Audit · overview
Types of audit in India, mapped in one table.
Statutory, tax, internal, cost, stock, GST, forensic, secretarial — each audit has a different trigger, a different governing law, and often a different professional who can sign it. Here's the map, with links to the deep-dive on each.
- Reviewed July 2026
- 7 min read
- CA Anil Agarwal & the TatvaBooks team
What "audit" means, and why there isn't just one kind
In everyday usage "audit" gets used loosely for any independent check of records. In Indian practice it is not one thing — it is a family of distinct engagements, each created by a different law (or by no law at all, just a lender or management requirement), each with its own objective, scope, reporting format, and eligible signing professional. A company can be subject to four or five of these in the same financial year, run by different practitioners, on different timelines.
For an articled assistant or a CA-Final student, the confusion is usually not about any one audit — it's about which one applies to a given entity, who is competent to sign it, and how they relate to each other. This page is the map; each audit type below links to its own deep-dive.
Every type of audit in India — applicability and governing law
The table below is ordered roughly by how often a practising CA encounters each one. "Applies to" is the trigger in plain language — always verify the exact current threshold on the relevant portal (MCA, Income Tax, GST, ICAI/ICMAI/ICSI) before advising a client, since these change with amendments almost every year.
| Audit type | Applies to | Governing law |
|---|---|---|
| Statutory audit | Every company, every financial year (no turnover threshold) | Companies Act, 2013 — Section 139 read with Section 143 |
| Tax audit | Business/professional turnover or receipts beyond the prescribed limit | Income-tax Act, 1961 — Section 44AB |
| Internal audit | Listed companies, and other companies/LLPs beyond prescribed size thresholds; voluntary for others as a management control tool | Companies Act, 2013 — Section 138 (mandated cases); otherwise a board/management decision |
| Cost audit | Companies in specified industries (regulated + non-regulated sectors) crossing notified turnover/production thresholds | Companies Act, 2013 — Section 148, read with the Companies (Cost Records and Audit) Rules |
| Stock audit | Businesses with working-capital/cash-credit limits from a bank, at the bank's periodic requirement; also used internally for inventory control | Not a statute-mandated audit — required by lender covenant (RBI prudential norms indirectly drive bank policy) or by internal management decision |
| GST audit / GST-related certification | GST-registered persons — self-certified reconciliation via annual return; departmental audit can be initiated by GST authorities under their audit powers | CGST Act, 2017 — Sections 35(5)/44 (annual return and reconciliation framework) and Section 65/66 (departmental and special audit) |
| Forensic audit | Triggered by suspected fraud, lender-directed investigation, regulatory referral, or a specific management/board mandate — not a routine annual audit | No single governing statute — scope is engagement-specific; findings may feed into Companies Act, PMLA, or banking-fraud proceedings |
| Secretarial audit | Every listed company, and other companies crossing the prescribed paid-up capital/turnover thresholds | Companies Act, 2013 — Section 204, conducted by a practising Company Secretary (not a Chartered Accountant) |
| Concurrent / bank audit | Bank branches meeting the RBI-prescribed business-size criteria for concurrent audit coverage | RBI guidelines to banks on concurrent audit systems — not a Companies Act or Income-tax Act audit |
Verify the current turnover limits, thresholds and applicable forms on the MCA, Income Tax and GST portals — several of these change every Finance Act or notification cycle, and quoting a stale figure to a client is a real risk.
How to tell which audit a client needs
A quick decision sequence that covers most practice situations:
- Is it a company? Statutory audit is automatic — no threshold. Check separately whether it also crosses the internal-audit and secretarial-audit size thresholds.
- Is it any business or profession — company or not? Check turnover/gross receipts against the Section 44AB tax audit threshold. This is independent of the statutory audit answer.
- Is it GST-registered? The annual-return/reconciliation requirement under Sections 35(5)/44 applies on its own thresholds; a departmental audit under Sections 65/66 can be initiated separately by the tax authority regardless of size.
- Does it have bank working-capital limits? Expect a stock audit requirement from the lender, on the bank's schedule — this is a covenant, not a statute.
- Is it in a cost-audit-notified industry? Check the Section 148 rules and notified thresholds separately from the statutory audit.
- Is there a fraud allegation, lender concern, or regulatory referral? That's a forensic audit — scoped by engagement letter, not by a standard statute or standard format.
None of these are mutually exclusive. A mid-sized manufacturing company can simultaneously need a statutory audit, a tax audit, an internal audit, a cost audit and a stock audit for its bank — five separate engagements, five separate reports, in the same year.
Practical notes for a practising CA
- Independence rules differ by engagement. The same firm can often do statutory audit and tax audit for the same client (subject to Companies Act ceiling-on-audits rules), but internal audit and statutory audit for the same entity in the same year is restricted under Section 138/144 — check the current restriction before accepting both.
- Not every audit is a CA's domain. Cost audit needs a Cost Accountant; secretarial audit needs a Company Secretary. Referring these out correctly, rather than assuming a CA firm can sign everything, avoids a defective report.
- "No statute" doesn't mean "no standard." Stock audits and forensic audits aren't mandated by a single law, but ICAI guidance and standard audit practices (evidence, documentation, working papers) still apply — treat them with the same rigour as a statutory engagement.
- Reporting formats vary sharply. A statutory audit report follows SA 700 formats and CARO 2020 (for companies); a tax audit report is Form 3CA/3CB with Form 3CD; a forensic audit report has no prescribed format at all and is drafted to the engagement's terms of reference.
Books that hold up under any of these audits
Whichever audit a client faces next, the starting point is the same: books that are GST-correct at the point of entry, a clean trial balance, and an audit trail you can actually follow. TatvaBooks keeps double-entry books with GSTR-2B reconciliation, Schedule III-ready statements and an append-only activity log built in — so when the statutory auditor, tax auditor or bank's stock auditor walks in, the evidence trail is already there rather than reconstructed at year-end.
See TatvaBooks for Chartered Accountants or pricing for firm and practice plans.
Frequently asked questions
What are the main types of audit in India?
What is the difference between statutory audit and internal audit?
Is tax audit the same as statutory audit?
Does every business need a GST audit?
Who can perform a cost audit or a secretarial audit?
Read next
Keep going.
Go deeper on each type
Related framework
For your practice
Built for CA practices · India-hosted
Books that are ready before the auditor walks in.
GST-correct entries, GSTR-2B reconciliation and an append-only trail from day one — so every audit on this page starts from clean data.