Internal Financial Controls (IFC) - An Overview
|
|
- Lewis Wright
- 6 years ago
- Views:
Transcription
1 Internal Financial Controls (IFC) - An Overview
2 Increased responsibilities of the Board: Companies Act 2013 Board s responsibility extended to ensure Legal compliances to all applicable statutes. The increasingly onerous requirements mean that the role of Legal assurance function will need to be redefined. Expanded the applicability beyond financial reporting controls covers operational aspects. Companies will now need to embed internal control monitoring into their operations, reporting and compliance processes. Significant responsibilities on the board and audit committee members to assess the robustness of company s risk management policies, processes and systems. 2
3 Regulatory focus on Internal Financial Controls Sec 134 As per Section 134(5)(e) requires, directors to make an assertion in Directors Responsibility Statement that they have laid down internal financial controls to be followed and that such IFCs are adequate and operating effectively Sec. 143 Under Section 143(3)(i), Statutory Auditors are required to make a statement in their Auditors Report, whether the company has adequate IFC system in place and the operating effectiveness of such controls Sec. 177 Under Section 177(4)(vii), the duties of the Audit Committee include evaluation of internal financial controls & to make a report to the board Sch. IV The roles and functions codified in Schedule IV of The Companies Act 2013 clearly state that independent directors shall satisfy themselves on the integrity of financial information and that financial controls and the systems of risk management are robust and defensible Companies Act 2013 casts responsibility to ensure existence and operating effectiveness of Internal Financial Controls for various stakeholders Ensure adequacy and operating effectiveness of IFC Evaluation of internal financial controls Directors Internal Financial Audit Committee To comment on adequacy and operating effectiveness of IFC Control Satisfy themselves on the robustness of internal financial controls framework Auditors Independent Directors 3
4 IFC as defined and the areas of focus Definition of Internal Financial Controls as per Companies Act, 2013 policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information Building block (Component) Policies and procedures Safeguarding of assets Prevention and detection of frauds and errors Accuracy and completeness of the accounting records Timely preparation of reliable financial information Key objectives of coverage Assignment of responsibility, delegation of authority, segregation of duties and establishment of related policies and procedures to provide a basis for accountability and controls Assets and ownership interests exist at a specific date Assets are the rights of the entity at a specified date Enable proactive anti-fraud controls and a fraud risk management framework to mitigate fraud risks to the company All transactions occurred during a specific period have been recorded Assets, liability, revenue and expense components are recorded at appropriate amounts Financial items are properly described, sorted and classified Financial information is provided as per the timelines defined by the relevant stakeholders 4
5 The IFC equation ICOFR + Operations Controls + Anti Fraud Controls = IFC ICOFR Operational Controls Anti Fraud Controls 1 Is quantity recorded in invoice less than the actual dispatched quantity Are dispatch of goods to the customers delayed Can goods be dispatched to customer without a valid invoice EXAMPLES Is monthly reconciliation between headcount and payroll run performed and approved Inputs and cut off (period end) controls for recording raw material consumption Are Purchase Orders authorized as per the delegation of authority matrix Is attendance, for all employees, tracked through biometric or manual attendance sheets Monitoring standard consumption v/s actual consumption for variations Is the lead time in raising the PO against a PR monitored to avoid delays in procurement Can salary be disbursed to dummy/ ghost employees or absconding employees Reporting incorrect yield to mask inventory pilferage Can vendors be shortlisted without inviting multiple quotations 5 Material receipts are accurately accounted for in books of accounts Can physical verification of material be done through technology instead of manual certification Can we record a receipt without a physical receipt (access control) 5
6 A typical IFC Framework Assignment [ ] of Authority and Responsibility Key activities Integrity and ethics framework Controls on outsourced processes Financial Reporting Controls Asset Controls Oversight over Financial Reporting and Disclosures IT Controls Operationa l Financial Controls Fraud Risk Controls Organization Structure, Policies and Procedures Board and Audit Committee Oversight over Internal Financial Controls (Financial Risk Assessment) Enterprise Risk Management Identification of key business / financial processes Entity level controls Process flow charts Process level controls IT general controls Anti fraud controls Test of design Test of effectiveness Reporting Entity Level Elements Process Level Elements 6
7 What companies need to do Assess control environment by identifying and documenting entity level controls. 7
8 Entity Level Controls The following 5 components and 17 principles are considered for Entity Level Assessment of controls, it is required to be ensured that each of these principles are present and working within the company: Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities 10.Selects and develops control activities 11.Selects and develops general controls over technology 12.Deploys through policies and procedures Information and Communication 13.Uses relevant information 14.Communicates internally 15.Communicates externally Monitoring Activities 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies 8
9 What companies need to do Assess control environment by identifying and documenting entity level controls. Identify key financial and non- financial processes at the company, based on the materiality of account balances 9
10 Planning & Scoping Business cycles / Process universe is required to be decided based on a top-down approach; Financial Statement s Risks to Financial Controls Business Cycles Subprocesses Objectives Activities Typical Process Universe Order to cash Procurement to pay Legal & Secretarial compliance Research & Development Fixed Assets Financial Processes HR and Payroll Non-financial Processes Inventory management Treasury Book Closure, Finance & Accounts Manufacturing, Quality & Operations 10
11 What companies need to do Assess control environment by identifying and documenting entity level controls. Identify key financial and non- financial processes at the company, based on the materiality of account balances Document process flows and narratives to document the key financial processes 11
12 Process flows Process flows are documented to depict the process to initiate, authorize, process, record and report transactions. Process flows are also helpful in identification of the potential red flags where misstatements could occur and the control activities that are defined to detect or prevent the same. Key elements to be included in a process flow diagram Process Objective Various applications involved IPE involvement Sequence of activities & document flow Frequency of activity People involved Makers & Checkers Controls in the process Segregation of duties Overview Information & Activities Control Environment Supported by Process Narratives comprising of: - Detailed description of all activities enumerated in the flow chart - Background / information on aspects that cannot be described in a flow chart 12
13 Process flows: Sample Buyer PROCESS Adds the vendors to the bidder list Buyer Yes Authorized personnel Buyer Buyer PR Approval PROCESS Prepares a bidder list and sends to authorized personnel (user, Manager, Supply Chain) as per policy for approval PP.1.01.A Changes recommended? No AUTHORISE Approve the bidder list via hard copy / (with a copy to the Manager, Supply Chain) PROCESS Floats the RFP to the potential vendors (via Smart Source ) PROCESS Follows-up with vendors for responses, and answers relevant queries, where applicable Authorized personnel Buyer Buyer & User Price approvals AUTHORISE Approve the bid extension (via hard copy / ) PROCESS Prepares request for extension in pre-defined format and sends to authorised personnel as per policy for approval Yes Are bid timelines to be extended? PROCESS Receive bids before bid closure date No Buyer Buyer & User Buyer & User Buyer & User PROCESS Prepares a price comparison sheet and submits it for the approval as per the Schedule of Authority PP.1.01.A PROCESS Prepare queries / clarifications and discuss the same with the bidders PROCESS Conduct commercial and technical evaluation as per predefined commercial and technical criterion PROCESS Receive bids till last date via hard copy; sign off the unpriced bid opening form and open techno commercial bids 13
14 What companies need to do Assess control environment by identifying and documenting entity level controls. Identify key financial and non- financial processes at the company, based on the materiality of account balances Document process flows and narratives to document the key financial processes Document Fraud Risk Controls, Process level controls and IT General Controls for the above processes in Risk Control matrices (RCMs) 14
15 Controls Risks Objective setting is a precondition to risk assessment; enables the management to identify the risks Control Objective The function of What Can Go Wrong with regards to the objectives defined Controls in place with the company to ensure that the risks identified are duly mitigated Existing Controls Types of controls Preventive Detective Automated Manual Process vs. controls Process Procedures defined to depict the data flow (origin, transfer or change) and can introduce errors Example: Employees complete their timesheets Controls Procedures designed to prevent and detect inconsistencies in the processes and cannot generate errors Example: Project manager approves timesheets 15
16 Sample Process RCM Risk Sub process Control Objective Control # Completeness Existence/ Occurrence Accuracy Valuation Rights & Obligations Presentation & Disclosure Entity Actual Control Key / Non Key Unique / Referred Preven tive / Detecti ve Type of Control (Automate d or Manual) Freque ncy Purchase orders are created for inaccurat e rate / quantity. P2P - Indent to Orderin g All purchase orders are authorized for rate and quantity. PP A X X X Spend up to INR 4-20 Lacs (Inclusive of taxes and overheads) As per policy, procurement is initiated by the user; coordinated, executed and negotiated by the Supply Chain. Vendor is selected on the basis of a comparative statement prepared by the buyers and approved by Supply Chain DOA holder via post reviewing all the supporting. If a preferred vendor is recommended by the user then only one bid is sought. The vendor is finalized based on approval of user and Supply Chain DOA holder via post reviewing all the supporting. Supporting documents and the approvals are attached in SAP by the buyer at the time of creation of PO / SO to provide a reference for approval. Key Unique Preve ntive Manual Transa ctional 16
17 Control documentation Journal Entries Common Practice Control objective Risk All manual journal entries are prepared in accordance with the company policy, are appropriately authorized and correctly recorded in the appropriate accounting period Inappropriate, unauthorized, and inaccurate calculation and recording of manual journal entries resulting in invalid transactions and financial misstatement Entity Actual Control All JVs are approved by HoD Finance Backup calculations are verified by HoD Finance Is the control documented adequate? How is it ensured that only authorized transactions are posted? What is the evidence of approval? How is review of backup calculation by HOD ensured? How is it ensured that the approval is provided by the right authority? How do you ensure that process was followed for all JVs? 17
18 Control documentation Journal Entries Suggested Practice Control objective Risk All manual journal entries are prepared in accordance with the company policy, are appropriately authorized and correctly recorded in the appropriate accounting period Inappropriate, unauthorized, and inaccurate calculation and recording of manual journal entries resulting in invalid transactions and financial misstatement Entity Actual Control Transactional All Journal Vouchers (JVs) are prepared by Finance team and manually approved (hard copy) by Finance Manager All approvals are provided as per defined Schedule of Authority Approvals are provided only based on review of backup calculations. All such backup calculations are attached to JV (hard copies) and also updated on the shared drive with limited access to team members Monthly HoD Finance downloads a log of all JVs recorded from ERP in a standard report Log of JVs is reconciled with back up and approval documents; the log is signed off 18
19 Control documentation GRN process Common Practice Control objective All material receipts are appropriately authorized and correctly recorded in the appropriate accounting period Risk Unauthorized receipt of materials / receipt in excess of purchase order quantities, resulting in inflation of vendor liabilities Entity Actual Control GR is recorded by stores based on sign-off provided by security for quantity verified and Manager QC for Quality of material received All GRs are recorded against purchase orders Is the control documented adequate? Who ensures no material enters the plant without PO? What is the control to ensure dummy GR are not recorded? How is accuracy of GR recorded ensured? What is the control on price and which liability is booked Are there any automated controls? 19
20 Control documentation Suggested Practice Entity Actual Control Automated Transactional Monthly GRs can be recorded only against an approved Purchase Order Material price / vendor code is automatically captured from the released PO; access for manual updates to the same is not available Access to record GR is restricted to Stores Details of consignment (PO number, invoice no., etc.) are stated in manual gate entry register and security stamp is affixed on the invoice Authorized person records GRN against PO for quantity physically received or DC quantity, whichever is lower based on quantity verified by Stores officer Quality clearance for material ensure checking of GRN is prepared for the right quantity Stores Manager conducts monthly reconciliation of all GRN in ERP vs. manual gate entry register maintained by security to ensure all transactions are posted and avoid dummy GRNs 20
21 Assertions Financial statement assertions have been defined in the Guidance Note on IFC to assist in identification of areas in which financials can be potentially misstated. Assertions laid down in the note are: Existence or occurrence Completeness Valuation or allocation Rights and obligations Assertions relating to presentation and disclosure 21
22 ITGC controls Process of testing ITGC (Information Technology General Controls): Identify IT environment Identify IT Risks impacting the significant accounts Identify the existing IT General controls to mitigate the IT Risks Test the controls and report results 22
23 ITGC controls Process of testing ITGC (Information Technology General Controls): Identify IT environment Identify IT Risks impacting the significant accounts Identify the existing IT General controls to mitigate the IT Risks Test the controls and report results IT environment IT applications Application system management IT General controls Access Security IT Infrastructure End user computing Program change System software change Data center and network operations 23
24 IPE: Information Produced by entity What is IPE: Any report (system generated, manually prepared or combination of both) that, in the IFC context, is referred by an auditor as an audit evidence to conduct test of operating effectiveness or conduct substantive testing Elements of IPE Source Report Logic Report Parameters Objective of testing IPE: All 3 elements generate complete and accurate IPEs Key considerations for testing 1 Completeness of data 2 Incorrect information input 3 Incorrect report logic 4 Manual changes to data / logic 5 Incorrect report parameters Modes of testing of IPEs auditor proposes to use: Direct tests Perform procedures to test completeness and accuracy Combination of the two 24
25 What companies need to do Assess control environment by identifying and documenting entity level controls. Identify key financial and non- financial processes at the company, based on the materiality of account balances Document process flows and narratives to document the key financial processes Document Fraud Risk Controls, Process level controls and IT General Controls for the above processes in Risk Control matrices (RCMs) Undertake Test of Design (TOD) for the controls listed in RCMs and report results. 25
26 Test of Design Test of design (TOD) is conducted to determine whether the controls, if operated as prescribed by authorized personnel, satisfy the company's control objectives and can effectively prevent or detect errors or fraud TOD is to be conducted for all controls documented in the RCMs Key considerations for TOD: Controls correlation to risk / assertion Controls correlation to significance of the risk Competence and Authority of personnel Level of of aggregation & predictability In Review controls - Criteria for investigation & follow up Dependency on other controls 26
27 What companies need to do Assess control environment by identifying and documenting entity level controls. Identify key financial and non- financial processes at the company, based on the materiality of account balances Document process flows and narratives to document the key financial processes Document Fraud Risk Controls, Process level controls and IT General Controls for the above processes in Risk Control matrices (RCMs) Undertake Test of Design (TOD) for the controls listed in RCMs and report results. Select samples from all transactions at the company and perform Test of Operating Effectiveness (TOE). 27
28 Test of Operating Effectiveness Test of operating Effectiveness (TOE) is conducted to determine whether the control is operating as designed and whether the personnel have the competency to perform the control effectively. Factors that determine if TOE is required Risk associated with a control Competency of personnel performing the control Risks associated with financial misstatement Dependency on manual operations History of errors Nature and frequency of the control Characteristics of control activity Dependency on other controls Effectiveness of entity level controls (monitoring mechanisms) Complexity of control, significance on judgment Based on the results of the testing, deviations and deficiencies in the controls need to be reported Impact Sample Size 28
29 Sampling methodology Control frequency Low Risk of Failure High Annual 1 1 Quarterly Monthly 2 3 Weekly 5 8 Daily Recurring / Manual control (Multiple times in a day) Note: +1 indicates that the year end control needs to be tested. 29
30 Deviations and Deficiencies What is a significant deficiency? What is a deficiency? Deficiencies important enough to merit attention of governing bodies since there is a reasonable possibility of material misstatement What is a deviation? Design & Operations controls that do not allow management, in normal course of performing their functions, to prevent misstatement or detect and correct Any exception noted during testing 30
31 Deviations and Deficiencies Deficiency in Design exist if Controls not designed Controls not adequate What is a deviation? Any exception noted during testing What is a deficiency? Design & Operations controls that do not allow management in normal course of performing their functions to prevent misstatement or detect and correct What is a significant deficiency? Deficiencies important enough to merit attention of governing bodies since there is a reasonable possibility of material misstatement Deficiency in Operation exist if: Controls not operating as designed Authorities not assigned to person responsible for control 31
32 What companies need to do Assess control environment by identifying and documenting entity level controls. Identify key financial and non- financial processes at the company, based on the materiality of account balances Document process flows and narratives to document the key financial processes Document Fraud Risk Controls, Process level controls and IT General Controls for the above processes in Risk Control matrices (RCMs) Undertake Test of Design (TOD) for the controls listed in RCMs and report results. Select samples from all transactions at the company and perform Test of Operating Effectiveness (TOE). Report on deficiencies noted during audit 32
33 Reporting Reporting on overall IFC by auditors Unmodified report : In case deficiencies noted in the documentation & testing of IFC do not result in material weakness Modified report: In case material weakness is noted. Reporting includes definition of material weakness and details of weakness identified *Modified Report as per standard template defined in the Guidance Note A material weakness is a deficiency, or a combination of deficiencies, in IFC, such that there is a reasonable possibility that a material misstatement of the company s annual or interim financial statement will not be prevented or detected on a timely basis. Additional periodic communication of deficiencies Management: All deficiencies Governing Bodies: All significant deficiencies Directors: If oversight of Audit Committee is Ineffective Auditor shall not issue a report stating that no deficiencies were noted 33
34 Our experience: Key takeaways from an IFC framework Standardization of controls across business locations Opportunity to benchmark leading practices into business processes Review manual controls and examine possibilities of control automation Optimization of the processes through identification and elimination of non value added activities in the process or duplicate controls being performed Development of risk aware culture in the organization Improved visibility of control environment in the organization for CEOs and CFOs 34
35 Our experience: Challenges in establishing an IFC framework Getting buy-in from process owners Document retention especially evidence of reviews Balancing Segregation Of Duty conflicts with Lean Management Continuous adherence to controls implemented Incorporating changes in the process flow charts and RCM to accommodate changes in processes or platforms Marrying process flowcharts with ISO documentation Willingness of organization for accepting the changes in the processes and adherence to it Managing the cost of compliance 35
36 Our experience: Key issues noted in IFC implementation across industries Absence of maker-checker controls over transactional recording Inadequate document retention especially in case of review evidences Balancing Segregation Of Duty conflicts with Lean Management Inadequate confirmations / approval notes in case on policy non-compliance / deviations Inconsistency in operations across locations / units Lack of clarity with regards to Policy / SOP among the users and relevant process owners leading to inconsistent practices Lack of consistency, since IFC is considered as an event and not as a process 36
37 Thank You Deep Jaggi Director, Risk Consulting KPMG, India Mob:
Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects
Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects What is Internal Financial Control (IFC)? As per Section 134 of Companies Act, 2013 Internal financial controls (IFC) means
More information29 th Regional Conference of WIRC
29 th Regional Conference of WIRC Internal Financial Control - Auditors responsibility The Lalit International, Mumbai 6 December 2014 Contents 1 Provisions of Companies Act, 2013 2 Auditors responsibility
More informationInternal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)
Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR) Origin of IFC The first significant focus on internal control certification related to financial reporting
More informationRoad to Self Governance
Road to Self Governance Transform internal controls; sustain business performance 8 January 2015 Contents 1. Setting the Context 2. What needs to be done 3. Perspectives on IFC coverage 4. Leveraging IFC
More informationDe Coding IFC. 30 th December 2015 ICAI Baroda Branch
De Coding IFC 30 th December 2015 ICAI Baroda Branch Internal Financial Controls - at a Glance Introduction to Internal Financial Controls Preamble The Indian financial regulations have initiated a synchronized
More informationInternal financial controls
Internal financial controls Synopsis Refresh on IFC Snapshot from revised ICAI guidance note Approach for ICFR implementation 2 IFC, as per Companies Act, 2013 As per Section 134 of the Companies Act 2013,
More informationHow well you are prepared to deal with IFC
September 9, 2016 How well you are prepared to deal with IFC Price Waterhouse & Co Amit Agrawal & Madhavi D K Internal Financial Controls over Financial Reporting (IFCFR) Particulars Background Overview
More informationResponsibilities of auditors while undertaking IFC reporting role of documentation
Responsibilities of auditors while undertaking IFC reporting role of documentation Seminar on Internal Financial Controls over Financial Reporting Organised By Western India Regional Council Presentation
More informationB S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013
B S R & Co. LLP Reporting on Internal Controls over Financial Reporting An Overview Sarbanes Oxley Act (SOX) 28 December 2013 Agenda Sarbanes Oxley Key Sections COSO Framework Management Approach to ICOFR
More informationInternal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC
Internal controls over Financial Reporting Key concepts Presentation by Jayesh Gandhi at WIRC Page 1 ICFR Key Concepts WIRC 28 May 2016 Agenda Scope and requirements Overview of internal controls as per
More informationSeminar Internal Control Identification and Filtering
Seminar Internal Control Identification and Filtering 4 March 2011 by Stephen Ho Definition The process designed, implemented and maintained by those charged with governance, management and other personnel
More informationInternal Financial Controls (IFC) ICAI Seminar October 8, 2016
Internal Financial Controls (IFC) 1 ICAI Seminar October 8, 2016 Financial Reporting Assertions 3 Effective Internal Controls over Financial Reporting All Significant Accounts considered Minor or few internal
More informationUNFPA. This policy applies to all UNFPA personnel, particularly those involved in the purchasing and payment of goods and services.
Policy Title Previous title (if any) Policy objective Target audience Risk Matrix Policy and Procedures for Accounts Payable n/a The Policy and Procedures for Accounts Payable policy establishes the procedures
More informationRisk Control Matrices. Volume II (Part-C)
Volume II (Part-C) Risk Control Matrices 522 Contents Volume II Part C - Risk Control Matrices Order to Cash... 524 Procurement... 528 Legal and Regulatory... 533 Hire to Pay (H2P)... 535 Fixed Assets...
More informationChapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 18 Integrated Audits of Public Companies McGraw-Hill/Irwin Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Nature of an Integrated Audit Auditors of public companies should
More informationInternal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016
New perspectives as per Companies Act 2013 and CARO 2016 1 Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under
More informationCOSO Updates and Expectations. IIA San Diego Chapter January 8, 2014
COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component
More informationILLUSTRATIVE RISKS OF MATERIAL MISSTATEMENT, RELATED CONTROL OBJECTIVES AND CONTROL ACTIVITIES. (Refer paragraphs 77 and 100)
APPENDIX IV ILLUSTRATIVE RISKS OF MATERIAL MISSTATEMENT, RELATED CONTROL OBJECTIVES AND CONTROL ACTIVITIES (Refer paragraphs 77 and 100) Standards on Auditing ( SA ) 315 Identifying and Assessing the Risk
More informationAdvanced Finance for Governing Board Members. Charter Schools: Advancing the Promise!! 2015 Annual Conference
Advanced Finance for Governing Board Members Charter Schools: Advancing the Promise!! 2015 Annual Conference Governing Body Responsibilities with regard to finance Fiduciary responsibilities outlined in
More informationSEMINAR ON INTERNAL FINANCIAL CONTROLS. Oct 31, 2015 at ISACA Pune Chapter Nov 1, 2015 at Pune Branch of WIRC of ICAI
SEMINAR ON INTERNAL FINANCIAL CONTROLS Oct 31, 2015 at ISACA Pune Chapter Nov 1, 2015 at Pune Branch of WIRC of ICAI AGENDA Session I II III IV V Topic Framework & Planning for IFC Review of IT General
More informationREPORTING REQUIREMENTS UNDER IFC
REPORTING REQUIREMENTS UNDER IFC Western India Regional Council of ICAI 3rd June, 2017 CA.Abhay Mehta Mehta Chokshi & Shah Statutory Provisions governing IFC Management s Responsibility Board of Directors
More informationINTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS
INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT (Effective for audits of financial statements for periods beginning
More informationInternal Control Over Financial Reporting (ICFR) Unique Approach, Superior Results
Internal Control Over Financial Reporting (ICFR) Unique Approach, Superior Results Regulatory Perspective What is Internal Financial Controls(IFC) As per 134(5)(e) of the Companies Act 2013, Internal Financial
More informationIndex. Exercise 1 - Identification of Checklist Page 14. Sample 1 - Transpose & Sorting Page 15. Sample 2 - Review Comments Page 20
Index Exercise 1 - Identification of Checklist Page 14 Sample 1 - Transpose & Sorting Page 15 Sample 2 - Review Comments Page 20 Sample 3 - Responding to Audit Framework Page 22 (Controls & Audit Evidence)
More informationAn Overview of the 2013 COSO Framework. August 2013
An Overview of the 2013 COSO Framework August 2013 Introduction Dean Geesler, KPMG Senior Manager Course Objectives Summarize the key changes from the 1992 Framework to the 2013 Framework including the
More informationAuditing Standards and Practices Council
Auditing Standards and Practices Council PHILIPPINE STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT PHILIPPINE STANDARD ON AUDITING
More informationCONTINUOUS AUDITING - UPDATE. Travis S. Moser, CISA
CONTINUOUS AUDITING - UPDATE Travis S. Moser, CISA CONTINUOUS ASSURANCE FRAMEWORK Third Line of Defense: IA provides independent assurance Second Line of Defense: Functions oversee risks First Line of
More informationThe definition of a deficiency is also set forth in the attached Appendix I.
Deloitte & Touche LLP 361 South Marine Corps Drive Tamuning, GU 96913-3973 USA Tel: (671)646-3884 Fax: (671)649-4932 www.deloitte.com May 26, 2014 Mr. David Paul General Manager Marshalls Energy Company,
More informationImplementation Tool for Auditors
Implementation Tool for Auditors CANADIAN AUDITING STANDARDS (CAS) DECEMBER 2017 STANDARD DISCUSSED CAS 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity
More informationIPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:
IPO Readiness Sarbanes-Oxley Compliance & Other Considerations Presented by: IPO Readiness Enhanced Financial / Legal compliance SEC / Stock Exchange Compliance Entity Structure / Registration Filing Requirements
More informationFinancial Controls Checklist
Financial Controls Checklist Board of Health: Board of Health for the Leeds, Grenville & Lanark District Health Unit Period ended: Dec. 31/17 Objective: The objective of the Financial Controls Checklist
More informationLoch Lomond and The Trossachs National Park Authority. Key Controls Report
Loch Lomond and The Trossachs National Park Authority Key Controls Report Prepared for Loch Lomond and The Trossachs Park Authority April 2015 Audit Scotland is a statutory body set up in April 2000 under
More informationComparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)
Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining) Topic AS No. 5 AS No. 2 Objective of ICFR Audit Planning the ICFR Audit Integration
More informationAudit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting
Audit and Advisory Services Integrity, Innovation and Quality Audit of Internal Controls over Financial Reporting October 2015 Table of Contents i Audit of Internal Controls over Financial Reporting EXECUTIVE
More informationManaging Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk
Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk Chris Doxey, CAPP, CCSA, CICA, CPC President, Doxey, Inc. chris@chrisdoxey.com 571-267-9107 Agenda Introduction to Risk
More informationUsing Data Analytics in Audits
Using Data Analytics in Audits Data Analytics is the process of inspecting, cleansing, transforming and modelling raw data with the purpose of discovering useful information, drawing conclusions and supporting
More informationEvaluating Internal Controls
A SSURANCE AND A DVISORY BUSINESS S ERVICES Fourth in the Series!@# Evaluating Internal Controls Evaluating Overall Effectiveness, Identifying Matters for Improvement, and Ongoing Assessment of Controls
More informationSEGREGATION OF DUTIES for SAP
SEGREGATION OF DUTIES for SAP SEGREGATION-OF-DUTIES In todays modern, technology driven world, segregation-of-duties (SoD) is enforced through business applications and ERP s, but highlighting breakdowns
More informationA Discussion About Internal Controls February 2016
A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal
More informationFinance Committee, Board of Health Elizabeth Bowden, Interim Director of Administrative Services FINANCIAL CONTROLS CHECKLIST
March 20, 2016 Report To: Submitted by: Subject: Finance Committee, Board of Health Elizabeth Bowden, Interim Director of Administrative Services FINANCIAL CONTROLS CHECKLIST RECOMMENDATION(S): (a) That
More informationFinancial Statement Close Process
Financial Statement Close Process Process Control Objective Risk Control Considerations Segregation of Duties Accounting functions are properly segregated. Unauthorized and inaccurate transactions may
More informationSA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING
Part I : Engagement and Quality Control Standards I.271 SA 402(REVISED) AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANISATION (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS
More informationAN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More informationIntroductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.
An Overview of the 2013 COSO Framework An Overview of the COSO 2013 Framework August 8, 2013 Introductions Christian Peo Sharon Todd Marc Wittenberg Module Name/SL/1 firms Course Objectives By the end
More informationAn Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements
ASB Meeting July 30 August 1, 2013 Agenda Item 3B AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:
More informationEvaluenz Special Edition on Internal Controls Over Financial Reporting (ICFR) 2016
Greetings from Evaluenz!! We are pleased to present you Evaluenz Connect Special Edition on Internal Controls Over Financial Reporting (ICFR), a publication, sharing knowledge and insight with respect
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Issued December 2007 International Standard on Auditing Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement The Malaysian Institute of Certified Public Accountants
More informationSUGGESTED SOLUTIONS/ ANSWERS EXTRA ATTEMPT EXAMINATIONS, MAY of 11 AUDIT & ASSURANCE [P2] PROFESSIONAL LEVEL
Question No. 1 SUGGESTED SOLUTIONS/ ANSWERS EXTRA ATTEMPT EXAMINATIONS, MAY 2017 1 of 11 (a) Outsourcing of Internal Audit Function: 07 Outsourcing is where the company uses an external company to perform
More informationDiocese of Covington Policies & Procedures Manual Section: Compliance Accounting Policy: Internal Control & Segregation of Duties
Internal Control refers to the policies and procedures established to provide reasonable assurance that parish assets are safeguarded, that accountability is achieved, and that errors in financial records
More informationA step towards strengthening governance
A step towards strengthening governance Resolution No.1, 2017 of the Chairman of ADAA March 2018 kpmg.com/ae kpmg.com/om What is the Resolution about? Setting the context GCC regulations are constantly
More informationAlyssa G. Martin, CPA Brandon Tanous, CIA, Using the COSO CFE, CGAP, CRMA Framework to Develop a Strong and Preventive Control Environment
Speakers Using the COSO Framework to Develop a Strong and Preventive Control Environment Weaver Public Sector CPE Event Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25+ years of public
More informationResults in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019
Results in Brief OIG 19-06 January 18, 2019 Why We Did This Review The VMF is a foundational element of the Accounts Payable and Procurement processes. The VMF contains vital information about vendors
More informationResults in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019
Results in Brief OIG 19-06 January 18, 2019 Why We Did This Review The VMF is a foundational element of the Accounts Payable and Procurement processes. The VMF contains vital information about vendors
More informationAn Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements
Page A 1 Standard Appendix Auditing Standard No. 2 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS Auditing Standard No. 2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction
More informationAn Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements
AUDITING STANDARD No. 2 An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements March 9, 2004 AUDITING AND RELATED PROFESSIONAL PRACTICE STANDARDS
More informationINTERNAL FINANCIAL CONTROL POLICY
INTERNAL FINANCIAL CONTROL POLICY Legal Framework This policy has been formulated pursuant to Section 135 of the Companies Act, 2013, for ensuring the orderly and efficient conduct of the business of the
More informationProcurement May 2018
Procurement May 2018 May 16, 2018 Office of the Auditor General Halifax Regional Municipality The following audit of Procurement, completed under section 50(2) of the Halifax Regional Municipality Charter,
More informationSarbanes-Oxley 404(a) Efficient, Effective Consulting Solutions
Sarbanes-Oxley 404(a) Efficient, Effective Consulting Solutions Contents Standardized Solution to Sarbanes-Oxley Compliance... 3 SOX in a Box?... 3 The Value Proposition... 3 About Us... 3 Why Use Us?...
More informationAuditing Standards and Practices Council
Auditing Standards and Practices Council PHILIPPINE STANDARD ON AUDITING 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS PHILIPPINE STANDARD ON AUDITING 330 THE AUDITOR S PROCEDURES IN RESPONSE
More informationLoch Lomond and The Trossachs. National Park Authority. Review of Internal Controls 2015/16. Prepared for Loch Lomond and The Trossachs.
Loch Lomond and The Trossachs National Park Authority Review of Internal Controls 2015/16 Prepared for Loch Lomond and The Trossachs National Park Authority March 2016 Key contacts Asif A Haseeb, Engagement
More informationUS U.S. AAM vs. DTTL AAM A Refresher Deloitte Touche Tohmatsu
US 500-12 U.S. AAM vs. DTTL AAM A Refresher 2008 Deloitte Touche Tohmatsu Objectives Participants will refresh their knowledge on: Applying the AICPA and the PCAOB Standards. Utilizing the U.S. Audit Approach
More informationCONVENT OF THE SACRED HEART SCHOOL FOUNDATION FINANCIAL REGULATIONS
CONVENT OF THE SACRED HEART SCHOOL FOUNDATION FINANCIAL REGULATIONS Approved by Convent of the Sacred Heart School Foundation, Board of Governors on 9 th October 2008 Policy Statement So that all officers
More informationInternal Controls: Need Them, Have Them, Love Them
Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial
More informationPROFESSIONAL LEVEL PART-A: OVERVIEW OF AUDITING AND ASSURANCE
SYLLABS 2016 Part-D Weightage Part-E Part-C Part-A PROFESSIONAL LEVEL P2 - Audit & Assurance Part-B Part-A Overview of Auditing and Assurance 15% Part-B Audit Planning 20% Part-C Internal Controls 20%
More informationAudit Committee Charter
Audit Committee Charter 1. Objectives The objectives of the audit committee (the committee ) of the board of directors (the Board) of Infosys Limited (the Company ) are to assist the Board with oversight
More informationLecture Notes Internal Controls
Lecture Notes Internal Controls Introduc)on The auditors must understand the accounting system and control environment in order to determine their audit approach. An understanding of internal control assists
More informationGuidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note
More informationGFMIS. MIS MIS - BW SEM Operating System SAP R/3 (GFMIS) FI CO. e-payroll, e-pension AFMIS. ก ก (e-catalog,e-shopping list
ก GFMIS: ก. 1 GFMIS MIS ( ) MIS - BW SEM Operating System SAP R/3 (GFMIS) FM PO HR ก FI ก ก RP AP ก CM FA GL ก CO BIS. DPIS ก. e-procurement ก ก (e-catalog,e-shopping list e-auction) e-payroll, e-pension
More informationTHE AUDITOR S RESPONSES TO ASSESSED RISKS SRI LANKA AUDITING STANDARD 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS
SRI LANKA STANDARD 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after 01 January 2014) CONTENTS Paragraph Introduction Scope of
More informationGAIT FOR BUSINESS AND IT RISK
GAIT FOR BUSINESS AND IT RISK (GAIT-R) The Institute of Internal Auditors March 2008 Table of Contents 1. Introduction...1 2. Executive Summary...2 3. Why GAIT-R?...4 4. The GAIT-R Principles...6 5. GAIT-R
More informationINTERNAL FINANCIAL CONTROLS COMPLIANCE REPORTING APPLICABILITY SCOPE OPINION FRAMEWORK ACTION. Strictly for private circulation
INTERNAL FINANCIAL CONTROLS COMPLIANCE REPORTING APPLICABILITY SCOPE OPINION FRAMEWORK www.rama.co.in Strictly for private circulation 01 New Provisions in Law? Section 134(5) (e)* Director s Responsibility
More informationThe Auditor s Responses to Assessed Risks
SINGAPORE STANDARD SSA 330 ON AUDITING The Auditor s Responses to Assessed Risks SSA 330, The Auditor s Responses to Assessed Risks superseded SSA 330, The Auditor s Procedures in Response to Assessed
More informationMemo. Date: October 2018 INTRODUCTION
Memo To: All Public Accounting Firms From: Kathy Zaplitny, CPA, CA Senior Director, Stakeholder Services & Engagement Re: FOCUS ON PRACTICE INSPECTION REPORTABLE DEFICIENCIES 2017-18 Date: October 2018
More informationWATCH WORDS FROM THE PEER REVIEW PROCESS
WATCH WORDS FROM THE PEER REVIEW PROCESS Peer Review 3 NOT DOCUMENTED = NOT PERFORMED Vendor-obtained practice aids, checklists and forms are NOT audit evidence Sources of audit evidence Books, records,
More informationAgreeing the Terms of Audit Engagements
SINGAPORE STANDARD SSA 210 ON AUDITING Agreeing the Terms of Audit Engagements SSA 210, Agreeing the Terms of Audit Engagements superseded SSA 210, Terms of Audit Engagements in January 2010. The Companies
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationInternal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division
Internal Audit Report Contract Administration: 601CT Contracts TxDOT Internal Audit Division Objective Review contract administration and governance of 601CT contracts for structural compliance with laws
More informationInternational Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation
International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation MISSION To contribute to Ireland having a strong regulatory environment in which
More informationPREPARING A RISK BASED AUDIT WORK PROGRAM
1 PREPARING A RISK BASED AUDIT WORK PROGRAM BAILEY JORDAN PARTNER, GRC PRACTICE LEADER GRANT THORNTON, LLP DAVID TYLER PRINCIPAL, HEALTH CARE ADVISORY GRANT THORNTON, LLP AHIA 32 nd Annual Conference August
More informationREQUEST FOR EXPRESSIONS OF INTEREST FOR AN INDVIDUAL CONSULTANT AFRICAN DEVELOPMENT BANK
REQUEST FOR EXPRESSIONS OF INTEREST FOR AN INDVIDUAL CONSULTANT AFRICAN DEVELOPMENT BANK DELIVERY, PERFORMANCE MANAGEMENT AND RESULTS (SNDR) AfCoP Project Title of the assignment: to design and establish
More informationScope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6
SA 500* AUDIT EVIDENCE (Effective for audits of financial statements for periods beginning on or after April 1, 2009) Contents Introduction Paragraph(s) Scope of this SA...1-2 Effective Date... 3 Objective...
More informationGeneral Government and Gainesville Regional Utilities Vendor Master File Audit
FINAL AUDIT REPORT A Report to the City Commission General Government and Gainesville Regional Utilities Vendor Master File Audit Mayor Lauren Poe Mayor Pro-Tem Adrian Hayes-Santos Commission Members David
More informationINTERNAL CONTROLS. Revision A
INTERNAL CONTROLS Internal Controls Approved. CHANGE HISTORY Sections Affected/Description of Change Section All: Consolidate original document and all changes approved Through ; standardize formatting
More informationREPORT 2014/010 INTERNAL AUDIT DIVISION. Audit of contract administration at the United Nations Office at Geneva
INTERNAL AUDIT DIVISION REPORT 2014/010 Audit of contract administration at the United Nations Office at Geneva Overall results relating to administration of contracts at the United Nations Office at Geneva
More information4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles;
AUDIT & RISK COMMTTEE CHARTER Effective: 23 August 2018 Purpose 1. The Audit & Risk (Committee) Charter sets out the membership, responsibilities, authority and operation of the Audit & Risk Committee
More informationAUDIT UNDP SOUTH SUDAN GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. Report No.1400 Issue Date: 6 February 2015
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNDP SOUTH SUDAN GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA Report No.1400 Issue Date: 6 February 2015 Table of Contents Executive
More informationMinneapolis Public Schools Special School District No. 1 Minneapolis, Minnesota. Communications Letter of the Student Activity Accounts.
Minneapolis, Minnesota Communications Letter of the Student Activity Accounts June 30, 2018 Table of Contents Report on Matters Identified as a Result of the Audit of the Financial Statements 1 Material
More informationAudit of Core Management Controls. Internal Audit Sector
Audit of Core Management Controls Internal Audit Sector November 4, 2014 This page is left blank to allow for double sided printing. Correctional Service Canada Internal Audit Sector Page ii Table of Contents
More informationAudit of Key Financial Controls at Health Canada, Final Report. December 2016
Audit of Key Financial Controls at Health Canada, 2015-16 Final Report December 2016 Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objectives... 2 3. Audit
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationNRCS AUDIT AND RISK COMMITTEE TERMS OF REFERENCE
NRCS AUDIT AND RISK COMMITTEE TERMS OF REFERENCE POLICY REGARDING THE ROLE AND RESPONSIBILITIES OF THE AUDIT AND RISK COMMITTEE 1. INTRODUCTION The Audit and Risk Committee ( The Committee ) is constituted
More informationUNIVERSITY OF TOLEDO INTERNAL AUDIT DEPARTMENT CLOSE THE BOOKS
The following control objectives provide a basis for strengthening your control environment for the process of closing the books. When you select an objective, you will access a list of the associated
More informationInternal Control and the Computerised Information System (CIS) Environment. CA A. Rafeq, FCA
Internal Control and the Computerised Information System (CIS) Environment CA A. Rafeq, FCA 1 Agenda 1. Internal Controls and CIS Environment 2. Planning audit of CIS environment 3. Design and procedural
More informationAUDIT AND ASSURANCE (SKILL) MID DIET LIVE BROADCAST. (b) (i) Describe FIVE types of procedures for obtaining audit evidence; and
AUDIT AND ASSURANCE (SKILL) MID DIET LIVE BROADCAST Question 1 a). Auditor s substantive procedures are designed in a manner to confirm financial statements assertion. Assertions are also directors representation
More informationCPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a AUDITING THEORY AUDIT PLANNING
CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a Related PSAs: PSA 300, 310, 320, 520 and 570 Appointment of the Independent Auditor AUDITING THEORY AUDIT PLANNING Page 1 of 9 Early appointment of the
More informationSECTION A CASE QUESTIONS (Total: 50 marks)
SECTION A CASE QUESTIONS (Total: 50 marks) Answer 1(a) Control activities that are relevant to an audit are: - Control activities that relate to significant risks or relate to risks for which substantive
More information