The Companies Act 2013 (The 2013 Act or The Act), threw open a new set of reporting requirements for the auditors and the management of companies in India. Section 143(3)(i) of the Act requires the statutory auditor to state in his audit report whether the company has adequate internal financial controls (IFC) system in place and the operating effectiveness of such controls. Explanation to Sec134 (5)(e) of the Act defines Internal Finance Control (IFC) as “the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.” The act casts duties and responsibilities on the Directors, Auditors, Audit Committee and the Independent Directors towards ensuring existence and operating effectiveness of Internal Financial Controls.
Fig 1:- Requirements on Internal Finance Controls (IFC) as per the Companies Act 2013
Fig 2:- The Companies Act 2013 casts responsibility to ensure existence and operating effectiveness of Internal Financial Controls for various stakeholders
Auditor’s Reporting requirement limited to the control over Financial Reporting
The auditor’s objective in an audit of Internal Financial Controls over Financial Reporting (IFCoFR) is to express an opinion on the effectiveness of the company’s internal financial controls over financial reporting and the procedures in respect thereof are carried out along with an audit of the financial statements. While the directors are required to state the details in respect of adequacy of IFCs with reference to the financial statements
The Institute of Chartered Accountants of India has issues a Guidance Note by the name “Guidance Note on Audit of Internal Financial Controls Over Financial Reporting”. It defines IFC as
“A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal financial control over financial reporting includes those policies and procedures that
- pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;
- provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and
- provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.”
When does this Apply?
The auditors will have to report whether a company has an adequate IFCoFR system in place and whether the same was operating effectively as at the balance sheet date of 31 March 2016. This means that while forming its audit opinion on IFCoFR, the auditor will test transactions during FY16 and not just as at the balance sheet date (though the extent of testing at or near the balance sheet date may be higher). If control issues/deficiencies are identified during the interim period and are remediated before the balance sheet date, then the auditor may be able to express an unqualified opinion on the ICFR. In addition, reporting on IFCoFR will not apply to cialis 20mg interim financial statements, such as quarterly or half-yearly, unless such reporting is required under any other law or regulation.
How to Audit ICFR?
The Guidance Note issued by ICAI provides the supplementary procedures that would need to be considered by the auditor for planning, performing ad reporting in an audit of ICFR. The audit procedure would generally include below four steps
Fig:3 :- Typical Flow of Audit for IFCoFR
- Planning – This stage involves identification of significant account balances/disclosure items, identification and understanding significant flow of transactions, identification of Risks of material Misstatements (RoMM), identification of controls which will address RoMM including applications associated IT environment and general controls.
- Design and Implementation – The Auditor should test the design effectiveness of controls by determining whether the company’s controls satisfy the company’s control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements.
- Operating Effectiveness – This step includes determining whether controls are operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively. Testing of operating effectiveness involves planning the nature, timing and extent of procedures to be performed, assessing findings and concluding on operating effectiveness.
- Reporting – Where there are deficiencies that, individually or in combination, result in one or more weakness, the auditor should evaluate the need to express a modified opinion i.e. qualified or adverse on the company’s IFCoFR. The auditor should determine the effect of modified opinion on IFCoFR.
Our View – The onset of IFCoFR is a great professional opportunity for the CA fraternity as audit professionals apart from the stated benefits and duties/responsibilities of the auditors and management. Audit Professionals can help companies set up the IFCoFR systems in the interim so as to re-mediate any potential deficiency cialis en pharmacie before the audit takes place.