Develop & Establish Internal Financial Controls

Companies Act 2013, paved way for many new reporting requirements.Section 143(3)(i) is one of those sections which has caused many professionals to contribute their thoughts in form of talks and articles. Much is spoken and written about the “Internal Financial Controls (IFC), Audit of IFC, IFC from perspective of Internal Control as contained in SA31……

One of the important point that emerge from these new regulations is of the fact that  Smaller Indian Companies are completely naïve to “Actual Construction and Implementation Of Framework”. Barring those entities that were already conversant to SOX compliances due to their affiliation to multinationals or their multi country/currency transactions, many of these smaller Indian Companies are perplexed with the task of constructing and implementing the framework.

Below is an endeavor to approach the task from “Actual To Do Perspective”.The article deals only with points 14-25 of Section II of the IFC Guidance Note, however these 5 points delve with brevity and surface the rationale behind the activities needed for implementing IFC and also serve as pointers for the information that needs to be accessed while formulating IFC.

Identify the “Goals” of organization.

The purpose and mission of the entity is the easiest start point to understand the overall business philosophy, fragmenting the goals into long term and short-term perspective.

Identify the “Objectives” of the organization.

Walkthrough of the “Roadmap” that Senior Management of the organization has designed for accomplishment of its Goals and Objectives helps identifying the Key Benchmarks and the Projected Time Horizons. This information when integrated with contemporary business opportunities, help identifying the potential risk areas and the potential regulatory framework.

Collate and formulate documents which communicates:

1. Entities Business.
2. Entities regulatory environment.
3. Entities reporting environment.
4. Financial reporting framework applicable to the entity.
5. Risks involved – Operational, Compliance and Reporting:
6. Organization specific perspective of “Orderly & Efficient” conduct of business.
7. Organizational “Policies”.
8. Listing of key Assets of the organization.

Framework to ensures that “Assets” are safeguarded.

Safeguarding provides reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company's assets that could have a material impact on the financial statements.

Identify mechanism by which organization ensures:

Adherence to management policies.

Structured Policies and Procedures aid in steady and conscious translation of “Every Day Operations” into “Company’s Vision”. At operational level “The Policies” guide the decision maker on the key “Do’s, Don’ts and How To’s?”

Prevention and Detection of fraud and error.

Robust Fraud Detection Strategy should imbibe within it below aspects:

1. Ongoing risk assessments
2. Staff training and awareness
3. Fraud reporting mechanisms
4. Data-mining and analysis
5. Manual checks and balances
6. Systems, processes and controls review

Completeness of accounting records.

Completeness is gauged from the fact that all transactions and events that should have been recorded have in fact been recorded. Completeness and Timeliness of accounting records and consequent financial information is critical for ensuring availability of information to the decision maker as and when the need arises.

Reliability On Financial Information Considering Aspect Of Materiality.

Reliability gets depicted by the fact that the information is accurate and can be corroborated via different dimensions. Materiality level set for defining “Reliable Financial Information” is critical in gauging accuracy.

Adequacy & Effectiveness of Internal Control System.

Internal Control System should be integrated with the operational activities of the company and never something to be operated in silos. An efficient ICS facilitates operational efficiency, regulatory compliance and reporting effectiveness. The nexus of “ICS” on operations, regulatory compliance and reporting framework needs to minutely understood and documented.

Methodology for dealing with Change Management:

Change being inevitable, the necessary response is “Framework For Adaption”. The organizations methodology for change management is critical and must be understood and documented, especially when such change are pertaining to “Regulations, Information Processing & Communication, Business Model, Key Management Team, Business Developments”.   

With above summary we conclude that “Regulatory Compliance” is key aspect for law respecting corporates, while “Risk Mitigation & Business Growth” are key aspects for investors fulfillment. IFC attempts to blow the bugle with message of “Accomplish But Ensure”, but for this we need to be equipped with the skills which facilitate implementation. The intention of this article is to embark upon a journey, which in its course continues to contribute series of articles in continuity thereby exploring the nuisance of the professional domain. See you soon in my next article in the series on IFC.

The author has corporate experience of 18 years and implementation exposure of IFC and SOX and can also be reached at rajeevj12@gmail.com