<h1>Role of Internal Auditors with reference to Internal Controls Over Financial Reporting [ICFR] </h1>
<h2> Definition of Internal Controls </h2>
STANDARD ON AUDITING – SA 315 defines Internal Control as:
“The process designed, implemented and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to the reliability of financial reporting, effectiveness, and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulation. The term “controls” refers to any aspects of one or more of the components of internal control”
<h2>Definition of Internal Financial Controls [IFC] </h2>
Internal financial controls are defined in the explanation to Section 134(5)(e) of the Companies Act 2013 as the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company policies and safeguarding of its assets. Prevention & deduction of frauds and errors.
Accuracy & completeness of accounting records and timely preparation of reliable financial information.
<h2>Internal Controls over Financial Reporting [ICFR] </h2>
The main aim is to provide reasonable assurance regarding the reliability of the financial reporting in accordance with the generally accepted accounting principles. Fairly and accurately reflect the transactions and dispositions of the company. To keep a track of the transactions which have a material effect on the financial statements and ensure that the material transactions are recorded in an appropriate manner.
<h2>Introduction </h2>
IFC as a concept is much wider than ICFR. ICFR provides reasonable assurance with respect to those controls which are free from material misstatements. ICFR covers the controls where any kind of financial activity is involved. ICFR's main aim to ensure compliance with the company’s policies and procedures and prevent/detect frauds and errors. The main concern in ICFR is with the controls which affect the financial reporting to a risk of material misstatement. They are not concerned with the controls that create a risk of business loss, non-financial fraud in terms of information leakage, non-adherence to quality control checks, etc. all of which would be a subject matter of IFC.
<h2>Maintenance of Financial Books & Preparation of Financial Statements </h2>
All companies need to maintain books of account and prepare financial statements in a manner that they give a true and fair view of the statement of affairs of the company. Maintenance of financial statement is an important responsibility of all the companies. The responsibility of maintenance and preparation of financial statements is of the Board of Directors, who in turn may pass on this responsibility to the CFO or any other person of the company. Generally, in small companies the accounts & finance department compiles the trial -balance, and the final books of accounts are prepared by the statutory auditors. This practice blurs the division of role between the company and the auditor and this practice creates a lot of dependence on the auditor by the company and this practice leads to a conflict of interest amongst the auditors and the company.
<h2>Ensuring adequate Internal Controls over ICFR </h2>
As per the Companies Act,2013 vide section 134(5)(e) “The Directors’ Responsibility Statement referred to in clause (c) of subsection (3) shall state that – The directors, in case of a listed company, had laid down internal financial controls to be followed by the company and that such internal controls are adequate and were operating effectively” For private companies, there is no such specific requirement. The requirement which is applicable to every listed, unlisted, private, public, and even one person company is as follows – where the Board of Directors are responsible for ensuring the adequacy of internal financial controls in coordination with the financial statements. If in any given situation the auditor gives an adverse remark on the formal internal control system, then the auditors would require the Board of Directors to provide an explanation for the same. Thus, the accountability of the directors was indirectly set or presumed. The Board is also responsible for including a statement of the adequacy of the internal financial controls in the financial reports which are presented to the shareholders. It is the primary responsibility of the directors is to ensure the truth and fairness, the accuracy, and the appropriateness of the financial statements. In small companies, it is comparatively easier for the directors to maintain the adequacy of the financial reports. As the company grows and business risks and material misstatements can also increase so to reduce and controls the financial risks processes and controls must be established effectively and in an adequate manner.
<h2>From the perspective of Risk Management </h2>
As per section 134 (3) (n) of the Companies Act, 2013 the responsibility of the Board of Directors with reference to risk management is as follows–
“A report by its Board of Directors shall include a statement indicating development and implementation of a risk management policy for the company including identification therein of elements of risk, if any, which in the opinion of the Board may threaten the existence of the company”
As per the above definition, the directors are required to design and implement a risk management policy for the company which in turn will help to reduce the financial risks and material misstatements in the financial statements of the company. It is important for the company to involve the management in framing the risk management policy. While framing the policy. This would result in the implementation of risk management policy and internal controls as per the size and nature of the business of the company and in discharging the responsibilities through effective delegation. Thus, the primary responsibility is that the financial statements should be free from material misstatements.
<h2>The Auditors Responsibility and Reporting Requirement </h2>
The auditor’s responsibility with respect to IFC/ICFR stems from section 134 (3) (i) that requires the auditor’s report. For the same, the auditors need to obtain reasonable assurance to state whether the internal financial controls are effectively operating w.r.t the financial reporting. The ICAI guidance note makes it clear that the auditor’s responsibility with internal financial controls extends only with respect to financial reporting.
<h2>Internal Controls Over Financial Reporting </h2>
Directors are responsible for maintaining the financial statements that show a true and fair view and which are free from material misstatements. Larger companies or companies doing multiple businesses or companies who have entered in many outsourcing arrangements need to have adequate processes and controls to ensure that the financial statements are not compromised. If the company has implemented an IT system, the company must IT system-based controls and authorization controls and protocols so that the quality of financial reporting is not diluted. The auditors are required to plan the internal controls to an extent that reliance can be placed on such controls. Accordingly, the evaluation of internal controls must be documented at the time of planning. The Board must state the adequacy of ICFR to its shareholders in its report.
<h2>Conclusion </h2>
The auditors are required to express the adequacy of ICFR and its effectiveness and for that, it is necessary for him/her to understand the policies and processes of the company so that he/she can obtain evidence for testing through which the effectiveness of the controls can be confirmed. This, in turn, will require the management to provide the necessary details and documentation so that material misstatements can be identified, and financial risks can be reduced.
<h2>How Riskpro can help you? </h2>
Riskpro offers Risk Based Internal Audit and IFC services and Internal Audit & IFC Management Software. For more details on our services or to schedule an online demo of the software, please connect with us at info@riskpro.in.
<b>Author
Raj Kapadia
Associate Audit Services Riskpro India info@riskpro.in
January 2021 </b>
<b>Sources:</b>
<small> https://mylibrary24.com/internal-controls-over-financial-reporting
https://taxguru.in/company-law/internal-financial-controls-introduction.html
Internal Controls Over Financial Reporting (ICFR) book by Bombay Chartered Accountants’ Society
</small>