One of the first requisites for a company’s management is the formulation of reliable financial data. If the business is handled efficiently, it can have a logical consequence which can give access to accurate information that determines the decision making for its operations.

What is Internal Control Over Financial Reporting?

Internal Control Over Financial Reporting (ICFR) is a framework which has been used as a comprehensive concept. The Treadway Commission’s Committee on Supporting Organizations (COSO) can be attributed to establish the latter- an effort of many groups involved in successful internal control, which offers a guide to help businesses coordinate and ascertain controls that mitigate a wide variety of risks. This framework of internal financial reporting was  released in 1992 and restructured in 2013. In a nutshell, this framework defines internal control as ‘a process’. The mentioned process is taken up by the board of directors, management and other staff of an entity. The prime objective of ICFR is to provide reasonable assurance with regard to achieving operational, reporting and compliance objectives.

The Concept of Internal Control Over Financial Reporting

Internal Control Over Financial Reporting (ICFR) controls the regulations developed majorly for tackling the financial reporting risks. In simpler terms, the ICFR for any business organization are the control checks with the intention of providing assurance that the financial statements of the organization are accurate and prepared as per the framework defined with the Generally Accepted Accounting Principles (GAAP). As an example, there is a likelihood of occurrence of misstatements in a financial statement. It could be due to statistical mistakes, misapplication of GAAP, or deliberate mistakes (fraud). It is these possibilities which are handled and negated with an ICFR program.

ICFR’s design and operation vests largely on the possibility of fraudulent financial reporting. Fraudulent reports stems from expectations that come from the estimated figures of sales, profits, or other goals. This only adds to the pressure that the management has to deal with to reach a predicted threshold. With effective ICFR, a reasonable assurance can be provided in response to those pressures and the misrepresentation of corporate records can also be curbed.Therefore, internal control over financial reporting (ICFR)  must be aligned with the fraud risk in mind and tailored to the company’s circumstances.Financial reporting often underlines the importance of decision making and well-informed judgments.

Components of Internal Control- COSO’s Framework

Control Ecosystem

This is an established set of standard rules, procedures, and systems that provide the basis for performing internal controls throughout the organization. With the participation of the board of directors, the executive management put forth the agenda such as the importance of internal control which also encompasses planned standards of code and conduct.

The control ecosystem makes a cursory observation of organization’s reputation and ethical values; they set the criteria allowing the board of directors to perform its oversight obligations in governance; the structure of hierarchy along with distribution of power and duty. It also covers the recruiting process, cultivating, and maintaining qualified individuals. The success metrics, opportunities and achievement awards that promote transparency are also looked over. The resulting control ecosystem has a major say on the organization’s overall internal control system.

Risk Assessment

Each organization faces their share of risk not just external but internal as well. Risks are characterized as the probability of an incident taking place and adversely affecting the accomplishment of the objectives. Risks to the accomplishment of these organizational goals can have a direct relation with the recognized risk tolerances. Thus, risk assessment is the very foundation in regards to determining how risks will be managed.

Control Activities

Control practices are acts which are formulated by the policies and procedures to ensure that the guidelines of management are abided by to minimize risks for the achievement of goals. Management operations are carried out at all levels of the organization. The control activities are put in place for all company procedures, and throughout the infrastructure environment.

The control nature can be of natures such as preventive or detective. They may also contain a variety of manual and automated tasks such as:

• Authorizations
• Approvals
• Verifications
• Reconciliations
• Analysis

Segregation of duties is characteristically structured as per the choice and development of control activities. If they are seen as not practical or feasible, the management opts and develops alternate control activities.

Monitoring Activities

Continuing assessments, independent assessments, or a change of magnitude in the two decide if one of the four internal control elements, including checks that affect the values within each function, is present and operating. Continuous assessments within the various organizational levels are beneficial in fetching timely information.

Individual assessments that are performed regularly become different in some particular ways like its complexity and frequency, depending on risk evaluations, the efficacy of current evaluations, and other management factors. Findings are measured against standards on the basis of standards set by the regulators, recognized standardizing bodies or management and the board of directors, and deficiencies are reported to management and the board of directors.

This content is meant for information only and should not be considered as an advice or legal  opinion, or otherwise. AKGVG & Associates does not intend to advertise its services through this.