Expert verified
TL;DR Summary
|
Secretarial audit is mandatory under Section 204 of the Companies Act 2013 for all listed companies, unlisted public companies with paid-up capital of ₹50 crore or more or turnover of ₹250 crore or more, and any company — including private companies — with outstanding bank borrowings exceeding ₹100 crore, with findings reported in Form MR-3 by a Practicing Company Secretary and annexed to the Board’s Report before the AGM. Non-compliance attracts a flat penalty of ₹2 lakh per defaulter — applied separately to the company, each officer in default, and the PCS — while listed entities face additional SEBI penalties under Regulation 24A, plus a separate Annual Secretarial Compliance Report (ASCR) deadline of 30 May each year.
A Secretarial Audit in India ensures that businesses are following laws and standards. If ignored, may face heavy penalties, and legal trouble.
Understand with us all about secretarial audits for companies, their applicability, process and a checklist to help you get started.
Every now and then, a compliance requirement comes along that genuinely matters — not just as a legal box to tick, but as something that can actually protect a company and its directors from serious trouble. Secretarial audit is one of those requirements. If you are a director, a company secretary, or someone working in corporate compliance, understanding exactly when this audit applies and what it involves is pretty important.
This guide covers secretarial audit applicability from top to bottom — who needs it, what the thresholds are, how Form MR-3 works, what a thorough audit checklist looks like, and what happens if a company ignores the requirement. We have also included a section on how secretarial audit differs from the statutory financial audit, because that confusion comes up constantly.
What Is a Secretarial Audit?
A secretarial audit is an independent review of whether a company has followed all the laws and regulations that apply to it — not the financial ones (that is the statutory audit’s job), but the corporate governance and legal compliance ones. Think of it as a compliance health check for the non-financial side of running a company.
It is mandated under Section 204 of the Companies Act, 2013, and must be carried out by a Practicing Company Secretary (PCS) — a member of the Institute of Company Secretaries of India (ICSI) who holds a valid Certificate of Practice. The findings are reported in Form MR-3, which is then annexed to the Board’s Report presented to shareholders.
What does the PCS actually check? Broadly, they verify whether the company has complied with:
- The Companies Act, 2013 and all rules under it
- The Securities Contracts (Regulation) Act, 1956
- The Depositories Act, 1996
- SEBI regulations — including LODR, Insider Trading, SAST (Takeover), and others
- FEMA — specifically relating to Foreign Direct Investment and External Commercial Borrowings
- Secretarial Standards (SS-1 and SS-2) issued by ICSI
- Any other industry-specific laws applicable to the company
The audit is not a stamp of approval. The PCS gives their opinion based on what they found. If there are gaps or non-compliances, those get noted in the report. The Board then has to explain each such observation in their Board’s Report.
Updated Applicability Thresholds: Listed, Unlisted, and Paid-Up Capital Rules
This is the question most people searching for “secretarial audit applicability” are actually trying to answer — does my company need to do this? Here is a clear breakdown.
Companies That Must Undergo Secretarial Audit
Under Section 204(1) of the Companies Act, 2013 read with Rule 9 of the Companies (Appointment and Remuneration of Managerial Personnel) Rules, 2014, the following companies must get a secretarial audit done and annex the report (Form MR-3) to their Board’s Report:
|
Category |
Threshold / Condition |
Legal Basis |
|
Every listed company |
No threshold — all listed companies regardless of size |
Section 204(1) |
|
Unlisted public company |
Paid-up share capital of Rs. 50 crore or more |
Rule 9(1)(a) |
|
Unlisted public company |
Turnover of Rs. 250 crore or more |
Rule 9(1)(b) |
|
Any company (including private) |
Outstanding loans or borrowings from banks or public financial institutions of Rs. 100 crore or more |
Rule 9(1)(c) |
A few things worth noting here. First, the third condition — loans of Rs. 100 crore or more — extends to private companies as well. A lot of people miss this. Just because a company is private does not automatically exempt it if its borrowings cross this threshold.
Second, the thresholds are checked based on figures in the last audited financial statement. So if your company’s paid-up capital or turnover crossed the threshold at the end of the previous financial year, the secretarial audit requirement kicks in for the current financial year.
Third, the triggers are “or” conditions, not “and.” Meeting any one of them is enough. A company with paid-up capital of Rs. 40 crore but a turnover of Rs. 300 crore still needs a secretarial audit.
Listed Companies and Their Material Subsidiaries — SEBI Regulation 24A
For listed entities, there is a parallel requirement under Regulation 24A of SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015. Every listed entity, and each of its material unlisted subsidiaries incorporated in India, must undertake a secretarial audit. This requirement has been in force since FY 2018-19.
A “material subsidiary” here means a subsidiary whose income or net worth exceeds 10% of the consolidated income or net worth of the listed parent. So if you have a listed parent company with a large unlisted subsidiary, that subsidiary may independently be subject to secretarial audit even if it does not meet the thresholds under Section 204.
Additionally, listed entities must submit an Annual Secretarial Compliance Report (ASCR) to the stock exchanges within 60 days from the end of the financial year. This is a separate and broader document from Form MR-3, though both are prepared by the Practicing Company Secretary.
SEBI LODR Third Amendment Regulations 2024 — New Requirements for Listed Entities
SEBI notified the LODR Third Amendment Regulations in December 2024, which came into effect from 1 April 2025. This significantly tightened the secretarial audit framework for listed companies:
- Only Peer Reviewed Company Secretaries: From 1 April 2025, listed entities can only appoint a secretarial auditor who is a peer-reviewed PCS — meaning they hold a valid peer review certificate from ICSI. This applies to both individual PCS and firms.
- Shareholder Approval Required: The appointment, reappointment, and removal of the secretarial auditor now requires approval at the Annual General Meeting (AGM), similar to the process for statutory auditors.
- Five-Year Cooling-Off Period: A secretarial auditor who completes their tenure cannot be immediately reappointed. A five-year cooling-off period must pass before reappointment. If a firm is involved, none of the partners should have been part of the previous auditor firm during this period either.
- Conflict of Interest Restrictions: Service restrictions have been added to prevent situations where the secretarial auditor provides other services to the same listed entity, reducing conflict of interest.
What If the Company Does Not Fall Under Any of the Above?
Companies that fall outside these thresholds are not legally required to do a secretarial audit. However, the audit can be done voluntarily. Many companies approaching an IPO, raising private equity funding, or undergoing a merger do voluntary secretarial audits to identify and address compliance gaps proactively. It is quite common — and honestly a good idea — for any company with ambitions to go public or attract institutional investors.
30-Point Secretarial Audit Checklist
If you have ever wondered what exactly a Practicing Company Secretary checks during a secretarial audit, here is a comprehensive view. This is not exhaustive — the scope varies based on the company — but it covers the major areas that come up in nearly every engagement.
Board Meetings and Resolutions
- Verify that board meetings were held at least four times in the financial year with gaps not exceeding 120 days between any two consecutive meetings, as required by Section 173 of the Companies Act, 2013
- Check that proper notice (at least seven days in advance) was given to each director for all board meetings, and that notices were sent to the registered email addresses of directors
- Confirm that quorum was present at each board meeting — in general, one-third of the total strength or two directors, whichever is higher
- Verify that minutes of board meetings were recorded within 30 days of each meeting, signed by the Chairman, and maintained in the prescribed manner per Secretarial Standard SS-1
- Check that resolutions passed at board meetings or through circular resolution are in line with the powers delegated to the Board under the Companies Act and the Articles of Association
Annual General Meeting (AGM)
- Verify that the AGM was held within six months from the end of the financial year (or the extended period if an extension was granted by the Registrar of Companies)
- Check that proper notice of the AGM was sent to all shareholders at least 21 clear days in advance, along with the agenda, explanatory statements, and the annual report
- Confirm quorum requirements were met and that the proceedings were recorded properly per Secretarial Standard SS-2
- Verify that all resolutions required to be passed at the AGM were presented — including adoption of financial statements, appointment or ratification of auditors, declaration of dividend if any, and appointment of directors retiring by rotation
Statutory Registers and Records
- Check that all statutory registers required under the Companies Act are maintained and updated — including the Register of Members (MGT-1), Register of Directors and Key Managerial Personnel, Register of Charges, Register of Related Party Transactions, and others
- Verify that the Register of Members reflects all share transfers, allotments, and transmissions during the year, and that share certificates were issued within the prescribed time limits
- Check that the Register of Contracts or Arrangements in which directors are interested (Section 189) is maintained and updated whenever there is a change
ROC Filings and MCA Compliance
- Verify that the Annual Return (Form MGT-7 or MGT-7A for small companies) was filed within 60 days from the date of the AGM
- Confirm that the Financial Statements (AOC-4) were filed within 30 days from the date of the AGM (or 30 days from conclusion of the Board meeting where financial statements were approved in case of OPC)
- Check that resolutions passed at board and general meetings that need to be filed with the ROC were filed in Form MGT-14 within 30 days of passing, as required under Section 117
- Verify that forms related to appointments and changes in directors (DIR-12) and changes in KMP were filed on time
- Check that annual DIR-3 KYC filings were completed for all directors
- Verify that charges created or modified or satisfied during the year were registered with ROC within the prescribed timelines under Section 77
Key Managerial Personnel and Directors
- Confirm that the company has appointed all required Key Managerial Personnel — a Managing Director or CEO or Manager, a Company Secretary (where required based on paid-up capital), and a CFO — as per Section 203
- Check that the appointment, reappointment, or removal of directors was done as per the Companies Act and the company’s Articles of Association
- Verify that the company has not defaulted on the obligation to have an adequate number of independent directors on the board, where applicable
Share Transfers and Securities
- Verify that share transfers were processed within 15 days of receipt of the transfer request (for physical shares) and that the company did not refuse or delay transfers without valid reason
- Check that any fresh issue of shares during the year — whether by rights issue, private placement, ESOP allotment, or otherwise — followed the prescribed procedure under the relevant sections
- For listed companies, verify compliance with SEBI LODR requirements for any securities issued or transferred during the year
SEBI and FEMA Compliance
- For listed companies, check compliance with SEBI LODR requirements including timely disclosures, submission of financial results within prescribed timelines, and maintenance of shareholding pattern records
- Verify compliance with SEBI Insider Trading Regulations — including maintenance of the list of designated persons, code of conduct, trading window closures, and pre-clearance procedures
- If the company received FDI during the year, verify that the applicable FEMA forms (FC-GPR, FC-TRS) were filed with the authorized dealer bank or Reserve Bank of India within prescribed timelines
CSR, Related Party Transactions, and Governance
- If CSR provisions apply, verify that the CSR Committee was constituted, that a CSR policy was adopted, and that the required spending was done and reported correctly in the Board’s Report and the CSR Report
- Verify that related party transactions above prescribed thresholds were approved by the Board and, where required, by shareholders — and that the relevant disclosures were made in the financial statements and the Board’s Report
- Check that the Vigil Mechanism and Whistle Blower Policy are in place and operative, where the company is required to have one
Form MR-3: Filing Process, Due Date, and Who Signs
Form MR-3 is the prescribed format for the Secretarial Audit Report, as per Rule 9(2) of the Companies (Appointment and Remuneration of Managerial Personnel) Rules, 2014. Every company that is required to undergo a secretarial audit must have this form prepared by the Practicing Company Secretary and annexed to its Board’s Report.
Who Prepares and Signs Form MR-3?
Only a Company Secretary in Practice (PCS) — someone who is a Fellow or Associate member of ICSI and holds a valid Certificate of Practice — can prepare and sign Form MR-3. An employee Company Secretary cannot sign it, even if they are a member of ICSI. The practising status and the Certificate of Practice are both mandatory.
For listed entities from 1 April 2025, there is an additional requirement: the PCS must be peer-reviewed by ICSI. This means they (or their firm) must hold a valid peer review certificate from the Institute. This tightening was introduced under the SEBI LODR Third Amendment Regulations, 2024.
What Does Form MR-3 Cover?
The form is structured around the auditor’s examination of the following areas:
- Compliance with the Companies Act, 2013 and all rules made under it — this is the core
- The Securities Contracts (Regulation) Act, 1956 and the rules under it
- The Depositories Act, 1996 and related SEBI regulations — relevant if the company’s securities are held in demat form
- FEMA, 1999 — specifically to the extent of Foreign Direct Investment and External Commercial Borrowings (ECB)
- Specified SEBI Regulations — which for listed companies includes LODR, Insider Trading, SAST (Takeover Code), SEBI (ICDR) Regulations, and others
- Secretarial Standards SS-1 and SS-2 — covering board meetings and general meetings respectively
- Listing agreements with stock exchanges (for listed companies)
- Other sector-specific laws applicable to the company, which the auditor identifies as relevant based on the company’s business
The report states whether or not the company has complied with each of these. Where non-compliances exist, they are listed with details. The report also comments on whether the company has proper board processes and a compliance mechanism in place.
Due Date for Form MR-3
There is no separate statutory due date specifically for Form MR-3. The form must be annexed to the Board’s Report, which means the relevant due date is the date of the Board’s Report. In practice, since the Board’s Report is presented at the AGM and the AGM must be held within six months of the financial year end, the secretarial audit report needs to be ready before the Board’s Report is finalised.
For most companies, this means the Form MR-3 should be completed and signed well before the AGM, which is usually held between July and September for companies with a 31 March financial year end.
However, there is a separate and distinct requirement for listed entities: the Annual Secretarial Compliance Report (ASCR) under SEBI Regulation 24A must be submitted to the stock exchanges within 60 days from the end of the financial year — meaning by 30 May for companies with a 31 March year end. This is different from Form MR-3 and covers a broader scope of SEBI regulations. Both may be prepared by the same PCS but they are separate documents with separate timelines.
What Happens If There Are Non-Compliances?
If the secretarial auditor identifies areas where the company has not complied with applicable laws, those are mentioned as “qualifications” or “observations” in the Form MR-3. The Board of Directors is then required by Section 204(3) to explain each such qualification or observation in their Board’s Report. This explanation must be full and complete — the directors cannot simply acknowledge the observation and move on.
This requirement ensures that shareholders and other readers of the annual report are aware of any compliance gaps and that the management is accountable for addressing them.
Penalty for Non-Compliance — Companies Act 2013
The Companies Act is quite specific about what happens when a company fails to get a secretarial audit done, or when the PCS contravenes the provisions of Section 204. The penalty provisions were amended by the Companies (Amendment) Act, 2020, which came into force on 21 December 2020.
Current Penalty Under Section 204(4)
After the 2020 amendment, the penalty is a flat Rs. 2 lakh for each defaulter. The law uses the phrase “liable to a penalty of two lakh rupees.” This is a civil penalty — not a criminal fine — which means it is imposed directly by the adjudicating authority (the Registrar of Companies) without a criminal trial.
“Each defaulter” means each person in default is separately penalised. So if a company fails to comply with Section 204, the penalty applies to:
- The company itself: Rs. 2 lakh
- Every officer of the company who is in default: Rs. 2 lakh each
- The Practicing Company Secretary who contravened the provisions: Rs. 2 lakh
|
Who |
Nature of Default |
Penalty (Current) |
|
Company |
Failure to get secretarial audit done / not annexing Form MR-3 to Board’s Report |
Rs. 2 lakh |
|
Each officer in default |
Failure to ensure compliance / not explaining qualifications in Board’s Report |
Rs. 2 lakh per officer |
|
Practicing Company Secretary |
Contravention of Section 204 (e.g., not reporting known non-compliances) |
Rs. 2 lakh |
Note: Before the 2020 amendment, the original provision prescribed a fine of not less than Rs. 1 lakh and extendable up to Rs. 5 lakh. Some older sources still reference this range — the current applicable penalty is the flat Rs. 2 lakh per defaulter.
Real-World Example of Penalty Application
To give you an idea of how this plays out in practice: in one case decided in 2024, a public company (Welter Securities Limited) was penalized under Section 204 for multiple financial years of non-compliance. The ROC imposed a total penalty of Rs. 48 lakh on the company and its directors collectively. On appeal, the Regional Director reduced it to Rs. 32 lakh after considering the company’s poor financial condition and losses. The point is: the penalties compound quickly across multiple years of default and multiple defaulters.
Additional SEBI Penalties for Listed Companies
For listed companies, failing to comply with Regulation 24A (the SEBI secretarial compliance requirement) can attract separate penalties from SEBI, in addition to the Section 204 penalty. SEBI has the power to impose fines, restrict securities transactions, or take other enforcement action. So for a listed company, non-compliance carries significantly higher risk than for an unlisted company.
Secretarial Audit vs Statutory Audit: The Key Differences
This confusion comes up a lot in practice. People sometimes think that since they have done a statutory audit, they are covered. They are not. Here is how the two compare:
|
Aspect |
Secretarial Audit |
Statutory Audit |
|
Legal basis |
Section 204, Companies Act, 2013 |
Section 139, Companies Act, 2013 |
|
Who conducts it |
Practicing Company Secretary (PCS) |
Chartered Accountant (CA) |
|
What it covers |
Legal and regulatory compliance — Companies Act, SEBI, FEMA, Secretarial Standards, and applicable laws |
Financial statements — accuracy, completeness, and true and fair view of financials |
|
Applicable to |
Listed companies + specified unlisted public companies + companies with borrowings above Rs. 100 crore |
All companies incorporated under the Companies Act, mandatory for all |
|
Report format |
Form MR-3 |
As per ICAI standards |
|
Report annexed to |
Board’s Report |
Financial statements |
|
Penalty for non-compliance |
Rs. 2 lakh per defaulter under Section 204(4) |
Varies by nature of violation |
The simplest way to think about it: the statutory audit tells you whether the numbers are right. The secretarial audit tells you whether the processes and compliance are right. Both matter, and both are required independently.
For a complete breakdown of statutory audit requirements, process, and compliance timelines, read our detailed guide to statutory audit in India
How PKC India Can Help with Secretarial Audit Compliance?
Secretarial audit applicability is one of those areas where getting it right from the start saves a lot of trouble. Missing the threshold triggers, appointing the wrong type of CS, not responding to observations in the Board’s Report, or failing to file the ASCR on time for a listed entity — each of these can result in penalties, ROC notices, or SEBI action.
At PKC India, our team works closely with Company Secretaries in Practice to provide companies with end-to-end compliance support. Whether you are a listed entity navigating the new SEBI LODR Third Amendment requirements, an unlisted public company that just crossed the Rs. 50 crore paid-up capital threshold, or a private company approaching the borrowings trigger, we can help you assess your obligations and get compliant without the usual fire-drill.
Our services in this space include:
- Threshold assessment — helping companies determine whether secretarial audit applies based on their financial data
- Coordination with Practicing Company Secretaries for Form MR-3 preparation
- Assisting listed entities with the Annual Secretarial Compliance Report (ASCR) filing timelines under SEBI Regulation 24A
- Pre-audit compliance reviews — going through the 30-point checklist before the PCS formally commences the audit, so you are not surprised by observations
- Responding to qualifications or observations noted in the secretarial audit report in the Board’s Report
- Advisory on the SEBI LODR Third Amendment requirements, including peer-reviewed PCS appointment for listed entities
Visit us at www.pkcindia.com or reach out to our team for a discussion about where your company stands on secretarial audit compliance.
Disclaimer: This blog is prepared for general informational purposes only and does not constitute legal or professional advice. The laws and regulations referred to, including the Companies Act, 2013, SEBI LODR Regulations, and associated rules, are subject to amendment. Readers should verify current requirements and consult a qualified Company Secretary or Chartered Accountant for advice specific to their situation. Information in this article reflects the position as understood in May 2026.
FAQs:
1. Is secretarial audit applicable to private companies?
Private companies are generally not covered by Section 204 of the Companies Act unless their outstanding loans or borrowings from banks or public financial institutions are Rs. 100 crore or more. This is the one condition that can bring a private company within the secretarial audit net. If a private company’s borrowings cross this threshold as per its last audited financial statements, it must get a secretarial audit done and annex Form MR-3 to its Board’s Report. Private companies not crossing this threshold are not required to do a secretarial audit but may choose to do so voluntarily.
2. What is the due date for submitting Form MR-3?
Form MR-3 does not have its own separate statutory due date. It must be annexed to the Board’s Report, which is placed before shareholders at the Annual General Meeting. Since the AGM must be held within six months of the financial year end, the Board’s Report (and with it, Form MR-3) needs to be ready before the AGM. For listed entities, there is a separate Annual Secretarial Compliance Report (ASCR) under SEBI Regulation 24A that must be filed with stock exchanges within 60 days of the financial year end — by 30 May for companies with a 31 March year end.
3. Who can conduct a secretarial audit in India?
Only a Company Secretary in Practice — a person who is a Fellow or Associate member of the Institute of Company Secretaries of India (ICSI) and holds a valid Certificate of Practice — can conduct a secretarial audit and sign Form MR-3. A Company Secretary employed full-time by a company (also called an “employee CS”) cannot conduct the audit even if they have the ICSI membership. The independence requirement is fundamental to the audit’s credibility. Additionally, for listed entities from 1 April 2025, the PCS must also be peer-reviewed by ICSI (i.e., hold a valid peer review certificate).
4. What is the penalty for not getting a secretarial audit done?
Under Section 204(4) of the Companies Act, 2013 (as amended by the Companies (Amendment) Act, 2020), the penalty for contravention is Rs. 2 lakh per defaulter. This means the company pays Rs. 2 lakh, and each officer of the company who is in default also pays Rs. 2 lakh individually. The Practicing Company Secretary who fails to comply with the provisions can also be penalized Rs. 2 lakh. For listed companies, additional SEBI penalties may apply separately for failure to comply with the Regulation 24A requirements.
5. What thresholds trigger secretarial audit applicability for unlisted public companies?
An unlisted public company must undergo a secretarial audit if any one of the following conditions is met based on its last audited financial statements: paid-up share capital is Rs. 50 crore or more, or turnover is Rs. 250 crore or more, or outstanding loans or borrowings from banks or public financial institutions are Rs. 100 crore or more. Meeting just one of these is sufficient. The thresholds are checked as of the last date of the latest audited financial statement.
6. Does a company need a secretarial audit if it has no listed securities but is a subsidiary of a listed company?
It depends on whether the subsidiary qualifies as a “material subsidiary” under SEBI LODR definitions. SEBI’s Regulation 24A requires every listed entity and its material unlisted subsidiaries incorporated in India to undertake a secretarial audit. A material subsidiary, for this purpose, means one whose income or net worth exceeds 10% of the consolidated income or net worth of the listed parent. If the subsidiary meets this definition, it must undergo a secretarial audit under SEBI requirements — irrespective of whether it independently crosses the Section 204 thresholds.
7. What is the difference between a Secretarial Audit Report (Form MR-3) and an Annual Secretarial Compliance Report (ASCR)?
Both are prepared by a Practicing Company Secretary, but they serve different purposes. Form MR-3 is the Secretarial Audit Report required under Section 204 of the Companies Act. It is annexed to the Board’s Report and covers compliance with the Companies Act, SEBI regulations, FEMA, Secretarial Standards, and applicable laws. The ASCR, on the other hand, is specific to listed entities and is required under Regulation 24A of SEBI LODR Regulations. It covers SEBI-specific compliance in a more granular way and must be filed with the stock exchanges within 60 days of the financial year end. A listed company with a March 31 year end must file the ASCR by May 30. Both documents can be — and typically are — issued by the same secretarial auditor, but they are separate documents with separate formats and different submission timelines and destinations.
