If the board of directors is the brain of a listed company, the audit committee is its financial conscience. Regulation 18 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 takes the bare statutory skeleton of Section 177 of the Companies Act, 2013 and fleshes it out with a stricter, independence-weighted regime designed for companies whose shares trade on a public market. Born from the wreckage of the Satyam fraud and the long arc of corporate governance reform that ran from the Kumar Mangalam Birla Committee through Clause 49 of the old Listing Agreement, Regulation 18 is among the most heavily examined provisions in the LODR for judiciary and CLAT-PG aspirants. This chapter walks through its composition, quorum and meeting discipline, its mandatory terms of reference under Part C of Schedule II, and the case law that gives the committee its teeth.
The statutory architecture: Regulation 18 and Section 177
Regulation 18 does not operate in isolation. It sits atop Section 177 of the Companies Act, 2013, which mandates an audit committee for every listed public company and certain prescribed classes of public companies. The relationship is one of overlay rather than substitution: the Companies Act supplies the floor, while Regulation 18, read with Part C of Schedule II, raises that floor for listed entities by tightening composition norms, prescribing meeting frequency and quorum, and enumerating a long list of mandatory functions. Where the two instruments speak to the same subject, a listed entity must comply with whichever is stricter. For a deeper grounding in how the LODR framework interlocks with the Companies Act, see our chapter on Introduction, Scope and Definitions and the broader SEBI LODR hub.
The constitutional and policy backdrop matters for examiners. The audit committee is the institutional answer to a recurring problem in company law: the dispersed shareholder cannot personally monitor management, the statutory auditor is engaged and paid by the very management it audits, and the board as a whole is often too large and too conflicted to scrutinise accounts line by line. Regulation 18 responds by carving out a small, independence-dominated sub-committee charged with bridging the information gap between management, auditors and the board.
Composition under Regulation 18(1): the two-thirds rule
Regulation 18(1) prescribes the architecture of the committee. The audit committee shall have a minimum of three directors as members. Critically, two-thirds of the members of the audit committee shall be independent directors, a threshold materially higher than the bare majority that Section 177(2) of the Companies Act demands. For a listed entity that has outstanding superior voting rights (SR) equity shares, the regulation goes further still: the audit committee must comprise only independent directors, eliminating any promoter or executive presence on the committee. This SR-share carve-out reflects SEBI's anxiety that founders wielding disproportionate voting power should not also control the body that polices related party transactions and financial reporting.
Every member must be financially literate, and at least one member must have accounting or related financial management expertise. SEBI defines financial literacy functionally as the ability to read and understand basic financial statements: the balance sheet, the profit and loss account, and the statement of cash flows. The chairperson of the audit committee must be an independent director, and that chairperson must be present at the annual general meeting to answer shareholder queries on the committee's work. The company secretary acts as secretary to the committee. Together these requirements ensure that the committee is not a paper body of pliant insiders but a genuinely independent and competent organ. The link between independence and effective monitoring runs throughout the LODR, and is examined alongside the wider composition norms in our chapter on Board of Directors: Composition.
Meetings and quorum under Regulation 18(2)
Regulation 18(2) governs the rhythm of the committee's work. The audit committee must meet at least four times in a year, and not more than one hundred and twenty days may elapse between two consecutive meetings. This cadence aligns the committee's review with the quarterly financial-results cycle, ensuring that no quarter's accounts reach the board or the market without committee scrutiny.
The quorum requirement is deliberately independence-weighted. The quorum for an audit committee meeting shall be either two members or one-third of the members of the audit committee, whichever is greater, with the mandatory condition that at least two independent directors be present. The effect is that no quorum can be formed by management-aligned directors alone; an independent presence is structurally guaranteed at every meeting. The committee has discretion to invite the finance head, the head of internal audit, and a representative of the statutory auditor, and it may also meet without the presence of any executives where candour requires it, a power that is the practical engine of auditor independence.
Terms of reference: Regulation 18(3) and Part C of Schedule II
Regulation 18(3) provides that the role of the audit committee and the information it must mandatorily review shall be as specified in Part C of Schedule II. Part C is the heart of the provision and the most frequently tested portion in mains examinations. Part A of Part C enumerates the committee's role, which includes: oversight of the company's financial reporting process and the disclosure of its financial information to ensure the financial statements are correct, sufficient and credible; recommending the appointment, remuneration and terms of appointment of auditors; reviewing and monitoring the auditor's independence and the effectiveness of the audit process; examining the financial statement and the auditors' report; approving or subsequently modifying transactions of the company with related parties; scrutiny of inter-corporate loans and investments; valuation of undertakings or assets where necessary; evaluation of internal financial controls and risk management systems; and reviewing the functioning of the whistle-blower mechanism.
Part B of Part C lists the information the committee must mandatorily review, including the management discussion and analysis of financial condition and results of operations, statements of significant related party transactions submitted by management, internal audit reports relating to internal control weaknesses, and the appointment, removal and terms of remuneration of the chief internal auditor. The committee's right to investigate any activity within its terms of reference, to seek information from any employee, to obtain outside legal or professional advice, and to secure the attendance of outsiders with relevant expertise, completes its arsenal.
Gatekeeper of related party transactions
Perhaps the audit committee's most consequential function is its role as gatekeeper of related party transactions (RPTs). Under Part C and in tandem with Regulation 23, all RPTs and any subsequent material modifications require the prior approval of the audit committee. Because RPTs are the classic channel through which controlling shareholders tunnel value out of listed companies, this prior-approval requirement is a frontline defence for minority investors.
The regulation also permits omnibus approval for RPTs that are repetitive in nature, subject to safeguards: the committee must satisfy itself that such approval is in the interest of the company, the omnibus approval must specify the name of the related party, the nature and duration of the transaction, the maximum amount, and the value criteria, and any omnibus approval is valid for a maximum of one financial year and must be reviewed at least quarterly. Where a transaction also requires board approval under Section 188(1) of the Companies Act, 2013, that approval must additionally be obtained. The mechanics of materiality thresholds and shareholder approval are developed further in our chapter on Specific Listing Obligations: Equity.
Auditor appointment and independence
The audit committee is the institutional buffer between management and the statutory auditor. By recommending the appointment, remuneration and terms of the auditor, and by monitoring auditor independence and the effectiveness of the audit, the committee is meant to break the conflict inherent in management hiring its own scrutineer. The committee's power to approve payment to statutory auditors for any non-audit services is a specific guard against the auditor's independence being compromised by lucrative consultancy engagements, the very fault line exposed in the Enron and Satyam collapses.
The committee also reviews, with management and the auditors, the quarterly and annual financial statements before submission to the board, focusing on matters required to be included in the directors' responsibility statement, changes in accounting policies, major accounting-estimate adjustments, significant audit adjustments, compliance with listing and legal requirements relating to financial statements, disclosure of related party transactions, and any qualifications in the draft audit report. This review function is the committee's most visible quarterly output.
Vigil mechanism and whistle-blower oversight
Regulation 18 and Part C task the audit committee with reviewing the functioning of the whistle-blower mechanism, dovetailing with Section 177(9) and (10) of the Companies Act, 2013. Section 177(9) requires every listed company to establish a vigil mechanism for directors and employees to report genuine concerns. Section 177(10) mandates that the mechanism provide adequate safeguards against victimisation of persons who use it and make provision for direct access to the chairperson of the audit committee in appropriate or exceptional cases.
This direct-access channel is structurally important: it ensures that a whistle-blower fearing retaliation from management can escalate over management's head straight to an independent chair. The audit committee thereby becomes the terminal point of the company's internal-control conscience, the body to which the most sensitive allegations of fraud, leakage and misreporting ultimately flow.
Director accountability: N. Narayanan v. SEBI
The leading Supreme Court authority illuminating why audit committees matter, and why directors cannot hide behind ignorance of the accounts, is N. Narayanan v. Adjudicating Officer, SEBI, (2013) 12 SCC 152. Narayanan, a whole-time director and promoter of Pyramid Saimira Theatre Ltd., challenged SEBI's order restraining him from the securities market and imposing penalties after the company was found to have falsified accounts, inflated revenues and misled investors. He argued that he was not concerned with finance and could not be fixed with liability for the fabricated figures.
The Supreme Court rejected this defence emphatically. It held that directors, particularly whole-time and executive directors, have a duty to ensure that the financial statements presented to shareholders and the market are true and fair, and cannot disclaim responsibility for accounts they had every means to interrogate. The Court underscored that directors hold a fiduciary position and that the integrity of financial disclosures is fundamental to market integrity and investor protection. Narayanan supplies the doctrinal foundation for the audit committee's oversight role: if individual directors bear personal accountability for the truth of the accounts, a dedicated independent committee charged with scrutinising those accounts is the natural structural response.
The standard of care: Official Liquidator v. P.A. Tendolkar
The classic statement of a director's monitoring duty long predates the LODR. In Official Liquidator, Supreme Bank Ltd. v. P.A. Tendolkar, AIR 1973 SC 1104, the Supreme Court considered misfeasance proceedings against the directors of a collapsed bank. The promoter directors sought to escape liability by pleading that they had delegated day-to-day management to the managing director and were unaware of the irregularities.
The Court refused to accept blind delegation as a defence where the warning signs were glaring: repeated Reserve Bank inspection reports, falsified balance sheets, fictitious share payments and large cash deficits were facts that no reasonably diligent director could ignore. The judgment established that a director may not shut his eyes to what must be obvious, and that supervisory negligence in the face of plain irregularity attracts liability. Translated into the modern audit-committee context, Tendolkar is the standard the committee members are held to: vigilance, not passivity, and a duty to probe red flags rather than rubber-stamp management's representations.
Calibrating liability: Pooja Ravinder Devidasani v. State of Maharashtra
If Narayanan and Tendolkar set the duty, Pooja Ravinder Devidasani v. State of Maharashtra, (2014) 16 SCC 461, calibrates the boundary of liability for directors who do not run the company's day-to-day affairs. The appellant, a non-executive director of a company, was prosecuted under Sections 138 and 141 of the Negotiable Instruments Act, 1881, for cheques dishonoured by the company.
The Supreme Court held that a non-executive director cannot be saddled with vicarious liability merely by virtue of holding the office of director. To attach liability under Section 141, there must be specific averments showing that the director was, at the relevant time, in charge of and responsible for the conduct of the business of the company. The Court observed that a non-executive director performs a governance and supervisory function and is not ordinarily involved in daily management. The significance for audit-committee members, many of whom are independent and non-executive, is that their liability is anchored in their actual role and conduct, not in their bare designation. This calibration is exactly why the LODR demands that independent directors discharge their committee functions diligently: liability follows the genuine exercise (or neglect) of the monitoring role rather than the mere title.
The Satyam catalyst and the evolution of Clause 49
No account of Regulation 18 is complete without the Satyam Computer Services fraud of 2009, in which the founder confessed to fabricating over a thousand crore rupees of non-existent cash and bank balances over several years. The audit committee, populated by eminent independent directors, had failed to detect or arrest the fraud, exposing the gap between the form of an audit committee and its substantive effectiveness.
Satyam accelerated the governance reforms that the Kumar Mangalam Birla Committee (1999) and the Narayana Murthy Committee (2003) had set in motion through Clause 49 of the erstwhile Listing Agreement. The independence-weighted composition, the meeting and quorum discipline, the mandatory terms of reference and the whistle-blower oversight that Regulation 18 now codifies are, in substantial part, the legislative memory of Satyam. For examiners, the lesson is that the audit committee's design choices, the two-thirds independence rule, the independent quorum and the auditor-independence safeguards, are not arbitrary but are calibrated responses to identified governance failures.
It is worth noting how each post-Satyam safeguard maps onto a specific failure mode. The two-thirds independence requirement answers the problem of a committee dominated by management loyalists. The mandatory accounting expertise of at least one member answers the problem of a committee that cannot read the accounts it is meant to scrutinise. The power to meet the statutory auditor without management present answers the problem of an auditor unable to speak candidly under the gaze of the very executives whose figures are in question. And the whistle-blower direct-access channel answers the problem of a junior employee who spots fraud but has no safe route past management to raise it. Seen this way, Regulation 18 reads less like a compliance checklist and more like a forensic diagnosis of how listed-company governance breaks down, with each clause a suture over a known wound.
Interplay with other board committees
The audit committee does not function in isolation from the listed entity's other mandatory committees. Its remit over financial controls and risk overlaps at the margins with the risk management committee, while questions of director appointment and remuneration that touch on independence and competence connect to the nomination and remuneration committee. A clear understanding of where the audit committee's jurisdiction ends and another committee's begins is frequently tested. Readers should pair this chapter with our treatment of the Nomination and Remuneration Committee to map the full committee architecture under the LODR, and revisit the Board of Directors: Composition chapter for how independence is assessed at the board level that feeds these committees.
The audit committee's recommendations on RPTs, auditor appointment and internal-control adequacy are advisory to the board, but in practice carry decisive weight; where the board overrides the committee, the reasons must be disclosed, reinforcing accountability. This division of labour, with the audit committee as the financial-integrity specialist within a wider committee ecosystem, is the structural philosophy of Regulation 18.
A practical tension that examiners enjoy probing is the overlap between the audit committee's risk-and-controls remit and that of a separate risk management committee under Regulation 21. The audit committee's focus is on financial risk and the adequacy of internal financial controls, whereas the risk management committee surveys the entity's enterprise-wide risk landscape, including cyber, operational and strategic risk. Where the two committees share members and subject matter, the listed entity must articulate a clear delineation of mandates in its committee charters to avoid both duplication and gaps, and the answer to a question on overlap is therefore one of complementary specialisation rather than conflict.
Enforcement and consequences of non-compliance
Non-compliance with Regulation 18, whether through a defective composition, missed meetings or breach of quorum, attracts the LODR's enforcement machinery. Stock exchanges impose standardised fines for non-compliance with corporate-governance norms under SEBI's circulars on standard operating procedures, and persistent default can lead to the freezing of promoter shareholding and even suspension of trading. SEBI itself may proceed against the listed entity and its directors under Section 11 and Section 11B of the SEBI Act, 1992, as the Narayanan line of authority confirms.
For the listed entity, the reputational cost of an audit-committee failure typically dwarfs the monetary penalty: a defective committee signals to the market that the company's financial disclosures cannot be trusted. This is why Regulation 18 compliance is treated as a continuing obligation, monitored quarter by quarter, rather than a one-time constitution exercise. The continuing-obligation character links it to the general disclosure philosophy explored in our chapter on Principles Governing Disclosures and the umbrella of Common Obligations of Listed Entities.
Exam strategy and key takeaways
For judiciary and CLAT-PG candidates, Regulation 18 yields predictable question patterns. Numbers must be memorised cold: minimum three directors, two-thirds independent (all independent where SR shares are outstanding), at least four meetings a year, a maximum gap of one hundred and twenty days, and a quorum of two members or one-third whichever is greater with at least two independent directors present. The relationship with Section 177 of the Companies Act, the location of the terms of reference in Part C of Schedule II, and the interface with Regulation 23 on related party transactions are favourite cross-linking questions.
On the case-law front, anchor your answers in N. Narayanan v. SEBI for director accountability for financial statements, Official Liquidator v. P.A. Tendolkar for the standard of supervisory diligence, and Pooja Ravinder Devidasani v. State of Maharashtra for the calibration of non-executive and independent director liability. Frame the entire provision against the Satyam catalyst to demonstrate the policy logic, and you will convert a dry compliance topic into a coherent, well-reasoned answer.
Frequently asked questions
What is the minimum composition of an audit committee under Regulation 18?
Regulation 18(1) requires a minimum of three directors, with two-thirds of the members being independent directors. Where the listed entity has outstanding superior voting rights (SR) equity shares, the committee must comprise only independent directors. Every member must be financially literate and at least one must have accounting or financial management expertise.
How often must the audit committee meet and what is the quorum?
Under Regulation 18(2), the committee must meet at least four times a year with no more than one hundred and twenty days between consecutive meetings. The quorum is two members or one-third of the members, whichever is greater, but at least two independent directors must be present.
Where are the audit committee's powers and functions set out?
Regulation 18(3) provides that the role of the committee and the information it must mandatorily review are specified in Part C of Schedule II. Part A lists functions such as financial-reporting oversight, auditor appointment, RPT approval and whistle-blower review; Part B lists the documents that must be mandatorily reviewed.
Can directors escape liability by claiming they did not handle finance?
No. In N. Narayanan v. Adjudicating Officer, SEBI, (2013) 12 SCC 152, the Supreme Court held that directors cannot disclaim responsibility for false or misleading financial statements, as ensuring true and fair accounts is part of their fiduciary duty and essential to market integrity.
Are non-executive or independent directors automatically liable for company defaults?
No. Pooja Ravinder Devidasani v. State of Maharashtra, (2014) 16 SCC 461, held that a non-executive director is not vicariously liable merely by designation; there must be specific averments that the director was in charge of and responsible for the conduct of the business at the relevant time.
How does the audit committee control related party transactions?
All related party transactions and material modifications require the audit committee's prior approval, read with Regulation 23. The committee may grant omnibus approval for repetitive transactions valid for one financial year, subject to quarterly review and specified safeguards, and Section 188(1) board approval must additionally be obtained where applicable.