Evaluenz Special Edition on Internal Controls Over Financial Reporting (ICFR) 2016

Size: px

Start display at page:

Download "Evaluenz Special Edition on Internal Controls Over Financial Reporting (ICFR) 2016"

Candice Sharp
5 years ago
Views:

in the Companies Act 2013 and the increased responsibilities on the Directors, Management, Audit Committee, Independent Directors, CEO and CFO, and in general all employees.

1 Greetings from Evaluenz!! We are pleased to present you Evaluenz Connect Special Edition on Internal Controls Over Financial Reporting (ICFR), a publication, sharing knowledge and insight with respect to the recent changes in the Companies Act 2013 and the increased responsibilities on the Directors, Management, Audit Committee, Independent Directors, CEO and CFO, and in general all employees. To be effective and efficient in achieving business objectives, organisations need establish robust internal control systems to meet the requirements of increasing Complexity Speed and Risks Looking forward to seek your inputs / feedback Happy Reading!! Regards Smitesh Bhosale Founder and Managing Partner Evaluenz Capability Consulting Capital Compliance / sb@evaluenz.com / evaluenz@gmail.com

Background and Overview to ICFR With the failure of number of companies in India and across the globe in presenting accurate financial statements to the stakeholders, which include stock holders,

2 Background and Overview to ICFR With the failure of number of companies in India and across the globe in presenting accurate financial statements to the stakeholders, which include stock holders, customers, vendors, bankers, Income Tax Authorities, Government and others, the Companies Act 2013, requires the companies to establish sound internal controls over Financial Reporting (ICFR). While the requirement is not new, it pre-existed as a part of Sarbanes Oxley for US based companies and Clause 49 of the listed agreements for Indian companies listed on any domestic stock exchange. The Auditors Report, CARO, does mention about the adequacy of the internal controls system. However, with changes in the companies, there is an additional focus on establishment of ICFR. The regulators surly do not wish to see another Satyam like fraud and misrepresentations, default on bank loans and creative accounting. The regulatory landscape governing the business, accounting and financial reporting has significantly changed with the advent of- Requirements of the Companies Act 2013 Compliance with Ind-AS (Indian Accounting Standards) Issuance of IFRS and convergence of local accounting standard with IFRS Increased levels of regulatory scrutiny Responsibility on the Board Other key compliances and regulatory changes across industries What is an Internal Control and what is the relevance to ICFR? As per the requirements of the Companies Act, 2013 the companies should establish sound internal controls over financial reporting to meet the key business and reporting objectives depicted as under-

of the expectations of stakeholders in general.

3 Responsibility for Implementation of ICFR In a way, it is responsibility of all employees to ensure that the Internal Controls over Financial Reporting are effective and always operating to the best of the expectations of stakeholders in general. Companies Act 2013, defines specific responsibility as follows- Responsibilities of the Directors U/s 134 Responsibilities of the Audit Committee U/s 177

4 Responsibility of the Auditors U/s 143 Responsibility of Independent Directors Schedule IV

The key responsibility of ensuring that spans across the organisation and cuts across all levels right from the Board of Directors to Employees, Auditors, inter alia.

5 The key responsibility of ensuring that spans across the organisation and cuts across all levels right from the Board of Directors to Employees, Auditors, inter alia. The Compliance requirements for various types of the companies is provided in the table below- Requirement Directors Responsibility Statement Listed on Stock Exchange Yes Paid Up capital > INR 10 cr Public Limited by Unlisted Sales / Turnover > Rs. 100 cr Loans / Borrowings > INR 50 cr Auditors Report Yes Yes Yes Yes Yes Audit Committee Yes Yes Yes Yes Independent Yes Yes Yes Yes Directors BOD report Financial Statements Rules Yes Yes Yes Yes Private Companies paid up capital more than INR 20 Cr As the Auditors Report requires comment on the operating effectiveness of the internal controls, the applicability is to all companies and extended to private companies as well. What are the key business processes that will get impacted? All business processes will be impacted. However, highest impact will be on Procure to Pay (P2P) Accounts Payable Order to Cash (O2C) Accounts Receivable Lust to Dust (L2D) Fixed Asset Accounting Record to Report (R2R) End to End Financial Statement Close Process (FSCP)

6 What are the key components of ICFR in an organisation? What are the key benefits of ICFR? While the benefits are many and to all the key stakeholders, the key benefits are listed as under- Assurance that financial statements fairly reflect all financial transactions Assurance that all transactions are recorded in accordance with applicable policies, directives and standards Assurance that transactions are carried out as per delegated authorities Assurance that financial resources are safeguarded against material loss due to waste, abuse, mismanagement, errors, fraud, omissions and other irregularities Helps business to review, re-evaluate the business processes and plug any gaps in Operations, Financials and Reporting perspective Plug the revenue leakages and identify cost saving opportunities Helps in rationalising the internal controls across the organisation Increased focussed of the management on the key controls Helps standardisation of the business processes, policies and procedures Promotes control conscious culture in the organisation Provides comfort and assurance to the CEO and CFO, Management, Audit Committee on the quality of reporting Helps in driving many other initiatives as applicable like ERP, Operations Software, Outsourcing Helps prevention of frauds, mistakes, errors in business processes Helps the management to establish right key performance indicators Helps management to establish appropriate key risk indicators / early warning signals

7 Are there any best practices for implementation of ICFR Framework? Yes. There are number of best practices for implementation of ICFR Framework which includes SOX compliance. COSO Integrated Internal Control Framework.

8 Steps Required for Implementation of ICFR Scope Review the Chart of Accounts and Reporting Requirements Definition Identify the Key Accounts and High Map Key business processes (P2P, O2C etc) to the Accounts Level Plan and reporting requirements Identify the business processes and Information Technology processes separately Define Materiality Levels Identify any activities are performed by any third party Conduct initial scope discussion and plan with External Auditors Finalisation of templates to be used Obtain inputs from the CEO, CFO, Board, where applicable Conduct orientation with the Key Business Process Owners Design Develop detailed Risk and Control Matrix for all business processes to include the following key components o Business Process o Key activities o Activities that impact Financial Statement Assertions o Key risks (What can go wrong analysis) o Controls (Manual, IT or Otherwise) o Mapping of Risks to Control o Design Gap in Controls o Frequency of the Controls o Whether Key or Non key controls o Activity Owner, Process Owner and Control Owner o Control Test Plan o Operating Effectiveness of the Control o Rating of the Control o Mitigation Plan o Availability of alternate / compensate control o Responsibility and timeline for implementation o Risk Indicator o Control Indicator Evaluation of Segregation of Duties (SOD) Analysis Design of IT General Controls Conduct a walk through and identify potential gaps Benchmarking of the controls Validate and plug the gaps Review of controls to build effectiveness and efficiency Post completion of the Risk and Control Matrix, the RACM needs to validated, reviewed and approved by the Management Assessment of the gaps Develop mitigation plans to plug the gaps Develop controls for periodic monitoring of effectiveness of the controls Standardise processes where applicable Interim testing to confirm remediation before submission to the Board of Directors

9 Test for Formulation of the testing plan Effectiveness Evaluation of the testing and sampling plan (External Auditors inputs to be considered on adequacy of testing plan Extend / shrink the test plan based on External Auditor s inputs, where applicable Define timelines for the management testing Perform the tests Document the test results Identify the gaps Priorities the gaps for formulation of remediation plan Evaluation, Monitoring and Periodic Reporting Develop remediation plan, implement and monitor for progress Establish Self-Assessment Mechanism (CSA) Training and Orientation to Process owners on completion of CSA Review of key performance, control and risk indicators Reporting and Review by the Management, Board of Directors, Audit Committee Sign off by the Process Owners, CEO, CFO, Management, Board and AC Reporting and disclosure as per the requirements of Companies Act 2013 What are the key challenges that Companies may face in implementing ICFR? Understanding and Experienced people Internal Controls Dealing with number of resources to ensure proper segregation of duties Management Override on many processes may need to be reviewed Need for Training to the Board, Management, Employees to develop greater understanding of risks and controls involved in financial reporting Providing adequate focus to accounting and reporting in addition to day to day business responsibilities Maintaining effective control over Information Technology

10 Illustrations GL Account to Process Mapping GL P2P O2C L2D R2R ITGC Payroll Inventory Account Purchases Y Y Y Sales Y Y Y Depreciation Y Y Y Employee Y Y Y Y Expenses Direct Y Y Taxation Indirect Y Y Y Y Y Taxation Inventory Valuation Y Y Y Y Y Risk and Control Matrix

11 How we can help you in implementation of ICFR? Evaluenz, with a team of experts, can help in ensuring end to end implementation of the ICFR requirements for all the business processes across all entities. Contact us at the following coordinates to set up a meeting and we will take you through the end to end implementation process, indicate timelines and help you to keep the organisation out of risk zone. ABOUT US Set up and led by top notch professionals with rich experience in MNC Consulting Firms and Conglomerate Industries, Evaluenz, is a unique organisation which aims at enhancing the capabilities of Individuals and Organisations through unique value proposition. We provide following key services- Capability Enhancement Focussed and value added Learning and Development Solutions Management Consulting Practical and Implementation oriented business solutions Capital and Investment Advisory Business Planning, Valuations and catering to Financing needs through Venture Capitalists, Private Equity, HNIs and Debt Funding through Financial Institutions Legal Advisory and Compliance Helping organisations to navigate through the ever changing regulatory and legal landscape in India and global business environment

We regularly publish and share thought Leaderships for the benefit of our clients and members in our network. Please click on the links provided to access our publications, videos and presentations.

12 We regularly publish and share thought Leaderships for the benefit of our clients and members in our network. Please click on the links provided to access our publications, videos and presentations