Scribd Logo
Upload

Welcome to Scribd!

  • Internal Financial Controls Sivaram Subramoniam

    Uploaded by

    KRISHNA RAO K
    18 views22 pages

    Original Title

    Internal-Financial-Controls-Sivaram-Subramoniam

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views22 pages

    Internal Financial Controls Sivaram Subramoniam

    Uploaded by

    KRISHNA RAO K

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Internal Financial Controls

    Refresher Course on Internal Audit

    19th September 2020

    CA Sivaram Subramoniam
    The views discussed are presenter’s personal view and not related to his current / previous organisations
    CONTENTS

    ITEM 01 ITEM 02 ITEM 03

    1. What is IFC 2. Key Guiding


    Sources 3. Requirements of
    IFC

    ITEM 04 ITEM 05 ITEM 06

    4. Constituents of
    IFC 5. Responsibilities 6. Leveraging IFC &
    IA
    What IS IFC

    Policies & Procedures adopted by the Company

    for ensuring the orderly and efficient conduct of


    its business ,

    including

    adherence to Company’s policies,

    the safeguarding of its assets,

    the prevention and detection of frauds and


    errors,

    the accuracy and completeness of the accounting


    records

    and the timely preparation of reliable financial


    information.

    Explanation to Sec 134 (5) (e) of Companies Act 2013


    What IS IFC

    Policies & Procedures adopted by the Company

    for ensuring the orderly and efficient conduct of


    its business ,

    including

    adherence to Company’s policies,

    the safeguarding of its assets,

    the prevention and detection of frauds and


    errors,

    the accuracy and completeness of the accounting


    records

    and the timely preparation of reliable financial


    information.

    Explanation to Sec 134 (5) (e) of Companies Act 2013


    Key Guiding Sources

    Section 134 Regulation Audit of IFC


    143 4(f)(ii)(7) Over Financial
    18 Reporting
    149(8) / Sch IV
    SA 315
    177
    Rule 8(5)
    Requirements

    State in their report whether the


    Certify effectiveness of internal control company has adequate internal
    systems pertaining to financial CEO AUDITOR financial control system in place and
    reporting. the operating effectiveness of such
    controls

    IFC

    Directors Responsibility Statement to to evaluate internal financial controls


    state that the Directors had laid down and risk management systems
    internal financial controls and the same
    were adequate and operating
    Audit call for comments of the auditors on
    effectively BOD internal control systems, scope of
    Committee
    Board of Directors’ Report to state the audit, their observations on internal
    details in respect of adequacy of internal control systems and financial
    financial controls with reference to the statements before submission of the
    financial statements. same to the board
    CONSTITUENTS

    Entity Level Controls

    Process Level Controls ITGC


    Entity Level Controls

    Information
    Monitoring
    Control Environment Risk Assessment Control Activities &
    Activities
    Communication
    Entity Level Controls

    Information
    Monitoring
    Control Environment Risk Assessment Control Activities &
    Activities
    Communication

    • Orgn – Commitment • Clear Objectives to • Select Control • Generates and Uses • Performs ongoing
    to Integrity facilitate risk Activities that Relevant and Quality activities to ascertain
    • Board – identification and Mitigate the Risk Information internal controls are
    Independence assessment • Selects General • Internally working
    • Mgmt- Oversight, • Identifies and Control Activity over Communicates • Informs and
    Structure, Roles & Analyses the Risks Technology information including Communicates
    Responsibilities • Fraud Risks • Deploys Control objectives and Internal Control
    • Orgn – Talent Focus considered Activities through responsibilities for Deficiency in a timely
    • Identifies and policies and Internal Audit manner
    • Orgn- Holds
    Accountable for Assesses Changes procedures • Communicates with
    Internal Control External Parties
    Responsibilities
    Process Level Controls

    PROCESS RISK CONTROL RISK & CONTROL


    SHORTLISTING IDENTIFICATION DEFINITIONS PARAMETERS
    Process Level Controls

    PROCESS RISK CONTROL RISK & CONTROL


    SHORTLISTING IDENTIFICATION DEFINITIONS PARAMETERS

    • Identify Processes
    Relevant to your
    Business
    • Ensure Proper
    Bifurcation
    Process Level Controls

    PROCESS RISK CONTROL RISK & CONTROL


    SHORTLISTING IDENTIFICATION DEFINITIONS PARAMETERS

    • Engage with Various


    Stakeholders to
    identify various risks
    • Keep in mind the
    bifurcation of risks and
    ensure only relevant
    (for IFC) are included
    Process Level Controls

    PROCESS RISK CONTROL RISK & CONTROL


    SHORTLISTING IDENTIFICATION DEFINITIONS PARAMETERS

    • Discussions with
    various stakeholders to
    identify controls
    incorporated to
    address the risk
    • Ensure that the Control
    addresses the risk
    • Ensure that the control
    is defined properly to
    facilitate proper
    testing/ evaluation
    Process Level Controls

    PROCESS RISK CONTROL RISK & CONTROL


    SHORTLISTING IDENTIFICATION DEFINITIONS PARAMETERS

    Ensure all contents of the


    Risk and Control
    Parameters are fully
    recorded. Such as
    • Key / Non Key
    • Operating/Financial /
    Compliance
    • Preventive/Detective
    • Manual Automated
    • Assertions
    Process Level Controls

    PROCESS RISK CONTROL RISK & CONTROL


    SHORTLISTING IDENTIFICATION DEFINITIONS PARAMETERS

    • Discussions with Ensure all contents of the


    various stakeholders to Risk and Control
    • Engage with Various identify controls Parameters are fully
    • Identify Processes
    Stakeholders to incorporated to recorded. Such as
    Relevant to your
    identify various risks address the risk
    Business • Key / Non Key
    • Keep in mind the • Ensure that the Control
    • Ensure Proper • Operating/Financial /
    bifurcation of risks and addresses the risk
    Bifurcation Compliance
    ensure only relevant • Ensure that the control
    • Preventive/Detective
    (for IFC) are included is defined properly to
    • Manual Automated
    facilitate proper
    testing/ evaluation • Assertions
    Information Technology General Controls
    WRITE YOUR SUBTITLE HERE

    User Access

    Change Management

    Data Centre / Back Up Policies

    IT/ Cyber Security


    Key Challenges

    Testing Period Failure Type


    Testing Period & Sample Apportionment
    Testing at end of year – Sample Across the year

    Roles and Responsibilities


    Who is owner of the testing and who is owner of
    results

    Revisions and Responses


    Failures responded more with changes in control
    definition than changes in Control

    Form Vs Substance
    Testing Responsibility Risk of Management Override of Controls
    Failure Response
    Requirements

    State in their report whether the


    Certify effectiveness of internal control company has adequate internal
    systems pertaining to financial CEO AUDITOR financial control system in place and
    reporting. the operating effectiveness of such
    controls

    IFC

    Directors Responsibility Statement to to evaluate internal financial controls


    state that the Directors had laid down and risk management systems
    internal financial controls and the same
    were adequate and operating
    Audit call for comments of the auditors on
    effectively BOD internal control systems, scope of
    Committee
    Board of Directors’ Report to state the audit, their observations on internal
    details in respect of adequacy of internal control systems and financial
    financial controls with reference to the statements before submission of the
    financial statements. same to the board
    RESPONSIBILITIES

    Review Review
    Certify Test Facilitate Document Advise
    Framework Results

    Board a

    Audit Committee a a

    Management a a

    CEO/CXO a a

    Finance a a

    Statutory Audit a a

    Internal Audit a a a
    Leveraging IFC and Internal Audit

    Planning

    IFC Internal Audit


    RCM Updates
    Audit Universe
    Annual Audit Plans
    Audit Scope and Approach IFC IA
    Management Testing
    Supporting Statutory Auditor

    Upgrade and
    Support
    IFC support to Internal Audit

    Mapping of Audit Universe with RCMs etc


    Universe to evaluate completeness and
    appropriateness thereof
    01
    Review of Audit Plans basis IFC Scores
    Plan and Results to facilitate prioritization of
    02 Risk Areas

    Focus on the Audit Scope to see both


    03 Scope areas of specific thrust as well as areas
    which can be eliminated

    04
    Focus to be made on the tests to be
    Approach performed, manual & automated checks
    etc.
    Internal Audit to IFC

    Audit Results and discussions will


    RCM Update facilitate whether the IFC RCMs needs to
    be amended
    01
    Testing of IFC Controls in line with Test
    Mgt Testing Scripts along with IA will help save time
    02 and repetitions

    Statutory Auditors can bank upon on IA


    03 Stat Audit Reports which cover IFC Testing and
    accordingly plan their audits / testing

    04
    Periodic and Specific Reporting to Audit
    AC Reporting Committees on IFC Failures (instead of
    year end) facilitates timely review by AC

    You might also like