Preparing reliable financial information is a key responsibility of the management. Management’s ability to fulfill its financial reporting responsibilities depends in part on the design and operating effectiveness of the controls and safeguards it has put in place over accounting and financial reporting. While no practical control system can absolutely assure that financial reports will never contain material misstatements, an effective system of Internal Control Over Financial Reporting (ICFR) can substantially reduce the risk of such misstatements in a company’s financial statements.

 

Misstatements in a financial statement may occur, due to mathematical errors, misapplication of Accounting Standards, or intentional misstatements (fraud). A system of ICFR should address these possibilities. The risk of fraudulent, financial reporting is a key consideration in the design and operation of ICFR.

 

ICFR provides reasonable assurances on financial statement assertions:

1) Completeness:

All transactions and events that should have been recorded are assured that these are recorded.

  2) Existence / Occurrence:

An asset or liability exists at a given date or transactions and events that have been recorded, occurred and pertain to the entity.

  3) Accuracy: Transactions have been recorded accurately at their appropriate amounts.   4) Valuation:

Asset, liability, equity, revenue, and expense components are included in the financial statements at appropriate amounts.

  5) Rights & Obligations:

Entity is entitled to the assets it is reporting and is reporting all its obligations as liabilities at a given date.

  6) Presentation & Disclosure:

An item is classified, described, and disclosed in accordance with applicable statutory accounting requirements.

 

Key Components of ICFR:

1) The Control Environment

Control Environment refers to standards, processes, and structures and values within the organization. Controls designed to generate reliable financial reporting are more likely to succeed if the company’s culture—including the “tone-at-the-top” established by senior management—reflects the importance of integrity and ethical values and a commitment to reliable financial reporting. Indicators of robust control environment include:

1. Statements and actions of the board of directors and senior management that demonstrate support for effective controls
2. Issuance and enforcement of an appropriate corporate code of conduct, and
3. Training programs that equip employees to identify and deal with ethical issues

 

2) Control Activities

Specific actions established through policies and procedures designed to mitigate financial reporting risk. Following are the concepts in understanding the control activities:

a) Segregation of Duty:

It involves assigning responsibility for different parts of a process to different persons so that no one person can control elements of the process that can be conflicting. It reflects the lower probability that two persons will make the same error related to the accounting for a transaction. E.g. Person ordering of material/services is different than the recipient.

  b) IT General Controls:

A company’s use of IT affects the way the information relevant to financial reporting is processed, stored, and communicated. Its critical to assess internal control relevant to financial reporting is designed and implemented. IT general controls generally include controls in information security, application development, and systems maintenance and operations, including cybersecurity controls.

  c) Entity Level and Process Level Controls:

Entity-level controls are designed to provide reasonable assurance that objectives related to the company are met. E.g. Audit committee oversight of financial reporting and a chief financial officer’s review of differences between the company’s monthly budget and actual expenditures. Process Level controls operate at the process, transaction, or application level. These controls pertain to a single activity, such