Page 100 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 100
CA Ravi Taori
• The board should maintain a sound system of internal control to safeguard shareholders' investment and the
company's assets.
• The directors should, at least annually, conduct a review of the effectiveness of the group's system of internal
control and should report to shareholders that they have done so. The review should cover all controls,
including financial, operational and compliance controls and risk management.
• Companies which do not have an internal audit function should from time to time review the need for one.
Sarbanes Oxley Section 404
SOX Section 404 (Sarbanes-Oxley Act Section 404) mandates that all publicly traded companies must establish
internal controls and procedures for financial reporting and must document, test and maintain those controls
and procedures to ensure their effectiveness.
The SEC rules and PCAOB standard require that:
• Management perform a formal assessment of its controls over financial reporting including tests that confirm
the design and operating effectiveness of the controls.
• Management include in its annual report an assessment of ICFR.
• The external auditors provide two opinions as part of a single integrated audit of the company:
• An independent opinion on the effectiveness of the system of ICFR.
• The traditional opinion on the financial statements.
(CNO-MRI.620) IFC vs IFCR
Internal financial control v/s Internal financial control over reporting
IFC - Definition
• Defined in u/s 134(5)(e) which is similar to definition of internal control as per SA 315
• System designed by TCWG or management.
• Law - To ensure that operations are in compliance with the law
▪ Safeguarding assets
▪ Operations- Orderly & efficient conduct of business as per company policies
▪ Financial information
a. Accuracy & completeness of financial records
b. Timely preparation of reliable financial information
▪ Frauds & Errors - Prevention & detection of fraud & error
IFCR:
• Not defined in companies act but defined in guidance note.
• System designed to ensure.
▪ Reliability of financial reporting (Accounting records)
▪ Preparation of financial statements for external purpose as per Generally accepted principles
Difference between IFC v/s IFCR:
• From above it is clear that IFCR is a subset of IFC. IFC is much broader as compared to IFCR.
• IFCR covers only those controls which are related to financial reporting & financial statements but IFC covers
all the controls in the organization which are related to financial matters.
• Legal requirement with both IFC & IFCR are different
Legal requirement
IFC (in the sequence of imp)
• BOD of listed co. are supposed to take responsibility of IFC & specify in DRS.
• Audit committee responsibility to evaluate IFC of company.
• Independent directors companies which requires ID, ID have to go & check whether financial controls are
robust & defensible & information generated is reliable.
IFCR:
• BOD of the companies are responsible to maintain proper IFCR.
www.auditguru.in 4.29