7/25/2019 Understanding Internal Financial Controls
1/27
CODOMAIN
7/25/2019 Understanding Internal Financial Controls
2/27
IFC
INTERNAL FINANCIAL
CONTROL
7/25/2019 Understanding Internal Financial Controls
3/27
India :- Age of Corporate Governance
CII 1998SEBI Clause
49 2000
Naresh
Chandra
Committee
2002
KM Birla
Committee1999
DCA Task
Force onCorporate
Excellence
2000
Narayan
Murthy
Committee
2003
DCA Report
2003
Amend
Clause2004
7/25/2019 Understanding Internal Financial Controls
4/27
In June 2003, the Securities and Exchange Commission (SEC) of the United States of America a
Rules for the implementation of Sarbanes Oxley Act, 2002 (SOX) that required certificatio
Internal Controls over Financial Reporting (ICFR) by the management and by the auditors.
The Public Company Accounting Oversight Board (PCAOB) has issued its Auditing Standard (AS) 5
Standard (AS) 5 onAnAudit of Internal Control Over Financial Reporting That Is Integrated with An
Integrated with An Audit of Financial Statements.
In June 2006, the Financial Instruments and Exchange Act (J-SOX) was passed by the Diet, the N
Diet, the National Legislature of Japan. The requirements of this legislation are similar to the requi
the requirements of internal controls over financial reporting under SOX.
IFC :- Global Scenario
7/25/2019 Understanding Internal Financial Controls
5/27
Major corporate and accounting scandals Satyam, Financial
Technologies (India) Limited
Decline of public trust in accounting and reporting practices
Indian regulations modified to reflect the regulatory developments in
the western world
SOX Act 2002, HIPAA, J SOX and PCI-DSS are few examples of
regulatory changes introduced by the western world.
Introduction of Internal Financial Controls (IFC) in the Companies Act
2013, reflect the continuation of this trend
Context of IFC
7/25/2019 Understanding Internal Financial Controls
6/27
Sec 134(5) (e)
IFC
Rules and Regulation as per Companies Act -2013
In case oflisted companies, as per Sec 134 (5) (e) requires, Directors to make an as
Director Responsibility Statement that they laid down internal financial control to beand that such IFCs are adequate and operating effectively
Sec 143 (3) (i)
ICFR
Sec 177 (4) (vii)
ICFR
Schedule (iv)ICFR
Rule 8 (5) (vii)
ICFR
Under sec 177 (4) (vii) , the duties ofAudit Committeeinclude evaluation of Internal
control & to make a report to the board
As per sec (143 ) (i) In case ofcompany (whether listed or not), Statutory Auditors are
to make a statement in their auditors report, whether the company has adequate IFC
place and operative effectiveness of same.
Theindependent directorsshould satisfy themselves on the integrity of financial infand insure that financial controls and system of risk management are robust and defe
As per Rule 8 (5) (vii), requiresBoard ofDirectorsReport of all companiesto state in
adequacy of internal financial controls with reference to the financial statements.
7/25/2019 Understanding Internal Financial Controls
7/27
Help in Business process re-designing to plug revenue leakages & Cost containment opportunities.
Benefits of IFC
Provide More accurate and reliable Financial Statements
Helps in rationalizing the number of control across the organization moving to smart and
automated control
Promote culture of Transparency
Improved control over f inancial reporting processes
Improved Compliance to Law
Provide assurance to CEO/CFO and support them to certification
Fixed Accountability of Operational Management and Senior Management Accountability
Helps in standardizing policies and procedures for multi-location / multi business companies.
7/25/2019 Understanding Internal Financial Controls
8/27
As per Sec 134 the Companies Act 2013 defines Internal Financial
Control (IFC) to mean policies and procedures adopted by the
company for:
Orderly and efficiently conduct of its business, including
adherence to company policies,
Safeguarding ofits assets
Prevention and detection of frauds and errors
Accuracy and completeness of accounting records, and
Timely preparation of reliable financial information
Sec 134:- Definition and Component of IFC
Section 134 of Companies
Components OfIFC
Internal Financial Report over financial Reporting (ICFR)
Operational Controls
Fraud prevention
7/25/2019 Understanding Internal Financial Controls
9/27
The InternalFinancial Controls Over Financial Reporting (ICFR) shall mean A
process designed to provide reasonable assurance regarding the reliability of financialreport ing and the preparation of financial statements for external purposes in
accordance with generally accepted accounting principles. A company's internal
financial control over financial reporting includes those policies and procedures that-
pertain to the maintenance of records that, in reasonable detail, accurately and
fairly reflect the transactions and dispositions of the assets of the company;
provide reasonable assurance that transactions are recorded as necessary to
permit preparation of financial statements in accordance with generally accepted
accounting principles, and that receipts and expenditures of the company are
being made only in accordance with authorizations of management and directors
of the company; and
provide reasonable assurance regarding prevention or t imely detection of
unauthorized acquisition, use, or disposition of the company's assets that could
have a material effect on the financial statements.
Sec 143: - Definition and Component of ICFR
PH
ComponentsOf ICFR
Maintenance Of Financial Record ( Detail / Acc
Authorization of transaction (In accordance wit
Safeguarding of the assets of the Company
7/25/2019 Understanding Internal Financial Controls
10/27
Example covering both IFC & ICFR
ICFR Salary and wages correctly recordedfinancial Statement
OperationalEffectiveness
Overtime given to staff as per Company Policadherence to policy is monitor
FraudPrevention
Unauthorized changes in salary sheet (AControl)
7/25/2019 Understanding Internal Financial Controls
11/27
Responsibility of various stake holders
Ensure adequacy and
operating
effectiveness of IFC
Directors
Evaluation of internal
financial controls
Audi t Committee
To comment on
adequacy and
operating
effectiveness of IFC
Audi tors
Satisfy thems
the robustn
internal
controls fram
Independe
7/25/2019 Understanding Internal Financial Controls
12/27
What are Companies Expected to Do ?
Define entity level go
whistle blower, code of c
Define process level poli
Develop a delegation of
Assess the Governance tone at the top
Perform an assessment of:
Entity Level Controls
Process Level Controls
IT Controls
Anti Fraud Controls
.
Identify key and non key
7/25/2019 Understanding Internal Financial Controls
13/27
Develop a robust finan
document controls around t
Document controls in form
Controls on accuracy of judDefine and document user r
Document all existing financial and
operating controls
Consider implementing an ongoing
framework for monitoring and evaluation of
defined controls and internal certifications
Perform periodic assessments to review the
operating effectiveness of the controls
Monitor effectiveness of exi
7/25/2019 Understanding Internal Financial Controls
14/27
Review technology support
Review the existing technology set up and
use of IT modules/software.
Ensure adequacy of ITGCs and ITACs
Consider automation of routine activities
to reduce incidence of manual errors
Carry out Fraud Risk Assessm
and existing controls in the p
Define mitigating controls fo
Consider preventive and detective anti
fraud controls
7/25/2019 Understanding Internal Financial Controls
15/27
As per SA 315Internal control is a process,
Effected by an entitys board of directors, management, and otherpersonnel,
Designed to provide reasonable assurance regarding the achievement
of objectives relating to operations, reporting, and compliance.
SA-315 :-Definition and Component of Internal Con
PHOTO CAPTIONComponents OfInternal Control
Control Environment
Entitys risk assessment process
Control activities
Information system and communication
Monitoring of controls
7/25/2019 Understanding Internal Financial Controls
16/27
COSO 2013 :- 17 Principal for Internal Control
PHOTO CAP
ComponentsofInternalCont
rols
as
perCOSO
ControlEnvironment
Entitys Risk AssessmentProcess
Control Activities
Information system andcommunication
13. Obtains or generates relevant, quality information
14. Communicates internally
15. Communicates externally
Monitoring of controls 16. Selects , develops and performs ongoing and separate
17. Evaluates and communicatesdeficiencies
1. Demonstrates commitment to integrity and ethical values
2. BOD demonstrates independence from management and e
responsibility
3. Management, with Board oversight, establish structure, a
4. The organization demonstrate commitment to competenc5. The organization establish accountability
6. Specifies relevant objectives with sufficient clarity to enab
7. Identifies and assesses risk
8. Considers the Potential for fraud in assessing risk
9. Identifies and assesses significant change that could imp
10. Select and development control activities
11. Select and developmentgeneral control over technology
12. Deploys through policies and procedures
7/25/2019 Understanding Internal Financial Controls
17/27
Controls Environment
Entity Level Controls
The tone at the top is articulated and
communicated through clear and easily
understandable policies, procedures and
practices. The sub-components of Entity
Level Controls include:
Overall Board Governance
Organization Structure
Policies & procedures
Risk Management
Integrity & Ethics
Monitoring & Reporting
Controls have been defined in the
processes to ensure accuracy,
completeness, authorization of the
transaction entered. The processes
covered under the same are:
Order to Cash
Procurement to Pay
Finance Statement Close Process
Hire to Retire
Fixed Assets
Distribution
Marketing Expense
Information Techn
Control
User Access Controls
Process Level Controls IT Environme
7/25/2019 Understanding Internal Financial Controls
18/27
Key next steps & Actionable :-
Entity Level Controls
Documentation / Updating of SOPs for key businessprocesses, in line with the current practices and
controls requirement. Identification of critical classesof transactions across all areas and documentationof a value based DOA.
Formalization of critical entity level policies includingBoard approvals where required and creatingawareness
Define reporting channels as part of VigilMechanism
Alignment of Entity Level Controls with the guidance
on IFC framework to be issued by MCA / ICAI
Process Level Controls
Implementation of the the Design Deficiencie
of process & controls aprocess level RCMs
Alignment of the Procethe guidance on IFC frMCA / ICAI
Testing of Operating Econtrols on an ongoing
IT Environment
Enhance user access controls in systems like .., .,etc. ensuring adequate Segregation of Duties controls
Periodic review of the existing access rights in Sun and ChampSystems to remove rights for unauthorized accesses. Documentand archive the evidence of review
Document IT Policy, Data back up policy, BCP and DR Plan
7/25/2019 Understanding Internal Financial Controls
19/27
Our Approach
Control framework - COSO
Financial Statements & related Disclosures
Identification of consolidated materiality
Significant Accounts / relevant assertions
Significant Processes
Corporate, Regions, Institutions, FSS
Control
Environment
Risk
AssessmentInformation &
CommunicationMonitoring Control
ActivityFraud
Individual Controls at the Entity,
Process, Transaction or Application Level
Determine Nature, Timing & Extent of Key Control Testing
7/25/2019 Understanding Internal Financial Controls
20/27
Steps:-Express an opinion on internal control
STEP 1 STEP 2 STEP 3 STEP 4 STEP
Scoping Design
Assessment
Design Gap
Remediation
Operating
Effectiveness
Overall
Assess
and
Reporti
7/25/2019 Understanding Internal Financial Controls
21/27
STEP 1 STEP 2 STEP 3 STEP 4 STEP
Key work steps/ consideration for Scoping :
Map/Identify Significant Account, Process and Key Location
Segregate scope between Business Process and IT
Discuss the scope with Statutory Auditor
Define materialityKey /Nonkey Risk.
Finalize scope exclusion and validate with auditors
Define scope of process/ activities performed by third parties
Nominate IFC Champion across process/location
Set up Steering Committee to review progress / remediationplans
Align Audit Committee and Boar d
Finalize templates ,documentation standard, reporting packs.
Conduct training/workshop with process owners
7/25/2019 Understanding Internal Financial Controls
22/27
STEP 1 STEP 2 STEP 3 STEP 4 STEP
Key work steps/considerations for Design Assessment :
Finalize Process owners across each process/Location
Perform & document walkthrough (recommended)
D ocument process maps wi th i nput , output ,
risk/control, IPE
Segregate controls into Entity/Process/IT
Identify control into Manual, Automated ,IT Department
,Preventive /Detective
Segregate control into document risk and control matrix
with control description, owne r, fre quency, control
evidence etc.
Document IT General control (GITCs)
Perform Segregation of Duties analysis
Identify design gaps based on walkthrough, interview,
discussion etc.
Benchmarking of IFC control-consolidate, remove
redundancy
7/25/2019 Understanding Internal Financial Controls
23/27
STEP 1 STEP 2 STEP 3 STEP 4 STEP
Key work steps/consideration for Design Gap Remediation :
Prioritize financial gaps into material /non-material
Prioritize operational /reputation gaps ( If any) into H/M/L
impact
Co-develop remediation plan with owners & implementation
timelines
Periodic monitoring of remediation plan
Enhance/optimize IT controls
Standardized/Centralize processes(wherever possible)
Enhance SOP/MIS/DOA etc.
Interim testing to confirm remediated gaps
7/25/2019 Understanding Internal Financial Controls
24/27
STEP 1 STEP 2 STEP 3 STEP 4 STEP
Key work steps/ consideration for Operating Effectiveness:
Align sampling str ategy with external Auditor s
Prepare testing plan & templates
Timing of testing mid year and roll forwarding testing
Finalize resources- competency &
independence/objectivity
Document testing results
Prioritize testing gaps into material/non material
Identify mitigation/compensating controls for materialgaps
Co- develops remediation plans for testing gaps including
owners and implementation timelines
7/25/2019 Understanding Internal Financial Controls
25/27
STEP 1 STEP 2 STEP 3 STEP 4 STEP
Key work steps/ consideration for Assessment and
Reporting :
Finalize material weakness and update Executive
management
Report to Audit Committee and Board
Opinion on IFC
7/25/2019 Understanding Internal Financial Controls
26/27
Were socal
CONTACT US!
011 4228 0431
www.codomain.co.in
7/25/2019 Understanding Internal Financial Controls
27/27
Thank You !
TY