2. What is Internal Control ?
• Internal controls can be defined as rules, policies
and procedures which are applied to prevent
adverse events from happening or to detect failures
in system when they occur.
• Internal controls can be divided in to three
categories:
• Financial controls.
• Operational controls.
• Compliance controls
3. Is there any Statutory Requirement for
Internal Control…????
4. Companies Act, 2013
• Section 134: In the case of a listed company, the Directors’
Responsibility states that directors have laid down internal financial
controls to be followed by the company and that such controls are
adequate and operating effectively.
• Section 143: The auditor’s report should also state whether the
company has adequate IFC system in place and the operating
effectiveness of such controls.
• Section 177: Audit committee should evaluate IFC and risk
management systems.
• Schedule IV: The independent directors should satisfy themselves on
the integrity of financial information and ensure that financial
controls and systems of risk management are robust and defensible.
5. What is Internal Financial Controls ?
‘IFC’ means the policies and procedures adopted by the
company for ensuring the orderly and efficient conduct of its
business, including:
• adherence to company’s policies,
• the safeguarding of its assets,
• the prevention and detection of frauds and errors,
• the accuracy and completeness of the accounting records,
and
• the timely preparation of reliable financial information.
7. A Control Environment
• The control environment should be embedded in the
operations of the company and form part of its
culture.
• It is the foundation for all other components of
internal control, providing discipline and structure.
• Control environment factors include the integrity,
ethical values and competence of the entity's people,
management's philosophy and operating style, the
way management assigns authority and responsibility,
organizes, develops its people and the attention,
direction provided by the management.
8. Risk Management
Risk can be defined as “A probability of a negative event
or threat which may result in to damage, liability, loss or
other negative impacts that is caused by external or
internal vulnerabilities and which may be avoided
through pre-emptive actions”.
• Identification
• Assessment
• Prioritization
• Treatment
– Risk avoidance
– Risk mitigation
– Risk acceptance
– Risk transfer / sharing
10. Information and communication
• Pertinent information must be identified, captured
and communicated in a defined form and
timeframe that enable people to carry out their
responsibilities.
• Information sharing could be Automated or
Manual.
11. Monitoring of Internal Control
• Internal control systems need to be monitored-a
process that assesses the quality of the system's
performance over time.
• Monitoring is accomplished through on-going
monitoring activities, separate evaluations or a
combination of the two.
• Internal control deficiencies should be reported
upstream, with serious matters reported to top
management and the board.
12. Effective Internal Controls
• Embedded control environment.
• Integrated within business processes
• Preventive v/s Detective
• Respond quickly to risks
• Include procedures for reporting immediately
• System-driven v/s Manual
• Cost-effective