Internal Fin In inancial Controls [Opportunity to redefine control - - PowerPoint PPT Presentation
Internal Fin In inancial Controls [Opportunity to redefine control environment] Huzeif ifa Unwala August 04 2016 Founder Ver erit ita Manage gement Advis visors Pvt. vt. Ltd Ltd. TOPICS S Fraudulent Financial Reporting
“managing” their accounts.
are more likely to take such steps to impress markets with their performance. Both domestic companies and subsidiaries of multinationals listed in India show similar trends when their shareholding is concentrated in a few hands.
questionable underreport tax liabilities. Also, all such efforts have been approved by the board of directors of these companies, raising questions about the effectiveness of corporate governance norms in some boardrooms.
.
Bac Background
Global Sce Scenario
ities and Exchange Commis issio ion (SEC) of the United States of America adopted Rules for the implementation of Sarbanes – Oxle ley Act, 2002 (SOX) that required certification of the Internal Controls over Financial Reporting (ICFR) by the management and by the auditors.
lic Company Accountin ing Oversight Board (PCAOB) has issued Auditing Standard (AS) 5 on “An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements”.
Financial Instruments and Exchange Act (J (J-SOX) was passed by the Diet, the National legislature of Japan. The requirements of this legislation are similar to the requirements of internal controls over financial reporting under SOX.
Turnbull Guidance. This is a smart departure from mandatory control attestation over financial reporting.
statements and such internal controls reported upon relate only to internal controls over financial
registered public accounting firm (auditor) of the specified class of issuers (companies) shall, in addition to the attestation of the financial statements, attest the internal controls over financial reporting.
Def Definition
as per per Sec Section 134(5) (5)
the Co Companie ies Ac Act, 2013
"internal financial controls" means the policies and procedures adopted by the company for ensuring the
its business, including adherence to company's policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness
the timely preparation of reliable financial information
De Defin init itio ion as as per per SA SA 315
designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity's
reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations. The term "controls" refers to any aspects of one or more of the components of internal control.
Internal l Fi Fina nancia ial l Co Control
Financia ial l Repo eportin ing as as per per Sec Sec 143
applies when an auditor is required to report under Clause (i) of Sub- section 3 of Section 143 of the 2013 Act on whether the company has in place adequate internal financial controls over financial reporting and the operating effectiveness of such controls.
reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. If
exist, the company's internal financial controls cannot be considered effective.
As per section 134 of the companies Act 2013, the term ‘Internal Financial Controls’ means the po polic icie ies and and pr proc
Internal l Co Control
mi minim imiz ize the the RI RISK SKS to
Or Organiz izatio ion!! !!! Man Management has has a a fund fundamental l resp espon
ibil ilit ity to
develo lop an and ma main intain in effectiv ive internal l con
To develop & implement a framework of Internal Financial Controls Assessment Document the process flow, risk and controls for material processes/significant accounting captions To identify material weaknesses, significant deficiencies, deficiencies (if any) To facilitate Board certification and ensure full compliance with the provisions of the Companies Act, 2013
Na Nature of
Defic ficie iencie ies Reporting Requirement
Deficiency ** Material weakness ^^ Significant Deficiency ## Management Audit Committee Board Report / Auditors Report Yes Yes Yes Yes Yes Yes
** A ‘deficiency’ in internal financial control over financial reporting exists when the design or
their assigned functions, to prevent or detect misstatements on a timely basis. ## A ‘significant deficiency’ is a deficiency, or a combination of deficiencies, in internal financial control over financial reporting that is important enough to merit attention of those charged with governance since there is a reasonable possibility that a misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. ^^ A ‘material weakness’ is a deficiency, or a combination of deficiencies, in internal financial control
the company's annual or interim financial statements will not be prevented or detected on a timely basis.
No No Yes Yes Yes Yes No No Yes Yes No No
In case of lis isted com
among the other matters, state that director’s has laid down internal financial controls and such controls are ade adequate and were ope
effectively ly.
Director’ s Resp espon
ibil ilit ity St Statement
SE SEC 134 134(5)(e) of
Companies Act, t, 2013 2013 The auditors of the companies to report as whether the company has adequate internal financial controls system in place and the operatin ing effectiv iveness of such controls. Auditors reporting on internal financial controls is effective from FY 2015-16.
Aud Audit itor
SE SEC 143 143(3)(i) of
Companies s Act, ct, 2013 2013
Every Audit Committee shall act in accordance with the terms of reference specified in writing by the Board which shall inter alia, include, evaluation of internal financial controls and risk management systems. Audit it Com Committee SE SEC 177 177(4)(vii ii) of
Companies s Act, ct, 2013 2013 Matters to be included in the Board report states that companies should provide the details in respect of adequacy of internal financial controls with reference to the Financial Statements.. Boar Board Report Com Companies (Ac (Accounts) Ru Rule les, 2014 2014 Cl Clause se 8
Independent directors should satisfy themselves on the integrity ty of
financial information and ensure that IFCs & systems of risk management are robust and defensible In Integrity of
Fin Financia ial l In Information Schedu dule e IV May call for comments of auditors about internal control systems before their submission to the Board and may also discuss any related issues with the internal and statutory auditors and the management of the company Should act in accordance with the terms of reference specified in writing by the board, which should, inter alia, include evaluation of IFC and ris isk management systems. IF IFC C an and Ri Risk Management Sec ecti tion 17 177 7 (4 (4) ) (i (iv) & & (5) (5)
Clause 49 required and continues to require the certification by the CEO / CFO stating that on establishing and maintaining IFCs for financial reporting & evaluation of the effectiveness of internal control systems pertaining to financial reporting, in addition to disclosures to the auditors and the audit committee and steps to address rectify the deficiencies. Bo Boar ard of
Di Director Cl Clause 49 49 The Directors’ report of all companies should state the details in respect of adequacy of IFCs with reference to the financial statements
Ade dequacy of
IFC’s Com Companies (Ac (Accounts) Ru Rule les, 2014 2014
The CEO i.e. Managing Director or Manager appointed as per Companies Act, and CFO i.e. whole time Finance Director or any other person heading the finance function shall certify to the Board that they accept responsibility for establishing & maintaining internal controls for financial reporting and that they have evaluated the effectiveness of internal control systems of the company pertaining to financial reporting & they have disclosed to the auditors & the Audit Committee, deficiencies in the design or operation of such internal controls, if any, of which they are aware and the steps they have taken or propose to take to rectify these deficiencies. Apart from the CEO/ CFO certification the Clause 49 prescribes several principles and features of clause 49 that have a significant bearing on the concept and effectiveness of internal financial controls. Clau Clause 49 49 CLA CLAUSE 49 49
143 (3) (i) i) of Companies Act, 2013, and Rule le 8 (5) (viii) i) of Companies (Accounts) Rules, 2014 it appears that the Audito tors of even unlis iste ted companie ies are required to report on the adequacy and
Financial Statements
internal financial controls over financial reporting and applicability in case
financial reporting in case of consolidated financial statements
financial reporting
dependent upon
Activities
Materiality Assessment Assessment of Entity Level Controls Assessment of Process Controls & Remediation
Control Effectiveness Reporting Board Certification
Factors affecting identification of significant accounts – Quantitative and Qualitative Quantitative:
derivatives transactions)
business segment) Qualitative:
Characteristics of Entity Level Controls
Ethical Values
Key Functions Influencing and responding to Entity Level Controls assessment:
the effectiveness of Entity Level Controls.
conducted once in a year.
and devised plan of action.
Committee
Establishing effective internal control framework require considering following factors:
Following are illustrative key controls, to be applied suitably for respective process being covered under IFC Framework:
Following are illustrative IT General Controls to be applied suitably for respective organization:
for assessing the effectiveness of all the controls for respective process.
check existence and appropriateness of the control (e.g. Recruitment policy and employee interview assessment sheet, Accounting Policy and Goods Receipt Note, Debit Note)
frequency, key/ non-key controls and auditor’s judgment
head office, different levels of authorizations, manual and IT controls, key and non-key controls
and devised plan of action
Committee
personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives
Enterprise risk management is broader than internal control, expanding and elaborating on internal control to form a more robust conceptualization focusing more fully on risk.
at the process level.
an entity level portfolio view of risk while IFCs IFCs ar are e for for the pro processes whic ich con contribute to
financia ial l rep reporting.
(LOE) by Statutory Auditors.
ing g on
adequacy and and op
eratin ing effectiv iveness of Interim Financial Controls.
Audit pl plannin ing and and Audi Audit me method
logy.
(Sec – 143 (3)(i (3)(i)) ))
and adherence of policy and procedures adopted by the company (Se (Sec -134 (5) (5) (e (e)) ))
Boar ard rep epor
with reference to the “financial statements”
ndependent di director
(Schedule le IV V (I (II) ) (4)) (4))
luatio ion of
im Fi Fina nancia ial l Co Control
y Aud Audit it Co Commit
Clause 177 (4) (4) (v (vii) i)
histle le bl blower pr proc