Internal and Statutory Audits in Non-Banking Financial Companies

calendar24 Oct, 2019
timeReading Time: 7 Minutes
Audits in NBFC

Audits are a necessary element in the functioning of any company and also for NBFCs. Every NBFC must conduct checks to ensure compliance of all prescribed norms and avoid any penalties. Also, NBFCs need to obtain the certificate from Statutory Auditor that they are engaged in non-banking financial institutions holding a Certificate of NBFC Registration under Section 45-IA of the RBI Act, 1934 proving their eligible.  In this blog, we are going to learn all about audits in NBFC.


Audit or auditing is a process to check if a particular company is working in compliance with all the guidelines and regulations directed to them and which they need to comply with. It means verifying the activities are happening on-site/ within the company.

It includes inspection or examination of processes and quality systems to ensure compliance with the regulatory guidelines. Auditing can be either of some specific functions, processes, etc. or of the entire company. Some audits have a particular purpose why they are conducted such as, auditing documents, risk, performance, or following up on specific corrective actions. 

Type of NBFC Audits

There are three different types of NBFC audits, according to the ISO 19011:2018 standards. These are as follows;

Type of NBFC Audits

Type of Audits

  • Process Audit: It is a type of audit that is conducted to verify if the processes in the companies are following the predetermined instructions by the governing bodies. Also, the objective of performing this type of audit is to ensure any company process does not involve any activity that does not adhere to these rules.
  • Product Audit: This type of audit is for any specific product or service. The auditing of the product/service may include hardware, processed material, or software, to ensure that they conform to the specifications, performance standards, or customer requirements.
  • System Audit: This type of audit conducted on the management level. It is done to ensure proper system developed and whether everything is useful and in conjunction with the specified requirements.

What are Statutory Audits?

As the name suggests, it is a type of audit that is mandatory for all companies registered under the Companies Act, 2013[1]. The purpose is almost the same as the internal audits. However, it is a compulsory audit directed by the law, unlike internal audits.  The Statutory Auditor makes a report after auditing the Book of Accounts of the company in the prescribed format.

Who conducts it?

As per RBI guidelines, a CA conducts the Statutory Audit under the Companies Act, 2013. It is a type of audit performed by the qualified auditors who work as an external auditor and independent parties

Significance of Statutory Audits

The main objective of conducting a Statutory Audit is to ensure whether the company is providing a fair and accurate representation of its activities by evaluating the bank balances, bookkeeping records, financial transactions, etc.

What is Internal Audits?

Internal audit is the process to evaluate the internal control systems of the company, corporate governance and the processing of the accounts. The purpose of internal audit is to identify problems and find their solutions before any inspection.  It helps detect any issues within the internal systems in the company, and ultimately improve operational efficiency.

Importance of Internal Audits

Internal audits are important because it helps to identify problems in the functioning of the company and solve them. It improves the effectiveness of governance, control processes, and risk management. By conducting an internal audit, the company can avoid penalties that might be imposed on them otherwise. However, performing an internal audit is not mandatory, unlike the Statutory Audit. But, it is done to check every function and other aspects that might be caught by a Statutory Auditor and the company might become liable for the penalty.        

Who conducts it?

 Audits in NBFC are conducted by an eligible person appointed by the management of the company. It is generally lead by a Chief Audit Executive {CAE} who then reports to the Audit Committee of the Board of Directors with administrative reporting to the Chief Audit Officer.

Auditor’s Report

The Reserve Bank of India formulates the auditor’s directions under section 45MA of the RBI Act, 1934. The RBI guidelines are applicable to auditors of all registered/non-registered NBFCs whether they are accepting deposits or not.

The Auditor creates a report on the matters he audits and submits it to the Board of Directors of the company. The report that the auditor makes is as per Section 143 of the Companies Act. The contents of the Auditor’s report are different in different cases such as if the NBFC has obtained the Certificate of Registration { CoR } from the bank, if the NBFC already has obtained CoR, etc. The audit is conducted once, at the end of every financial year or every fiscal. Moreover, the Auditor’s report must include the reason for the all unfavorable or qualified statement given by the auditor on the contents of the report and submit a separate report to the Board of Directors of the company.

This report must be submitted to the Regional Office of the NBFCs at the end of the financial year. This has to be done within one month from the date of finalizing of the Balance Sheet and should not be later than 30th December of that year.

Read our article:NBFC DSA Registration: Documentation and Process for becoming Direct Selling Agent

Key Audits Areas of NBFC: What’s included in the Auditor’s Report?

There are many matters that are included in the Auditor’s Report, and that differs in the type of activity the NBFC is indulged in. Here are I am giving you a few of them which will help you understand the broad aspect of the key inclusions in the Auditor’s Report:

  • Physical verification of all the share/ securities held by the firm
  • NBFC Prudential Norms stipulated or not
  • Verifying whether the NBFC has not advanced any loan against their shares
  • Whether KYC performed or not
  • If there is any window dressing, i.e. whether a new loan is passed to repay an existing loan
  • Checking the Board’s Minutes for purchase of any purchase and sale of investments
  • Ascertaining whether the requirements of the AS 13 “Accounting for Investments” has been compiled by the NBFC
  • Obtaining the balance confirmations of the concerned parties
  • Checking whether the NBFC has lent/invested in the specified limits to any single borrower
  • Confirming whether the NBFC has a proper appraisal and follow up on loans and advances
  • Verifying that the payment for acquiring an asset is directly made to the supplier and the original invoice has been drawn out in the name of the NBFC
  • Confirming if the hire purchase is against  vehicles then the registration certificate contains an endorsement in favor of the hire purchase company
  • Also, confirming that the assets given on hire purchase are adequately insured against it
  • Ascertaining that the NBFC has proper appraisal system for extending the equipment leasing finance
  • Verifying that the lease agreement entered into with the lessee in the request of equipment given on lease

Duty of auditor

  1. Compliance with NBFC Auditors Report RBI Directions
  2. Auditors to submit additional report to the Board of Directors
  3. Matters to be included in the auditor’s report
  4. Reasons for any unfavourable or qualified statements shall be stated.
  5. Obligation of auditor to submit an exception report to the bank.

Audits of NBFC: Procedure

The following are the steps how audits of NBFC are conducted in a non-banking financial company;

  • Step 1: The first step is to determine the type of work the NBFC does by checking the company’s Memorandums and Articles of Association.  If the auditor finds it necessary may also inspect the minutes of the Board/Committee Meetings and discuss with apex level management people to understand a better picture of the principal functions of the company.

Determining the principal business activities such as providing loans, Investment Company, etc. in which the company is involved to determine the norms which the company need to comply with accordingly.

  • Step 2: Next, the auditor evaluates the Internal Control System of the company. The functions of the Internal Control System include maintaining an adequate system and incorporating various measures of internal control within the organization, aids in taking timely decisions, detecting frauds, etc. The auditor reviews the effectiveness of the Internal Control System present in the company.
  • Step 3: It is mandatory for all NBFCs having a minimum net owned fund of Rs. two crores to obtain the Certificate of Registration for commencing its business under Section 45-IA of the RBI Act. Then the auditor obtains a copy of the Certificate of Registration of the company to ensure that the company is not carrying out business without the certificate. In case if the company has applied to obtain the certificate, the auditor needs to get a copy of the application of the same.
  • Step 4: The auditor must ascertain if the NBFC is a loan company, an investment company, or a hire purchase finance company or an equipment leasing company. If the NBFC does not lay in any of the classifications, the auditor classifies the type of the company to make sure they comply with the related regulations or not.
  •  Step 5: The auditor checks the company’s compliance with the specified prudential norms based on their income source such as from investments, accounting standards, asset classification, accounting for investments, provisioning for bad/doubtful debts, capital adequacy norms, etc.

Classification of frauds by NBFC

In order to have uniformity in reporting about frauds it has been classified as given below based on the provision of IPC:

  • Misappropriation of funds and criminal breach of trust
  • Fraudulent encashment through a forged instrument or through fictitious accounts and conversion of property and manipulation of the books of account.
  • Unauthorized credit facility extended for illegal gratification or for reward.
  • Negligence or any kind of cash shortages.
  • Cheating and forgery.
  • Any irregularity in foreign exchange transaction.
  • Any other frauds not provided under the above specified heads.

Difference between Statutory and Internal Audits

There are some basic differences between the Internal Audit and Statutory Audit. Such as Internal Audit is not a mandatory process; it is conducted to catch any error in the company’s processing before the Statutory Auditor and many more reasons. The significant difference between the two is listed below;

Sr. no   Internal Audit   Statutory Audit 
1. Conducted by Internal Auditor Conducted by Statutory
2. Not mandatory Mandatory
3. Conducted to check the
operation of the company
Conducted to check various
matters like checking the
book of accounts, etc.
4. Suggestions on improvement
in internal check system
No suggestions on improvement in internal check system
5. An Internal Auditor work under
terms of appointment
A Statutory Auditor work
under terms of appointment and other prescribed laws
6. An Internal Auditor is an
employee of the company
A Statutory Auditor is not an
employee of the company
7. An Internal Auditor is not an
independent person
An Statutory Auditor is an
independent person
8. Appointed for five years Appointed for a term of three years by the general meeting
of the shareholders
9. Internal Auditor does not need any specific qualification as per the laws Statutory Auditor must be a CA
10. Conducted by the management of the company Lead by the shareholder or the Annual General Meeting
11. Continuous evaluation Held after preparation of final accounts
12. Scope of work is determined by
the management of company
Scope of work is determined by law


Like every other company, NBFC also conduct Audits to check whether they have complied with all the prescribed norms and avoid penalty. There are three types of audits based on the key area where the auditing is done, namely; Process, Product and System Audit. Internal audit is the one conducted by the internal management of the company to check everything is in compliance and to dodge any penalty.

On the other hand, Statutory Audit is a mandatory action conducted every fiscal. Internal Audits in NBFC is not mandatory by law; companies are allowed to choose whether they want to conduct it or not.  The internal auditor can suggest any scope of improvement within the internal systems of the company, whereas the statutory auditors do not suggest any scope of improvement or anything else and directly impose the penalty.

Read our article:Impact of NBFC on the Vehicle and Housing Loan Sector in Recent Times

Request a Call Back

Are you human? : 2 + 7 =

Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality