Skip to main content

Audit · overview

Types of audit in India, mapped in one table.

Statutory, tax, internal, cost, stock, GST, forensic, secretarial — each audit has a different trigger, a different governing law, and often a different professional who can sign it. Here's the map, with links to the deep-dive on each.

  • Reviewed July 2026
  • 7 min read
  • CA Anil Agarwal & the TatvaBooks team

What "audit" means, and why there isn't just one kind

In everyday usage "audit" gets used loosely for any independent check of records. In Indian practice it is not one thing — it is a family of distinct engagements, each created by a different law (or by no law at all, just a lender or management requirement), each with its own objective, scope, reporting format, and eligible signing professional. A company can be subject to four or five of these in the same financial year, run by different practitioners, on different timelines.

For an articled assistant or a CA-Final student, the confusion is usually not about any one audit — it's about which one applies to a given entity, who is competent to sign it, and how they relate to each other. This page is the map; each audit type below links to its own deep-dive.

Every type of audit in India — applicability and governing law

The table below is ordered roughly by how often a practising CA encounters each one. "Applies to" is the trigger in plain language — always verify the exact current threshold on the relevant portal (MCA, Income Tax, GST, ICAI/ICMAI/ICSI) before advising a client, since these change with amendments almost every year.

Audit type Applies to Governing law
Statutory audit Every company, every financial year (no turnover threshold) Companies Act, 2013 — Section 139 read with Section 143
Tax audit Business/professional turnover or receipts beyond the prescribed limit Income-tax Act, 1961 — Section 44AB
Internal audit Listed companies, and other companies/LLPs beyond prescribed size thresholds; voluntary for others as a management control tool Companies Act, 2013 — Section 138 (mandated cases); otherwise a board/management decision
Cost audit Companies in specified industries (regulated + non-regulated sectors) crossing notified turnover/production thresholds Companies Act, 2013 — Section 148, read with the Companies (Cost Records and Audit) Rules
Stock audit Businesses with working-capital/cash-credit limits from a bank, at the bank's periodic requirement; also used internally for inventory control Not a statute-mandated audit — required by lender covenant (RBI prudential norms indirectly drive bank policy) or by internal management decision
GST audit / GST-related certification GST-registered persons — self-certified reconciliation via annual return; departmental audit can be initiated by GST authorities under their audit powers CGST Act, 2017 — Sections 35(5)/44 (annual return and reconciliation framework) and Section 65/66 (departmental and special audit)
Forensic audit Triggered by suspected fraud, lender-directed investigation, regulatory referral, or a specific management/board mandate — not a routine annual audit No single governing statute — scope is engagement-specific; findings may feed into Companies Act, PMLA, or banking-fraud proceedings
Secretarial audit Every listed company, and other companies crossing the prescribed paid-up capital/turnover thresholds Companies Act, 2013 — Section 204, conducted by a practising Company Secretary (not a Chartered Accountant)
Concurrent / bank audit Bank branches meeting the RBI-prescribed business-size criteria for concurrent audit coverage RBI guidelines to banks on concurrent audit systems — not a Companies Act or Income-tax Act audit

Verify the current turnover limits, thresholds and applicable forms on the MCA, Income Tax and GST portals — several of these change every Finance Act or notification cycle, and quoting a stale figure to a client is a real risk.

How to tell which audit a client needs

A quick decision sequence that covers most practice situations:

  • Is it a company? Statutory audit is automatic — no threshold. Check separately whether it also crosses the internal-audit and secretarial-audit size thresholds.
  • Is it any business or profession — company or not? Check turnover/gross receipts against the Section 44AB tax audit threshold. This is independent of the statutory audit answer.
  • Is it GST-registered? The annual-return/reconciliation requirement under Sections 35(5)/44 applies on its own thresholds; a departmental audit under Sections 65/66 can be initiated separately by the tax authority regardless of size.
  • Does it have bank working-capital limits? Expect a stock audit requirement from the lender, on the bank's schedule — this is a covenant, not a statute.
  • Is it in a cost-audit-notified industry? Check the Section 148 rules and notified thresholds separately from the statutory audit.
  • Is there a fraud allegation, lender concern, or regulatory referral? That's a forensic audit — scoped by engagement letter, not by a standard statute or standard format.

None of these are mutually exclusive. A mid-sized manufacturing company can simultaneously need a statutory audit, a tax audit, an internal audit, a cost audit and a stock audit for its bank — five separate engagements, five separate reports, in the same year.

Practical notes for a practising CA

  • Independence rules differ by engagement. The same firm can often do statutory audit and tax audit for the same client (subject to Companies Act ceiling-on-audits rules), but internal audit and statutory audit for the same entity in the same year is restricted under Section 138/144 — check the current restriction before accepting both.
  • Not every audit is a CA's domain. Cost audit needs a Cost Accountant; secretarial audit needs a Company Secretary. Referring these out correctly, rather than assuming a CA firm can sign everything, avoids a defective report.
  • "No statute" doesn't mean "no standard." Stock audits and forensic audits aren't mandated by a single law, but ICAI guidance and standard audit practices (evidence, documentation, working papers) still apply — treat them with the same rigour as a statutory engagement.
  • Reporting formats vary sharply. A statutory audit report follows SA 700 formats and CARO 2020 (for companies); a tax audit report is Form 3CA/3CB with Form 3CD; a forensic audit report has no prescribed format at all and is drafted to the engagement's terms of reference.

Books that hold up under any of these audits

Whichever audit a client faces next, the starting point is the same: books that are GST-correct at the point of entry, a clean trial balance, and an audit trail you can actually follow. TatvaBooks keeps double-entry books with GSTR-2B reconciliation, Schedule III-ready statements and an append-only activity log built in — so when the statutory auditor, tax auditor or bank's stock auditor walks in, the evidence trail is already there rather than reconstructed at year-end.

See TatvaBooks for Chartered Accountants or pricing for firm and practice plans.

Frequently asked questions

What are the main types of audit in India?
For a practising CA the everyday types are statutory audit (Companies Act), tax audit (Income-tax Act Section 44AB), internal audit, cost audit, GST audit/reconciliation, and — less routinely — stock audit, forensic audit and secretarial audit (the last one is a Company Secretary's domain, not a CA's). Each has a different trigger, a different governing law, and often a different reporting format.
What is the difference between statutory audit and internal audit?
Statutory audit is mandatory for every company under the Companies Act and expresses an independent opinion on whether the financial statements are true and fair — it's for external users (shareholders, regulators, lenders). Internal audit evaluates the adequacy of internal controls and processes for management's own use, is mandatory only above prescribed thresholds, and can be performed by an in-house team, not necessarily an external CA. See our internal audit vs statutory audit page for the full comparison.
Is tax audit the same as statutory audit?
No. A statutory audit looks at the financial statements as a whole under company law; a tax audit under Section 44AB looks specifically at compliance with the Income-tax Act and is triggered by turnover or gross receipts crossing a threshold — verify the current limit on the Income Tax portal each year, since it changes with Finance Act amendments. A company can be subject to both audits for the same year, done by the same or different auditors.
Does every business need a GST audit?
There is no separate 'GST audit' report anymore for most taxpayers — compliance runs through self-certified reconciliation as part of the annual return process (CGST Act Sections 35(5)/44). GST authorities retain a separate power to conduct a departmental or special audit under Sections 65/66 in specific cases. Confirm the current annual-return and reconciliation requirement on the GST portal, since thresholds and forms have changed across years.
Who can perform a cost audit or a secretarial audit?
A cost audit under Section 148 of the Companies Act must be performed by a practising Cost Accountant (Cost and Management Accountant), not a Chartered Accountant. A secretarial audit under Section 204 must be performed by a practising Company Secretary. Only statutory audit, tax audit, internal audit (usually) and most forensic/stock audit engagements fall within a CA's scope of practice.

Built for CA practices · India-hosted

Books that are ready before the auditor walks in.

GST-correct entries, GSTR-2B reconciliation and an append-only trail from day one — so every audit on this page starts from clean data.