICAI has notified Standards on Internal Audit numbered SIA 110 to SIA 740. Key standards — SIA 140 (Governance), SIA 220 (Conducting Overall Internal Audit), SIA 230 (Objectives), SIA 240 (Using Work of Other Experts), SIA 250 (Communicating with Stakeholders), SIA 320 (Evidence), SIA 360 (Communication with Management), SIA 510 (Internal Audit Documentation), SIA 530...

What is the COSO Internal Control Integrated Framework?

The Committee of Sponsoring Organizations (COSO) 2013 framework defines internal control through five interrelated components — (i) Control Environment (governance, ethics, board oversight), (ii) Risk Assessment (identifying and analysing risks to objectives), (iii) Control Activities (policies and procedures including authorisation, reconciliation, SOD), (iv) Information & Communication (relevant, timely information flows), and (v) Monitoring Activities (ongoing...

What is risk-based internal audit (RBA) methodology?

Risk-based audit prioritises audit effort based on the risk register and heat map. The internal auditor builds a risk universe of all business processes, scores each on inherent risk (likelihood × impact), maps existing controls and computes residual risk. High residual risk areas — revenue recognition, vendor onboarding, related-party transactions, IT access — are audited...

What is the difference between inherent risk and residual risk?

Inherent risk is the susceptibility of a process or assertion to material misstatement before considering any controls — driven by complexity, transaction volume, judgment intensity and external factors. Residual risk is the risk that remains after the design and operating effectiveness of controls is factored in. Internal audit focuses testing intensity on residual risk because...

What is the difference between testing of design (ToD) and testing of effectiveness (ToE)?

Testing of Design (ToD) evaluates whether a control, if operating as documented, would prevent or detect a material misstatement — done through walkthroughs, process narratives and inspection of single instances. Testing of Operating Effectiveness (ToE) evaluates whether the control consistently operated over the period — done through sample-based reperformance, observation and inspection of multiple instances.

What is a walkthrough in internal audit?

A walkthrough is the tracing of one or two transactions from initiation through processing, recording and reporting — touching every control point along the way. It establishes process understanding and validates the design of key controls. Walkthroughs are mandatory for ICFR audits under the ICAI Guidance Note on IFC 2015 and are typically performed at...

What St Thomas Mount clients want to know before signing: For St Thomas Mount engagements specifically — in the commercial residential mix with airport proximity micro-market of St Thomas Mount.

Expert Guide

A complete walkthrough — Internal Audit Services

Reading this guide locally — In St Thomas Mount, around the St Thomas Mount Cantonment catchment of St Thomas Mount.

What is Internal Audit and when is it required

Service overview

Internal Audit in Chennai () is delivered by qualified Chartered Accountants under Section 138 of the Companies Act 2013 read with Rule 13 of the Companies (Accounts) Rules 2014. We build the risk universe, score inherent and residual risk, present the heat map to your Audit Committee and design quarterly audit cycles around your highest-residual-risk processes — fully aligned with ICAI Standards on Internal Audit (SIA 110-740) and SIA 230 risk-based methodology.

Why internal audit matters for your business

CARO 2020 Sign-Off Smoothened

Internal audit work product made available to the statutory auditor in the format expected — Clause 3(xviii) consideration and Clause 3(xiv) adequacy reporting completed without delay.

Section 138 Statutory Compliance

For Chennai listed and threshold-bound entities, Section 138 read with Rule 13 compliance is fully discharged. No notice from ROC, no Section 450 general penalty exposure.

Audit Committee-Grade Quarterly Pack

Each quarter ends with a polished Audit Committee pack — risk dashboard, FCCC findings, management responses, closure status, fraud watch and KPIs. Directors come prepared, meetings move faster.

How the engagement runs end to end

Testing of Design (ToD)

Key controls identified per cycle — preventive, detective and corrective. Testing of Design through inspection of single instances and walkthrough confirmation. Design deficiencies (if any) raised immediately as significant deficiencies under ICAI Guidance Note IFC 2015 categorisation.

Testing of Operating Effectiveness (ToE)

Sample-based reperformance, observation and inspection of multiple instances per SIA 320 — daily controls 25 instances, weekly 5, monthly 2-3, quarterly 2, annual 1. Statistical sampling for ICFR, judgmental sampling for non-ICFR. Substantive and analytical procedures supplement ToE.

Engagement Scoping & Risk Universe

Section 138 applicability confirmed for the Chennai entity. Audit Committee or Board approval obtained for scope, periodicity and methodology under Rule 13(2). Risk universe of all business processes built — typically 30-60 processes mapped, with inherent risk scoring on likelihood and impact.

What FilingPro brings to the engagement

Section 138 Mandatory Triggers Tracked

Paid-up capital ≥ ₹50 crore, turnover ≥ ₹200 crore, borrowings ≥ ₹100 crore, deposits ≥ ₹25 crore — Section 138 thresholds tracked quarterly so Chennai entities never miss the appointment trigger.

Risk-Based Audit Methodology

Every engagement starts with a risk universe build, inherent versus residual risk scoring and Audit Committee-presentable heat map — high-risk areas get deep ToE, low-risk areas get analytical review. No checklist tick-box.

COSO 2013 Five Components Mapped

Control Environment, Risk Assessment, Control Activities, Information & Communication, Monitoring — every key control mapped to the COSO component for Chennai listed and Section 138 entities.

What St Thomas Mount clients usually ask next: For St Thomas Mount engagements specifically — for St Thomas Mount IT-services firms managing export-LUT cycles alongside payroll and TDS.

Glossary

Plain-English glossary for this service

Internal Audit Report

Form Internal Audit Report is the statutory form prescribed for internal audit engagements under the applicable Act. It carries the information set required by the prescribed authority and follows the timeline set by the relevant section or rule.

Section 138

Form Section 138 is the statutory form prescribed for internal audit engagements under the applicable Act. It carries the information set required by the prescribed authority and follows the timeline set by the relevant section or rule.

Risk Matrix

Form Risk Matrix is the statutory form prescribed for internal audit engagements under the applicable Act. It carries the information set required by the prescribed authority and follows the timeline set by the relevant section or rule.

Companies Section 138

Companies Section 138 is the operative provision of the Companies Act that governs internal audit in the present context. It sets the substantive obligation, the procedural pathway and the consequences of non-compliance.

materiality threshold

materiality threshold is a recurring compliance risk in internal audit engagements. Identifying it early in the workflow lets the practitioner mitigate the exposure before it ripens into an adverse statutory consequence.

control gap reporting

control gap reporting is a recurring compliance risk in internal audit engagements. Identifying it early in the workflow lets the practitioner mitigate the exposure before it ripens into an adverse statutory consequence.

board-level reporting

board-level reporting is a recurring compliance risk in internal audit engagements. Identifying it early in the workflow lets the practitioner mitigate the exposure before it ripens into an adverse statutory consequence.

Cost of Non-Compliance

Real-world penalty exposure

Numerical examples showing tax + interest + penalty across common default scenarios.

ScenarioBase taxInterestPenaltyTotal
Company in {{area_name}} crosses the Rule 13 turnover threshold but fails to appoint an internal auditor for the yearNot applicableNot applicableRupees 10,000 plus rupees 1,000 per day of continuing defaultUp to rupees 2,00,000 for the company and rupees 50,000 for each officer in default
Statutory auditor reports adversely under CARO 2020 paragraph 3(xiv) that no internal audit system exists in a {{area_name}} companyNot applicableNot applicableNo direct monetary penalty; adverse audit comment on recordIndirect cost - illustrative rupees 15-40 lakh in higher lender spreads and lost bids
Inventory misappropriation goes undetected for a year in a {{area_name}} manufacturer with weak segregation of dutiesNot applicableNot applicableIllustrative direct inventory loss of rupees 22 lakhIllustrative rupees 22 lakh loss plus remediation cost
TDS short-deduction on vendor payments surfaces late because no internal audit reviewed the process in a {{area_name}} firmRupees 6,00,000 (tax short-deducted)Rupees 1,08,000 interest under Section 201(1A) of the Income-tax Act 1961Disallowance and Section 271C exposureIllustrative rupees 7,08,000 plus disallowance risk
Input tax credit mismatch accumulates over four quarters due to no process control in a {{area_name}} trading companyRupees 4,50,000 (ITC reversed)Rupees 81,000 interest under Section 50 of the CGST Act 2017Rupees 45,000 penalty (illustrative 10% under Section 73)Illustrative rupees 5,76,000
Vendor-master and payroll ghosting drains funds in a {{area_name}} services company lacking maker-checker controlsNot applicableNot applicableIllustrative fraud loss of rupees 18 lakh over the yearIllustrative rupees 18 lakh plus forensic and recovery cost

How St Thomas Mount businesses typically avoid these: For St Thomas Mount engagements specifically — the cluster of hospitality, aviation, logistics businesses that defines St Thomas Mount's commercial fabric; for St Thomas Mount IT-services firms managing export-LUT cycles alongside payroll and TDS.

By Industry

Industry-specific patterns in St Thomas Mount

How the local trade mix shapes this — In St Thomas Mount, the cluster of hospitality, aviation, logistics businesses that defines St Thomas Mount's commercial fabric.

Retail chains
Common issue: For multi-outlet retail chains across Chennai, internal-audit weakness clusters in cash handling, inventory and inter-store transfers. Practices differ store to store, daily cash reconciliation is inconsistent, and stock differences are written off without root-cause analysis, masking shrinkage and pilferage. Point-of-sale discounts and returns are not independently reviewed, and inter-store transfers move goods without tight documentation, so headquarters cannot compare store performance reliably. Once turnover crosses the Rule 13 limb the retail company falls under Section 138, and a functioning internal audit becomes the main tool to standardise controls and give the audit committee a comparable, store-level view of risk.
How we handle it: Embed a rotational store-audit programme in the risk-based internal audit plan covering daily cash reconciliation, POS discounts and returns, shrinkage and inter-store transfers. Score every store on a common control checklist so results are comparable and feed the operations review. Require documented approvals for transfers and investigate shrinkage above threshold for root cause rather than writing it off. Escalate repeat exceptions to the audit committee with a follow-up tracker under Section 177. Tighten discount and return authorisation at the POS, and review two or three outlets in depth each cycle, standardising controls and narrowing unexplained shrinkage without punitive statutory exposure.
Construction
Common issue: Chennai's construction and infrastructure firms carry internal-audit risk in project billing, subcontractor management and material control. Cost overruns surface late because measurement books, running-account bills and retention accounting are reviewed only after subcontractors are certified and paid. Change orders may exceed authority limits, material issued to site is not reconciled to consumption, and over-certification of quantities drains cash. Multiple concurrent sites make consolidated control difficult. As contract turnover crosses Rule 13 thresholds, Section 138 applies, and the board needs independent assurance over project costs before the statutory audit and before the internal financial controls opinion under Section 143(3)(i).
How we handle it: Scope the internal audit around the measurement-book-to-running-account-bill trail, subcontractor rate approvals, retention accounting and site material reconciliation. Re-perform certified quantities on a sample before payment and trace change orders to authority limits fixed in the internal audit charter. Reconcile material issued to consumption at major sites and flag variances for investigation. Introduce a pre-certification checklist so over-certification is caught before payment, and report project-level findings to the audit committee with a closure tracker under Section 177. Align the controls with internal financial controls over financial reporting so cost discipline improves and the board can support a clean Section 143(3)(i) position at year-end.
Manufacturing
Common issue: In Chennai's auto-ancillary and engineering units, the recurring internal-audit weakness sits in the procure-to-pay and inventory cycle. The three-way match between purchase order, goods-receipt-note and vendor invoice is often done manually, and the stores supervisor may both receive material and approve issue, collapsing segregation of duties. Bill-of-material consumption is not reconciled to production output, so scrap and rejection become a cover for leakage. Capital work-in-progress lingers uncapitalised, distorting depreciation. Because turnover here frequently crosses the Rule 13 two-hundred-crore limb, Section 138 applies, yet many first-time-covered private companies run the year without a formal internal auditor and are exposed at CARO 2020 paragraph 3(xiv) reporting.
How we handle it: Build a risk-based internal audit plan that prioritises procure-to-pay, stores and BOM-to-output reconciliation. Separate goods-receipt booking, invoice posting and payment release across three roles, and enforce three-way match with tolerance bands in the ERP. Introduce a monthly capital work-in-progress ageing review so assets capitalise once trial runs are documented. Reconcile standard versus actual consumption every month and investigate scrap above threshold. Report exceptions to the audit committee under Section 177 with a follow-up tracker, and map the coverage to internal financial controls over financial reporting so the findings support the Section 143(3)(i) opinion. Run walkthrough and re-performance tests each quarter as the Standards on Internal Audit envisage.
IT/ITES
Common issue: For Chennai's IT and ITES firms on the OMR and Guindy corridors, the internal-audit hotspot is the revenue cycle. Time-and-material and fixed-price contracts are billed off spreadsheets maintained by delivery managers, with no independent link between effort-tracking systems and revenue postings, so unbilled revenue and percentage-of-completion estimates are error-prone. Access controls over billing systems are loose, and the same person may raise and approve invoices. Master service agreements and statements of work are not always reconciled to actual billing, and foreign-currency receipts with their FIRC and SOFTEX compliance add another control layer. These weaknesses threaten the Section 143(3)(i) internal financial controls opinion and expose revenue-recognition assertions at the statutory audit.
How we handle it: Scope the internal audit around order-to-cash: walk through contract setup, effort capture, billing, unbilled revenue and collections. Integrate the effort-tracking tool with finance so revenue is not keyed from spreadsheets, and enforce segregation between delivery and revenue posting. Reconcile master service agreements and statements of work to billed amounts monthly, and reconcile foreign receipts to SOFTEX and FIRC records. Test a sample of milestone invoices against underlying evidence each quarter and rate findings by risk for the audit committee. Document the redesigned controls in the internal audit charter so they map cleanly to internal financial controls over financial reporting and reduce the risk of a modified Section 143(3)(i) comment.
NBFC/Finance
Common issue: Chennai's non-banking finance companies lending against gold, vehicles and small-business receivables face internal-audit risk concentrated in loan origination, income recognition and asset classification. Branch-level KYC and loan-to-value discipline slip under volume pressure, overrides are undocumented, and interest income may be recognised on accounts that should be non-performing. Cash handling at branches and reconciliation of collections to the loan-management system are perennial weak points. Because listed NBFCs are always covered and larger unlisted ones cross Rule 13 thresholds, Section 138 applies, and regulators and lenders read the internal audit function as a proxy for governance quality, making a weak or ignored function costly.
How we handle it: Design a rotational branch internal audit covering KYC completeness, loan-to-value adherence, override authorisation, income recognition and asset classification against the ageing register. Re-perform valuations on a sample and reconcile daily collections to the loan-management system and bank. Maintain an override register reviewed by the audit committee, and escalate repeat branches for re-verification with a closure tracker. Test asset-classification logic before each statutory audit so provisioning is corrected early. Anchor reporting to Section 177 oversight and align the control set with internal financial controls over financial reporting, giving the board independent evidence for the directors' responsibility statement and steadying the overdue book.
Case Studies

Anonymised engagements we have handled

Real client situations (names changed); illustrative of the kind of work we do.

Process standardisationRetail chains

Store-level internal audit standardised cash and inventory controls for a {{area_name}} retail chain

Issue: A retail chain in {{area_name}} operating a dozen outlets had inconsistent cash-handling, stock-transfer and shrinkage practices across stores, and headquarters could not compare store performance reliably. Recurring stock differences were being written off without root-cause analysis.
Approach: A rotational store-audit programme was built into the risk-based internal audit plan, covering daily cash reconciliation, inter-store transfers, damage and shrinkage. Each store was scored on a common control checklist, and repeat exceptions were escalated to the audit committee with a follow-up tracker.
Outcome: Store control scores became comparable and part of the operations review; unexplained shrinkage narrowed after tighter transfer documentation, and two outlets with persistent cash variances were reviewed in depth, recovering discipline without any punitive statutory exposure.
Rule 13 applicabilityManufacturing

Section 138 applicability review triggered first-time internal audit for a {{area_name}} auto-components maker

Issue: An auto-components manufacturer in {{area_name}} crossed a turnover of roughly rupees two hundred and twenty crore for the first time but had never appointed an internal auditor. The finance head was unsure whether Section 138 applied to a private company and feared an adverse CARO 2020 paragraph 3(xiv) comment at the coming statutory audit.
Approach: We ran a Rule 13 applicability test against the preceding year's turnover and borrowings, confirmed the company was covered as a private company on the turnover limb, and helped the Board pass the appointment resolution and approve an internal audit charter. A risk-based plan was drawn under the ICAI Framework Governing Internal Audits, prioritising procure-to-pay and inventory.
Outcome: The internal auditor was appointed within the financial year, the audit committee approved a quarterly reporting cadence, and the statutory auditor recorded a clean CARO 2020 paragraph 3(xiv) comment confirming an internal audit system commensurate with size and nature of business.
Risk-based planningIT/ITES

Risk-based internal audit tightened revenue-cycle controls for a {{area_name}} IT services company

Issue: A mid-size IT services company in {{area_name}} recognised revenue on time-and-material and fixed-price contracts through spreadsheets maintained by project managers, with no independent check before postings. The audit committee wanted assurance ahead of the Section 143(3)(i) internal financial controls opinion.
Approach: We built a risk-based internal audit plan focused on the order-to-cash cycle, performed walkthroughs of contract billing, effort capture and unbilled revenue, and tested a sample of milestone-based invoices against underlying evidence. Segregation of duties between project delivery and revenue posting was redocumented in the internal audit charter.
Outcome: Fourteen control gaps were logged and closed within one quarter; unbilled revenue reconciliation became a monthly control owned by finance; the statutory auditor issued an unqualified internal financial controls opinion under Section 143(3)(i) at year-end.
Financial controlsNBFC/Finance

Loan-portfolio internal audit surfaced KYC and provisioning gaps at a {{area_name}} NBFC

Issue: A non-banking finance company in {{area_name}} lending against gold and small-business receivables found its overdue book rising while branch-level documentation looked complete on paper. The board suspected process drift in loan origination and asset classification but lacked independent evidence.
Approach: The internal audit was scoped around origination KYC, loan-to-value discipline, income recognition and asset classification. Branch files were sampled, valuation slips re-performed, and the asset-classification logic tested against the ageing register. Findings were rated by risk and reported to the audit committee under Section 177.
Outcome: Eleven branches were flagged for KYC re-verification, the loan-to-value override register was activated, and provisioning was corrected before the statutory audit, avoiding a modified internal financial controls comment and steadying the overdue trend over two quarters.

Why these St Thomas Mount engagements look the way they do: For St Thomas Mount engagements specifically — the cluster of hospitality, aviation, logistics businesses that defines St Thomas Mount's commercial fabric; for St Thomas Mount IT-services firms managing export-LUT cycles alongside payroll and TDS.

Client Reviews

What St Thomas Mount Clients Say

Ramkumar S
Internal Audit
“FilingPro took over our Section 138 internal audit when we crossed the ₹200 crore turnover threshold. They built the risk universe in three weeks, walked through every cycle and the first quarterly Audit Committee pack was ready inside 60 days. SIA-compliant work product, no fluff.”
2 weeks agoVerified Client
Priya N
Internal Audit
“Our listed entity needed ICFR testing aligned with the ICAI Guidance Note 2015 — FilingPro mapped every key control to the COSO components, ran ToD and ToE with statistical sampling and the IFC documentation cleared the statutory auditor's review without a single rework. Excellent depth.”
1 month agoVerified Client
Sundar M
Internal Audit
“Independent internal audit on procurement and inventory cycles for our Chennai manufacturing unit. They identified a vendor SOD conflict that had been open for two years and a slow-moving inventory provision shortfall — both quantified and remediated within the quarter. Real value, not a tick-box exercise.”
3 months agoVerified Client
Divya K
Internal Audit
“Switched to FilingPro after a Big-Four practice quoted three times the fee for our private limited company internal audit. Same SIA framework, same quality reports, fraction of the cost — and the partner attends every Audit Committee meeting. Highly recommended for SME boards.”
6 weeks agoVerified Client
Venkatesh P
Internal Audit
“ITGC review of our Oracle ERP environment — access management, change management, SOD conflict matrix, privileged user recertification. FilingPro's IT auditor knew Oracle role profiles cold. Findings drove three months of remediation and our SOX-grade documentation is now audit-ready.”
2 months agoVerified Client
Lalitha B
Internal Audit
“Section 143(12) fraud reporting concern surfaced through our whistleblower line. FilingPro investigated the case under SIA 240 protocols, documented evidence, presented findings to the Audit Committee under Section 177(9) and the matter was closed without any reportable fraud. Discreet and professional handling.”
1 month agoVerified Client
4.9
312+ reviews
500+
Active Clients
15+
Years Exp
5★
4★
3★
Common Questions

Internal Audit FAQ — St Thomas Mount

Common questions from St Thomas Mount clients. Call 9566-068-468 for specific queries.

Under Section 138(1), the Board of Directors appoints the internal auditor on the recommendation of the Audit Committee where one is constituted under Section 177. For listed companies and Section 138 entities meeting Rule 6 thresholds, an Audit Committee is mandatory. Section 177(4) requires the Audit Committee to review the internal auditor's appointment, scope, frequency and findings. The internal auditor reports functionally to the Audit Committee and administratively to the CFO/MD.
ICAI has notified Standards on Internal Audit numbered SIA 110 to SIA 740. Key standards — SIA 140 (Governance), SIA 220 (Conducting Overall Internal Audit), SIA 230 (Objectives), SIA 240 (Using Work of Other Experts), SIA 250 (Communicating with Stakeholders), SIA 320 (Evidence), SIA 360 (Communication with Management), SIA 510 (Internal Audit Documentation), SIA 530 (Third Party Confirmations), SIA 610 (Reporting), SIA 740 (Quality Assurance). All Section 138 audits must comply with the SIA framework.
Yes — we handle Internal Audit for individuals and businesses across St Thomas Mount (PIN 600016) and nearby Guindy. The work is done end-to-end by our own team, with documents collected online over WhatsApp or email and in-person meetings available at our Maduravoyal and Nerkundram offices. Call 9566-068-468 to begin.
Inventory audit covers — physical stock verification per Section 35 CGST Act and Schedule III balance sheet disclosure requirements, perpetual inventory accuracy, valuation under AS 2 / Ind AS 2 (lower of cost or NRV), slow-moving and non-moving identification, scrap accounting, inter-warehouse transfers under e-way bill, GST input on stock transfers, cycle count programmes, FIFO/weighted average consistency, and shrinkage analysis. Year-end physical count attendance by internal audit is standard.
Testing of Design (ToD) evaluates whether a control, if operating as documented, would prevent or detect a material misstatement — done through walkthroughs, process narratives and inspection of single instances. Testing of Operating Effectiveness (ToE) evaluates whether the control consistently operated over the period — done through sample-based reperformance, observation and inspection of multiple instances. Both are required under ICAI Guidance Note on IFC 2015 to express an opinion on IFC adequacy.
Not sure whether Internal Audit applies to you? Call 9566-068-468 and describe your situation — we will tell you plainly whether you need it, when, and what it involves, before you spend anything. Many St Thomas Mount enquiries start exactly this way.
Revenue cycle audit covers — customer master maintenance, credit limit approval, sales order to dispatch, invoicing, GST compliance, debtor ageing, credit note issuance, e-invoicing under Notification 10/2023, revenue recognition under Ind AS 115 / AS 9, revenue cut-off at period-end, related-party sales identification under Section 188, channel financing entries, deferred revenue tracking and reconciliation of GSTR-1 with books. Revenue is normally a high inherent risk cycle attracting deep ToE testing.
Fixed asset audit covers — capex authorisation against approved budget, capitalisation cut-off, useful life under Schedule II of the Companies Act 2013, depreciation method consistency, physical verification under Schedule III, asset tagging, disposal and scrapping authorisation, capital work in progress (CWIP) ageing, impairment indicators under AS 28 / Ind AS 36, GST input on capital goods under Section 16(3), and asset insurance coverage. Section 129(3) component accounting is tested where applicable.
Call or WhatsApp 9566-068-468 with a one-line description of your requirement. We confirm exactly which documents your St Thomas Mount case needs, share a fixed quote upfront, and start once you approve. The first discussion is free.
A walkthrough is the tracing of one or two transactions from initiation through processing, recording and reporting — touching every control point along the way. It establishes process understanding and validates the design of key controls. Walkthroughs are mandatory for ICFR audits under the ICAI Guidance Note on IFC 2015 and are typically performed at the start of each audit cycle for revenue, procurement, payroll, inventory and fixed asset cycles.
Section 135 of the Companies Act 2013 mandates 2% CSR spend by qualifying companies. Internal audit reviews — applicability computation (net profit under Section 198), CSR Committee constitution and minutes, Schedule VII activity eligibility, implementing agency due diligence (Form CSR-1 registration), unspent amount transfer to Schedule VII fund within 6 months under Section 135(6), ongoing project tracking, impact assessment thresholds (₹10 crore), and Form CSR-2 filing. CSR is a high-disclosure, high-scrutiny area.
We keep payment simple for St Thomas Mount clients — pay digitally by UPI or bank transfer against a proper invoice. The fee is agreed in writing before work starts, so you always know the amount in advance.
Segregation of Duties is the principle that no single individual should have authority over two or more conflicting functions — for example, vendor master creation and vendor payment, or revenue invoicing and customer credit notes. SOD prevents both errors and fraud. Internal audit maps SOD conflicts via SOD matrices typically built around the procurement, revenue, payroll and treasury cycles. ITGC review tests system-enforced SOD through ERP role and authorisation profiles.
Procurement audit covers — vendor onboarding and master maintenance, purchase requisition to PO authorisation matrix, three-way match (PO/GRN/Invoice), vendor SOD with finance, advance payment controls, GST input credit reconciliation with GSTR-2B, TDS deduction under Sections 194C/194J/194Q, related-party purchases under Section 188, e-way bill compliance, capex versus revenue classification, and vendor reconciliation cycles. Vendor master and three-way match are typical key controls tested.
Risk-based audit prioritises audit effort based on the risk register and heat map. The internal auditor builds a risk universe of all business processes, scores each on inherent risk (likelihood × impact), maps existing controls and computes residual risk. High residual risk areas — revenue recognition, vendor onboarding, related-party transactions, IT access — are audited deeper and more frequently. Low residual risk areas are covered with limited testing or analytical review. SIA 230 endorses RBA as the primary engagement design model.
Companies (Auditor's Report) Order 2020 Clause 3(xviii) requires the statutory auditor to consider the internal audit reports of the company while reporting under CARO. Clause 3(xiv) of CARO 2020 specifically requires the auditor to state whether the company has an internal audit system commensurate with its size and nature of business and whether the reports of the internal auditor for the period under audit were considered. Strong internal audit work directly supports CARO sign-off.
Internal Audit near St Thomas Mount:

We serve businesses in every part of St Thomas Mount, from Krishnasamy Street, Lake View Road, Grand Southern Trunk Road, Inner Ring Road (Southern Sector) and Mount - Medavakkam Road to the St Thomas Mount Subway, Station Road, Thillaiganga Nagar Subway and 2nd Main Road commercial pockets, with Internal Audit handled end to end.

Free Consultation Available

Ready for Expert Internal Audit in St Thomas Mount?

Professional Internal Audit in St Thomas Mount, Chennai. Call @ 9566-068-468. Offices at Maduravoyal, Nerkundram & Nolambur (upcoming). 15+ years experience, 4.9★ rated.

From ₹15,000/quarterly
15+ years experience
Zero penalties guaranteed
Maduravoyal · Nerkundram · Nolambur (upcoming)
Call Now WhatsApp