Preparing reliable financial information is a key responsibility of the management. Management’s ability to fulfill its financial reporting responsibilities depends in part on the design and operating effectiveness of the controls and safeguards it has put in place over accounting and financial reporting. While no practical control system can absolutely assure that financial reports will never contain material misstatements, an effective system of Internal Control Over Financial Reporting (ICFR) can substantially reduce the risk of such misstatements in a company’s financial statements.
Misstatements in a financial statement may occur, due to mathematical errors, misapplication of Accounting Standards, or intentional misstatements (fraud). A system of ICFR should address these possibilities. The risk of fraudulent, financial reporting is a key consideration in the design and operation of ICFR.
ICFR provides reasonable assurances on financial statement assertions:
1) Completeness:
All transactions and events that should have been recorded are assured that these are recorded.
2) Existence / Occurrence:
An asset or liability exists at a given date or transactions and events that have been recorded, occurred and pertain to the entity.
3) Accuracy:
Transactions have been recorded accurately at their appropriate amounts.
4) Valuation:
Asset, liability, equity, revenue, and expense components are included in the financial statements at appropriate amounts.
5) Rights & Obligations:
Entity is entitled to the assets it is reporting and is reporting all its obligations as liabilities at a given date.
6) Presentation & Disclosure:
An item is classified, described, and disclosed in accordance with applicable statutory accounting requirements.
Key Components of ICFR:
1) The Control Environment
Control Environment refers to standards, processes, and structures and values within the organization. Controls designed to generate reliable financial reporting are more likely to succeed if the company’s culture—including the “tone-at-the-top” established by senior management—reflects the importance of integrity and ethical values and a commitment to reliable financial reporting. Indicators of robust control environment include:
- Statements and actions of the board of directors and senior management that demonstrate support for effective controls
- Issuance and enforcement of an appropriate corporate code of conduct, and
- Training programs that equip employees to identify and deal with ethical issues
2) Control Activities
Specific actions established through policies and procedures designed to mitigate financial reporting risk. Following are the concepts in understanding the control activities:
a) Segregation of Duty:
It involves assigning responsibility for different parts of a process to different persons so that no one person can control elements of the process that can be conflicting. It reflects the lower probability that two persons will make the same error related to the accounting for a transaction. E.g. Person ordering of material/services is different than the recipient.
b) IT General Controls:
A company’s use of IT affects the way the information relevant to financial reporting is processed, stored, and communicated. Its critical to assess internal control relevant to financial reporting is designed and implemented. IT general controls generally include controls in information security, application development, and systems maintenance and operations, including cybersecurity controls.
c) Entity Level and Process Level Controls:
Entity-level controls are designed to provide reasonable assurance that objectives related to the company are met. E.g. Audit committee oversight of financial reporting and a chief financial officer’s review of differences between the company’s monthly budget and actual expenditures. Process Level controls operate at the process, transaction, or application level. These controls pertain to a single activity, such as requiring that delivery receipts be matched with vendor invoices before a vendor payment is authorized.
d) Preventive and Detective Controls:
1) Preventive controls are intended to prevent the occurrence of an activity that is not consistent with control objectives. E.g of Preventive controls:
- Separating Approval and Payment
- Limiting Access to IT Systems
- Automated controls
2) Detective controls are intended to identify misstatements or unauthorized activities after they have occurred so that corrections can be made in a timely manner. E.g of Detective controls
- Reconciliations
- Management Review Controls
Why Spectrum Auditing?
Being a pioneer in the field of auditing, accounting, taxation and advisory services, we ensure we keep track of all the changes that are taking place in the UAE with respect to the changes in laws, rules, regulations and keep our clients informed as well as sharing the same information through our blog section or social media handles regularly. Spectrum Auditing will guide you with the laws and regulations of UAE, be it the Risk Advisory, Transfer Pricing, Value Added Tax (VAT), Economic Substance Regulations (ESR), Corporate Tax (CT), Transfer Pricing (TP), Ultimate Beneficiary Owner (UBO), Anti Money Laundering (AML), etc after reviewing your business.
Call us today for any kind of assistance at +971 4 2699329 or email [email protected] to get all your queries addressed. Spectrum is your partner in your success.
contact us