INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) can be defined as a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. IFCR is mandatory for unlisted companies where
a. Turnover is >= Rs. 50 Cr. and
b. Borrowing >= Rs. 25 Cr.
1.1 ICFR DOMAIN:
ICFR domain consists of internal controls placed at following levels:
• Entity Level
• Process Level
• General IT Controls Level
In addition, there may be internal controls that prevent or detect frauds (termed as ‘anti-fraud controls’) and controls that ensure appropriate financial reporting and closing (termed as ‘period-end financial reporting and closing controls’). Such controls may be combination of category mentioned above.
1.2 IDENTIFYING SIGNIFICANT ACCOUNTS AND RELEVANT ASSERTIONS
The auditor should identify significant accounts and disclosures and their relevant assertions. Relevant assertions are those financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated.
The financial statement assertions include:
• Existence or occurrence;
• Valuation or allocation;
• Rights and obligations;
• Assertions relating to presentation and disclosure
1.3 CONTROL ACTIVITIES
The policies, procedures, practices, and organizational structures designed to provide reasonable assurance that the business objectives will be achieved and undesired events will be prevented or detected.
1. Detective control
Controls that can detect a financial statement misstatement.
2. Preventive control
Controls that can prevent a financial statement misstatement.
1.4 POTENTIAL ERRORS IN FINANCIAL STATEMENTS
In relation to account balances, there are six potential errors that may occur. These are:
• Completeness – All transactions are not recorded
• Validity – Recorded transactions are not valid
• Accuracy – Transactions are inaccurately recorded
• Cut-off – Transactions are recorded in accounts in the wrong period
• Valuation – Assets or liabilities are incorrectly valued
• Presentation – Account balances are presented in a misleading way
1.5 TEST OF OPERATING EFFECTIVENESS – SAMPLING:
|Frequency of performance of the control||Minimum number of Selections|
|Lower risk of deviation||Higher risk of deviation*|
|Recurring manual controls (multiple times a day)||25||40|
|Quarterly (including period end)||2||2|
|* To be used for extended testing in case of one actual / expected control deviation|
Proper documentation should be done for test plans, test results and assertions that are fulfilled by the controls. The documentation may be in the form of control matrix.
1.7 EVALUATING DEVIATIONS:
The results of each test must be evaluated. When deviations from the control design occur, the evaluator should understand the reasons for deviation.
The evaluator would also need to consider compensating, complementary or redundant controls that may achieve the control objective.
1.8 FINALIZING CONCLUSIONS AND SIGN-OFF:
Once the evaluator and process/control owner have analyzed each exception or deviation, the conclusion for each test should be finalized and documented. These should be escalated to the required levels of management for remediation.
1.9 CONTROL DEFICIENCIES:
These may be dealt with at the level of process/control owners. The process owners would obtain approval from the respective functional heads and implement the action plan for remediating the deficiency.
1.10 REMEDIATION MONITORING
Once the remediation plans have been approved, these should be tracked periodically.
ICFR implementation is a stepping stone which has shaped the way corporate India considers its financial reporting responsibility.
This content is meant for information only and should not be considered as an advice or opinion, or otherwise. AKGVG & Associates does not intend to advertise its services through this.
CA Aman Aggarwal
AKGVG & Associates