The document discusses internal financial controls (IFC) as required under Section 143(3)(i) of the Companies Act, 2013, emphasizing the auditor's role in assessing the adequacy and effectiveness of these controls. It outlines the significance of managing both internal and external risks, the need for regular risk assessments, and the implementation of effective monitoring procedures, including segregation of duties and proper documentation. Additionally, it introduces SBS Global as a provider of outsourced financial services, underscoring their qualifications and industry expertise.

1. Internal Financial Control Over
Financial Reporting
Background
Under Section 143(3)(i) of the Companies Act, 2013 (2013
Act), an auditor of a company is required to state in his/her
audit report whether the company has an adequate internal
financial controls (IFC) system in place and the operating
effectiveness of such controls. Explanation to Section
134(5)(e) of the 2013 Act defines IFC to include policies and
procedures adopted by the company for ensuring orderly
and efficient conduct of its business, accuracy and
completeness of the accounting records, and timely
preparation of reliable financial information.
The Institute of Chartered Accountants of India (ICAI) had
issued a Guidance Note in November 2014. This Guidance
Note has been revised subsequently and the ICAI issued a
revised ‘Guidance Note on Audit of Internal Financial

2. Controls Over Financial Reporting’ (Guidance Note) on 14
September 2015.
What is Internal Financial Control Over
Financial Reporting?
Internal Controls are to be an integral part of any
organization’s financial and business policies and
procedures. Internal controls consist of all the measures
taken by the organization for the purpose of:
1. Protecting its resources against waste, fraud, and
inefficiency
2. Ensuring accuracy and reliability in accounting and
operating data
3. Securing compliance with the policies of the
organization
4. Evaluating the level of performance in all
organizational units of the organization.
Responsibilities of Monitoring Internal
Financial Control
The Responsibility for monitoring the Internal Financial
Control rests with the whole organization and not with any
one individual. Of course, each individual within a unit
should be aware of proper Internal control procedures
associated with their specific job responsibilities. Internal
control procedures operate at different levels of
effectiveness. Effective controls provide reasonable
assurance regarding the accomplishment of established
objectives.

3. Elements of Internal Control
For any Internal Control procedure to be effective, it is
essential that the “Internal” as well as “External” risks are
adequately managed. Following are some of the Internal
and External Risks to be taken care of:
Internal Risks
 Process weakness (eg. access Control systems)
 People weakness (eg.no proper training)
 Technology weakness (eg. Operating system controls)
 Environmental weakness (eg. Fire control systems)
External Risks
 Compliance requirements (eg. Various statutory laws)
 Customer requirements (eg. Protection of customer
identity)
 Service Providers ( eg. Internet providers)

4. The above list is only indicative and there may be many
more risks that need to be assessed depending on the type
of item or service they provide.
Process weaknesses can be many since most of the
transactions in an organization are automated. These
weaknesses cannot come out unless we do an IT audit. To
cite an example, recently we did an audit of the travel
module of a company and we found out that some of the
personal travels of senior people in the organization were
paid by the company. On further analysis, we observed that
the person is originating the request for travel in the system
can also approve the same. Due to this loophole, the
employee took advantage of the process weakness and the
personal bills were paid by the company.
Risk Assessment
The process of identifying and analyzing risk is an ongoing
process and is a critical component of an effective internal
control system. Attention must be focused on risks at all
levels and necessary actions must be taken to manage them.
Managing change requires a constant assessment of risk and
the impact on internal controls. Mechanisms are needed to
identify and react to changing conditions.
Monitoring of Internal Controls
Internal controls can be monitored by having proper checks
and balances in the workplace.
On the Personnel front, the organization has to ensure
proper background verifications are made for all the
employees (senior or junior) before being appointed. There
should be clearly established lines of authority and

5. responsibility documented in written job descriptions and
procedure manuals. Organizational charts provide a visual
presentation of lines of authority and periodic updates of
job descriptions ensure that employees are aware of the
duties they are expected to perform.
Authorization Procedures need to include a thorough review
of supporting information to verify the propriety and
validity of transactions. Approval authority is to be
commensurate with the nature and significance of the
transactions and in compliance with Organizational policies.
Segregation of Duties reduces the likelihood of errors and
irregularities. An individual is not to have responsibility for
more than one of the three transaction components:
authorization, custody, and record keeping. When the work
of one employee is checked by another, and when the
responsibility for custody for assets is separate from the
responsibility for maintaining the records relating to those
assets, there is appropriate segregation of duties. This helps
detect errors in a timely manner and deter improper
activities; at the same time, it should ensure operational
efficiency and allow for effective communications.
Documentation and Record Retention is another important
element under Internal Control to ensure that all
information and transactions of value are accurately
recorded and retained. Records are to be maintained and
controlled in accordance with the established retention
period and properly disposed of in accordance with
established procedures and documented.

6. About SBS
SBS Global is an ISO 9001:2015 & ISO 27001:2013 certified
company serving since 2007. SBS Global offers a
comprehensive range of Outsourced Financial Accounting
Services, CFO Services, Compliance (i.e., Company
Secretary services) & HR Services catering to the needs of
Small & Medium Organizations across industry sectors to
meet their changing needs & expectations. Our team
includes employees having industry & domain expertise who
have insights drawn from years of professional experience.
For more details on outsourced financial accounting advisory
services please visit or contact us