IFC Presentation
-
Upload
sdn-and-co-chartered-accountants -
Category
Documents
-
view
210 -
download
5
Transcript of IFC Presentation
www.casdn.in/
Internal
Financial Controls Over
Financial Reporting (ICFR)
ICFR : Regulatory mandate under Companies Act 2013
Relevant clauses Requirement Applicability
Sections 143(3)(i) Auditor report
The auditor’s report should also state whether the company has adequateIFC system in places and operating effectively of such control.
Listed/unlisted companies
Section 134(5)(e) Director’s responsibilities statement
In the case of listed company, the director’s responsibility in the states thatdirectors, have laid down IFC to be follow by the company and that suchcontrol are adequate and operating effectively.
Listed companies
Rule 8(5)(Viii) of companies (Accounts) Rule 2014
Requires the Board of Director’s report of all the companies to state thedetails in respect of adequacy of internal financial controls with reference tothe “financial statements” only.
All companies
Sections 177 Audit committee
Audit committee call for comments of auditor about internal control systemsbefore their submission to board and may also discuss any related issue withinternal and statutory auditor and the management of the company
Listed/unlisted companies having audit committee
Section.149(8) and Schedule VI Independent director
The Independent director should satisfy themselves on their integrity offinancial information and ensure that financial control and the system of therisk management are robust and defensible.
Listed/unlisted companies having
Independent Director
About Internal Controls Over Financial Reporting (ICFR)
Applicability
Listed /unlisted companies
Sections 143(3)(i) of the companies Act 2013 -Auditor report.
“Internal control over financial reporting “‘A process design to provide reasonable assurance regarding the reliability of financial reporting and the preparation offinancial statements for external purpose in accordance with generally accepted accounting principles’
A company's internal financial control over financial reporting includes those policies and procedures that• pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and
dispositions of the assets of the company• provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial
statements in accordance with generally accepted accounting principles, and that receipts and expenditures of thecompany are being made only in accordance with authorisations of management and directors of the company; and
• Provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, ordisposition of the company's assets that could have a material effect on the financial statements.”
ICFR
ComponentsMaintenance of
financial records(details
/Accuracy)
Authorizations of transactions (in
accordance with GAAP)
Safeguarding of the assets of the company
About Internal Controls Over Financial Reporting (ICFR) –Cont.
Sections 134(5)(e) of the companies Act 2013 -Director’s responsibilities statement
The term “Internal financial control “ means the polices and procedures adopt by the company for ensuring :-
Efficiency and effectiveness in Operations of its business• Defined Policies and procedures to ensure effective and efficient
operations.• Effective Delegation of Authority and Entity level controls
Safeguarding of assets• Adequate control over asset movement, storage, loss or theft.• Risk identification and mitigation plan to reduce loss of asset
Prevention and detection of fraud and error• Preventive controls to address Fraud risk• Mechanism for timely detection of fraud and errors
Accuracy and completeness of Accounting records • Controls over accurate and timely update of accounting records• Control over completeness of accounting records
Reliability of Financial reporting• Timely preparation of financial reports• Adequate controls over preparation of financial reports
Compliance with applicable laws and regulations• Adequate framework to ensure compliance to applicable laws and
regulations• Adequate framework to monitor the compliance
Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014
Requires the Board of Directors’ report of all companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements.
Flow of Audit of Internal Financial Control
Planning and scoping
Base on COSO framework:1. Control Environment2. Risk assessment3. Control Activity4. Information and communication5. Monitoring
Base on Key work steps1.Map/ Identify significant accounts, processes and key locations2. Segregate scope between Business Process and IT3. Define materiality – Key/ non-key Risks4. Finalize templates, documentation standards, reporting packs
Design and Implementation
1. Perform walkthroughs2. Document process flows3. Segregate controls (Entity/
Process/ IT)4. Segregation of duties5. IT system overview6. Control benchmarking
1. Finalize Process Owners across each process/ location2. Perform & document walkthroughs (recommended)3. Document process maps with input, output, risk/ controls, IPE 4. Segregate controls into Entity/ Process/ IT 5. Identity controls into Manual, Automated, IT dependent, Preventive/
Detective 6. Segregate controls into Document Risk & Control matrix with control
description, owner, frequency, control evidence etc.
Gap remediation
1. Material weakness2. Test of Design (TOD)3. Remediation plans
1. Prioritize operational/ reputational gaps (if any) into H/M/L impact 2. Co-develop remediation plan with owners & implementation timelines 3. Periodic monitoring of remediation plans 4. Standardized/ centralize processes (wherever possible) 5. Enhance SOP/ MIS/ DOA etc. 6. Interim testing to confirm remediated gaps
Operating Effectiveness
1. Sampling methodology2. Prepare testing plan and templates3. Timing of testing4. Analysis of error in the sample,
tolerable error etc.
1. Prepare testing plan & templates 2. Finalize resources – competency & independence/ objectivity 3. Prioritize testing gaps into Material/ non-material 4. Identify mitigation/ compensating controls for material gaps 5. Co-develop remediation plans for testing gaps including owners and
implementation timelines
Assessments and Reporting
1. Opinion on IFC2. Martial weakness
1. Finalize material weakness and update Executive management 2. Report to Audit Committee (AC) and Board
Internal Control As per guidelines note ICAI
As per guidelines ICAI
1. Control Environment
1. Communication and enforcement of integrity and ethical values2. Commitment to competence3. Participation by those charged with governance4. Management’s philosophy and operating style5. Organisational structure6. Assignment of authority and responsibility7. Human resource policies and practices
2. Risk Assessment
1. Specific suitable objectives2. Identifies & analyses of risk3. Identifies & analyses of significant changes4. Assessment of risk fraud5. Change in Technology6. New accounting pronouncements
3.Control Activities
1. Performance review2.Information Processing3.Physical Controls4.Segregastion of duties
4.Information & communication
1. User relevant information2. Communication from inside to outside3. Communication from outside to inside4. Communication within the organization
5.MonitoringActivities
1. Conduct ongoing and/or separate evaluation2. Evaluate and communicate deficiencies
Risk Control Matrix (RCM)
Key Elements under ICFR
Under entity level control, the following elements will be examined
Delegation of authority (DOA)
Organisations structure, job descriptions & succession plan
Corporate policies and standard operating procedures (SOP)
Risk assessments and mitigations
Compliances framework
Ethics and fraud managements
Managements information systems
Internal audits and control self-assessments
Budgeting systems
Area of RCM cycles under Internal Financial Control
1. Procure to pay process (P2P)
2. Inventory Managements
3. Manufacturing process (M2D)
4. HR and Payroll process (H2R)
5. Accounts and treasury process(R2R)
6. Order to cash process (O2C)
7. Plant maintenances process
8. Statutory compliances
9. Fixed assets
10.Investments
11.Loan and advances review process
12.Contract labour charges review
13. Other area relevant to company
Risk and control process under IFC
Payment process
“What can go wrong”
• Advances to vendors not being adjusted against the bills
• Payment made in excess of invoice amount
• Duplicate payment made to the vendors
• Payment made to wrong vendor
Control Activities to mitigate the Risk:
• Periodical process of review of open/long pending advances
• Payments are made only after reconciling it with appropriate invoice. System based control payment only as per the invoice amount
• Process for periodical review of list of pending invoices.
• Purchase requisitions are reviewed and approved by an individual with the appropriate signatory authority approval limits
• Obtain balance confirmations from vendors
Control - An overview
Operational Control
• Performance evaluation of vendors is conducted on an annual basis.• Physical counting and checking of material/goods received at the warehouse to ensure that
the correct quantity and quality of material/goods have been received.• Setting of credit limit for customers.• The SCM team takes comparative quotes from a minimum of 3 vendors prior to selection of
the final vendor.
Financial Control
• Accounting of vendor related invoices• Creation of GRN on receipt of goods at the warehouse.• Recording of invoices on dispatch and monitoring of accounts receivables• Creation of vendor master with all the requisite fields
Key Controls (Operational and Financial)
• Physical verification of fixed assets/stock on a periodic basis and reconciling them withrecords maintained
• Segregation of duties at various stages of financial reporting• IT General controls are kept in place• Proper authorization as per the authorization matrix for all the transactions entered into the
system• Employees and 'covered persons‘ must sign an Insider Trading Certification as per the
corporate policy prior to trading in the company stock.
Non Key Control• Review of the existence of non-key fields with in master data stored in the system• Review of inactive accounts with low and immaterial balances• Physical verification of “C” category inventory(low value items)
Fraud Controls• Presence of multiple authorization at various stages of high value transactions• Periodic review of debtors ageing• Proper vendor evaluation process to avoid collusion with third parties
Financial Controls –Preparing and testing of Risk control matrix (RCM)
• Following template will be used for preparing of RCM
SerialNo.
Sub process Risk category -High, medium and low
Control Objective
Control Description
Key /not Key Nature of Control(Preventive/ Detective/Corrective)
Type of Control(Automated or Manual)
Whether Fraud Risk
Frequency
• Following template will be used for Testing of RCM
Process Actions owner Documents and date of verification
Relevant/Process RCM control
Observation Recordation ManagementsComments/Actions
Time line of implications date
L-10, D.G. Point,Near Hanuman Temple, Parvat patiya,Surat-365 010
O:- +91 261 264 3264E:- [email protected] W:- www.casdn.in
Mr. Nitin PrajapatiPartner
M:- +91 85117 83117E:- [email protected]