Introduction
Singapore ranks 2nd globally in cumulative foreign direct investment (FDI) into India, contributing USD 171.92 billion (23.87% of total FDI) as of December 31, 2024, according to the Department for Promotion of Industry and Internal Trade (DPIIT). This capital flow translates to thousands of Singapore-owned Indian entities across sectors — from technology and financial services to manufacturing and infrastructure.
Yet many Singapore-based finance teams miss one compliance obligation until it's too late: mandatory internal audit requirements under the Companies Act, 2013. Once a Singapore company incorporates an Indian subsidiary, joint venture, or branch office, it falls under Indian law. Many foreign-owned entities cross the statutory audit thresholds within their first few years — and non-compliance can expose the company and its directors to penalties under Section 138.
This article covers:
- Internal audit obligations under Section 138 of the Companies Act, 2013
- How applicability thresholds differ by entity type
- What the audit scope looks like for a foreign-owned Indian entity
- How to appoint a compliant internal auditor in India
TLDR
- Section 138 of the Companies Act, 2013 mandates internal audit for listed companies, qualifying unlisted public companies, and private companies crossing defined financial thresholds
- A Singapore company's Indian subsidiary incorporated as a private limited company must appoint an internal auditor if annual turnover reaches ₹200 crore or outstanding bank loans exceed ₹100 crore
- Branch offices and liaison offices fall outside Section 138 but remain subject to compliance obligations under FEMA and RBI guidelines
- Audit scope for Singapore-owned Indian entities typically extends beyond the Companies Act to cover FEMA compliance, transfer pricing, and related-party transaction reviews
- Non-compliance attracts penalties under Section 450 of the Companies Act, 2013 — up to ₹10,000 initially plus ₹1,000 per day for continuing default
Do Indian Internal Audit Rules Apply to Your Singapore Company?
Indian law applies to the Indian legal entity, not the Singapore parent. A Singapore company operating through a locally incorporated Indian subsidiary is subject to all provisions of the Companies Act, 2013 — just as any other Indian company would be.
Singapore companies familiar with their home country's internal audit framework (governed by the Singapore Companies Act and MAS guidelines for regulated entities) sometimes assume their group-level audit structure satisfies Indian requirements. It does not. India requires a separately appointed internal auditor for the Indian entity, with the audit scope covering India-specific obligations such as:
- FEMA compliance and foreign remittance documentation
- Transfer pricing documentation for intercompany transactions
- GST reconciliation and input tax credit reviews
Internal Audit Requirements Under the Companies Act, 2013: The Legal Framework
Section 138 of the Companies Act, 2013 is the primary legal provision governing internal audit in India. It mandates certain classes of companies to appoint an internal auditor (a Chartered Accountant, Cost Accountant, or other professional approved by the Board). The Audit Committee, in coordination with the internal auditor, determines the scope, frequency, and methodology.
Thresholds That Trigger Mandatory Internal Audit
| Company Type | Threshold Criteria (any ONE triggers requirement) |
|---|---|
| Listed companies | Mandatory — no thresholds apply |
| Unlisted public companies | (i) Paid-up share capital ≥ ₹50 crore during preceding FY; OR (ii) Turnover ≥ ₹200 crore during preceding FY; OR (iii) Outstanding loans/borrowings from banks/financial institutions > ₹100 crore at any point during preceding FY; OR (iv) Outstanding deposits ≥ ₹25 crore at any point during preceding FY |
| Private companies | (i) Turnover ≥ ₹200 crore during preceding FY; OR (ii) Outstanding loans/borrowings from banks/financial institutions > ₹100 crore at any point during preceding FY |
Thresholds are assessed based on the preceding financial year's figures. Singapore companies with fast-growing Indian subsidiaries should track these numbers continuously — waiting until a threshold is already crossed creates compliance gaps and potential penalties.
Applicability by Entity Type: Where Does Your Indian Operation Stand?
Singapore companies enter India through four main structures: Wholly Owned Subsidiary (WOS), Joint Venture (JV), Branch Office, or Liaison Office. Internal audit applicability under the Companies Act varies significantly by structure.
Wholly Owned Subsidiary (Private Limited Company)
This is the most common entry route for Singapore companies and is incorporated as a private limited company under the Companies Act, 2013. Internal audit becomes mandatory once the WOS crosses the private company thresholds:
- ₹200 crore turnover
- ₹100 crore in outstanding borrowings
Fast-growing WOS entities in sectors like technology, manufacturing, or logistics can reach these thresholds within a few years of operation — making early planning critical.
Joint Venture (Public or Private Company)
A JV with an Indian partner may be structured as either a private or public company. If structured as an unlisted public company, the thresholds are wider:
- Paid-up capital of ₹50 crore
- Deposits of ₹25 crore
- Plus turnover and borrowing criteria
Singapore companies holding a JV stake should confirm the entity's company type early — the gap between private and public company thresholds is significant enough to change your compliance timeline.
Branch Office and Liaison Office
Branch offices and liaison offices are not incorporated as separate Indian companies — they are extensions of the Singapore parent entity registered with the RBI under FEMA. As a result, Section 138 of the Companies Act, 2013 does not apply to them.
However, branch offices must still file annual activity certificates with the AD Bank and comply with RBI/FEMA reporting requirements, which may involve separate audit processes outside the Companies Act framework.
What the Audit Scope Looks Like for a Singapore MNC in India
Even where internal audit is mandatory under Section 138, the specific scope is not rigidly defined by law. Rule 13 of the Companies (Accounts) Rules, 2014 leaves it to the Audit Committee and internal auditor to agree on scope, functioning, periodicity, and methodology. For a Singapore-owned Indian entity, this creates both an opportunity and a responsibility to design a scope that reflects Indian compliance risks alongside the parent company's governance expectations.
Transfer Pricing and Related-Party Transactions
Singapore companies transacting with their Indian subsidiaries — management fee charges, royalties, intercompany loans, or goods supply — must comply with India's transfer pricing regulations under Sections 92 to 92F of the Income Tax Act, 1961. These rules apply regardless of whether the Indian entity is a wholly owned subsidiary or a joint venture.
Internal audit of an Indian MNC subsidiary should include:
- Review of transfer pricing documentation
- Arm's-length pricing adherence
- Form 3CEB filing readiness
Transfer pricing is a high-scrutiny area for foreign-owned entities in India. The CBDT signed a record 174 APAs in FY 2024-25 (cumulative 815), with 858 applications still pending, according to PwC India's seventh APA Annual Report. Penalties for under-reporting range from 50% to 200% of tax payable.
FEMA Compliance Review
Foreign-owned Indian entities must comply with the Foreign Exchange Management Act (FEMA), covering:
- Inward FDI reporting (FC-GPR)
- Downstream investment disclosures
- ECB (External Commercial Borrowing) compliance
- Repatriation of dividends or profits
A well-scoped internal audit for a Singapore subsidiary should include a FEMA compliance review to identify any unreported transactions or structuring issues before they are flagged by the RBI.
VJM Global supports Singapore-owned Indian entities with internal audits that cover Companies Act compliance, FEMA, transfer pricing, and GST review under one engagement — reducing the coordination burden for finance teams managing multiple Indian regulatory obligations.
Appointing an Internal Auditor in India: Qualifications, Process, and Penalties
Qualifications
Under Section 138 read with Rule 13, an internal auditor can be:
- Chartered Accountant (CA in practice or employment)
- Cost Accountant (CMA)
- Any other professional determined by the Board of Directors
- An employee of the company
Note that the statutory auditor of the company cannot simultaneously serve as the internal auditor. This is explicitly prohibited under Section 144(b) of the Companies Act, 2013.
Appointment Process
The appointment follows these steps:
- Pass a Board of Directors resolution approving the appointment
- File Form MGT-14 with the Registrar of Companies (ROC) within 30 days of the board meeting
- Issue a formal appointment letter to the auditor
If the Indian subsidiary has an Audit Committee — mandatory for certain listed and larger companies — that committee must also be consulted on audit scope and methodology per Rule 13.
Penalties for Non-Compliance
Section 138 carries no dedicated penalty clause, but failure to comply triggers Section 450 of the Companies Act, 2013 — the Act's general catch-all provision:
- Initial penalty: up to ₹10,000 for the company and every officer in default
- Continuing default: ₹1,000 per day for each day the contravention continues
- Maximum cap (per adjudication practice): ₹2,00,000 for the company; ₹50,000 for each officer in default
Offences under Section 450 are compoundable, meaning the company can settle with the relevant authority without court proceedings. Given that penalties compound daily, appointing an auditor at incorporation — rather than after a notice — keeps both exposure and administrative disruption minimal.
Frequently Asked Questions
Is CIA recognised in India?
Yes, the Certified Internal Auditor (CIA) certification issued by the Institute of Internal Auditors (IIA) is recognized in India and is a valid qualification for internal auditor appointment. The IIA India chapter actively promotes the CIA as a professional standard. The Companies Act permits "any other professional" as decided by the Board, which makes CIA holders eligible for appointment.
Is internal audit mandatory for a private limited company in India?
Internal audit is mandatory for private limited companies only if they meet Section 138 thresholds: turnover of ₹200 crore or more, or outstanding loans/borrowings exceeding ₹100 crore in the preceding financial year. Companies below these thresholds are not legally required to comply, though many do so voluntarily.
Can the same firm conduct both internal and statutory audit for a Singapore company's Indian subsidiary?
No, this is explicitly prohibited. Section 144(b) of the Companies Act, 2013 bars a statutory auditor from providing internal audit services to the same company. The Singapore parent must ensure its Indian subsidiary appoints separate firms for statutory and internal audit functions.
Does a branch office or liaison office of a Singapore company need an internal audit under the Companies Act?
No — branch and liaison offices are not incorporated under the Companies Act, so Section 138 does not apply. That said, RBI/FEMA reporting obligations still apply, and filing annual activity certificates may require separate audit procedures outside the Companies Act framework.
What are the penalties for not complying with internal audit requirements in India?
Section 450 of the Companies Act imposes an initial penalty of up to ₹10,000 on the company and responsible officers, plus ₹1,000 per day for continuing non-compliance. The offence is compoundable, allowing settlement without litigation.
How frequently must a Singapore company's Indian subsidiary conduct internal audits?
The Companies Act sets no fixed frequency — Rule 13 leaves periodicity to the Audit Committee and internal auditor. In practice, most companies conduct audits quarterly or half-yearly, with larger or higher-risk entities typically opting for rolling quarterly coverage.
