Governance & Internal Controls Services in Mumbai – CA Vijay Singh
Fortified Governance & Internal Controls: Build an Unshakeable Foundation
Go from ‘High Potential’ to ‘Highly Investable
As your company scales, informal processes invite financial leakage, operational inefficiencies, and a loss of investor confidence. We help you establish a bulletproof governance framework that protects your assets and proves your operational maturity making you due diligence ready at all times.
What We Deliver:
1. Internal Control Design & Implementation
We establish practical, scalable controls across procurement-to-pay, order-to-cash, and payroll — with clear segregation of duties and approval matrices to minimize fraud and error.
2. Standard Operating Procedures (SOPs)
We document and standardize your critical business processes, making your company process-driven rather than person-dependent. This ensures consistency, scalability, and faster onboarding for new hires.
3. Voluntary Internal Audits
Even when not legally required, we conduct periodic internal audits to assess your financial health, detect process bottlenecks, and reassure stakeholders of operational discipline.
4. Enterprise Risk Management (ERM) Framework
We identify and assess key financial, operational, and compliance risks, then design mitigation strategies to safeguard business continuity and long-term resilience.
We were growing fast, but our finances were a black box. We were profitable on paper but always scrambling for cash. The Virtual CFO service didn't just clean up our books; it gave us a 13-week rolling cash forecast that changed how we made decisions. For the first time, we could see problems coming and act proactively. It was the difference between surviving growth and leading it.
As we prepared for our Series A, we knew our informal processes wouldn't pass investor scrutiny. The team came in and implemented a full set of internal controls, from procurement to payroll. When due diligence started, investors were impressed by our operational maturity. We didn't just get the funding; we got it on better terms because we were seen as a lower-risk investment.
Frequently Asked Questions
Strong governance isn’t just for large corporations. Early-stage companies that build discipline early avoid costly mistakes and signal maturity to investors.
They uncover inefficiencies and financial leakages before they escalate, while boosting investor and lender confidence during fundraising or credit evaluations.
Clear, documented processes remove dependency on key individuals, ensuring consistent execution and faster employee training.
Absolutely. Investors value companies with strong governance — it reduces perceived risk, accelerates due diligence, and improves valuation outcomes.
Not if designed correctly. Our approach balances control with flexibility so processes stay efficient while risks are minimized.
Internal Audit & Corporate Governance
Risk-based internal audit, internal financial controls certification, board governance support, and related-party transaction review – structured to the SIA 110 standard and the Companies Act 2013 governance framework.
By CA Vijay R Singh, FCA
ICAI Membership No. 153926 | FRN 136869W | Practising since 2013
Quick Summary
Internal audit is the function that surfaces what statutory audit is not designed to find – process gaps, control weaknesses, related-party concerns, fraud risk, compliance drift. Done well, it is the early-warning system a board needs. Done as a tick-box exercise, it is the document that turns up at scrutiny without the substance behind it. We run internal audit on a risk-based framework aligned to SIA 110 issued by ICAI, with quarterly reporting to the audit committee or board.
Strategic Fit: Is this right for you?
Sec 138 Threshold
Companies meeting the Section 138 + Rule 13 internal audit threshold.
IFC Gap Companies
Statutory auditor flagged Internal Financial Controls gaps under Sec 143(3)(i).
Pre-Investor
Companies preparing for an investor or acquirer where governance hygiene is a deal item.
Family Business
Where ownership and management overlap - third-party audit creates accountability.
Professional Management Transition
Founder stepping back, professional CFO/CEO joining.
Section 8 / NGO
Large NGOs with grant compliance requirements.
Final Deliverables Checklist
Everything you receive at the end of the engagement.
- Risk-based annual audit plan
- Annual IFC adequacy and operating-effectiveness assessment
- Quarterly internal audit reports (findings, root cause, recommendations)
- Audit committee charter and meeting support
- Related-party transaction policy and register
- Vigil mechanism policy
- CARO 2020 support pack for statutory auditor
- Board governance calendar and compliance dashboard
UNDERSTANDING THE INTERNAL AUDIT FRAMEWORK
Risk-Based Scoping
Audit plan built around the risks that matter – revenue, procurement, inventory, treasury, payroll, statutory compliance, RPT, IT controls. Scope agreed with audit committee at year start.
Quarterly Fieldwork
Four fieldwork cycles per year. Each cycle covers a defined slice with sample testing, control walkthroughs, exception analysis.
IFC Section 143(3)(i)
Internal Financial Controls reporting. Document financial reporting risk universe, map controls, test design adequacy, test operating effectiveness. Surface and remediate before statutory audit.
The Engagement Lifecycle
|
Process Name
|
Description
|
Typical Timeline
|
|---|---|---|
Transparent Pricing Structure
Statutory & Third-Party Costs – pass-through, NOT our fees
These are paid directly to government departments, certifying authorities, and banks. They are not VRS professional fees.
- No statutory / government pass-through fees - internal audit is a private engagement
- Section 204 secretarial audit (where required) signed by PCS - partner coordination
- Audit committee meeting minutes archival - internal company resource
- MR-3 secretarial audit filing (Sec 204) - government fee borne by company
- All government and partner fees referenced are pass-through, not VRS fees
Engagement & Fees
We design and run internal audit and controls end-to-end — IFC / IFCoFR design, process testing, and reporting — scoped to your risk areas during an initial scoping call.
Fees are confirmed per engagement after the scoping call, based on the scope and complexity involved. You receive a clear, written quote before any work begins — no hidden charges.
Quoted per Engagement
The final quote depends on the scope, volume, and statutory complexity of your specific engagement.
Frequently Asked Questions
We are below the Section 138 threshold. Do we still need internal audit?
Statutorily, no. Practically – depends on stage. If you have institutional investors, if the founder is stepping back, if there is family-management overlap, internal audit pays for itself.
Can the same firm do statutory audit and internal audit?
No – ICAI Code of Ethics independence requirements prohibit the same firm from doing both. We either do statutory audit OR internal audit for a given client, not both.
What is the difference between internal audit and statutory audit?
Statutory audit opines on whether financial statements give a true and fair view. Internal audit opines on whether processes, controls, and compliance are operating effectively.
We had a qualified IFC opinion last year. What do we do?
Understand the qualification – design adequacy or operating effectiveness. Remediate before the next cycle. We document the gap, design remediation, implement, and test.
How often does the audit committee actually meet?
Listed companies – minimum 4 times a year (SEBI LODR Reg 18). Unlisted public and large private companies – typically quarterly.
Can you also do the secretarial audit?
No – secretarial audit under Section 204 is signed by a Company Secretary in practice (PCS), not a CA. We coordinate with a PCS partner where the engagement requires both.