2. Internal Financial Controls
The Companies Act, 2013 has imposed specific
responsibilities on the Board of Directors towards the
company’s internal financial controls and, inter alia,
requires the Board to state that they have laid down
internal financial controls to be followed by the
company and that such internal financial controls are
adequate and were operating effectively. These
changes are effective from the financial years
beginning on or after 1 April, 2014.
3. Internal financial controls include policies and procedures
adopted by the company for ensuring the orderly and
efficient conduct of its business, including regulatory
compliance and prevention and detection of frauds and
errors, thereby covering not only the controls over reliable
reporting of financial statements , but also include all other
controls pervasive across the business.
Statutory auditors are required to report on the adequacy
and operating effectiveness of the company’s IFCFR. The
reporting by the auditors is mandatory for financial year
beginning on or after 1 April, 2015.
4. Context for IFC
•Major corporate and accounting scandals – Satyam,
Financial Technologies (India) Limited, Enron
•Decline of public trust in accounting and reporting
practices
•Indian regulations modified to reflect the regulatory
developments in the western world.
•Introduction of Internal Financial Controls (IFC) in the
Companies Act 2013, reflect the continuation of this trend.
5. Board
Audit
Committee
Management Auditors
Directors - Section 217 (2AA)
Directors of a company to
specifically state in the Directors
Responsibility statement that they
have taken proper and sufficient
care for the maintenance of
adequate accounting records in
accordance with the provision of
the Act for safeguarding the assets
of the company and for preventing
and detecting fraud and other
irregularities
Clause 49 of
listing agreement
CEO / CFO
certification -
Responsibility of
control system and
significant changes
in internal control
CARO
CARO
required
statutory
auditors to
report on
internal
control
matters
relating to
inventory,
fixed assets
and sale of
goods and
services
Then
6. Sec 134 (5) (e)
Directors’
to Responsibility
states that they have
laid down IFC
to be followed
By the company
And such controls are
adequate and
operating effectively
(Listed company)
Sec 177(4) (vii)&
Clause 49 (III)(D)
Audit committee to
Evaluate internal
financial control and
Risk management
systems
CFO & CEO – Clause
49 of listing
agreement
Accept responsibility
for establishing and
maintaining IC for FR
and that they have
evaluated the
effectiveness of ICS of
the company
Sec 143 (3) (i) & Sec 143 (12)
The auditor’s report shall also state whether the company has adequate
internal financial control system in place and the operating effectiveness
of such control
Now
7. IFC definition as per Companies Act
Internal financial controls means
Policies and procedures adopted by the company for
ensuring orderly and efficient conduct of its business
Including
• Adherence to company’s policies
• The safeguarding of its assets
• The Prevention and detection of frauds and errors
• The accuracy and completeness of the accounting
Records and
• The timely preparation of reliable financial information
8. What is required ?
•A demonstrable documented framework for internal
financial controls
•Documentation of controls that actually mitigate the risk of
significant misstatements
•Requisite accountability for financial reporting structure
•Fraud risks and controls at the process level to be
understood and are demonstrable
•Testing of operating effectiveness of controls
9. Components of Internal Control-COSO
Internal control consists of five interrelated components,
derived from the way management runs a business,
and are integrated with the management process:
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
10. Control Environment – Principles
1. Organization demonstrates a commitment to integrity and ethical
values.
2. Board of directors demonstrates independence from management
and exercises oversight of the development and performance of
internal control.
3. Management establishes, with board oversight, structures,
reporting lines, and appropriate authorities and responsibilities in
the pursuit of objectives.
4. Organization demonstrates a commitment to attract, develop, and
retain competent individuals in alignment with objectives.
5. Organization holds individuals accountable for their internal control
responsibilities in the pursuit of objectives.
11. Risk Assessment – 4 Principles
6. Organization specifies objectives with sufficient
clarity to enable the identification and assessment of
risks relating to objectives.
7. Organization identifies risks to the achievement of its
objectives across the entity and analyzes risks as a
basis for determining how the risks should be
managed.
8. Organization considers the potential for fraud in
assessing risks to the achievement of objectives.
9. Organization identifies and assesses changes that
could significantly impact system of internal control.
12. Control Activities – 3 Principles
10. Organization selects and develops control activities
that contribute to the mitigation of risks to the
achievement of objectives to acceptable levels.
11. Organization selects and develops general control
activities over technology to support the achievement
of objectives.
12. Organization deploys control activities through
policies that establish what is expected and
procedures that put policies into action.
13. Information and Communication – 3 Principles
13. Organization obtains or generates and uses
relevant, quality information to support the
functioning of internal control.
14. Organization internally communicates
information, including objectives and
responsibilities for internal control, necessary to
support the functioning of internal control.
15. Organization communicates with external parties
regarding matters affecting the functioning of
internal control.
14. Monitoring Activities – 2 Principles
16.Organization selects, develops, and performs
ongoing and/or separate evaluations to
ascertain whether the components of internal
control are present and functioning.
17. Organization evaluates and communicates
internal control deficiencies in a timely manner
to those parties responsible for taking
corrective action, including senior management
and the board of directors, as appropriate
15. Questions to consider
Has a framework for internal financial controls been identified
for the company ?
Does the framework include operations and regulatory
compliance as well?
Has the internal controls been mapped to the framework
defined?
Based on the defined frameworks are there any gaps in
current processes, control activities, or documentation, and if
so, how are these being addressed?
Is the company educating leadership & executive
management, and control owners regarding the content in the
framework?
What policies are in place and who is responsible for
communicating internal control considerations .
Does the company use information technology and data
analytics to help continuously monitor IC systems
16. To Sum up….Placing more accountability and responsibility on the
Board and AC with respect to IFC, the 2013 act has attempted to align the corporate
governance and financial reporting standards with global best practices
Benefits
of
IFC
Senior
Management
Accountability
Enhanced
control
Improved
compliance
to laws
Improved
Control over
FR processes
Improved
investors
confidence
Accountability
of operational
Management
Audits more
comprehensive
Promotes culture
of transparency
More accurate
and reliable FS
Support to
CEO / CFO
Certification