Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Similar documents
29 th Regional Conference of WIRC

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

How well you are prepared to deal with IFC

INTERNAL FINANCIAL CONTROLS COMPLIANCE REPORTING APPLICABILITY SCOPE OPINION FRAMEWORK ACTION. Strictly for private circulation

Business development companies

Internal Control Over Financial Reporting (ICFR) Unique Approach, Superior Results

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

Community Bankers Conference

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Internal financial controls

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Practical Approach to Internal Controls for Pre & Post IPOs in Hong Kong & China

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

Evaluenz Special Edition on Internal Controls Over Financial Reporting (ICFR) 2016

[RELEASE NOS ; ; FR-77; File No. S ]

Corporate Governance Update. SOX 404 and Internal Controls

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

covered member immediate family impaired not a covered member close relative not impaired

Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements

Present and functioning: Fine-tuning your ICFR using the COSO update

An Overview of the 2013 COSO Framework. August 2013

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Evaluating Internal Controls

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

IFC Master Class. First edition. Delhi Mumbai Bengaluru

Chapter 7. Auditing Internal Control over Financial Reporting. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

REPORT 2016/033 INTERNAL AUDIT DIVISION

Guidance Note on Audit of Internal Financial Controls Over Financial Reporting

After completing this Session, you should be able to answer the following questions:

The Ins and Outs: Audits Under FDICIA. Jennifer Gureckis and Kaylyn Landry BerryDunn February 27, 2018

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Internal Controls. June-20-17

COSO 2013: Updated internal control framework

STARWOOD HOTELS & RESORTS WORLDWIDE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

SOX FOR NPO S Focus on Control. Stephen L. Kuptz, CPA

ABA Section of Business Law. Internal Control Reporting Under Section 404: An Update and Current Assessment. November 19, 2004

SARBANES-OXLEY INTERNAL CONTROL PROVISIONS: FILE NUMBER 4-511

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

PART 6 - INTERNAL CONTROL

Companies Act 2013: Gearing up to be incontrol. Financial Controls

Speech by SEC Staff: Remarks before the 2007 AICPA National Conference on Current SEC and PCAOB Developments

Risk management. Risk management system

Checklist for Higher Education

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

AUDITING. Auditing PAGE 1

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

Independent Auditor s report

1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting.

Sample Independent Auditor s Reports

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

Non-SEC Regulated Charter. Organization. Statement of Policy. Responsibilities

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

The Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group

STANDARD ON QUALITY CONTROL (SQC) 1

SMITH & NEPHEW PLC TERMS OF REFERENCE OF THE AUDIT COMMITTEE

Audit Committee Charter

Increasing External Auditor Reliance

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

A Guideline for US Non-accelerate Filers to Comply with Sarbanes Oxley Act

Comments to be received by 31 January 2008

Final May Corporate Governance Guideline

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES

AEGON N.V. AUDIT COMMITTEE CHARTER

NVENT ELECTRIC PLC AUDIT AND FINANCE COMMITTEE CHARTER

Session 7: Corporate Governance

Mapping of Original ISA 315 to New ISA 315 s Standards and Application Material (AM) Agenda Item 2-C

Agreeing the Terms of Audit Engagements

Anheuser-Busch Companies, Inc. Audit Committee Charter

De Coding IFC. 30 th December 2015 ICAI Baroda Branch

Changes to The IIA Standards: What Board Members and Executive Management Need to Know

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

) ) ) ) ) ) ) ) ) ) ) ) REPORTING ON WHETHER A PREVIOUSLY REPORTED MATERIAL WEAKNESS CONTINUES TO EXIST. PCAOB Release No July 26, 2005

EY Center for Board Matters. Leading practices for audit committees

) ) ) ) ) ) ) ) ) ) ) ) PROPOSED AUDITING STANDARDS RELATED TO THE AUDITOR'S ASSESSMENT OF AND RESPONSE TO RISK

SAMPLE BEC SuperfastCPA Review Notes

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Sarbanes-Oxley 404(a) Efficient, Effective Consulting Solutions

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Via November 21, 2003

Negotiating in a Sarbanes-Oxley World

Corporate Governance Statement FY2018

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

KING IV GOVERNANCE PRINCIPLES APPLICATION BY MURRAY & ROBERTS FY The governing body should lead ethically and effectively (Leadership)

BOARD CHARTER TOURISM HOLDINGS LIMITED

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Transcription:

New perspectives as per Companies Act 2013 and CARO 2016 1

Contents: Background Meaning of IFC IFC on Financial Reporting Why IFC? Regulatory mandate Role of various authorities Components of IFC IFC under Companies Act, 2013 Integrated Audit Summing Up 2

Background The new Companies Act, 2013, now requires auditors to also opine on whether a company has an adequate internal financial controls (IFC) system in place and the operating effectiveness of such controls. This is in addition to the existing audit opinion on financial statements. While this requirement was originally applicable to financial statements ending 31 st March 2015, considering the lack of guidance, this applicability was deferred and is now effective for the y*ear ending 31 st March 2016. Due to the deferral of this reporting requirement, the Ministry of Corporate Affairs (MCA) retained the reporting requirement relating to internal controls in certain specific areas under the Companies (Auditor s Report) Order, 2016 (CARO). Reporting on IFC is undoubtedly a paradigm shift from the reporting required under CARO. The ICAI has now reissued the long awaited Guidance Note on Audit of Internal Financial Controls over Financial Reporting (guidance note), which provides detailed guidance on this topic. 3

Meaning of IFC (a) Companies Act, 2013: Section 134(5)(e) explains internal financial controls as the policies and procedures adopted by the Company for ensuring the orderly and efficient conduct of its business, including adherence to Company s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records and the timely preparation of reliable financial information. Section 143(11) of 2013 Act requires that the auditor s report of specified class of companies should include a statement on prescribed matters. (b) Companies Auditor s Report Order (CARO), 2016: Every report made by the auditor under sec. 143 of the 2013 Act for FY 2015-16 onwards would include CARO 2016. It would be applicable to every company (except companies that are excluded and consolidated financial statements) w.e.f. 1 st April, 2015. It has replaced CARO, 2015 and has introduced new additional reporting requirements. (c) SA 315 of ICAI: The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations. The guidance note provides the necessary criteria for maintaining effective IFC for companies. It draws upon the Internal Control Components of Standard on Auditing (SA) 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment, which includes the following five required components: Control environment Entity s risk assessment process Control activities Information system and communication Monitoring of controls The guidance note explains that for auditor reporting, the term IFC is restricted within the context of the audit of financial statements and relates to internal control over financial reporting only (ICFR). This is also consistent with the practice adopted internationally, e.g. Sarbanes-Oxley (SOX) reporting in the US. This is a relief as it removes unnecessary ambiguity by excluding from the scope operational controls, i.e. those facilitating the effectiveness and efficiency of company s operations, and also differentiates ICFR from enterprise risk management and risk management policies which boards of companies have to maintain. 4

Meaning of IFCFR (Definition reproduced from AS 5 issued by PCAOB, USA) A process designed by, or under the supervision of, the company s principal executive and principal financial officers, or persons performing similar functions, and effected by the company s board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the financial statements for external purposes in accordance with generally accepted accounting principles. Thus a company s IFCFR includes policies and procedures that: pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company s assets that could have a material effect on the financial statements. 5

Why IFC? Financial Statements Completeness, Existence & Occurrence, Rights & Obligation, Valuation, Presentation & Disclosure Based on Assertions Risk of Misstatement Results into material misstatement of the financial statements To mitigate this risk, we need INTERNAL FINANCIAL CONROLS 6

IFC: Regulatory mandate under Companies Act, 2013 Relevant clauses Requirement Applicability Board report: Rule 8(5) of Companies (Accounts) Rules Directors Responsibility Statement: Sec. 134(5)(e) Board report to state the details in respect of the adequacy of IFC with reference to the financial statements Board to confirm that IFCs are adequate and operating effectively All companies Listed companies Code for IDs: Sec. 149(8) and Schedule IV Auditor s report: Sec. 143(3)(i) IDs to satisfy themselves on the integrity of financial information and that financial controls are robust and defensible Auditors to report if the company has adequate IFC systems and that they are operating effectively (from 2015-16) All companies having IDs All companies AC terms of reference: Sec. 177 Evaluation of IFC All companies having an AC AC Audit committee ; ID Independent directors ; CFS Consolidated financial statements 7

Role of various authorities Management In case of LISTED companies, section 134(5)(e) of the Companies Act, 2013 requires Directors Responsibility Statement to state that the Directors had laid down internal financial controls and the same were adequate and operating effectively. In case of ALL companies, Rule 8(5)(viii) of Companies (Accounts) Rules, 2014 requires the Board of Directors Report to state the details in respect of adequacy of internal financial controls with reference to the financial statements. Clause 49 IX(C) of Equity Listing Agreement requires CEO s of listed entities to certify effectiveness of internal control systems pertaining to financial reporting. In all cases, it is the management responsibility to establish Internal Control over Business Operations. Auditor Section 143(3)(i) of the Companies Act, 2013 requires the auditors of ALL companies to state in their report whether the company has adequate internal financial control system in place and the operating effectiveness of such controls. The auditor will have to modify its audit methodology to obtain reasonable assurance on the adequacy of internal financial controls over financial reporting and its operating effectiveness. It should be noted that when forming the opinion on internal financial controls, the auditor should test the same during the financial year under audit and not just as at the balance sheet date, though the extent of testing at or near the balance sheet date may be higher. Independent Director Schedule IV of the Companies Act, 2013 requires the Independent Directors of the Company to satisfy themselves on the integrity of financial information and financial controls and also to ensure that the systems of risk management are robust and defensible. Audit Committee Section 177(4)(vii) requires Audit Committee to evaluate internal financial controls and risk management systems. Also, section 177(5) gives power to the Audit Committee to call for comments of the auditors on internal control systems, scope of audit, their observations on internal control systems and financial statements before submission of the same to the board. They may also discuss any related issues with the internal auditors and the management of the Company. 8

To whom does it apply? The guidance note clarifies that reporting on ICFR by auditors will be applicable to both listed and unlisted companies, including small and one person companies. This is in line with the requirements of section 143(3)(i) of the Companies Act, 2013. Furthermore, it states that auditors will have to report on ICFR in respect of both stand alone and consolidated financial statements. In respect of consolidated financial statements, it will cover subsidiaries, joint ventures (JVs) and associates of the group, which are companies incorporated in India, since the Companies Act applies to such entities. It is relevant to note that the ICAI has adopted a similar approach with respect to reporting on various clauses in CARO on the consolidated financial statements. Accordingly, auditors of foreign components of an Indian parent are not required to report on ICFR. When does this apply and for financial statements of which period? The guidance note clarifies that auditors will have to report whether a company has an adequate ICFR system in place and whether the same was operating effectively as at the balance sheet date of 31 March 2016. In practice, this will mean that when forming its audit opinion on ICFR, the auditor will surely test transactions during the financial year ending 31 March 2016 and not just as at the balance sheet date, though the extent of testing at or near the balance sheet date may be higher. If control issues or deficiencies are identified during the interim period and are remediated before the balance sheet date, then the auditor may still be able to express an unqualified opinion on the ICFR. For example, if deficiencies are discovered, the management may have the opportunity to correct and address these deficiencies by implementing new controls before the reporting date. However, sufficient time will need to be allowed to evaluate and test controls, which will again depend on the nature of the control and how frequently it operates. This will be a matter of professional judgement. This is particularly important for companies for the current year ending 31 March 2016, as it will be the first year when auditor validation of ICFR will be required. In addition, reporting on ICFR will not apply to interim financial statements, such as quarterly or half-yearly, unless such reporting is required under any other law or regulation. 9

Components of Internal Control In May 2013 the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an updated version of its Internal Control Integrated Framework. Originally issued in 1992, the COSO framework became the most widely accepted internal control framework in the world and is used by most public companies when reporting on the effectiveness of their internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act (SOX). Component Principle Control Environment Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability Risk Assessment Specifies suitable objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant change Control Activities Selects and develops control activities Selects and develops general controls over technology Deploys through policies and procedures Information & Communication Uses relevant information Communicates internally Communicates externally Monitoring Activities Conducts ongoing and/or separate evaluations Evaluates and communicates deficiencies 10

IFC under Companies Act, 2013 Accuracy and completeness of accounting records Timely preparation of reliable financial information As per 2013 Act, Internal Financial Control means: Prevention and detection of frauds and errors Policies and procedures adopted by the company for ensuring orderly and efficient conduct of its business Safeguarding of assets The Internal Financial Controls in Companies Act, 2013 goes beyond Internal Financial Control over Financial Reporting (IFCFR). The resultant IFC framework adopted by the company will have to address combination of internal controls on financial reporting and other controls in order to align with the definition of IFC in the new Act. 11

Integrated audit Both corporates and auditors in India will need to come to terms with the concept of a combined or an integrated audit, which includes an audit of ICFR over financial reporting and financial statements. The guidance note acknowledges that while the objectives of the audit of ICFR and audit of financial statements are not identical, the auditor now needs to plan and perform work in such a way that it achieves the objectives of both the audits in an integrated manner. In such an audit, the auditor is required to plan and conduct the audit to fulfill the following: Obtain sufficient evidence to support the auditor s opinion on the ICFR as of the year end Obtain sufficient evidence to support the auditor s control risk assessments for the purposes of the audit of the financial statements It is relevant to note that any system of internal controls provides only a reasonable assurance on the achievement of the objectives for which it has been established. The guidance note also permits auditors to use the concept of materiality in determining the extent of testing such controls. Standards on Auditing issued by the ICAI, which now also need to be complied with under the Companies Act, 2013, do not fully address the auditing requirements for reporting on the system of ICFR. The guidance note suggests that the relevant portions of the Standards on Auditing will need to be considered by the auditor when performing an audit of ICFR (e.g. the requirements of SA 230, Audit Documentation, when documenting the work performed on ICFR; of SA 315, when understating internal controls). The guidance note essentially provides supplementary procedures that will need to be considered by the auditor for planning, performing and reporting an audit of ICFR. As per the guidance note, auditors will have to issue a qualified or an adverse opinion on ICFR if material weaknesses in the company s ICFR are identified as part of their audit. Material weakness is a deficiency, or a combination of deficiencies, in ICFR over financial reporting, such that there is a reasonable possibility that a material misstatement of the company s annual or interim financial statements will not be prevented or detected on a timely basis. A material weakness in ICFR may exist even when the financial statements are not materially misstated. The guidance note also specifies indicators of material weaknesses, such as the following: Identification of fraud, whether or not material, on the part of senior management Errors observed in previously issued financial statements in the current financial year Identification by the auditor of a material misstatement of financial statements that would not have been detected by the company s IFC over financial reporting Ineffective oversight of the company s external financial reporting and internal financial controls over financial reporting by the company s audit committee 12

An adverse opinion will be issued if such matters are pervasive to the financial statements i.e. they impact various elements, accounts, or items of the financial statements, or a substantial portion of the financial statements. Additionally, significant control deficiencies will have to be reported to the audit committee. The guidance note is a fairly comprehensive document covering over 200 pages, with detailed guidance in several areas related to ICFR, such as the internal control components, entity-level controls, information technology controls, understanding and documentation of process flows, including flow charts, use of service organizations and sampling. Both the management and auditors will have to quickly familiarize themselves with and decipher the details of this guidance note in order to gear up for the year-end reporting on IFC. 13

Summing Up Focus Areas The introduction of IFC has helped companies enhance their internal control environment. For the IFC framework to be sustainable, each stakeholder is expected to play an important role during its implementation. Some of the key focus areas in the coming years for companies and internal auditors are: Companies: The first year of IFC implementation might witness documentation and testing of policies, procedures and controls. However, business operations are likely to evolve continuously and there may be changes in the policies and processes, with the management having to ensure that the same are reflected in the IFC documentation. An effective change management process needs to be defined and implemented. Further, adequate training is required to be imparted to process owners on documentation and change management. Internal Auditors: The Test of Operating Effectiveness (TOE) requires the audit of transactions with respect to the internal controls defined in the IFC framework. The internal audit plan may be defined considering the TOE requirements and processes may be taken up for review accordingly. While the responsibility of maintaining the internal controls is that of the management. Having clear directions on how the deficiencies highlighted could be treated as a part of the IFC programme, might only help stimulate this exercise across India and help companies sustain their IFC compliance initiative. IFC implementation is a journey and Indian companies over the next few years should focus on adopting the right approach to reap the potential benefits for their stakeholders as well as for themselves. 14

Our Offices in India New Delhi: S-13, St. Soldier Tower, G-Block Commercial Complex, Vikas Puri, New Delhi 110018 (India) Phone : +91 11 28543739 : +91 11 28544939 : +91 11 45527239 Fax : +91 11 43850030 Mumbai: Unit No.3, 1st Floor, New Laxmi Shopping Centre, A-Wing, H.D.Road, Ghatkopar (W), Mumbai 400086 (India) Phone : + 91 98202-63544 : + 91 22-25110016 E-mail : info@neerajbhagat.com Web site : www.neerajbhagat.com Gurgaon: 1156, Tower B2, 11th Floor, Spaze I Tech Park, Sohna Road, Sector 49, Gurgaon-122001, Haryana (India) Phone : +91 124 4371317 +91 124 4371318 Fax : +91 11 43850030 Neeraj Bhagat & Company is a team of distinguished chartered accountant, corporate financial advisors and tax consultants in India. Our firm of chartered accountants represents a coalition of specialized skills that is geared to offer sound financial solutions and advices. The organization is a congregation of professionally qualified and experienced persons who are committed to add value and optimize the benefits accruing to clients. We are prominent Chartered Accountants in India. We offer services of accounts outsourcing, auditing, company formation in India, Business taxation, corporate compliance, starting business in India, registration of foreign companies, transfer pricing, tax due diligence, taxation of expatriates etc. Neeraj Bhagat is a member of the Institute of Chartered Accountants of India (ICAI) since 1997. He is also an Associate member of Association of International Accountants, United Kingdom. He is founder of Neeraj Bhagat & Co, an Indian Chartered Accountancy firm serving various MNC S from across the globe. Neeraj Bhagat & Co. has its offices at New Delhi, Gurgaon and Mumbai. They are part of Allinial Global Accounting Association which is one of the World's Top 10 in accounting associations. 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback