Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Internal Controls over Indian Financial Reporting

2,589 views

Published on

Corporate Accountability has been gaining its momentum in the Indian Scenario. The Companies Act 2013 has now benchmarked itself to regulations like the Sarbanes-Oxley Act and stresses on the fact the auditor has to give an opinion on the Internal controls that handle Financial Data and are operating effectively. Section 134 and Section 143 of the Companies Act 2013 highlights the requirements for documenting, implementing, enforcing and auditing those internal controls which handle Financial Data.

This article provides an introduction of Internal Controls over Financial Reporting in the Indian perspective.

Published in: Law
  • //DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... //DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • There is no download button??
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Internal Controls over Indian Financial Reporting

  1. 1. Compliance of Internal Financial ControlsoverFinancialReporting 1 | P a g e Compliance of Internal Financial Controls over Financial Reporting Bharath Rao | mailme@bharathraob.com Towards regaining public confidence In the year2009, we have seenthe investorconfidence underthe IndianscenariofallingfromRs. 300 to Rs.10 pershare.The moneyso investedwassystematicallywipedoff andwithdrawnovera numberof yearsby the managementof Satyamand falsifieditsaccounts.Satyamhadbetrayedthe trust andbelief of itsinvestors.Thisledtoa bigblow inthe accountabilityandtransparencyof Accountsand Internal ControlsinIndia. Incidentallythisproblemwashighlightedduringthe Enron,WorldCom andothersuchscams surfacedthe publicworld-wide. It isevidentthatthere isa growingneedforthe protectionof the interestof publiconcompanies. The Money investedbythe shareholdersneedtobe well protectedfromill use andmustbe usedfor the sole purpose of the objectiveslevieddownbythe company.Apartfrominvestors,variousother partiesrelyonthe efficientperformanceof the companies.Theyinclude regulators,bankers, vendors,customers,suppliersetc. Governmentasa regulatorhasan impliedresponsibilitytoprotectthe interestof the public.Ithas come up withstringentregulationsforall those typesof businessentitiesthatrunonpublicmoney. To quote a fewexampleswe have the CompaniesAct2013, SEBI Act, Clause 49, Multi state co- operative societyactetc.Time andagain,the Governmentcontinuestoupdate the regulationand enforcesitscompliance byvirtue of itsregulators.Regulatorsinclude SEBI,MCA,andRBI etc. In the USA, whichisknownforitsbenchmarkregulations,the Sarbanes-OxleyActof 2002 was enactedas a reactionto scandalsdue toEnron and WorldComandothernotable scams The followingmajorsectionsare enforcedonthe companiesof USorigin – 1. Section302 – Disclosure of Controls Section302 of the Act mandatesaset of internal proceduresdesignedtoensure accurate financial disclosure.The signingofficersmustcertifythattheyare "responsible for establishingandmaintaininginternal controls"and"have designedsuchinternal controlsto ensure thatmaterial informationrelatingtothe companyand itsconsolidatedsubsidiariesis made knownto suchofficersbyotherswithinthose entities,particularlyduringthe periodin whichthe periodicreportsare beingprepared." 2. Section404 – Assessmentof Internal Controls The most contentiousaspectof SOXisSection404, whichrequiresmanagementandthe external auditortoreportonthe adequacyof the company'sinternal control onfinancial
  2. 2. Compliance of Internal Financial ControlsoverFinancialReporting 2 | P a g e reporting(ICFR).This includes documentingandtesting importantfinancialmanual and automatedcontrolsdeployedinthe company. Under the Indianscenario,we have the CompaniesActrevisedinthe year2013. Thisact was revised as a response tothe Satyam Scam andto preventfurtherfinancial losses.Underthe new Companies Act 2013, the followingsectionspertaintoICFR – 1. Section134 – DirectorsStatementof Internal Controlsbeingadequate andoperating effectively Clause (e) of Sub-section5of Section134 to the Act requiresthe directors’responsibility statementtostate that the directors,inthe case of a listedcompany,hadlaiddowninternal financial controlstobe followedbythe companyandthat such internal financial controlsare adequate andwere operatingeffectively. Clause (e) of Sub-section5of Section134 explainsthe meaningof the term, “internal financial controls”as“the policiesandproceduresadoptedbythe companyforensuringthe orderlyandefficientconductof itsbusiness,includingadherence tocompany’spolicies,the safeguardingof itsassets,the preventionanddetectionof fraudsanderrors,the accuracy and completenessof the accountingrecords,andthe timelypreparationof reliablefinancial information.” 2. Section143 – Auditor’sassessmentonthe operatingeffectivenessof Internal Controls - The CompaniesAct,2013 specifiesthe auditor’sreportingoninternalfinancial controlsonly inthe contextof auditof financial statements.Consistentwiththe practice prevailing internationally,the term‘internalfinancial controls’statedinClause (i) of Sub-section3of Section143 wouldrelate to‘internal financial controlsoverfinancial reporting’. Consideringthe above,the auditorneedstoobtainreasonable assurance tostate whether an adequate internal controlssystemwasmaintainedandwhethersuchinternal financial controlssystemoperatedeffectivelyinthe companyinall material respectswithrespectto financial reportingonly. A company'sinternal financialcontrol overfinancial reportingincludesthosepoliciesand Procedures that– i. Pertaintothe maintenance of recordsthat,inreasonable detail,accuratelyand fairlyreflectthe transactionsanddispositionsof the assetsof the company. ii. provide reasonableassurance thattransactionsare recordedasnecessarytopermit preparationof financial statementsinaccordance withgenerallyaccepted accountingprinciples,andthatreceiptsandexpendituresof the companyare being made onlyinaccordance withauthorisationsof managementanddirectorsof the company;and iii. Provide reasonable assurance regardingpreventionortimelydetectionof unauthorisedacquisition,use,ordispositionof the company'sassetsthatcouldhave a material effectonthe financial statements.” Thus the companiesacthas createda new challenge forthe managementtodesignandimplement internal controlsoverthe businessprocessesof the companyandevenadifficulttasktothe auditor of testingthe designandoperatingeffectivenessof the implementedcontrolsandtocheckif the
  3. 3. Compliance of Internal Financial ControlsoverFinancialReporting 3 | P a g e deployedcontrolsare sufficientandadequate againstthe riskthatispresentinthe company’s businessenvironment. The Managementthushave the followingresponsibilities – 1. IdentifyandEvaluate the riskpresentinthe businessenvironment 2. Designa control 3. Implementthe control 4. Monitorthe control 5. Designcompensatingcontrolsin-case if apreventive control cannotbe implemented. The managementwouldreferto internal control frameworkssuchasCOSO(Companyof Sponsoring Organisations) Internal Control Framework,COBIT5(Control ObjectivesinInformationandRelated Technology),ISOStandardsetc.forguidance of implementingthe control. It iscrucial to note that the controlsneedtobe deployeduniformlyatall businessunitsof the company.Each control has to be documentedandreviewedperiodicallybythe management.The Internal control componentcanbe brokenintothe following – a. Control Environment –itrefersto the company’sentire businessenvironment. b. RiskAssessment –Itrefers to identificationandassessmentof the riskspresentinthe environment.Thisisperformedtodecide the designof the control. c. Control Activities –A control objective isastatementwhichemphasisthe extentof which the control is to be achieved.A control objectiveissetafterassessingthe levelof riskthatis presentinthe control environment.These refertothe activitiesthatmaybe inthe form of Policies,Procedures,organisationstructure thatwouldbe developedandimplementedin the company.A setof control activitiesare mappedtoone control objective. d. InformationSystemandCommunication –Itrefersto the IT Controlsthathave to be implementedinthe system.ITControlscanbe broadlyclassifiedintoITApplicationcontrols and IT General Controls. IT ApplicationControlsvarydependingonthe applicationsthathave beeninstalledbythe enterprise foritsrevenuegeneration.Applicationsoftwareisthe software thatprocesses businesstransactions.The Applicationsoftware couldbe aretail bankingsystem, an InventorysystemorpossiblyanintegratedERP.Controlswhichrelate tobusiness applicationsleadingtojudicialuse of the applicationandenforcedthroughthe application itself tothe enduserare calledITApplicationControls. IT General Controlsare those controls otherthanIT ApplicationControls,whichrelatetothe environmentwithinwhichcomputer-basedapplicationsystemsare developed,maintained and operatedandare therefore applicable toall applicationsThese are policiesand proceduresthatrelate tomany applicationsandsupportthe effective functioningof applicationcontrolsbyhelpingtoensure the continuedproperoperationof information systems.
  4. 4. Compliance of Internal Financial ControlsoverFinancialReporting 4 | P a g e e. MonitoringActivities –These refertothe controlsthat are deployedbythe management whichwouldmonitorthe regularactivitiesthatare performedusingthe controls.Usually thisisperformedbyconductingperiodicreviewsinitiatedbythe Complianceteamand auditedbythe internal auditteam. Managementwouldbe able tocomplywithSection134, if theyare successful indesigning, implementingandmonitoringthe internal controlsagainstthe identifiedrisks. The Auditorwouldhave the followingresponsibilities – Financial reportingislikesingingasuccessforany organisation.Justaswe see a transitionfrom complex classical musictothe modernmusic,there hasbeenasteadychange infromHistorical ReportingtoResponsible Reporting.The needforeffectivepresentationof the resultsmakes a difference indecisionmakingtodiversegroupsof enduserswhoare spreadacross geographical bodies.Thus financial reportingmakesitaverychallenginganda complex exercise. Because of Section143, Responsible Reportingnow includesthatthe auditortoprovide anopinion on the financial statementsandadditionallyprovide anopiniononthe operatingeffectivenessof the internal controlsthatisinplace in the company. OperatingEffectivenessrefersto the effectiveness of actual performance of the Control in the businessenvironment. Thus the auditorhas now become accountable regardingthe financial statementsandthe internal controls.Penaltieswouldbe leviedonthe auditorbythe regulatorsincase if he has not fulfilledhis responsibility of gainingassurance onthe effectivenessof the controls. The Institute of CharteredAccountantsof Indiahascome out witha Guidance note forauditors whichprovidesguidance towardstheirresponsibilityforInternalFinancialcontrolsoverfinancial reporting.Thisguidance note suggeststhe followingmethodologythatcanbe followedbythe auditor.
  5. 5. Compliance of Internal Financial ControlsoverFinancialReporting 5 | P a g e Picture adopted from the ICAI Guidance Note for compliance for ICFR released in 2014. Courtesy: ICAI In additiontothe above mentionedapproach,the auditorwill have toensure thathe performsthe followingtasks – a. PerformDesignEffectivenessof everycontrol thatisbeingdeployedineverybusiness process,businessapplicationsandgeneral applications. b. He wouldhave toobtainsufficientandadequate evidencesthatwouldhelphim substantiate hisreportinaccordance withSA 500. Evidenceswouldinclude raw systemlogs, screenshots,tickets,rawfiles,policydocuments,organisationchart etc. c. He wouldhave totestthe controlsand documentthe resultsaspart of hiswork-papersin accordance withSA 230 (AuditDocumentation). d. His documentationshouldinclude testingleadsheetswhichwouldprovide the following details– a. TestDate
  6. 6. Compliance of Internal Financial ControlsoverFinancialReporting 6 | P a g e b. Risk,Control ObjectiveandControl ActivitiesandControl Number c. Detailsof the entitywhichisbeingaudited. d. Detailsof evidenceprovidedandthe personwhoprovidedthe evidence e. Completenesscheckdetails f. Evaluationof designeffectiveness.Designsimplyreferstoa documentedblueprint of a control.The documentation includesthe control objective andthe risksbeing addressed,the control activities,control owneretc. g. Evaluationof Operatingeffectiveness. h. PopulationdetailsandSamplingMethodology. i. TestingSummary of the chosensamples andreferencestothe supportingwork- paperscreatedas evidence. j. In case if the auditorwouldrelyonthe workof the internal auditor/anotherauditor inaccordance withSA 610/600, he wouldhave toprovide hisopiniononthe quality of testingperformedbythe Internal Auditor/anotherauditor. Thus the ultimate testof Internal Controls isperformedhere.Basedonthe inquiries, findingsand observations,anAuditorwouldbe able toprovide sufficientassurance whetherthe incorporated controlsare adequate andensuring thatthere isnoharmful effectonthe figurespresentedinthe financial statements. A goodcharteredaccountantlovesgoodchallengesanditalsomeansgoodmoney,andthe big bonushas come out inthe form of the companies’act2013. It’s onlythe numberwhichsounds unlucky, but, itisnothingbuta baggage of new riverside opportunities. One suchopportunityfor the CharteredAccountantishisservicesthathe can renderto ensure thatthe companywouldstay complianttothe Internal ControlsoverFinancial Reportingregulatoryrequirements andthushe will be able to restore,cultivate and protect the confidence of the investorsandotherstakeholdersof the company.

×