The Companies Act, 2013 has brought in provisions related to Internal Financial Controls (IFC) & Internal Control over Financial Reporting (ICFR)

1. Internal Financial Controls &
Internal Control over Financial Reporting
Under The Companies Act, 2013

2. Background of IFC & ICFR
 The Companies Act, 2013 has brought in provisions related to Internal
Financial Controls (IFC) & Internal Control over Financial Reporting (ICFR).
 Earlier the requirement was only adequacy of Internal Controls (IC), now it’s
operational effectiveness as well
 This has been done with an objective to improve the integrity and reliability of
financial information of corporates, which is shared with the stakeholders

3. IFC
IFC
ICFR
ICFR
Directors’
Responsibility
Statement
Auditor’s
Report
Evaluation
(Design &
Maintain IFC)
Spectrum of IFC and ICFR

4. Key Concepts – IFC & ICFR
[Sec 134 (5) (e)] – Internal Financial Controls (IFC)
 Policies and Procedures adopted by a company for ensuring:
 the orderly and efficient conduct of its business, including adherence to
company’s policies,
 the safeguarding of its assets,
 the prevention and detection of frauds and errors,
 the accuracy and completeness of the accounting records, and
 the timely preparation of reliable financial information;

5. Key Concepts – IFC & ICFR
[Sec 143 (3) (i)] – Internal Control over Financial Reporting (ICFR)
 Whether a company has adequate financial controls system in place and the
operating effectiveness of such controls
[Sec 177 (4) (vii)]
 Evaluation of Internal Financial Controls and Risk Management Systems of the
Company by Audit Committee

6. Key Concepts – IFC & ICFR
Rule 8 (5) (viii)
Matters to be included in Board’s report of all the companies in respect of IFC:
 (5) In addition to the information and details specified in sub-rule (4), the
report of the Board shall also contain -
 (viii) the details in respect of adequacy of internal financial controls with
reference to the Financial Statements.

7. Spectrum of Internal Control

8. Internal Control Framework
COSO Enterprise Risk Management (ERM) Framework for Internal
Control System

9. Requirements of IFC
Enhancing internal control over financial reporting:
 Mandatory management assessment (Internal Report) and audit by
external auditors
 Mandatory certification of annual reports by the management

10. ICFR Coverage
Demonstration of Internal Financial Controls
 Entity Level Controls
 Unit Level Controls
 Process Level Controls
 IT General Controls
Implementation
 Narratives & Flowcharts & preparation of
 RCM

11. ICFR Coverage - Illustrative
Business Processes covered, typically
 Capital Expenditure (CAPEX)
 Close The Books (CTB)
 Inventory (INV)
 Order To Cash (OTC)
 Procurement To Payment (PTP)
 Direct Taxes & Indirect Taxes (DT & IDT)
 Segregation of Duties (SOD) Assessment
 IT - General Controls (ITGC)

12. Components of IFC Evaluation

13. IFC & ICFR – High Level Process
Assessment of ‘As-Is’
 Control environment, identifying units / processes, etc.
Identifying IFC & ICFR
 Core packages / add-on packages
Preparation of RCM
 Aligning controls identified for mitigating various risks noted
Testing
 Test controls by taking samples from population period
Reporting
 Report control platform to the management
ReportsReportsRCMRCMIdentificationIdentificationAssessmentAssessment TestsTests

14. Process Owner to
Support
Process Flowchart
Risk and Controls
Matrix
Segregation of Duties
Table
Complete
Walkthrough, Test
Plans, and Doc.
Updates
Review Process
Documentation Final Review and Sign Off
Update Process
Documentation
Process Owner Walkthrough
Performer
Process Narrative
Review Walkthrough
Package
Completed
Walkthrough
Package
Completed Test
Plans
Updated Process
Documents
Management
Reviewer
High-Level
Flowchart
ICFR Team Reviewer
QA Review
Post Final Doc.
Project Overview

15. Components of RCM
1. Control Activity
2. Control Objective
3. COSO Objective
4. COSO Assertions
5. Risks
6. Type of risk
7. Likelihood
8. Significance
9. Risk Rating
10. Control Procedures
11. Nature of Control
12. Type of Control
13. Frequency
14. Responsibility
15. Document Flow

16. Role of an External Auditor
As an Auditor :
 Assess both the design and operating effectiveness of selected internal
controls
 Understand the flow of transactions sufficiently to identify points at which a
misstatement could arise
 Evaluate company-level (entity-level) controls
 Evaluate Unit level & process-level controls
 Conclude by forming an opinion on the financial statements whether
prepared, in all material respects, in accordance with the applicable
financial reporting framework

17. About Kirtane & Pandit
• One of the leading Accounting &
Professional Services firms in India
• Operating since last five decades
• Client base of around 400 organizations in
Corporate & Banking Sectors
• A dedicated, motivated and very senior
team of 400+ that will deliver.
• Resource pool includes experienced CAs,
CMAs, CS, CISA / DISA, Senior Bankers,
MBAs etc.
• Registered with PCAOB of SEC, USA

18. www.kirtanepandit.com
Pune
73 / 2 / 2, ‘Sangati’, Bhakti Marg,
Off Law College Road,
Pune - 411 004.
Tel: 020 – 25433104, 25438764
Fax No.: 020 – 2544 7603
E-mail: kpca@kirtanepandit.com
Mumbai
H – 16, Saraswat Colony,
Sitaladevi Temple Road,
Mahim, Mumbai - 400 016.
Tel: 022 - 2444 4119
Fax. No.: 022 - 2444 1147
Email: kpcamumbai@kirtanepandit.com
Nashik
Ground Floor, Jay Apts, Ashwin Nagar,
Near Telephone Exchange, CIDCO,
Nashik- 422 009,
Tel: 0253-2399639
E-mail: kpcanashik@kirtanepandit.com
Bangalore
No. 63/1, I Floor, Makam Plaza, III Main Road,
Opp. Bus Stand, 18th Cross, Malleshwaram,
Bengaluru – 560 55
Tel: 080 -23443548
Email: kpcabangalore@kirtanepandit.com
Hyderabad
105, Surekha Chambers, Near Lal Bunglow,
Ameerpet, Hyderabad.
Tel: 040 – 4005 9090
E-mail: kpcahyderabad@kirtanepandit.com