Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sanjay Rameshwar Dass & Co. (CHARTERED ACCOUNTANTS)

Published byGodwin Adam Bryant Modified over 7 years ago

Similar presentations

Presentation on theme: "Sanjay Rameshwar Dass & Co. (CHARTERED ACCOUNTANTS)"— Presentation transcript:

1 Sanjay Rameshwar Dass & Co. (CHARTERED ACCOUNTANTS)
IMPLEMENTING INTERNAL FINANCIAL CONTROL

2 PHASE OF INTERNAL FIANCIAL CONTROL
UNDER- STANDING OF INTERNAL FINANCIAL CONTROL AUDITING OF INTERNAL FINANCIAL CONTROL

3 INDEX Understanding of Internal Financial Control
1. Introduction – What is IFC 2. Benefits of Internal Control 3. IS There Any Prescribed Framework 4. Regulatory Mandate Under Companies Act, 2013 5. Internal Financial Controls Journey 6. Key Drivers Of Framework In IFC 7.Components Of Internal Financial Control 8. Implementation of Internal Financial Control

4 What is IFC? As Per Section 134 of the Companies Act, 2013 :
Internal financial controls means policies and Procedure adopted by the company for ensuring orderly and efficient conduct of its business, including – adherence to company’s policies, safeguarding of assets, prevention and detection of frauds and errors, accuracy and completeness of accounting records, and timely preparation of reliable financial information. Adherence to company’s policy Safeguarding of Asset Prevention and detection of frauds and error Accuracy of Accouning records Timely preparation of Financial information IFCR

5 Benefits of Internal Financial Control
Ensures reliable financial reporting and improves overall confidence on reported numbers to various stakeholders. Helps in achievement of desired objectives on financial, operational and compliance side. Exhibits better governance standards of an organization. Help prevent errors and irregularities from occurring. If errors or irregularities do occur, internal controls will help ensure they are detected in a timely manner. Encourage adherence to prescribed policies and procedures. Brings in efficiencies in operations.

6 Is there any Prescribed Framework?
No Framework Prescribed for IFC under Companies Act 2013 Guide To Internal Controls over Financial Reporting’ ‘Guidance note On Audit of IFC over Financial reporting’

7 IFC: Regulatory Mandate under Companies Act, 2013
Relevant clauses Requirement Applicability Directors’ Responsibility Statement: Sec. 134(5)(e) Board to confirm that IFCs are adequate and operating effectively Listed companies Board report: Rule 8(5) of Companies (Accounts) Rules Board report to state the details in respect of the adequacy of IFC with reference to the financial statements All companies Code for IDs: Sec. 149(8) and Schedule IV IDs to satisfy themselves on the integrity of financial information and that financial controls are robust and defensible having IDs AC terms of reference: Sec. 177 Evaluation of IFC having an AC Auditor’s report: Sec. 143(3)(i) Auditors to report if the company has adequate IFC systems and that they are operating effectively (from ) AC= Audit Committee, IFC= Internal Financial Control, ID= Independent Director

8 ROLE OF VARIOUS AUTHORITIES
Management In case of LISTED companies, section 134(5)(e) of the Companies Act, requires Directors Responsibility Statement to state that the Directors had laid down internal financial controls and the same were adequate and operating effectively. In case of ALL companies, Rule 8(5)(viii) of Companies (Accounts) Rules, requires the Board of Directors’ Report to state the details in respect of adequacy of internal financial controls with reference to the financial statements. Clause 49 IX(C) of Equity Listing Agreement requires CEO’s of listed entities to certify effectiveness of internal control systems pertaining to financial reporting. Auditor Section 143(3)(i) of the Companies Act, 2013 requires the auditors of ALL companies to state in his report whether the company has adequate internal financial control system in place and the operating effectiveness of such controls. The auditor will have to modify its audit methodology to obtain reasonable assurance on the adequacy of internal financial controls over financial reporting and its operating effectiveness

9 Independent Director Schedule IV of the Companies Act, 2013 requires the Independent Directors of the Company to satisfy themselves on the integrity of financial information and financial controls and also to ensure that the systems of risk management are robust and defensible. Audit Committee Section 177(4)(vii) requires Audit Committee to evaluate internal financial controls and risk management systems. Also, section 177(5) gives power to the Audit Committee to call for comments of the auditors on internal control systems, scope of audit, their observations on internal control systems and financial statements before submission of the same to the board. They may also discuss any related issues with the internal auditors and the management of the Company

10 Internal Financial Controls Journey

11 Process Road Map:- Identification of significant financial reporting elements (accounts & disclosures) Identification of material financial statement risk associated with these elements Conduct walkthroughs & Evaluate the design effectiveness of entity and process level controls Mapping of entity and process level controls established by the management to address these risks. Test & Evaluate operating effectiveness of controls Identify deficiencies along with recommendations to remediate the same.

12 Key drivers of the framework in the IFC
Governance Operations Financial Reporting • Enhancements for effective risk governance •Finalize lines of defense and aspects to be covered under each line of defense •Suggest improvement sin the framework •Compliance as per various regulations (Companies Act Rules 2013 and SEBI Listing agreement.) •Evaluate the control activities for each process. •Identify control redundancies •Identify areas of improvement from design perspective •Identify automation opportunities. •Identify are as of improvement and reducing financial reporting risk. •Eliminate redundant controls •Automate financial reporting related controls •Segregation of Duty

13 Component of IFC Control Environment Risk Assessment Process
Control Activities Information System & Communication Monitoring of Controls

14 Control Environment The organization demonstrates a commitment to integrity and ethical values. The enforcement of integrity and ethical values includes for example, management actions to eliminate or mitigate incentives or temptations that might prompt personnel to engage in dishonest, illegal or unethical acts. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Management establishes, with oversight of BOD, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

15 TYPES OF CONTROLS Preventive Detective Manual Automated
Prevent errors initially before recording in the books. Example-verification of accounting entry computation prior to recording, approvals before action. Detective Expose the errors after their initial recording. Example - Review of BRS/ reconciliation of subsidiary ledger balances with G.L. control A/c balances. Manual People perform manual controls Example– Authorization of purchase orders. Automated The Operating system or application software performs automated controls. Example – Recording and monitoring attendance through biometric machine.

16 Risk Assessment Process
The organization specifies objectives with sufficient clarity to objectives. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. The organization considers the potential for fraud in assessing risks to the achievement of objectives. The organization identifies and assesses changes that could significantly impact the system of internal control. Changes can be due to circumstances such as Change in operating environment New personnel Rapid growth New or improved IT system New accounting pronouncement

17 Control Activities The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. The organization selects and develops general control activities over technology to support the achievement of objectives. The organization deploys control activities through policies that establish what is expected and procedures that put policies into place.

18 Information system and Communication
The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. The organization communicates with external parties regarding matters affecting the functioning of internal control. The Information system relevant to financial reporting objectives encompasses methods and records • Identify and record all valid transactions • Describe the transaction in sufficient detail to permit proper classification for financial reporting • Determine the time period in which transactions occurred • Present properly the transaction and related disclosure in FS

19 Monitoring of control The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. For example - Timely preparation of BRS- Role of Internal Auditor The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

20 Implementation of Internal Financial Control
GROUP LEVEL ENTITY LEVEL FUNCTIONAL LEVEL Policies Including Risk Management Mechanism Policy MIS Reporting Whistleblower Mechanism KPI/ Compensation Policy* Organizational Structure Statutory Compliance Mechanism Internal Audit Mechanism Disaster Recovery * Business Continuity * Delegation of Authority Matrix Segregation of Duty Risk Control Matrix Standard Operating Procedures (SOP)* IT General Control including Access Rights *All are not mandatory for IFC Compliance but a “must have” for operating business efficiently be it listed or unlisted

21 Examples of Control Deficiencies
Design deficiency •Inadequate documentation of components of internal controls. •Absence or inadequate SOP within a significant account or process. •Inadequate design of ITGC and application controls. •Absence of process to report deficiency on Internal controls to management. Operating deficiency •Failure of control of dual authorization. •Management override of controls. •Failure of application controls. •Failure to perform reconciliations of significant accounts.

22 Significant deficiency
•Deficiency in control over selection and application of accounting principles. •Deficiency in antifraud programs and controls. •Deficiency in non-routine /manual transactions. •Deficiency in period end financial reporting process. Material Weakness •Ineffective oversight on financial reporting and internal controls. •Ineffective Internal Audit or risk assessment function for large /high complex entity. •Identification of fraud of any magnitude on part of senior management.

23 INTERNAL FINANCIAL CONTROL
AUDITING OF INTERNAL FINANCIAL CONTROL

24 INDEX Auditing of Internal Financial Control
1. Statutory Auditor’s Role- How to Audit of Internal Financial Controls on Financial Reporting. 2. Applicability of SAs for Audit of IFCFR 3. Audit methodology for Internal Control 4. Planning Stage 5. Top- Down Approach to IFCoFR 6. Operating Effectiveness (OE) Stage 7. Reporting Stage 8. Issues

25 STATUTORY AUDITORS’ ROLE How to Audit Internal Financial Controls on Financial Reporting?

26 Applicability of SAS for Audit of IFCFR
Identifying and Assessing the Risks of material misstatements - SA 315 Sampling - SA 530 and SIA 5 Agreeing the terms of Audit engagement SA 210 Auditor’s responsibility relating to fraud – SA 240 Documentation – SA 230 Using work of another auditor – SA 600 Written Representation Letters – SA 580 Subsequent Events - SA 560 Joint Audits – SA 299

27 AUDIT METHODOLOGY FOR INTERNAL CONTROL
For auditors to comment on the adequacy and operating effectiveness of internal financial controls, they will have to follow four stages methodology. Planning Design & Implementation Operating Effectiveness Reporting Planning Design & Implementation Operating Effectiveness Reporting

28 PLANNING STAGE Identify significant account balances / disclosure items - Identify relevant Assertions (existence/ occurrence, completeness, valuations/ allocation, rights & obligations, presentation and disclosure) Basis of identification of account balances – volume, complexity, recurring/ one time, materiality, contingency nature, related party transaction. Identify & understand significant flow of transactions - Inquire and Verify evidence to understand the activities performed for processing particular type of transaction (initiated, recorded, authorized and processed) Identify ROMM (Risk of Material Misstatements) - Identify Source of Risk associated with all significant processes related to relevant financial statement line items - Understand the role of IT in flow of transactions and associated risk Identify control (TOP-DOWN) activities which addresses ROMM . Identify application associated IT environment & ITGC - If the organization is using several ERP’s, controls at each ERP needs to be checked as output of such ERP’s would impact Financial Statement reporting Also, IT general controls covering various domains like access to programs and data, programme changes and development and computer operations

29 Criteria for Designing and Implementing IFC
Adopting a Risk-based methodology as specified in Standard on Auditing ‘SA’ - 315, Identifying an d Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment”, issued by (ICAI) SA 315 explains the five components of any internal control as they relate to a Financial statement audit. Controls have to be pervasive in the Company and Operate in all divisions.

30 DESIGN AND IMPLEMENTAION (DI) STAGE
Assess the design of controls (D) Appropriate DI ? Assess Audit impact and plan other suitable procedures Assess the implementation(I) Of controls No Yes Plan operative effectiveness testing

31 Top-Down Approach to Internal Financial Control over Financial Reporting :

32 Operating Effectiveness (OE) Stage
Plan nature timing and extent of texting OE Perform OE testing Assess findings and conclude on OE Form opinion on IFC - Nature: Inquiry, observation, inspection and re-performance Timing: Samples selected should represent the period to be covered by audit. Extent: Frequency of control, manual or automated, IT General Control /IT (sample size is prescribed by GN) Perform and document the testing at focus points . Analyze the combination of findings (favorable and un-favorable) and conclude on the OE of the controls for the period covered by audit. Form appropriate opinion on IFC

33 Reporting Stage Assess impact on Audit Opinion
The auditor to evaluate the severity of each control deficiency that comes to his attention to determine whether the deficiencies individually or in combination are significant deficiencies or material weaknesses and impact on audit opinion on financial statements as a whole. Assess impact on Audit Opinion Form Audit Opinion on Financial Statements

34 ISSUES Company has prepared document of SOP describing process of operation /activity. During Audit of IFCFR it was found that some activities actually being carried out by the employees are not included in SOP. How to deal with such situation? The company does not have any document evidencing internal financial control. What should be audit methodology for review of IFCFR in this situation? Whether any qualification or adverse comment in separate report IFCFR would also require auditor to qualify or give adverse opinion in report on FS? Whether any qualification or adverse comment in audit report on FS would also require auditor to qualify or give adverse opinion in separate report on IFCFR? In the report on IFCFR the auditor has given adverse opinion on account of material weakness in IFC. However in the Directors’ Report it is stated that the company has laid down IFC which are adequate and were operating effectively. How the auditor should deal with the situation? Whether documentation prepared for audit of IFCFR can be used as documentation for control risk assessment in connection with audit of FS ?

35 Thank you CA Sanjay Goyal +91 9810730080 sanjgoyal@gmail
Thank you CA Sanjay Goyal Office 1 : LG-791, Near Bharat Petroleum Petrol Pump,Sector-47, Gurgaon , Haryana (India) Ph , Office2 : 303, Vipul Agora, MG Road, DLF City-II, Gurgaon ,Haryana (India) Ph Web :

Download ppt "Sanjay Rameshwar Dass & Co. (CHARTERED ACCOUNTANTS)"

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Review of Introduction to Auditing

Review of Introduction to Auditing
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Purpose of the Standards

Purpose of the Standards
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Similar presentations

Ads by Google