Content authored by practitioners with experience at Amazon India, Intuit QuickBooks, and the Tata Group. Meet the team →
Section 138 of the Companies Act 2013 plus Rule 13 mandate internal audit for listed companies and thresholds (₹50 crore paid-up, ₹200 crore turnover, ₹100 crore borrowings). SA 530 sampling requires sufficient evidence across bank, party, TDS, and GST reconciliations — spreadsheet-only reconciliations with no version history fail ICAI peer review.
Risk-based sampling stratifies reconciliation populations by value and transaction count (high-risk: vendor-payment bank accounts, GST ITC; low-risk: petty cash floats). Each selected reconciliation is tested for design and operating effectiveness: preparer plus reviewer sign-off, aging analysis, exception resolution within SLA, and management-response trail. Findings feed SIA 330 documentation.
SA 530 stratified sampling at 95% confidence plus 5% tolerable error, SIA 330/350 evidence templates, aging threshold of 90 days for unresolved items, and risk-weighted scope for high-value ledgers.
Signed-off audit evidence pack with sample selection rationale, variance testing results, ICFR-feed memo for Section 143(3)(i), and prior-observation follow-through log for the Audit Committee.
A finance team at a ₹400 crore turnover manufacturing company closes its books on the 7th of each month. The internal auditor arrives on the 20th and asks for the bank reconciliation for the prior month. What the team hands over — a spreadsheet with highlighted unmatched rows and no evidence of who resolved what, or when — is the gap internal audit testing is designed to surface. This guide covers what internal auditors sample, what they test, and what counts as evidence under the ICAI Standards on Internal Audit.
What Internal Audit of Reconciliation Tests
Internal audit of reconciliation evaluates two dimensions under the ICAI Standards on Internal Audit (SIA): design effectiveness (is the control designed to catch errors?) and operating effectiveness (does the control actually work in practice?). Reconciliation scope typically covers bank accounts, party ledgers (receivables and payables), intercompany balances, TDS receivable, GST input credit, and statutory dues (PF, ESI, professional tax).
Under Section 138 of the Companies Act, 2013, the Audit Committee approves the internal audit scope annually. For companies above the threshold (listed entities, unlisted public companies above ₹50 crore paid-up capital, or turnover above ₹200 crore), reconciliation testing is a standard scope area because unresolved reconciliation items feed directly into the CARO 2020 report and the Section 143(3)(i) internal controls opinion.
How Sample Selection Works
Risk-Based Scoping
The auditor classifies reconciliation populations by risk: bank accounts used for high-value vendor payments are higher risk than petty cash float accounts. GST input credit reconciliation is higher risk than advance tax reconciliation because ITC mismatches trigger demand notices under Section 73 of the CGST Act with 18% interest. The sample is weighted toward high-risk accounts.
Statistical Sampling Under SA 530
For populations with more than 500 transactions per month, internal auditors apply SA 530 sampling methods. Monetary unit sampling targets the largest 10 to 15 items; random sampling covers the residual population at a 95% confidence level. For a population of 2,000 monthly transactions with a 5% tolerable error rate, the typical statistical sample size is 60 to 80 items per quarter.
Walkthrough and Re-Performance
For each sampled item, the auditor walks through the matching logic: how was the bank credit linked to the invoice? What signal (UTR, amount, counterparty name) drove the match? Re-performance means the auditor redoes the match independently and compares results. Divergence rates above 3% indicate weak matching logic.
Internal Audit Reconciliation Testing Matrix
| Control Area | Sample Source | Test Procedure | Evidence Required |
|---|---|---|---|
| Bank reconciliation | Monthly BRS + bank statement | Re-perform match on 20 items per account | Signed BRS, exception log, aging schedule |
| TDS receivable | Form 26AS + party ledger | Match TDS by section, quarter, TAN for 25 parties | Form 26AS download, reconciliation workpaper |
| GST input credit | GSTR-2B + purchase register | Line-match ITC for 30 suppliers | GSTR-2B JSON, GSTR-3B filed, reversal log |
| Party balances | Vendor statements + payable ledger | Balance confirmation under SA 505 | Confirmation letter, reconciliation of differences |
| Statutory dues | Challan + liability ledger | Match challan ID to GL posting | Challan copy, bank debit, GL screenshot |
Where Reconciliation Audits Fail in India
Indian internal auditors encounter three systemic issues. First, TDS reconciliation with Form 26AS is rarely current — most teams download 26AS once a quarter rather than continuously, so mismatches age past the correction window. Second, GST reconciliation is treated as a compliance task rather than a control, with no exception log and no escalation matrix. Third, intercompany balances between group companies are reconciled annually rather than monthly, leading to year-end pile-ups that the statutory auditor qualifies.
The remedy is a reconciliation audit trail with time-stamped exception records, escalation rules, and evidence of follow-through. For companies above the CARO 2020 working capital threshold, this is not optional — it is the evidence the statutory auditor will request under Section 143(3)(i).
Organisations running structured reconciliation through TransactIG’s reconciliation infrastructure generate the exception logs and audit evidence automatically, which reduces internal audit field time by 40 to 60% for mid-size engagements. Teams handling high-volume TDS mismatches also benefit from purpose-built TDS reconciliation software that continuously syncs with Form 26AS rather than waiting for quarterly downloads. The full SIA framework is maintained by the Institute of Chartered Accountants of India.
Internal audit observations on reconciliation feed directly into the Audit Committee report and the ICFR assessment, making the quality of testing a direct determinant of the statutory audit opinion. The FAQs below address the most common scope and sampling questions raised during engagement planning.