Statutory Audit vs Internal Audit: Key Differences, Purpose and Benefits (2026)
Reviewed by CA Pritam Sharma, Chartered Accountant | ICAI Member • Last Updated: June 2026
Direct answer: A statutory audit is a legally mandatory, independent examination of a company's financial statements conducted by an external Chartered Accountant under the Companies Act, 2013, to confirm they show a true and fair view. An internal audit is a continuous, in-house evaluation of a company's internal controls, processes and risk management, made mandatory only for certain classes of companies under Section 138. The core difference: a statutory audit is required for every company and reports to shareholders, while an internal audit is conditional, ongoing, and reports to the Board or Audit Committee.
Indian companies routinely confuse these two audits, yet they serve very different masters. One satisfies the law and protects shareholders; the other strengthens the business from the inside. Below, EasyTax breaks down what each audit is, who must conduct it, the exact legal provisions involved, and how they work together under the Companies Act, 2013.
What Is a Statutory Audit?
A statutory audit is a mandatory, independent examination of a company's financial statements, accounting records, and supporting documents to verify that they present a true and fair view of the company's financial position. The word "statutory" means it is required by law, not by management choice.
Its primary objective is to give shareholders, regulators, lenders and other stakeholders an unbiased opinion on whether the company's accounts comply with applicable accounting standards and are free from material misstatement. The statutory auditor expresses this opinion in a formal audit report.
The legal requirement flows from Section 139 of the Companies Act, 2013, which mandates that every company appoint an auditor, and Section 143, which lays out the powers and duties of that auditor. A statutory audit must be performed by a practising Chartered Accountant or a firm of Chartered Accountants registered with the Institute of Chartered Accountants of India (ICAI). The auditor must remain independent of the company's management.
What Is an Internal Audit?
An internal audit is a continuous, independent evaluation of a company's internal controls, operational processes, compliance systems and risk management framework. Unlike a statutory audit, it is not primarily concerned with certifying financial statements; instead, it examines how well the business runs and where it is exposed to risk or inefficiency.
The purpose of an internal audit is to help the Board of Directors and management identify weaknesses, detect fraud early, improve operational efficiency, and ensure the company complies with the laws and policies that apply to it. It is a tool of corporate governance rather than a statutory certification.
Internal audits assess risk management by mapping where the company is most vulnerable, financially and operationally, and recommending controls to mitigate those risks. They also drive operational efficiency by flagging redundant processes, weak approval chains, and gaps in documentation. The internal audit is governed by Section 138 of the Companies Act, 2013, read with Rule 13 of the Companies (Accounts) Rules, 2014.
What Is the Difference Between Statutory Audit and Internal Audit?
The fundamental difference is one of purpose and authority: a statutory audit is an external legal obligation that reports to shareholders, while an internal audit is an internal management function that reports to the Board. The table below sets out the key distinctions.
| Basis | Statutory Audit | Internal Audit |
|---|---|---|
| Meaning | Legally required audit of financial statements | Internal review of controls, processes and risk |
| Objective | Verify true and fair view of accounts | Improve controls, efficiency and risk management |
| Applicability | Every company registered in India | Specified companies meeting Section 138 thresholds |
| Mandatory nature | Always mandatory | Mandatory only above prescribed limits |
| Scope | Financial statements and statutory compliance | Operations, controls, compliance and risk |
| Reporting authority | Shareholders / members | Board of Directors / Audit Committee |
| Frequency | Annual | Continuous / periodic (as decided by Board) |
| Auditor appointment | Appointed by shareholders under Section 139 | Appointed by the Board under Section 138 |
| Legal requirement | Sections 139 & 143, Companies Act, 2013 | Section 138 & Rule 13, Companies (Accounts) Rules, 2014 |
| Auditor eligibility | Practising Chartered Accountant only | CA, Cost Accountant, or professional decided by Board |
| Focus area | Accuracy and legal compliance of accounts | Internal efficiency, fraud prevention, governance |
Is Statutory Audit Mandatory in India?
Yes. A statutory audit is mandatory for every company incorporated in India, irrespective of its size, turnover, profit, or nature of business. This includes private limited companies, public companies, one-person companies, and Section 8 (non-profit) companies.
The obligation arises from Section 139 of the Companies Act, 2013, which requires every company to appoint an auditor at its first Annual General Meeting to hold office for five years, subject to ratification rules. Section 143 then defines the auditor's powers and duties, including the right to access all books of account and the duty to report on the truth and fairness of the financial statements. Because the requirement is unconditional, even a dormant company or a newly incorporated company with no revenue must have its accounts statutorily audited. The audited financial statements are filed with the Registrar of Companies as part of the company's annual filing.
Is Internal Audit Mandatory Under the Companies Act, 2013?
Internal audit is mandatory only for specific classes of companies that cross the thresholds prescribed under Section 138 of the Companies Act, 2013, read with Rule 13 of the Companies (Accounts) Rules, 2014. It is not required for every company.
The following companies must appoint an internal auditor:
- All listed companies — internal audit is mandatory regardless of size.
- Every unlisted public company that, during the preceding financial year, had any one of: paid-up share capital of ₹50 crore or more; turnover of ₹200 crore or more; outstanding loans or borrowings from banks or public financial institutions exceeding ₹100 crore at any point; or outstanding deposits of ₹25 crore or more at any point.
- Every private company that, during the preceding financial year, had either: turnover of ₹200 crore or more; or outstanding loans or borrowings from banks or public financial institutions exceeding ₹100 crore at any point.
The limits are tested against the preceding financial year. An existing company that newly falls within these criteria must comply within six months. There is no separate penalty clause in Section 138, so non-compliance attracts the general penalty under Section 450 of the Companies Act, 2013.
Who Conducts Statutory and Internal Audits?
A statutory audit must be conducted by an independent, practising Chartered Accountant or an audit firm registered with the ICAI. The auditor is appointed by the shareholders under Section 139 and cannot have a financial or managerial interest in the company, preserving independence. For larger and public-interest entities, the auditor's work is also overseen by the National Financial Reporting Authority (NFRA), which monitors compliance with auditing standards.
An internal audit may be conducted by a Chartered Accountant, a Cost Accountant, or any other professional decided by the Board. The internal auditor may be an employee of the company or an external audit firm engaged for the purpose. Crucially, under Section 144 of the Companies Act, the company's statutory auditor cannot also serve as its internal auditor, to avoid a conflict of interest.
On the appointment process: the statutory auditor is appointed by members in a general meeting, while the internal auditor is appointed by the Board of Directors, which also formulates the scope and methodology in consultation with the auditor and the Audit Committee.
What Are the Benefits of Statutory Audit?
A statutory audit delivers value well beyond ticking a legal box:
- Regulatory compliance: It satisfies the mandatory requirement under the Companies Act, 2013, avoiding penalties and director disqualification.
- Transparency: An independent opinion assures stakeholders that the accounts are not manipulated.
- Investor confidence: Audited statements are trusted by investors, lenders and banks when assessing the company for funding or credit.
- Financial accuracy: The audit detects misstatements, errors and accounting irregularities before they reach the public record.
What Are the Benefits of Internal Audit?
An internal audit is one of the most underused tools for strengthening a business:
- Fraud prevention: Continuous monitoring helps catch fraud and misappropriation early, before losses escalate.
- Risk management: It identifies financial, operational and compliance risks and recommends controls to mitigate them.
- Better controls: Weak approval chains, poor segregation of duties and gaps in documentation are flagged and fixed.
- Process improvement: By reviewing operations objectively, internal audit drives efficiency and reduces waste.
Can a Company Have Both Statutory and Internal Audits?
Yes, and for many companies both are legally required and operationally complementary. A statutory audit looks backward at the accuracy of the year's financial statements; an internal audit looks forward and inward at how the business runs and where it is exposed to risk.
The two reinforce each other. A strong internal audit function improves the quality of records and internal controls, which in turn makes the statutory audit smoother and more reliable. Conversely, statutory audit findings can highlight areas the internal audit team should monitor more closely. Good corporate governance treats them not as duplication but as two layers of assurance, one external and legal, one internal and managerial, that together protect shareholders and strengthen the company.
What Are the Common Mistakes Businesses Make During Audits?
Avoiding these recurring errors makes any audit faster and less stressful:
- Poor documentation: Missing invoices, contracts and approvals slow the audit and raise red flags.
- Weak internal controls: Lack of segregation of duties and approval gaps increase the risk of error and fraud.
- Delayed compliance: Late appointment of auditors or late filings invite penalties under the Companies Act, 2013.
- Non-reconciliation: Books that don't reconcile with bank statements, GST returns and TDS records cause discrepancies that auditors must investigate.
Summary Table
| Quick Comparison | Statutory Audit | Internal Audit |
|---|---|---|
| Required for | All companies | Companies above Section 138 limits |
| Governed by | Sec 139 & 143 | Sec 138 + Rule 13 |
| Conducted by | Practising CA only | CA / CMA / Board-decided professional |
| Reports to | Shareholders | Board / Audit Committee |
| Frequency | Annual | Continuous / periodic |
Frequently Asked Questions
What is the difference between statutory audit and internal audit?
A statutory audit is a legally mandatory annual examination of financial statements by an external Chartered Accountant that reports to shareholders. An internal audit is a continuous review of internal controls, processes and risk that reports to the Board and is required only for companies crossing Section 138 thresholds.
Is internal audit compulsory for private companies?
No, internal audit is not compulsory for all private companies. It is mandatory only when a private company had turnover of ₹200 crore or more, or outstanding loans or borrowings from banks or public financial institutions exceeding ₹100 crore, during the preceding financial year, as per Section 138 read with Rule 13.
Who appoints statutory auditors?
Statutory auditors are appointed by the shareholders (members) of the company in a general meeting under Section 139 of the Companies Act, 2013, generally to hold office for a term of five years.
Can the same auditor perform both audits?
No. Under Section 144 of the Companies Act, 2013, a company's statutory auditor is prohibited from providing internal audit services to the same company, its holding company, or its subsidiary, in order to preserve independence.
What is Section 138 of the Companies Act?
Section 138 of the Companies Act, 2013 deals with internal audit. It empowers the Central Government to prescribe classes of companies that must appoint an internal auditor (a Chartered Accountant, Cost Accountant, or other professional decided by the Board) to evaluate the company's functions and activities.
Which audit is conducted annually?
The statutory audit is conducted annually, covering each financial year's accounts. An internal audit is conducted continuously or periodically at intervals decided by the Board, rather than on a fixed annual cycle.
Need help with your company audit?
EasyTax's Chartered Accountants handle statutory audits, internal audits and full ROC compliance, accurately and on time.
Reviewed by CA Pritam Sharma
Chartered Accountant | ICAI Member. CA Pritam Sharma specialises in statutory and internal audit, Companies Act compliance and corporate governance for Indian businesses. Last Updated: June 2026.
Sources: Companies Act, 2013; Companies (Accounts) Rules, 2014; Ministry of Corporate Affairs (MCA); Institute of Chartered Accountants of India (ICAI); National Financial Reporting Authority (NFRA). This article is for general information and not a substitute for professional advice.