Fixing Internal Financial Control Problems Quickly
Fixing Internal Financial Control Problems Quickly The Accounting Standards specified under the Companies Act, 1956 (which are deemed to be applicable as per Section 133 of the 2013 Act, read with Rule 7 of Companies(Accounts) Rules, 2014) is one of the criteria constituting the financial reporting framework based on which companies prepare and present their financial statements and against which the auditors evaluate if the financial statements present a true and fair view of the state of affairs and operations of the company in an audit of the financial statements carried out under the 2013Act. Similarly, a benchmark internal control system, based on suitable criteria, is essential to enable the management and auditors to assess and state adequacy of and compliance with the system of internal control.
The companies act, 2013 has introduced many new reporting requirements for the statutory auditors of companies. Since the concept of reporting on internal financial controls is still new in India this new reporting requirement has thrown up many challenges for auditors. One of these requirements is given under section 143(3)(i) of the Act requiring the statutory auditor to state in his audit report whether the company has adequate internal financial controls system in place and the operating effectiveness of such controls.
Fixing Internal Financial Control Problems Quickly According to the Companies Act, 2013, the term IFC has been defined as the policies and procedures adopted by the company to ensure orderly and efficient conduct of its business, including adherence to company’s policies, safeguarding of its assets, prevention and detection of frauds and errors, accuracy and completeness of accounting records, and the timely preparation of reliable financial information. The explanation to Section.134 (5) (e) of the companies act, 2013, defines the term ‘internal financial controls’ as meaning-
‘the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’spolicies, the safeguarding of its assets, the prevention and detection of frauds anderrors, the accuracy and completeness of the accounting records, and the timelypreparation of reliable financial information’.
The internal financial controls aim at the following aspects:
- Providing the flow of work through various stages.
- Breaking the chain of the work in a manner so that no single person can handle a transaction from the beginning to the end.
- Segregation of accounting and custodian functions.
- Securing proper documentation at each stage.
- Specifying authority to enter into various transactions and for every action connected therewith.
- Recording the transactions in the books of account correctly.
- Safeguarding of assets.
- Making errors and frauds difficult.
- Fixing responsibility for the work and the responsibility for deviations.
- Building up a system to locate the deviations and departures from the prescribed procedures and to detect frauds and errors automatically without much loss of time.
- Elimination of conflicting responsibilities.
- Evolving standardized records.
- Providing account charts and the accounting manual.
- Preparation of periodical accounting and financial report.
- Making the work simpler as far as possible.
- Minimizing loss and wastage.
- Encouraging employees to do willing and good work.
- Discouraging employees from non-compliance with the prescribed procedures.
- Appraisal of the operations.
- Employment of persons of quality.
- Formulating a cut off procedure to separate transactions of two consecutive years.
Considering the above, the auditor needs to obtain reasonable assurance to state whether an adequate internal financial controls system was maintained and whether such internal financial controls system operated effectively in the company in all material respects with respect to financial reporting only. To state whether a set of financial statements presents a true and fair view, it is essential to benchmark and checks the financial statements for compliance with the financial reporting framework.
In the Indian context, for example, Appendix 1 “Internal Control Components” of (Standard on Auditing) SA 315, “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment”, provides the necessary criteria for internal financial controls over financial reporting for companies.(Standard on Auditing) SA 315 in its appendix 1 sets out five components of Internal Control: AMENDMENT ACT 2015
- Control environment;
- Entity’s risk assessment process;
- the information system, including related business processes, relevant to financial reporting and communication;
- Control activities relevant to the audit;
- Monitoring of controls
The auditors are supposed to identify and assess risks of material misstatement at the financial statement level, and at assertion level for classes of transactions, account balances and disclosures. Auditors are required to:
- Relate identified risks to what can go wrong at assertion level;
- Consider the potential magnitude of risks in the context of financial statements;
- Consider the likelihood that risks could result in a material misstatement of financial statements
Here it is important to know what documentation should be covered. They are:
- Discussion among engagement team;
- Key elements of understanding obtained;
- Sources of information;
- Risk assessment process;
- the identified and assessed risks;
- Significant risks evaluated;
- Risks evaluated for which substantive procedures are done
Auditors should use professional judgment to determine the extent of understanding required. Auditor’s primary consideration is whether the understanding that has been obtained is sufficient to meet the objective stated in the Standard on Auditing (SA). Evaluating the design of control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. Implementation of control that the entity is using it. There is little point in assessing the implementation of control that is not effective, and so the design of control is considered first. An improperly designed control may represent a material weakness or significant deficiency in the entity’s internal control.
Therefore, to sum up, the discussion, certain points are to be noted in order to fix problems arising due to the non-compliance of the internal financial controls. For instance, the ‘three lines of defence’ model that is followed by the leading audit firm Ernst & Young LLP, provides a simple and effective way to enhance communications on internal financial controls by clarifying roles and duties.
- The first line is responsible for setting up the controls, mitigation of risk and defining policies and procedures to be complied with;
- The second line monitors compliance with the laid down controls. It is not an independent assurance function, but a monitoring tool for the management;
- The third line provides the independent assurance on the activities of first and second lines of defence;
- Audit committee and board of directors provide overall direction and oversight.