SlideShare a Scribd company logo

Beyond Box Ticking - Internal Audit & Controls - Companies Act, 2013 Perspective - CA Sana Baqai

Sana Baqai
Sana Baqai

As we all know, the Companies Act, 2013 has brought about significant changes to the corporate governance landscape in India. One of the key areas where these changes are being felt is in internal audit and control. It is no longer enough for companies to simply tick the boxes when it comes to internal audit and control. They must go beyond that and ensure that their internal audit and control processes are effective and compliant with the Companies Act, 2013. The Companies Act, 2013 (CA, 2013) has introduced a number of new requirements for companies in relation to income audit and control. These requirements are designed to improve the accuracy and reliability of financial reporting, and to reduce the risk of fraud and error. One of the key changes introduced by the CA, 2013 is the requirement for companies to have an internal audit function. The internal audit function is responsible for providing independent assurance to the board of directors on the effectiveness of the company's internal controls over financial reporting.

Education
1 of 50
Download to read offline
Companies Act Perspective Beyond Box Ticking: Internal Audit & Controls CA Sana Baqai Organised by: Board of Internal Audit & Management Accounting of ICAI 1 0 t h M a y , 2 0 2 3 , W e d n e s d a y
AGENDA Internal Audit Internal Financial Control & Internal Control Over Financial Reporting Risk Management Beyond BoxTicking 1 2 3 4
INTERNAL AUDIT
ERA OF CORPORATE GOVERNANCE IN INDIA 1998 1999 2003 2013 2004 2000 2002 MATURITY/ SUSTAINABILITY INITIATIVES CII Kumar Mangalam Birla Committee Clause 49 DCA - Task Force On Corporate Excellence DCA Report Narayan Murthy Committee Naresh Chandra Committee 2015 Amended clause 49 IFC 2017 SEBI (LODR) Regulations 2015 GST 2021 SEBI (LODR) Regulations emphasizing the role of RMC
EVOLVING EXPECTATIONS FROM INTERNAL AUDIT FUNCTION OVER THE YEAR Verifier – Focus on Numbers and Compliances Evaluator – Focus on Processes Problem Identifier – Focus on Systems and Controls Solution Provider – Focus on Objectives and Risk Management Consultant and Assurance Provider – Focus on Value Addition and Corporate Governance
DEFINITION OF INTERNAL AUDIT - ICAI The Institute of Chartered Accountants of India (ICAI) “Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives”.
PARADIGM SHIFT IN THE ROLE OF INTERNAL AUDITOR From To Reactive Proactive Books Business Vouchers Systems Sales Value Addition Economic Value Addition Value Creation Quantity of Earnings Quality of Earnings Delayed Accuracy Quick Estimate Internal Control Internal Co-operation
PARADIGM SHIFT IN THE ROLE OF INTERNAL AUDITOR From To Compliance with Standard Accounting Compliance with Accounting Standards Tax Planning Tax Compliance Checker Consultant Compliance Competency Foe Friend Fault Finder Facilitator Net Profits Cash Flow Large Cash as a source of “comfort” Cause of “Concern”
PARADIGM SHIFT IN THE ROLE OF INTERNAL AUDITOR From To You vs. We All of us Stern Look Smile Internal Audit External Internal Audit Professional Partner Consultant Core Group Member Long Report Crisp Elevator Pitch Conceptualization Execution
OBJECTIVES Governance processes and ethical practices Compliances – external and internal Risks and controls Optimization of resources, costs and processes
SECTION 138 OF COMPANIES ACT, 2013 • As per Section 138 of Companies Act, 2013 read with Rule 13(1) of the Companies (Accounts) Rules, 2014, certain classes of companies are required to appoint an Internal Auditor. • The Board of a Company may appoint Chartered Accountant, cost accountant or any other professional to conduct Internal Audits. • The Internal auditor may or may not be an employee of the company.
APPLICABILITY OF INTERNAL AUDIT UNDER SECTION 138 OF COMPANIES ACT, 2013 READ WITH RULE 13 OF COMPANIES (ACCOUNTS) RULES, 2014 Types of Companies/ Conditions Private Companies Unlisted Public Companies Listed Companies Turnover Rs. 200 Crore or more during previous financial year Rs. 200 Crore or more during previous financial year All listed companies covered Outstanding Loans / Borrowings from Banks or Public Financial Institutions Rs. 100 Crore or more at any point of time during previous financial year Rs. 100 Crore or more at any point of time during previous financial year Paid up Share Capital N.A. Rs. 50 Crore or more during previous financial year Outstanding Deposits N.A. Rs. 25 Crore or more at any point of time during previous financial year Statutory Auditor has to mention about the adequacy of Internal controls in Audit Report ! Even the Cost auditor has to confirm the adequacy of Internal controls in Cost Audit report !
ELIGIBILITY FOR APPOINTMENT OF INTERNAL AUDITOR  The internal auditor shall be either Chartered Accountant or Cost Accountant or such other professional as may be decided by the board.  The internal auditor may or may not be an employee of the company.  “Chartered Accountant” shall mean a Chartered Accountant whether engaged in practice or not – therefore, every registered member of the Institute of Chartered Accountants of India is eligible for appointment as Internal Auditor of company.  Thus, the board of company via the Audit Committee has been given freedom to appoint any professional and competent person to be its internal auditor.  Statutory auditor appointed under section 139 of Act is not eligible to provide the service of Internal audit whether rendered directly or indirectly to the company or its holding company or subsidiary company.
COMPETENCIES THAT AN INTERNAL AUDITOR NEEDS TO POSSESS An Internal Auditor shall be free from any undue influences which force him to deviate from the truth. This independence shall be not only in mind, but also in appearance. Independence “Due professional care” signifies that the Internal Auditor exercises reasonable care in carrying out the work to ensure the achievement of stated objectives. Due Professional Care The Internal Auditor shall be honest, truthful and be a person of high integrity. He shall operate in a highly professional manner and seen to be fair in all his dealings. Integrity The Internal Auditor shall keep information confidential and secured which he has gathered during the period under audit. Confidentiality The Internal Auditor shall conduct his work in a highly objective manner, especially in gathering and evaluation of facts and evidence. He shall not allow prejudice or bias to override his objectivity. Objectivity The Internal Auditor shall have sound knowledge, strong interpersonal skills, practical experience and professional expertise in certain areas and other competencies required to conduct a quality audit. Skill and Competence
SCOPE OF INTERNAL AUDIT  Not prescribed under the Act or Rules made thereunder  The Audit Committee or the Board shall, in consultation with the internal auditor, formulate the scope, functioning, periodicity and methodology for conducting the internal audit.
INTERNAL AUDIT – VALUE ADD !! Efforts Value
INTERNAL FINANCIAL CONTROL (IFC) AND INTERNAL FINANCIAL CONTROL OVER FINANCIAL STATEMENTS (ICFR)
INTERNAL FINANCIAL CONTROLS: COMPANIES ACT, 2013 Section 134(5)(e) - The directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively 1 Section 134(5)(f) - The directors had devised proper systems to ensure compliance with the provisions of all applicable laws and that such systems were adequate and operating effectively 2 Section 134(3)(q), sub-rule 8(5) - “In addition to the information and details specified in sub-rule (4), the report of the Board shall also contain: …“the details in respect of adequacy of internal financial controls with reference to the financial statements.” 3 Director’s Responsibility Statement
INTERNAL FINANCIAL CONTROLS: COMPANIES ACT, 2013 Audit Committee • Section 177(4)(vii) - Every Audit Committee shall act in accordance with the terms of reference specified in writing by the Board which shall inter alia, include ….., evaluation of internal financial controls and risk management systems …. • Section 177(5) - The Audit Committee may call for the comments of the auditors about internal control systems, the scope of audit, including the observations of the auditors and review of financial statement before their submission to the Board and may also discuss any related issues with the internal and statutory auditors and the management of the company. Auditor’s Report • Section 143(3)(i) - Whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
CONSEQUENCES OF NON-COMPLIANCE  Section 134(8) – contravention punishable with fine  which shall not be less than Rs. 50,000 but which may extend to Rs. 2,500,000 and  every officer of the company who is in default  shall be punishable with imprisonment for a term which may extend to 3 years or  with fine which shall not be less than Rs. 50,000 but which may extend to Rs. 500,000 or  with both.
WHAT DOES THE LAW SAY?  Board of Directors (Section 134):  Lay down adequate and effective IFCs and include it in Directors' Responsibility Statement  Independent directors to satisfy themselves on the strength of financial controls.  Audit Committee (Section 177):  Evaluate IFC systems  Review Auditors' comments / observations with respect to controls before submission to the Board  Discuss issues with Management or Internal / Statutory Auditors  Auditors (Section 143):  Report on adequacy of IFCs system  Report on operating effectiveness of such controls.  IFC to be included as part of Directors Responsibility Statement from March 31, 2015 onwards and as part of Statutory Auditors Report from March 31, 2016 onwards
WHO ALL ARE RESPONSIBLE??? Who all are responsible Public Listed Company Public Unlisted Company Pvt. Company paid up share capital >= ₹20 Cr. Paid up share capital >= ₹10 Cr. Turnover >= ₹100 Cr. Loans/ Borrowings in aggregate >= ₹ 50 Cr. Director’s Responsibility Statement (134) IFR ✓ Statutory Auditor (143) ICFR ✓ ✓ ✓ ✓ ✓ Audit Committee (177) ICFR ✓ ✓ ✓ ✓ Independent Director (Schedule IV) ICFR ✓ ✓ ✓ ✓ Rule 8(5)(viii) of the Companies Accounts Rules, 2014 – BOD Report – Financial Statements only ICFR ✓ ✓ ✓ ✓
RESPONSIBILITY OF STAKEHOLDERS Company Management Auditors Audit committee/ Independent Director Board of Directors • Create & test the framework of internal controls • IFC (including operational & compliance) • Controls documentation • Focus on internal controls, to the extent these relate to the financial reporting • Auditors responsibility limited to evaluation of ‘Financial reporting controls’ • Would like to see a robust framework that is aligned to acceptable standards • Review & question the basis of your controls design & ongoing assessments • Would rely on the assessment & view of the audit committee • They may ask for additional information
CLAUSE 49 OF THE LISTING AGREEMENT  The CEO and the CFO shall certify to the board the following matters:  They have accepted the responsibility for the establishment and maintenance of internal controls for financial reporting.  The effectiveness of the internal control systems that pertain to financial reporting has been evaluated by them.  The deficiencies in the design and operation of such internal controls of which the CEO / CFO is aware have been communicated to the audit committee and auditors and necessary steps have been taken or proposed to be taken to rectify such deficiencies.  Necessary changes during the year pertaining to the internal control over financial reporting have been indicated to the audit committee and the auditor.  Significant frauds involving an employee or management having a significant role in the internal control system over the financial reporting of the company have also been indicated to the audit committee and the auditors.
INTERNAL FINANCIAL CONTROLS – COMPANIES ACT, 2013 Accuracy and completeness of accounting records Policies and procedures adopted by the company for ensuring orderly & efficient conduct of its business INTERNAL FINANCIAL CONTROLS As per Section 134 Companies Act 2013, Internal Financial Controls means: Internal Controls over Financial Reporting (ICFR) Operational Controls Fraud Prevention Controls Internal Financial Control (IFC)
INTERNAL FINANCIAL CONTROLS OVER FINANCIAL REPORTING (ICFR) A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A Companies’ internal financial control over financial reporting includes those policies and procedures that:  Pertain to the maintenance of the records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company  Provides reasonable assurance that transactions are recorded as necessary to permit preparation of financial statement in accordance with generally accepted accounting principles, and those receipts and expenditures of the company are being made only in accordance with authorizations of management and director of the company.  Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material impact on the financial statement. Maintenance of Financial Records (Detail/ Accuracy) Authorisation of transactions (In accordance with GAAP) Safeguarding of the assets Internal Controls over Financial Reporting (ICFR)
WHY ICFR IS IMPORTANT?  Regulatory Compliance  Process Efficiencies  Value Enhancement  Framework Development  Operations Assessment  Control Design Review  Upgrading Internal Practices  Sampling Techniques  Effectiveness Testing  Documentation and Representation Gain a level of assurance that allows the board, management and other stakeholders to be satisfied that the organization maintains a strong system of internal control.
COMMON MYTHS  Meeting CARO Requirement is sufficient  Company has SOPs in place  Controls are automatically in place & hence there is no need to revisit them  There is no need to document the processes & controls  There is no need to link the Risks with controls  The process for IFCoFR Certification is not required since no exceptions are noted by the auditors  Testing of Controls & remediation of deficiencies is the responsibility of auditors and not of the management  There is no need to provide training & development to the employees
INTERNAL FINANCIAL CONTROLS – WHAT TO DO? IFC Requirements IFC Objective • Defined Policies and procedures to ensure effective and efficient operations. • Effective Delegation of Authority and Entity level controls • Preventive controls to address Fraud risk • Mechanism for timely detection of fraud and errors • Adequate control over asset movement, storage, loss or theft. • Risk identification and mitigation plan to reduce loss of asset • Controls over accurate and timely update of accounting records • Control over completeness of accounting records • Timely preparation of financial reports • Adequate controls over preparation of financial reports What to do ? • Define and ensure compliance to appropriate policies and procedures and Delegation of Authority • Define appropriate Entity level controls • Define and monitor operating effectiveness of appropriate controls over various activities. • Fraud Risk Management • Define appropriate asset movement controls • Effective asset verification program Defined effective controls and ensure operating effectiveness (ELC, PLC, ITGC and Fraud Risk) • Defined appropriate controls over preparation of financial reports • Adequate review mechanism Efficiency and effectiveness in Operations Prevention and detection of fraud and error Reliability of Financial reporting Compliance with applicable laws and regulations Operations Objectives Reporting Objectives Compliance Objectives Safeguarding of assets Accuracy and completeness of Accounting records • Adequate framework to ensure compliance to applicable laws and regulations • Adequate framework to monitor the compliance Legal Compliance Framework
Assertions Particulars Accuracy Amounts and other data relating to recorded transactions and events have been recorded appropriately. Completeness All transactions and events, assets, liabilities, and equity interests that should have been recorded are recorded Validity Transactions and events that have been recorded have occurred and pertain to the entity. Cut Off Transactions and events have been recorded in the correct accounting period Valuation and Allocation Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. Presentation and Disclosure Recorded transactions and events are properly classified, described, and disclosed in the financial statements ACCOUNTING ASSERTIONS
KEY CONSIDERATIONS IN A CONTROL Focus your questions on the assertions the control is making … is this control performed? Frequency (Daily, Weekly, Monthly Qtrly, etc)? Is it frequent enough to prevent/ detect & correct the risk? … is generated to prove that this control was performed? … performs the control? Does this person have the requisite knowledge/ authority? … is the evidence of control performance retained? For how long? Is it accessible for audit? … is this control being performed? What types of errors should be prevented or detected? … is this control being performed? What activities are included? Can these activities be bypassed? Can the bypass be detected? How are issues resolved, once identified, and in what timeframe? Is this fast enough to mitigate the risk? Understand & Document
HOW WILL IFC HELP BEYOND COMPLIANCE?  Helps in business process redesigning to plug revenue leakages & cost containment opportunities  Helps in rationalizing the number of controls across organization – moving to smart and automated controls  Helps in standardizing policies and procedures for multi-location and multi-business companies  Foster a control conscious work culture for people behind controls  Provides assurance to the CEO/ CFO as well as improves business performance  In some instances, also serves as a base for blue print of optimal procedures while thinking about ERP  Aimed at strengthening the processes to further improve business, identify cost containment opportunities as well as drive business growth Compliance Ethics Trust
RISK MANAGEMENT DEFINED 33 A structured, consistent and continuous process for identification and assessment of risks, undertaking control assessment and continuous monitoring of exposure of the risk Risk Management Risk Management is critical to value creation, offering shareholders improved stability and predictability
REGULATORY REQUIREMENT FOR ERM FRAMEWORK- COMPANIES ACT 2013 REQUIREMENT 1 2 Responsibility: Audit Committee Applicability: Listed Entities, Entities with Public borrowing Responsibility: Board of Directors Applicability: Listed Companies Responsibility: Independent Directors Applicability: Listed Entities, Entities with Public borrowing 3 The board of directors report must include a statement indicating development and implementation of a risk management policy for the Company including identification of elements of risk, if any, which in the opinion of the board may threaten the existence of the Company. The audit committee shall act in accordance with the terms of reference specified in writing by the board, which shall, inter alia, include evaluation of risk management systems. Section 134 Section 177 Section 149(7), Schedule IV Independent directors should satisfy themselves that systems of risk management are robust and defensible.
RISK MANAGEMENT – AN OVERVIEW Organizations' Vision & Mission Strategic Objectives Organization Structure & Processes Processes/ Sub Processes Risks Why the company / business unit exists Articulate what an Organisation seeks to do to achieve its vision The way company operates to achieve its objectives The sub-processes that are needed to achieve the objectives What could go wrong which would hamper achievement of the vision/ mission/ strategic objectives
WHO IS RESPONSIBLE FOR RISK MANAGEMENT A SHARED RESPONSIBILITY Process Owners Senior Management Business Unit Management Board of Directors Shareholders Audit Committee External Audit Internal Audit
Use risk and control information to improve performance Risk Structure Risk Portfolio RISK MANAGEMENT FRAMEWORK COMPRISES OF...
RISK ASSESSMENT AND RECOMMENDATIONS Significant Medium Risk Considerable Management Required Medium Risk Must Manage and Monitor High Risk Extensive Management Essential M oderate Low Risk Worth Accepting with Monitoring Medium Risk Management Efforts wothwhile High Risk Management Efforts Required Low Low Risk Acceptable Risk Low Risk Accept but Monitor Medium Risk Manage and Monitor Low Moderate Significant Impact Likelihood Risk Assessment • Quantify the impact to the extent possible • Evaluate the possibility of recurrence • Auditor needs to be Objective in this analysis and must put forward his views along with reasons • Ensure that the recommendations are discussed with the process owners and evaluated with regard to the implementation plan
PERFORM ERM BASED INTERNAL AUDITING FOR EFFECTIVE RISK MANAGEMENT Direction on audit planning & control environment Adequacy of Risk Management & control environment Internal Audit Review effectiveness of risk management Direction on risk management ERM ERM and Internal Audit cyclical relationship Business Operations
SMART – DIA (DIGITAL, INTELLIGENT AND ANALYTICAL) INTERNAL AUDIT PROGRAM For sharper, efficient and greater coverage Focus on anti fraud controls To be able to do a deeper audit To align business with regulatory compliance Internal Financial Controls (IFC) Incl. IT & Cybersecurity • Internal financial controls • IT & Cybersecurity controls • ERP application controls • Operating effectiveness of the identified controls Statutory Compliance To cover the risk of legal and financial exposure to the Company due to legal and statutory non compliances Operational Auditing • Health & Safety • Volatility in prices • Identification and recommending process automation • Sector Insights & Multidisciplinary and SME Risk & Resilience To cover risks at an enterprise level, review the effectiveness of the mitigation plans and integrating the same with Internal Audit Eye of Forensic Applying knowledge and repository of fraud risks to focus on anti-fraud controls Smart DIA, IT Advanced data analytics tool to provide exceptional reporting for effective internal auditing 360° Coverage To make business more resilient against the uncertainties
THE BOX-TICKING SYNDROME  The corporate culture is the most powerful control in any organization.  In the corporate governance field, the box ticking syndrome defines a formal approach to the implementation of corporate governance principles – doing something just because there is a rule that says that you must do it. Over the last few years, financial regulators (mainly in the banking and insurance sectors) are requiring companies to implement processes for the development and management of risk culture as part of the corporate governance framework.
CAN RISK CULTURE FALL INTO THE BOX TICKING TRAP?  Tone from the top – the management body should be responsible for setting and communicating the institution’s core values;  Accountability – employees should know and understand the core values of the institution and must be held accountable for their actions;  Effective communication and challenge – a sound risk culture promotes open communication, and  Incentives – incentives should pay a key role in aligning risk taking with the institution’s risk profile and long-term interest.
CHALLENGES AND EMERGING TRENDS IN INTERNAL AUDIT AND INTERNAL CONTROL Technological Advancements Globalization Regulatory Complexity Data Analytics Agile Audit Methodologies Focus on Culture and Behavior Sustainability
REFOCUS ON RISK ASSESSMENT  The starting point to evaluate the sufficiency of an ICFR program should be with a financial statement risk assessment. The risk assessment, which includes specific financial reporting objectives and identification of risks to achieving those objectives, answers these fundamental questions:  Which controls are necessary to address the company's risks?  How many controls does the company need?  What is "just enough" for the company's ICFR program?
WHAT CAN MANAGEMENT DO TO REFOCUS?  Management's focus on ICFR should start with determining whether the company's risk assessment process is sufficient to identify and assess the risks to reliable financial reporting, including changes in those risks. Proactive steps management can consider include:  Refreshing the risk assessment program to incorporate the right people, processes, and technologies to unlock the hidden value.  Integrating data analytics and visualization to improve the quality of the data analyzed to support robust risk identification and report results succinctly to key stakeholders. This, in turn, can rationalize risks of material misstatement to a level of granularity to focus on what could truly be a material misstatement.
REFOCUS ON MANAGEMENT REVIEW CONTROL  Management review controls (MRCs) to address these issues:  High compliance costs  Outdated ICFR programs  A continued focus on ICFR by regulators
REFOCUS ON ROBOTIC PROCESS AUTOMATION  When exploring the adoption of RPA technologies, it’s important to challenge areas where the governance construct may not adequately support these changes. Companies may consider controls in the following layers in terms of the life cycle from ideation and creation of a bot:  Development  Implementation  Monitoring
PRACTICAL IMPLICATIONS FOR RISK PROFESSIONALS  To avoid a box ticking approach and gain deeper understanding as to how culture works in our organization and how to manage it we need to:  Discover  Design  Deliver Leaders play the most important role in this process – they are the main architects of culture and if elements of the culture become dysfunctional, leadership can and must drive culture change.
CA SANA BAQAI sana.baqai@kysbindia.com +91-9971938000

Recommended

Spire Brief - Enhanced Corporate Governance Norms
Spire Brief - Enhanced Corporate Governance NormsSpire Brief - Enhanced Corporate Governance Norms
Spire Brief - Enhanced Corporate Governance NormsPrashant Jain
 
Elements of auditing
Elements of auditingElements of auditing
Elements of auditingKAZEMBETVOnline
 
Audit to an enterprise is an important as oxygen for human being
Audit to an enterprise is an important as oxygen for human beingAudit to an enterprise is an important as oxygen for human being
Audit to an enterprise is an important as oxygen for human beingCA. (Dr.) Rajkumar Adukia
 
White paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachWhite paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachChandan Goyal
 
A new provision relating to internal audit - Dr S. Chandrasekaran
A new provision relating to internal audit - Dr S. ChandrasekaranA new provision relating to internal audit - Dr S. Chandrasekaran
A new provision relating to internal audit - Dr S. ChandrasekaranD Murali ☆
 
Internal financial control
Internal financial controlInternal financial control
Internal financial controlMitesh Katira
 
Role of Auditor in the Corporate World
Role of Auditor in the Corporate WorldRole of Auditor in the Corporate World
Role of Auditor in the Corporate WorldMallampalli Ruthvik
 
1. introduction
1. introduction1. introduction
1. introductionSyed Osama Rizvi
 

Recommended

Spire Brief - Enhanced Corporate Governance Norms
Spire Brief - Enhanced Corporate Governance NormsSpire Brief - Enhanced Corporate Governance Norms
Spire Brief - Enhanced Corporate Governance NormsPrashant Jain
 
Elements of auditing
Elements of auditingElements of auditing
Elements of auditingKAZEMBETVOnline
 
Audit to an enterprise is an important as oxygen for human being
Audit to an enterprise is an important as oxygen for human beingAudit to an enterprise is an important as oxygen for human being
Audit to an enterprise is an important as oxygen for human beingCA. (Dr.) Rajkumar Adukia
 
White paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachWhite paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachChandan Goyal
 
A new provision relating to internal audit - Dr S. Chandrasekaran
A new provision relating to internal audit - Dr S. ChandrasekaranA new provision relating to internal audit - Dr S. Chandrasekaran
A new provision relating to internal audit - Dr S. ChandrasekaranD Murali ☆
 
Internal financial control
Internal financial controlInternal financial control
Internal financial controlMitesh Katira
 
Role of Auditor in the Corporate World
Role of Auditor in the Corporate WorldRole of Auditor in the Corporate World
Role of Auditor in the Corporate WorldMallampalli Ruthvik
 
1. introduction
1. introduction1. introduction
1. introductionSyed Osama Rizvi
 
vdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptvdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptFraterne1
 
Midterm Output - AUDIT SIMULATION - GROUP 7
Midterm Output - AUDIT SIMULATION - GROUP 7Midterm Output - AUDIT SIMULATION - GROUP 7
Midterm Output - AUDIT SIMULATION - GROUP 7AiraRebuyon
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial ControlsPranav Joshi
 
Auditing-DESKTOP-ITUD1J8.pptx
Auditing-DESKTOP-ITUD1J8.pptxAuditing-DESKTOP-ITUD1J8.pptx
Auditing-DESKTOP-ITUD1J8.pptxMuhammadUmarIqbal11
 
Secretarial Audit
Secretarial AuditSecretarial Audit
Secretarial AuditPrashant Kumar
 
IGNOU -AUDITING ECO 12
IGNOU -AUDITING ECO 12IGNOU -AUDITING ECO 12
IGNOU -AUDITING ECO 12Bibek Prajapati
 
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...ssuser0e5863
 
Applicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodApplicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodSARVJEET KAUSHAL
 
IFC Act White paper
IFC Act White paperIFC Act White paper
IFC Act White paperUber Space Solutions
 
Cost Audit
Cost AuditCost Audit
Cost AuditAugustin Bangalore
 
Presentation chapter 9
Presentation chapter 9Presentation chapter 9
Presentation chapter 9Emran Habeeb
 
Corporate governance and the financial oversight of the board
Corporate governance and the financial oversight of the boardCorporate governance and the financial oversight of the board
Corporate governance and the financial oversight of the boardAdesoji Adesugba
 
Reason for the audit letter
Reason for the audit letterReason for the audit letter
Reason for the audit letterJeamsVidal
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Kirtane Pandit
 
IFC- An Insight
IFC- An InsightIFC- An Insight
IFC- An InsightPranav Joshi
 
T8 Notes
T8 NotesT8 Notes
T8 NotesSam Eath Sek
 
Narayan Murthy Committee on Corporate Governance.pptx
Narayan Murthy Committee on Corporate Governance.pptxNarayan Murthy Committee on Corporate Governance.pptx
Narayan Murthy Committee on Corporate Governance.pptxVijethPatavardhan
 
Internal financial control
Internal financial controlInternal financial control
Internal financial controlCA Pritesh Ostwal
 
Internal financial control
Internal financial controlInternal financial control
Internal financial controlCA Pritesh Ostwal
 
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdfGauri More
 
Powerful Audit Report Writing
Powerful Audit Report WritingPowerful Audit Report Writing
Powerful Audit Report WritingSana Baqai
 
Start-up Trends Post Pandemic
Start-up Trends Post PandemicStart-up Trends Post Pandemic
Start-up Trends Post PandemicSana Baqai
 

More Related Content

Similar to Beyond Box Ticking - Internal Audit & Controls - Companies Act, 2013 Perspective - CA Sana Baqai

vdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptvdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptFraterne1
 
Midterm Output - AUDIT SIMULATION - GROUP 7
Midterm Output - AUDIT SIMULATION - GROUP 7Midterm Output - AUDIT SIMULATION - GROUP 7
Midterm Output - AUDIT SIMULATION - GROUP 7AiraRebuyon
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial ControlsPranav Joshi
 
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...ssuser0e5863
 
Applicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodApplicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodSARVJEET KAUSHAL
 
Presentation chapter 9
Presentation chapter 9Presentation chapter 9
Presentation chapter 9Emran Habeeb
 
Corporate governance and the financial oversight of the board
Corporate governance and the financial oversight of the boardCorporate governance and the financial oversight of the board
Corporate governance and the financial oversight of the boardAdesoji Adesugba
 
Reason for the audit letter
Reason for the audit letterReason for the audit letter
Reason for the audit letterJeamsVidal
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Kirtane Pandit
 
Narayan Murthy Committee on Corporate Governance.pptx
Narayan Murthy Committee on Corporate Governance.pptxNarayan Murthy Committee on Corporate Governance.pptx
Narayan Murthy Committee on Corporate Governance.pptxVijethPatavardhan
 
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdfGauri More
 

Similar to Beyond Box Ticking - Internal Audit & Controls - Companies Act, 2013 Perspective - CA Sana Baqai (20)

vdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.pptvdocuments.mx_cia-part-1-slides.ppt
vdocuments.mx_cia-part-1-slides.ppt
 
Midterm Output - AUDIT SIMULATION - GROUP 7
Midterm Output - AUDIT SIMULATION - GROUP 7Midterm Output - AUDIT SIMULATION - GROUP 7
Midterm Output - AUDIT SIMULATION - GROUP 7
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
Auditing-DESKTOP-ITUD1J8.pptx
Auditing-DESKTOP-ITUD1J8.pptxAuditing-DESKTOP-ITUD1J8.pptx
Auditing-DESKTOP-ITUD1J8.pptx
 
Secretarial Audit
Secretarial AuditSecretarial Audit
Secretarial Audit
 
IGNOU -AUDITING ECO 12
IGNOU -AUDITING ECO 12IGNOU -AUDITING ECO 12
IGNOU -AUDITING ECO 12
 
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
PPT_on_Practical_Intricacies_in_Internal_Audit_of_Manufacturing_Companies_by_...
 
Applicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program goodApplicability of internal audit capsule on ia program good
Applicability of internal audit capsule on ia program good
 
IFC Act White paper
IFC Act White paperIFC Act White paper
IFC Act White paper
 
Cost Audit
Cost AuditCost Audit
Cost Audit
 
Presentation chapter 9
Presentation chapter 9Presentation chapter 9
Presentation chapter 9
 
Corporate governance and the financial oversight of the board
Corporate governance and the financial oversight of the boardCorporate governance and the financial oversight of the board
Corporate governance and the financial oversight of the board
 
Reason for the audit letter
Reason for the audit letterReason for the audit letter
Reason for the audit letter
 
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
Internal Financial Controls (IFC) / Internal Control over Financial Reporting...
 
IFC- An Insight
IFC- An InsightIFC- An Insight
IFC- An Insight
 
T8 Notes
T8 NotesT8 Notes
T8 Notes
 
Narayan Murthy Committee on Corporate Governance.pptx
Narayan Murthy Committee on Corporate Governance.pptxNarayan Murthy Committee on Corporate Governance.pptx
Narayan Murthy Committee on Corporate Governance.pptx
 
Internal financial control
Internal financial controlInternal financial control
Internal financial control
 
Internal financial control
Internal financial controlInternal financial control
Internal financial control
 
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
 

More from Sana Baqai

Powerful Audit Report Writing
Powerful Audit Report WritingPowerful Audit Report Writing
Powerful Audit Report WritingSana Baqai
 
Start-up Trends Post Pandemic
Start-up Trends Post PandemicStart-up Trends Post Pandemic
Start-up Trends Post PandemicSana Baqai
 
Networking of CA Firms – ICAI Guidelines
Networking of CA Firms – ICAI GuidelinesNetworking of CA Firms – ICAI Guidelines
Networking of CA Firms – ICAI GuidelinesSana Baqai
 
Overview of code of ethics – Vol 1 | ICAI | CA Sana Baqai
Overview of code of ethics – Vol 1 | ICAI | CA Sana BaqaiOverview of code of ethics – Vol 1 | ICAI | CA Sana Baqai
Overview of code of ethics – Vol 1 | ICAI | CA Sana BaqaiSana Baqai
 
Effective Tips for Time management – Increase your productivity | CA Sana Baqai
Effective Tips for Time management – Increase your productivity | CA Sana BaqaiEffective Tips for Time management – Increase your productivity | CA Sana Baqai
Effective Tips for Time management – Increase your productivity | CA Sana BaqaiSana Baqai
 
Tips for Making Effective and Powerful PowerPoint Presentation | Sana Baqai
Tips for Making Effective and Powerful PowerPoint Presentation | Sana BaqaiTips for Making Effective and Powerful PowerPoint Presentation | Sana Baqai
Tips for Making Effective and Powerful PowerPoint Presentation | Sana BaqaiSana Baqai
 
Latest Format for Audit Report and Financials for LLP | CA Sana Baqai
Latest Format for Audit Report and Financials for LLP | CA Sana BaqaiLatest Format for Audit Report and Financials for LLP | CA Sana Baqai
Latest Format for Audit Report and Financials for LLP | CA Sana BaqaiSana Baqai
 
Advance tax - Who should pay and when? | CA Sana Baqai
Advance tax - Who should pay and when? | CA Sana BaqaiAdvance tax - Who should pay and when? | CA Sana Baqai
Advance tax - Who should pay and when? | CA Sana BaqaiSana Baqai
 
Tax Rates for Assessment Year 2021 22 | CA Sana Baqai
Tax Rates for Assessment Year 2021 22 | CA Sana BaqaiTax Rates for Assessment Year 2021 22 | CA Sana Baqai
Tax Rates for Assessment Year 2021 22 | CA Sana BaqaiSana Baqai
 
Permanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana Baqai
Permanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana BaqaiPermanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana Baqai
Permanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana BaqaiSana Baqai
 
All about Section 44AD of the Income Tax Act | Sana Baqai
All about Section 44AD of the Income Tax Act | Sana BaqaiAll about Section 44AD of the Income Tax Act | Sana Baqai
All about Section 44AD of the Income Tax Act | Sana BaqaiSana Baqai
 
Agreement for CSR Implementation Partner / Agency / NGO | Sana Baqai
Agreement for CSR Implementation Partner / Agency / NGO | Sana BaqaiAgreement for CSR Implementation Partner / Agency / NGO | Sana Baqai
Agreement for CSR Implementation Partner / Agency / NGO | Sana BaqaiSana Baqai
 
Highly Effective Tips for Impressive Presentation | Sana Baqai
Highly Effective Tips for Impressive Presentation | Sana BaqaiHighly Effective Tips for Impressive Presentation | Sana Baqai
Highly Effective Tips for Impressive Presentation | Sana BaqaiSana Baqai
 
Unique Document Identification Number - Objectives and Benefits | Sana Baqai
Unique Document Identification Number - Objectives and Benefits | Sana BaqaiUnique Document Identification Number - Objectives and Benefits | Sana Baqai
Unique Document Identification Number - Objectives and Benefits | Sana BaqaiSana Baqai
 
Foundation of Internal Auditing | Sana Baqai
Foundation of Internal Auditing | Sana BaqaiFoundation of Internal Auditing | Sana Baqai
Foundation of Internal Auditing | Sana BaqaiSana Baqai
 
Emerging Issues and Challenges | Sana Baqai
Emerging Issues and Challenges | Sana BaqaiEmerging Issues and Challenges | Sana Baqai
Emerging Issues and Challenges | Sana BaqaiSana Baqai
 

More from Sana Baqai (16)

Powerful Audit Report Writing
Powerful Audit Report WritingPowerful Audit Report Writing
Powerful Audit Report Writing
 
Start-up Trends Post Pandemic
Start-up Trends Post PandemicStart-up Trends Post Pandemic
Start-up Trends Post Pandemic
 
Networking of CA Firms – ICAI Guidelines
Networking of CA Firms – ICAI GuidelinesNetworking of CA Firms – ICAI Guidelines
Networking of CA Firms – ICAI Guidelines
 
Overview of code of ethics – Vol 1 | ICAI | CA Sana Baqai
Overview of code of ethics – Vol 1 | ICAI | CA Sana BaqaiOverview of code of ethics – Vol 1 | ICAI | CA Sana Baqai
Overview of code of ethics – Vol 1 | ICAI | CA Sana Baqai
 
Effective Tips for Time management – Increase your productivity | CA Sana Baqai
Effective Tips for Time management – Increase your productivity | CA Sana BaqaiEffective Tips for Time management – Increase your productivity | CA Sana Baqai
Effective Tips for Time management – Increase your productivity | CA Sana Baqai
 
Tips for Making Effective and Powerful PowerPoint Presentation | Sana Baqai
Tips for Making Effective and Powerful PowerPoint Presentation | Sana BaqaiTips for Making Effective and Powerful PowerPoint Presentation | Sana Baqai
Tips for Making Effective and Powerful PowerPoint Presentation | Sana Baqai
 
Latest Format for Audit Report and Financials for LLP | CA Sana Baqai
Latest Format for Audit Report and Financials for LLP | CA Sana BaqaiLatest Format for Audit Report and Financials for LLP | CA Sana Baqai
Latest Format for Audit Report and Financials for LLP | CA Sana Baqai
 
Advance tax - Who should pay and when? | CA Sana Baqai
Advance tax - Who should pay and when? | CA Sana BaqaiAdvance tax - Who should pay and when? | CA Sana Baqai
Advance tax - Who should pay and when? | CA Sana Baqai
 
Tax Rates for Assessment Year 2021 22 | CA Sana Baqai
Tax Rates for Assessment Year 2021 22 | CA Sana BaqaiTax Rates for Assessment Year 2021 22 | CA Sana Baqai
Tax Rates for Assessment Year 2021 22 | CA Sana Baqai
 
Permanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana Baqai
Permanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana BaqaiPermanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana Baqai
Permanent Account Number (PAN) Necessity and Uses - Tax Literacy | Sana Baqai
 
All about Section 44AD of the Income Tax Act | Sana Baqai
All about Section 44AD of the Income Tax Act | Sana BaqaiAll about Section 44AD of the Income Tax Act | Sana Baqai
All about Section 44AD of the Income Tax Act | Sana Baqai
 
Agreement for CSR Implementation Partner / Agency / NGO | Sana Baqai
Agreement for CSR Implementation Partner / Agency / NGO | Sana BaqaiAgreement for CSR Implementation Partner / Agency / NGO | Sana Baqai
Agreement for CSR Implementation Partner / Agency / NGO | Sana Baqai
 
Highly Effective Tips for Impressive Presentation | Sana Baqai
Highly Effective Tips for Impressive Presentation | Sana BaqaiHighly Effective Tips for Impressive Presentation | Sana Baqai
Highly Effective Tips for Impressive Presentation | Sana Baqai
 
Unique Document Identification Number - Objectives and Benefits | Sana Baqai
Unique Document Identification Number - Objectives and Benefits | Sana BaqaiUnique Document Identification Number - Objectives and Benefits | Sana Baqai
Unique Document Identification Number - Objectives and Benefits | Sana Baqai
 
Foundation of Internal Auditing | Sana Baqai
Foundation of Internal Auditing | Sana BaqaiFoundation of Internal Auditing | Sana Baqai
Foundation of Internal Auditing | Sana Baqai
 
Emerging Issues and Challenges | Sana Baqai
Emerging Issues and Challenges | Sana BaqaiEmerging Issues and Challenges | Sana Baqai
Emerging Issues and Challenges | Sana Baqai
 

Recently uploaded

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 

Recently uploaded (20)

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 

Beyond Box Ticking - Internal Audit & Controls - Companies Act, 2013 Perspective - CA Sana Baqai

  • 1. Companies Act Perspective Beyond Box Ticking: Internal Audit & Controls CA Sana Baqai Organised by: Board of Internal Audit & Management Accounting of ICAI 1 0 t h M a y , 2 0 2 3 , W e d n e s d a y
  • 2. AGENDA Internal Audit Internal Financial Control & Internal Control Over Financial Reporting Risk Management Beyond BoxTicking 1 2 3 4
  • 4. ERA OF CORPORATE GOVERNANCE IN INDIA 1998 1999 2003 2013 2004 2000 2002 MATURITY/ SUSTAINABILITY INITIATIVES CII Kumar Mangalam Birla Committee Clause 49 DCA - Task Force On Corporate Excellence DCA Report Narayan Murthy Committee Naresh Chandra Committee 2015 Amended clause 49 IFC 2017 SEBI (LODR) Regulations 2015 GST 2021 SEBI (LODR) Regulations emphasizing the role of RMC
  • 5. EVOLVING EXPECTATIONS FROM INTERNAL AUDIT FUNCTION OVER THE YEAR Verifier – Focus on Numbers and Compliances Evaluator – Focus on Processes Problem Identifier – Focus on Systems and Controls Solution Provider – Focus on Objectives and Risk Management Consultant and Assurance Provider – Focus on Value Addition and Corporate Governance
  • 6. DEFINITION OF INTERNAL AUDIT - ICAI The Institute of Chartered Accountants of India (ICAI) “Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives”.
  • 7. PARADIGM SHIFT IN THE ROLE OF INTERNAL AUDITOR From To Reactive Proactive Books Business Vouchers Systems Sales Value Addition Economic Value Addition Value Creation Quantity of Earnings Quality of Earnings Delayed Accuracy Quick Estimate Internal Control Internal Co-operation
  • 8. PARADIGM SHIFT IN THE ROLE OF INTERNAL AUDITOR From To Compliance with Standard Accounting Compliance with Accounting Standards Tax Planning Tax Compliance Checker Consultant Compliance Competency Foe Friend Fault Finder Facilitator Net Profits Cash Flow Large Cash as a source of “comfort” Cause of “Concern”
  • 9. PARADIGM SHIFT IN THE ROLE OF INTERNAL AUDITOR From To You vs. We All of us Stern Look Smile Internal Audit External Internal Audit Professional Partner Consultant Core Group Member Long Report Crisp Elevator Pitch Conceptualization Execution
  • 10. OBJECTIVES Governance processes and ethical practices Compliances – external and internal Risks and controls Optimization of resources, costs and processes
  • 11. SECTION 138 OF COMPANIES ACT, 2013 • As per Section 138 of Companies Act, 2013 read with Rule 13(1) of the Companies (Accounts) Rules, 2014, certain classes of companies are required to appoint an Internal Auditor. • The Board of a Company may appoint Chartered Accountant, cost accountant or any other professional to conduct Internal Audits. • The Internal auditor may or may not be an employee of the company.
  • 12. APPLICABILITY OF INTERNAL AUDIT UNDER SECTION 138 OF COMPANIES ACT, 2013 READ WITH RULE 13 OF COMPANIES (ACCOUNTS) RULES, 2014 Types of Companies/ Conditions Private Companies Unlisted Public Companies Listed Companies Turnover Rs. 200 Crore or more during previous financial year Rs. 200 Crore or more during previous financial year All listed companies covered Outstanding Loans / Borrowings from Banks or Public Financial Institutions Rs. 100 Crore or more at any point of time during previous financial year Rs. 100 Crore or more at any point of time during previous financial year Paid up Share Capital N.A. Rs. 50 Crore or more during previous financial year Outstanding Deposits N.A. Rs. 25 Crore or more at any point of time during previous financial year Statutory Auditor has to mention about the adequacy of Internal controls in Audit Report ! Even the Cost auditor has to confirm the adequacy of Internal controls in Cost Audit report !
  • 13. ELIGIBILITY FOR APPOINTMENT OF INTERNAL AUDITOR  The internal auditor shall be either Chartered Accountant or Cost Accountant or such other professional as may be decided by the board.  The internal auditor may or may not be an employee of the company.  “Chartered Accountant” shall mean a Chartered Accountant whether engaged in practice or not – therefore, every registered member of the Institute of Chartered Accountants of India is eligible for appointment as Internal Auditor of company.  Thus, the board of company via the Audit Committee has been given freedom to appoint any professional and competent person to be its internal auditor.  Statutory auditor appointed under section 139 of Act is not eligible to provide the service of Internal audit whether rendered directly or indirectly to the company or its holding company or subsidiary company.
  • 14. COMPETENCIES THAT AN INTERNAL AUDITOR NEEDS TO POSSESS An Internal Auditor shall be free from any undue influences which force him to deviate from the truth. This independence shall be not only in mind, but also in appearance. Independence “Due professional care” signifies that the Internal Auditor exercises reasonable care in carrying out the work to ensure the achievement of stated objectives. Due Professional Care The Internal Auditor shall be honest, truthful and be a person of high integrity. He shall operate in a highly professional manner and seen to be fair in all his dealings. Integrity The Internal Auditor shall keep information confidential and secured which he has gathered during the period under audit. Confidentiality The Internal Auditor shall conduct his work in a highly objective manner, especially in gathering and evaluation of facts and evidence. He shall not allow prejudice or bias to override his objectivity. Objectivity The Internal Auditor shall have sound knowledge, strong interpersonal skills, practical experience and professional expertise in certain areas and other competencies required to conduct a quality audit. Skill and Competence
  • 15. SCOPE OF INTERNAL AUDIT  Not prescribed under the Act or Rules made thereunder  The Audit Committee or the Board shall, in consultation with the internal auditor, formulate the scope, functioning, periodicity and methodology for conducting the internal audit.
  • 16. INTERNAL AUDIT – VALUE ADD !! Efforts Value
  • 17. INTERNAL FINANCIAL CONTROL (IFC) AND INTERNAL FINANCIAL CONTROL OVER FINANCIAL STATEMENTS (ICFR)
  • 18. INTERNAL FINANCIAL CONTROLS: COMPANIES ACT, 2013 Section 134(5)(e) - The directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively 1 Section 134(5)(f) - The directors had devised proper systems to ensure compliance with the provisions of all applicable laws and that such systems were adequate and operating effectively 2 Section 134(3)(q), sub-rule 8(5) - “In addition to the information and details specified in sub-rule (4), the report of the Board shall also contain: …“the details in respect of adequacy of internal financial controls with reference to the financial statements.” 3 Director’s Responsibility Statement
  • 19. INTERNAL FINANCIAL CONTROLS: COMPANIES ACT, 2013 Audit Committee • Section 177(4)(vii) - Every Audit Committee shall act in accordance with the terms of reference specified in writing by the Board which shall inter alia, include ….., evaluation of internal financial controls and risk management systems …. • Section 177(5) - The Audit Committee may call for the comments of the auditors about internal control systems, the scope of audit, including the observations of the auditors and review of financial statement before their submission to the Board and may also discuss any related issues with the internal and statutory auditors and the management of the company. Auditor’s Report • Section 143(3)(i) - Whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
  • 20. CONSEQUENCES OF NON-COMPLIANCE  Section 134(8) – contravention punishable with fine  which shall not be less than Rs. 50,000 but which may extend to Rs. 2,500,000 and  every officer of the company who is in default  shall be punishable with imprisonment for a term which may extend to 3 years or  with fine which shall not be less than Rs. 50,000 but which may extend to Rs. 500,000 or  with both.
  • 21. WHAT DOES THE LAW SAY?  Board of Directors (Section 134):  Lay down adequate and effective IFCs and include it in Directors' Responsibility Statement  Independent directors to satisfy themselves on the strength of financial controls.  Audit Committee (Section 177):  Evaluate IFC systems  Review Auditors' comments / observations with respect to controls before submission to the Board  Discuss issues with Management or Internal / Statutory Auditors  Auditors (Section 143):  Report on adequacy of IFCs system  Report on operating effectiveness of such controls.  IFC to be included as part of Directors Responsibility Statement from March 31, 2015 onwards and as part of Statutory Auditors Report from March 31, 2016 onwards
  • 22. WHO ALL ARE RESPONSIBLE??? Who all are responsible Public Listed Company Public Unlisted Company Pvt. Company paid up share capital >= ₹20 Cr. Paid up share capital >= ₹10 Cr. Turnover >= ₹100 Cr. Loans/ Borrowings in aggregate >= ₹ 50 Cr. Director’s Responsibility Statement (134) IFR ✓ Statutory Auditor (143) ICFR ✓ ✓ ✓ ✓ ✓ Audit Committee (177) ICFR ✓ ✓ ✓ ✓ Independent Director (Schedule IV) ICFR ✓ ✓ ✓ ✓ Rule 8(5)(viii) of the Companies Accounts Rules, 2014 – BOD Report – Financial Statements only ICFR ✓ ✓ ✓ ✓
  • 23. RESPONSIBILITY OF STAKEHOLDERS Company Management Auditors Audit committee/ Independent Director Board of Directors • Create & test the framework of internal controls • IFC (including operational & compliance) • Controls documentation • Focus on internal controls, to the extent these relate to the financial reporting • Auditors responsibility limited to evaluation of ‘Financial reporting controls’ • Would like to see a robust framework that is aligned to acceptable standards • Review & question the basis of your controls design & ongoing assessments • Would rely on the assessment & view of the audit committee • They may ask for additional information
  • 24. CLAUSE 49 OF THE LISTING AGREEMENT  The CEO and the CFO shall certify to the board the following matters:  They have accepted the responsibility for the establishment and maintenance of internal controls for financial reporting.  The effectiveness of the internal control systems that pertain to financial reporting has been evaluated by them.  The deficiencies in the design and operation of such internal controls of which the CEO / CFO is aware have been communicated to the audit committee and auditors and necessary steps have been taken or proposed to be taken to rectify such deficiencies.  Necessary changes during the year pertaining to the internal control over financial reporting have been indicated to the audit committee and the auditor.  Significant frauds involving an employee or management having a significant role in the internal control system over the financial reporting of the company have also been indicated to the audit committee and the auditors.
  • 25. INTERNAL FINANCIAL CONTROLS – COMPANIES ACT, 2013 Accuracy and completeness of accounting records Policies and procedures adopted by the company for ensuring orderly & efficient conduct of its business INTERNAL FINANCIAL CONTROLS As per Section 134 Companies Act 2013, Internal Financial Controls means: Internal Controls over Financial Reporting (ICFR) Operational Controls Fraud Prevention Controls Internal Financial Control (IFC)
  • 26. INTERNAL FINANCIAL CONTROLS OVER FINANCIAL REPORTING (ICFR) A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A Companies’ internal financial control over financial reporting includes those policies and procedures that:  Pertain to the maintenance of the records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company  Provides reasonable assurance that transactions are recorded as necessary to permit preparation of financial statement in accordance with generally accepted accounting principles, and those receipts and expenditures of the company are being made only in accordance with authorizations of management and director of the company.  Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material impact on the financial statement. Maintenance of Financial Records (Detail/ Accuracy) Authorisation of transactions (In accordance with GAAP) Safeguarding of the assets Internal Controls over Financial Reporting (ICFR)
  • 27. WHY ICFR IS IMPORTANT?  Regulatory Compliance  Process Efficiencies  Value Enhancement  Framework Development  Operations Assessment  Control Design Review  Upgrading Internal Practices  Sampling Techniques  Effectiveness Testing  Documentation and Representation Gain a level of assurance that allows the board, management and other stakeholders to be satisfied that the organization maintains a strong system of internal control.
  • 28. COMMON MYTHS  Meeting CARO Requirement is sufficient  Company has SOPs in place  Controls are automatically in place & hence there is no need to revisit them  There is no need to document the processes & controls  There is no need to link the Risks with controls  The process for IFCoFR Certification is not required since no exceptions are noted by the auditors  Testing of Controls & remediation of deficiencies is the responsibility of auditors and not of the management  There is no need to provide training & development to the employees
  • 29. INTERNAL FINANCIAL CONTROLS – WHAT TO DO? IFC Requirements IFC Objective • Defined Policies and procedures to ensure effective and efficient operations. • Effective Delegation of Authority and Entity level controls • Preventive controls to address Fraud risk • Mechanism for timely detection of fraud and errors • Adequate control over asset movement, storage, loss or theft. • Risk identification and mitigation plan to reduce loss of asset • Controls over accurate and timely update of accounting records • Control over completeness of accounting records • Timely preparation of financial reports • Adequate controls over preparation of financial reports What to do ? • Define and ensure compliance to appropriate policies and procedures and Delegation of Authority • Define appropriate Entity level controls • Define and monitor operating effectiveness of appropriate controls over various activities. • Fraud Risk Management • Define appropriate asset movement controls • Effective asset verification program Defined effective controls and ensure operating effectiveness (ELC, PLC, ITGC and Fraud Risk) • Defined appropriate controls over preparation of financial reports • Adequate review mechanism Efficiency and effectiveness in Operations Prevention and detection of fraud and error Reliability of Financial reporting Compliance with applicable laws and regulations Operations Objectives Reporting Objectives Compliance Objectives Safeguarding of assets Accuracy and completeness of Accounting records • Adequate framework to ensure compliance to applicable laws and regulations • Adequate framework to monitor the compliance Legal Compliance Framework
  • 30. Assertions Particulars Accuracy Amounts and other data relating to recorded transactions and events have been recorded appropriately. Completeness All transactions and events, assets, liabilities, and equity interests that should have been recorded are recorded Validity Transactions and events that have been recorded have occurred and pertain to the entity. Cut Off Transactions and events have been recorded in the correct accounting period Valuation and Allocation Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. Presentation and Disclosure Recorded transactions and events are properly classified, described, and disclosed in the financial statements ACCOUNTING ASSERTIONS
  • 31. KEY CONSIDERATIONS IN A CONTROL Focus your questions on the assertions the control is making … is this control performed? Frequency (Daily, Weekly, Monthly Qtrly, etc)? Is it frequent enough to prevent/ detect & correct the risk? … is generated to prove that this control was performed? … performs the control? Does this person have the requisite knowledge/ authority? … is the evidence of control performance retained? For how long? Is it accessible for audit? … is this control being performed? What types of errors should be prevented or detected? … is this control being performed? What activities are included? Can these activities be bypassed? Can the bypass be detected? How are issues resolved, once identified, and in what timeframe? Is this fast enough to mitigate the risk? Understand & Document
  • 32. HOW WILL IFC HELP BEYOND COMPLIANCE?  Helps in business process redesigning to plug revenue leakages & cost containment opportunities  Helps in rationalizing the number of controls across organization – moving to smart and automated controls  Helps in standardizing policies and procedures for multi-location and multi-business companies  Foster a control conscious work culture for people behind controls  Provides assurance to the CEO/ CFO as well as improves business performance  In some instances, also serves as a base for blue print of optimal procedures while thinking about ERP  Aimed at strengthening the processes to further improve business, identify cost containment opportunities as well as drive business growth Compliance Ethics Trust
  • 33. RISK MANAGEMENT DEFINED 33 A structured, consistent and continuous process for identification and assessment of risks, undertaking control assessment and continuous monitoring of exposure of the risk Risk Management Risk Management is critical to value creation, offering shareholders improved stability and predictability
  • 34. REGULATORY REQUIREMENT FOR ERM FRAMEWORK- COMPANIES ACT 2013 REQUIREMENT 1 2 Responsibility: Audit Committee Applicability: Listed Entities, Entities with Public borrowing Responsibility: Board of Directors Applicability: Listed Companies Responsibility: Independent Directors Applicability: Listed Entities, Entities with Public borrowing 3 The board of directors report must include a statement indicating development and implementation of a risk management policy for the Company including identification of elements of risk, if any, which in the opinion of the board may threaten the existence of the Company. The audit committee shall act in accordance with the terms of reference specified in writing by the board, which shall, inter alia, include evaluation of risk management systems. Section 134 Section 177 Section 149(7), Schedule IV Independent directors should satisfy themselves that systems of risk management are robust and defensible.
  • 35. RISK MANAGEMENT – AN OVERVIEW Organizations' Vision & Mission Strategic Objectives Organization Structure & Processes Processes/ Sub Processes Risks Why the company / business unit exists Articulate what an Organisation seeks to do to achieve its vision The way company operates to achieve its objectives The sub-processes that are needed to achieve the objectives What could go wrong which would hamper achievement of the vision/ mission/ strategic objectives
  • 36. WHO IS RESPONSIBLE FOR RISK MANAGEMENT A SHARED RESPONSIBILITY Process Owners Senior Management Business Unit Management Board of Directors Shareholders Audit Committee External Audit Internal Audit
  • 37. Use risk and control information to improve performance Risk Structure Risk Portfolio RISK MANAGEMENT FRAMEWORK COMPRISES OF...
  • 38. RISK ASSESSMENT AND RECOMMENDATIONS Significant Medium Risk Considerable Management Required Medium Risk Must Manage and Monitor High Risk Extensive Management Essential M oderate Low Risk Worth Accepting with Monitoring Medium Risk Management Efforts wothwhile High Risk Management Efforts Required Low Low Risk Acceptable Risk Low Risk Accept but Monitor Medium Risk Manage and Monitor Low Moderate Significant Impact Likelihood Risk Assessment • Quantify the impact to the extent possible • Evaluate the possibility of recurrence • Auditor needs to be Objective in this analysis and must put forward his views along with reasons • Ensure that the recommendations are discussed with the process owners and evaluated with regard to the implementation plan
  • 39. PERFORM ERM BASED INTERNAL AUDITING FOR EFFECTIVE RISK MANAGEMENT Direction on audit planning & control environment Adequacy of Risk Management & control environment Internal Audit Review effectiveness of risk management Direction on risk management ERM ERM and Internal Audit cyclical relationship Business Operations
  • 40. SMART – DIA (DIGITAL, INTELLIGENT AND ANALYTICAL) INTERNAL AUDIT PROGRAM For sharper, efficient and greater coverage Focus on anti fraud controls To be able to do a deeper audit To align business with regulatory compliance Internal Financial Controls (IFC) Incl. IT & Cybersecurity • Internal financial controls • IT & Cybersecurity controls • ERP application controls • Operating effectiveness of the identified controls Statutory Compliance To cover the risk of legal and financial exposure to the Company due to legal and statutory non compliances Operational Auditing • Health & Safety • Volatility in prices • Identification and recommending process automation • Sector Insights & Multidisciplinary and SME Risk & Resilience To cover risks at an enterprise level, review the effectiveness of the mitigation plans and integrating the same with Internal Audit Eye of Forensic Applying knowledge and repository of fraud risks to focus on anti-fraud controls Smart DIA, IT Advanced data analytics tool to provide exceptional reporting for effective internal auditing 360° Coverage To make business more resilient against the uncertainties
  • 41. THE BOX-TICKING SYNDROME  The corporate culture is the most powerful control in any organization.  In the corporate governance field, the box ticking syndrome defines a formal approach to the implementation of corporate governance principles – doing something just because there is a rule that says that you must do it. Over the last few years, financial regulators (mainly in the banking and insurance sectors) are requiring companies to implement processes for the development and management of risk culture as part of the corporate governance framework.
  • 42. CAN RISK CULTURE FALL INTO THE BOX TICKING TRAP?  Tone from the top – the management body should be responsible for setting and communicating the institution’s core values;  Accountability – employees should know and understand the core values of the institution and must be held accountable for their actions;  Effective communication and challenge – a sound risk culture promotes open communication, and  Incentives – incentives should pay a key role in aligning risk taking with the institution’s risk profile and long-term interest.
  • 43. CHALLENGES AND EMERGING TRENDS IN INTERNAL AUDIT AND INTERNAL CONTROL Technological Advancements Globalization Regulatory Complexity Data Analytics Agile Audit Methodologies Focus on Culture and Behavior Sustainability
  • 44. REFOCUS ON RISK ASSESSMENT  The starting point to evaluate the sufficiency of an ICFR program should be with a financial statement risk assessment. The risk assessment, which includes specific financial reporting objectives and identification of risks to achieving those objectives, answers these fundamental questions:  Which controls are necessary to address the company's risks?  How many controls does the company need?  What is "just enough" for the company's ICFR program?
  • 45. WHAT CAN MANAGEMENT DO TO REFOCUS?  Management's focus on ICFR should start with determining whether the company's risk assessment process is sufficient to identify and assess the risks to reliable financial reporting, including changes in those risks. Proactive steps management can consider include:  Refreshing the risk assessment program to incorporate the right people, processes, and technologies to unlock the hidden value.  Integrating data analytics and visualization to improve the quality of the data analyzed to support robust risk identification and report results succinctly to key stakeholders. This, in turn, can rationalize risks of material misstatement to a level of granularity to focus on what could truly be a material misstatement.
  • 46. REFOCUS ON MANAGEMENT REVIEW CONTROL  Management review controls (MRCs) to address these issues:  High compliance costs  Outdated ICFR programs  A continued focus on ICFR by regulators
  • 47. REFOCUS ON ROBOTIC PROCESS AUTOMATION  When exploring the adoption of RPA technologies, it’s important to challenge areas where the governance construct may not adequately support these changes. Companies may consider controls in the following layers in terms of the life cycle from ideation and creation of a bot:  Development  Implementation  Monitoring
  • 48. PRACTICAL IMPLICATIONS FOR RISK PROFESSIONALS  To avoid a box ticking approach and gain deeper understanding as to how culture works in our organization and how to manage it we need to:  Discover  Design  Deliver Leaders play the most important role in this process – they are the main architects of culture and if elements of the culture become dysfunctional, leadership can and must drive culture change.
  • 49.