WIXLIB

De Coding IFC30th December 2015ICAI – Baroda Branch

Internal Financial Controls - at a Glance

Introduction toInternal Financial ControlsPreambleThe Indian financial regulations have initiated a synchronized pattern to adapt thedevelopments in Western world. Introduction of Internal Financial Controls (IFC) inthe Companies Act 2013, reflect the continuation of this efforts.“According to the Companies Act 2013, the term IFC has been defined asthe policies and procedures adopted by the company to ensure orderlyand efficient conduct of its business, including adherence to company’spolicies, safeguarding of its assets, prevention and detection of fraudsand errors, accuracy and completeness of accounting records, and thetimely preparation of reliable financial information.”

IFC & Companies Act 2013BoardSection134 (IFC)In the case of a listed company, the Director’s Responsibility states that directors,have laid down IFC to be followed by the company and that controls areadequate and operating effectively.Independent DirectorsScheduleIV (IFC)AuditorsSection143 (IFC(FR)The independent directors should satisfy themselves on the integrity of financialinformation and ensure that financial controls and systems of risk managementare robust and defensible.Effectiveness of IFC and Adequate FrameworkThe auditor’s report should also state whether the company has adequate IFCsystem in place and the operating effectiveness of such controls.(Applicable from 31st March 2015)Corrective Measures of IFCAudit CommitteeSection177 (IFC)Audit committee may call for comments of auditors about internal controlsystems before their submission to the Board and may also discuss related issueswith the internal, statutory auditors and management of the company.Audit committee should act in accordance with the terms of reference specifiedin writing by the board, which should, inter alia, include evaluation of IFC and riskmanagement systems.

IFC (Applicability)PublicListedPublic Un- ListedPaid up ShareCapital 10 CrTurnover 100 CrSection134 (Board)Schedule IV(Ind. Direct)Section143 (Audit)Section177 (ACM)Applicable from as on 31st March 2014Applicable from as on 31st March 2015Loans & Browwing inAggerate 50 crorePrivateLimited

Changes? Old v. NewFactPercept1.Even in the previous CARO reportsauditors used to mention “ Is therean adequate internal controlprocedure commensurate with thesize of the company and the natureof its business, for the purchase ofinventory and fixed assets and forthe sale of goods. Whether there isa continuing failure to correct majorweaknesses in internal control; ’’2. Having an ERP» Was an automatic assurance ofInternal controls in place.» If ERP is working well - the controls areassumed to be in place.1. Previously the mention wason the adequacy of thecontrol whereas the focus hasnow extended to adequacyplus operating effectiveness. Extensive coverage to allbusiness cycles.2. Controls (Manual Auto)» Needs to be seen holistically» Company will need to assess if theinternal controls around ERP areadequate and operating.» The framework has to aim increating more automated andpreventative controls.

Changes? Old v. NewPercept3. Internal Audits will sufficeIFC ComplianceFact3. IFC Responsibility» The Responsibility of laying IFC is atthe Board level.» Auditors can only comment oncecriteria's are defined clearly by theboard.» Internal audits provide “reasonable”assurance on controls and often areinbuilt with sampling and coveragerisks.4. Controls are well understoodthrough policies & procedures4. Performance of Controls» Though boards are given oversight anauditors compliance, the performanceof controls belong to process owners.

IFC Control MechanismBoardAudit committee1. ReviewManagement efforts onEffectiveness ofControls2. Review Testingresults of auditors andsuggested correctionsAuditors1. Design their testingon adequate samplesbased on theparameters defined2. Report onDeviations /Correctiveactions in the auditcommittee1. To Select theframework.COSO/COBIT/COCO2. To lay downparameters forevaluating theframeworkIFCSenior Management1. Define policies andprocedures to Align withthe framework2. Ensure operatingeffectiveness of thesecontrols

IFC : Road MapStage 1 Selecting the Guiding FrameworkStage 2 Designing the FrameworkStage 3 Testing the framework (IncludingIT Controls)CoCo Creating the Framework based on any ofthe selected guiding framework. Framework would layered at GuidingControls (Which are approved at the boardlevel) which would work on the adequacyfactor. These guiding controls would form the basisof Operating controls, which would ensureeffectiveness on performance of thecontrols Testing the controls and Reporting thedeviations

IFC V/s IFC (FR)

IFC V/s IFC (FR)IFC (Sec 134)IFC- (FR) (Sec 143) Applies to Listed Companies Applies to All companies Focussed on Internal Controls for Focussed Over Internal Controls over “Orderly and Efficient Conduct ofFinancial Reporting as on the BalanceBusiness.Sheet date Base Document – Either COSO,COCO or COBIT Document Covers Guidance on Reporting Frauds Base Document – Revised ICAI Guidancenote issued by ICAI.

Illustrative Examples to DifferentiateResults of Testing1.Purchase orders are to be approved by MD. Testing revealsthat the same has not happened in 65 % Cases of PO’sTested2Testing reveals that 3 quotations are not obtained for 85 %of the cases tested.3Confirmation of Creditors Balances reveal in 30 % cases,the balance as per the accounts and parties do not match4Quality Testing ( As per PO) is not carried out beforereceipt of materials for Top 5 materials.5Physical verification of inventories reveal different qualityof material procured v/s billed.6Procurements are done in Excess of Budgets/Requisitions7.Production not in line with Input /Output Norms8.Provident fund liability not accurately calculated in case of30 new employees9Company is reporting lossesSection 134Section 143IFCIFC - FRFraud

IFC – FR Implementation

1. Map Trial Balance to Various ProcessSample TrailBalancePurchaseMaterialityas per SA320toPayDrCr1 Debtors3.22 Stock1.53 Payroll1.14 Creditors5 Procurements0.55.66 Sales12.57 Capital Reserves1.58 Other Expenses0.159 Fixed toDespatchFSCP

2. Identify Process/Sub Process for IFC (FR)Sample Process : Purchase to Pay CycleSub ProcessRelevant IFC – FR Risks ( Illustrative only)RequisitionsNoneQuotation ComparisonNonePurchase Orders1. Rate and Taxes Correctly captured2. Specifications not captured correctlyReceiving Materials1.2.3.4.Cut off not adhered toTaxes not accounted currentlyPayables raised without quality checksQuantity incorrected accountedInvoice Verification1. Bills passed for higher/lower quantity2. Excess Payment than invoice3. Payables recorded to different entitiesPayments to Vendors1. Payments made in excess/lower of value

3. Walkthrough the ProcessSample Process : Purchase to Pay Cycle After having Identified the sub processes & Relevant risks, interview theconcerned process owner. Present each risk to the owner and ascertain what controls are in place toensure that such risks cannot occur. For ex :Auditor : How to do you ensure the cut off on period ends ?Management :1. On the night of 31st the last GRN generated is signed off by the CFO alongwith the list of all the receipts during the same day.2. Internal auditor also vouches all the entries recorded during 28th Marchto 4th April and ensure that Cut off is ensured3. Unless approved by CFO, System does not allow to generate back datedentries in the current period

4. Perform Design CheckTesting of Design EffectivenessAs per Para IG 11.12 of Testing Design Effectiveness of the Guidance noteissued by ICAI – the purpose of a test of design of a relevant control is toobtain a sufficient understanding of each control (and the related risk thatthe control addresses) to Conclude on the effectiveness of its design to address the risk. Plan the nature, timing and extent of the risks of operating effectiveness ofthe control.Testing will be carried out by: Performing walkthroughs with transactions. Interviews of selected personnel to discuss and address gaps noted in thesame. contd

4. Perform Design CheckSample Process : Purchase to Pay CycleRisk : Cut off Procedures not Adhered toControlsDesign Level issuesManagement :1. On the night of 31st the last GRNgenerated is signed off by theCFO along with the list of all thereceipts during the same day.2. Internal auditor also vouches allthe entries recorded during 28thMarch to 4th April and ensurethat Cut off is ensured3. Unless approved by CFO, Systemdoes not allow to generate backdated entries in the currentperiod1. Trails generated from the software ofthe changes during period ends madeshould be generated and audited bythe Internal auditor and signed off bythe CFO

5. Create Process flow Chart (illustrative)FactoryPurchaseXYZ LimitedPURCHASE TO PAY PROCESSSub Process: Purchase of materialsR7StartReceives the planfrom CentralPlanning SKUwisePlan isexploded formaterials andrequirementsassessedPlaces a ‘Call up’on the vendorBuyerR6Updates contractparticulars in thedatabase andforward for approvalwith commentsR8Material isreceived at theC1.20factory (ReferReceipt atfactories process)C1.18Reviews the reasonsfor rejection andupdates informationas requiredEndSupply SideManagerNoApproves thecontractYesProcurementDatabaseR6Enters into legalcontracts ifrequired andkeeps documentsunder safe custodyC1.17The vendor andcontractparticulars areupdated in thedatabaseFactorydatabasereplicatedR7R8C1.19C1.21

6. Create Process Narratives (illustrative) Validation On Receipt of ECF or Vendor Registration Form from the Vendor, Buyer shall ensure thatall the details are correctly incorporated in the same.There were will be a two fold evaluation , Technical Evaluation and Commercial Evaluationof the vendor. The evaluation would be approved as per the authority matrix. Buyer shall fill up the Internal Assessment Section of the Approval format, which shallhave the following weighted criteria: Quality of the Product Price Saving Potential (Long term) Competence to Supply and Financial Strength Market Repute Delivery After Sales Service Stability During the technical evaluation , if required site visits ,shall be carried out at the vendorsfactory/site to validate the competencies of the vendor.Commercial evaluation would be carried out based on the documents submitted and alsobased on information available in the market.