Skip to main content

Audit · Companies Act, 2013

Section 143 of the Companies Act, 2013 — the auditor's powers and duties, explained.

What Section 143 actually requires of a statutory auditor: access rights, inquiry duties, the audit report, fraud reporting under 143(12), and how it sits alongside the audit trail rule and rotation under 139(2).

  • Reviewed July 2026
  • 9 min read
  • CA Anil Agarwal & the TatvaBooks team

What Section 143 is

Section 143 of the Companies Act, 2013 is the provision that defines what a statutory auditor is actually required to do once appointed under Section 139. Appointment tells you who the auditor is; Section 143 tells you what the audit must cover — the auditor's right of access to records, the specific matters to inquire into, what the audit report must state, and two obligations that carry real consequence for a practising CA: reporting suspected fraud under Section 143(12), and (via the Rules made under the Act) commenting on the client's audit trail.

It sits inside Chapter X of the Act (Audit and Auditors), alongside the sections on appointment, rotation, removal, eligibility, remuneration and the bar on non-audit services — Sections 139 to 148. Treat 143 as the operating core of that chapter and the rest as the boundary conditions around it.

What Section 143 requires, in plain terms

  • Right of access [143(1)] — every auditor has a right of access at all times to the books of account and vouchers of the company, at its registered office or elsewhere, and is entitled to require information and explanations from officers as necessary for the audit.
  • Specific inquiries [143(1) proviso] — the auditor must specifically inquire into matters such as whether loans and advances made on the basis of security have been properly secured, whether transactions represented merely by book entries are prejudicial to the company's interests, and whether personal expenses have been charged to revenue account, among the matters listed.
  • The audit report [143(2)–(3)] — the auditor must report to the members on the accounts examined and every financial statement laid before the general meeting, stating whether, in the auditor's opinion, the accounts give a true and fair view, and covering the specific matters listed in Section 143(3) (books properly kept, branch accounts received and dealt with, compliance with accounting standards, observations or qualifications, and more).
  • Fraud reporting [143(12)] — if the auditor has reason to believe an offence involving fraud is being or has been committed against the company by its officers or employees, a reporting obligation is triggered — to the Central Government above a prescribed threshold, or to the Audit Committee/Board below it, within prescribed timelines.
  • CARO reporting — for companies covered by the Companies (Auditor's Report) Order, the auditor's report must additionally address the matters specified in that Order (fixed assets, inventory, statutory dues, related-party transactions, and others), as an annexure to the main report.
  • Branch auditors [143(8)] — where a branch is audited by a person other than the company auditor, that branch auditor prepares a report which the company auditor deals with in the manner considered necessary while forming the overall opinion.

Two connected obligations that a practising CA needs to hold in the same frame as Section 143:

  • The audit trail rule — under the Companies (Accounts) Rules as amended, a company must use accounting software that records an audit trail (edit log) of each transaction, capturing every change with the date, and the audit trail feature must not be disabled. The auditor is required to state in the audit report whether the company has used such a system and whether the audit trail has operated throughout the year and been preserved as required by the retention rules. This makes the client's choice of accounting software an audit-opinion matter, not just an operational preference.
  • Auditor rotation [Section 139(2)] — listed companies and other prescribed classes of companies cannot appoint the same individual auditor for more than one term of five consecutive years, or the same audit firm for more than two terms of five consecutive years each; a cooling-off period applies before re-appointment becomes eligible again. Whether a given company falls in the "prescribed class" depends on notified thresholds of paid-up capital, turnover or borrowings — confirm the current thresholds on the MCA portal rather than assuming last year's figures still apply.

A note on precision: exact monetary thresholds (for fraud reporting, for the prescribed class under rotation), exact rule numbers, and exact filing timelines are set by Rules and notifications under the Act, and these get amended more often than the Act itself. Confirm the current figures on the MCA portal or the ICAI website before relying on them in a signed report.

Quick reference — Sections 139 to 148 at a glance

The audit chapter (Chapter X) in one table, for when you need the section number without opening the bare Act.

Section Covers Key point for practice
139 Appointment of auditors AGM appointment; term till conclusion of the sixth AGM (five-year block) subject to ratification norms in force.
139(2) Mandatory rotation Listed companies and prescribed classes: one individual auditor for one term of 5 years, or one audit firm for two terms of 5 years each, then a cooling-off period.
140 Removal, resignation, special notice Removal before term end needs a special resolution plus prior Central Government approval; a resigning auditor must file Form ADT-3.
141 Eligibility and disqualification Only a CA (or firm of CAs) in practice; bars on holding company securities, indebtedness, and specified business relationships with the company or its officers.
142 Remuneration Fixed in general meeting or in the manner it decides; includes expenses for audit and any permitted services.
143 Powers and duties of auditors Right of access to books and vouchers, inquiry duties, the audit report contents, fraud reporting under 143(12), and CARO reporting.
144 Non-audit services barred The statutory auditor (and its network) cannot render specified services — accounting, internal audit, investment banking, and similar — to the auditee.
145 Signing the audit report Only the person appointed as auditor (or, for a firm, a partner practising in India) may sign.
146 Attendance at general meeting Auditor is entitled to attend and be heard on matters concerning them as auditor, unless exempted by the company.
147 Punishment for contravention Penalties on the company and on the auditor for default, with enhanced consequences where a default is found to be wilful or intended to deceive.
148 Cost audit Central Government may direct maintenance of cost records and cost audit for prescribed classes of companies.

Practical application — what this means on a live engagement

  • Check the software before you check the books. The audit trail requirement means your very first procedure on a new engagement should confirm the client's accounting software logs an edit trail that cannot be switched off, and that history has actually been preserved for the full year — not assumed from the vendor's marketing claim.
  • Document the fraud-reporting threshold check every year. Even a "nil to report" conclusion under 143(12) should be evidenced in the file — that the auditor considered the indicators and found nothing crossing the threshold — because the absence of a fraud report is itself a professional judgement, not a default.
  • Track rotation eligibility as a standing item, not a one-time check. A company can move in or out of the "prescribed class" for rotation as its turnover, borrowings or paid-up capital change year to year — build this into your annual client acceptance/continuance procedure rather than checking it only at the start of an engagement.
  • Keep non-audit services genuinely separate. Section 144's bar extends to the auditor's network entities, which is where firms most often trip — a group entity providing bookkeeping or internal audit to the same client the parent firm statutorily audits is a real independence breach, not a technicality.
  • CARO and 143(3) are not the same list — don't conflate them. Section 143(3) matters go into the main audit report for every company; CARO applies only to companies meeting its criteria and is annexed separately. Mixing the two into one checklist is a common drafting error in smaller firms.

Where TatvaBooks fits

The audit trail rule turns a client's choice of accounting software into something you have to actually verify — not assume. TatvaBooks maintains an append-only activity log on every transaction by design (it cannot be switched off), so when you're forming your opinion on whether the audit trail requirement has been met, the evidence is there natively rather than bolted on. If you're onboarding audit clients onto cloud books this cycle, our for Chartered Accountants page covers practice-side access and multi-client workflows.

Frequently asked questions

What does Section 143 of the Companies Act, 2013 actually cover?
Section 143 sets out the statutory auditor's powers and duties: the right of access at all times to the company's books of account and vouchers, specific matters the auditor must inquire into, what the audit report must state, the auditor's duty to report suspected fraud to the Central Government or the Audit Committee under Section 143(12), and the auditor's obligation to comment on the matters prescribed under CARO. It is the single most-cited section in a statutory audit file for good reason — it defines the scope of what you are required to do, not just what you are appointed to do.
When must an auditor report fraud under Section 143(12)?
If, during the audit, the auditor has reason to believe that an offence involving fraud has been or is being committed against the company by its officers or employees, a reporting obligation is triggered. Above a prescribed monetary threshold the report goes to the Central Government within a prescribed timeline; below that threshold it is reported to the Audit Committee or the Board, and disclosed in the Board's report. The exact threshold and timelines are set by rules issued under the Act — verify the current figures on the MCA portal before applying them, since they are the kind of detail that gets amended.
What is the audit trail rule and who does it apply to?
Under the amended Companies (Accounts) Rules, every company using accounting software to maintain its books must use software that records an audit trail of each transaction, creates an edit log of every change with the date, and does not allow the audit trail to be disabled. The statutory auditor is required to comment, in the audit report, on whether the company has used such software and whether the audit trail has been operated throughout the year and preserved as required. This turns a software/IT question into an audit opinion matter — check the client's accounting system before you sign off, not after.
How does auditor rotation under Section 139(2) work in practice?
For listed companies and other prescribed classes, an individual auditor can hold office for one term of five consecutive years, and an audit firm for two terms of five consecutive years each — after which neither is eligible for reappointment for a cooling-off period of five years. Companies were given a transition window when the Act commenced to comply if they already exceeded these terms. Always check whether a given company falls within the prescribed class (turnover, paid-up capital, borrowings) before assuming rotation applies — the thresholds are notified separately and worth confirming on the MCA portal.
Can the statutory auditor also do the client's internal audit or bookkeeping?
No. Section 144 specifically bars the statutory auditor — and entities in its network — from rendering certain non-audit services to the company it audits, including accounting and bookkeeping, internal audit, and investment banking or investment advisory services, among others. This is an independence safeguard, and CA firms structure their engagements (and sometimes decline mandates) specifically to stay clear of it.

Built for Indian compliance · CA-built

Books your audit trail actually holds up.

An append-only activity log on every transaction, GST-correct at source, and CA-friendly access — see it on a live company.