Internal Financial Control

how it works

In the dynamic business landscape of present day, a robust financial health is of great importance. For companies in India, Internal Financial Control (IFC) is not just a best practice; it is a critical regulatory requirement under the Companies Act 2013. This delves into the essence of IFC, its benefits, the process of implementation and what businesses need to know.

1. Overview of Internal Financial Control (IFC):

Internal Financial Control (IFC), as defined by the Companies Act 2013 refers to the policies and procedures adopted by a company to ensure the orderly and efficient conduct of its business. This includes:-

  • Adherence to company policies: Ensuring that all operations align with the established guidelines and rules.
  • Safeguarding of assets: Protecting company resources from theft, misuse or unauthorized access.
  • Prevention and detection of frauds and errors: Implementing mechanisms to identify and mitigate financial irregularities.
  • Accuracy and completeness of accounting records: Maintaining reliable and comprehensive financial data.
  • Timely preparation of reliable financial information: Ensuring that financial reports are accurate and available when needed for decision-making and compliance.

IFC is a mandatory requirement for all listed companies in India and certain unlisted public companies exceeding specific thresholds (e.g. paid-up capital of ₹25 crore or more or turnover of ₹50 crore or more with borrowings of ₹25 crore or more at any point in the financial year). It is a foundational element of good corporate governance, aiming to enhance transparency, accountability and financial integrity.

  • Enhanced Financial Accuracy and Integrity: The financial data is reliable, accurate and free from material misstatements, leading to trustworthy financial statements due to IFC. This is crucial for informed decision-making by management, investors and other stakeholders.
  • Effective Risk Management and Asset Protection: By identifying, assessing, and mitigating financial risks, IFCs safeguard a company's assets from fraud, errors and inefficiencies. This includes protecting physical assets, cash and intangible assets.
  • Improved Operational Efficiency: Well-designed controls streamline business processes, reduce redundancies, minimize errors and enhance productivity. This leads to more efficient use of resources and smoother operations.
  • Compliance with Regulatory Requirements: IFCs help companies meet their statutory obligations under the Companies Act 2013 and other relevant laws and regulations. This reduces the risk of penalties, legal issues and reputational damage.
  • Increased Stakeholder Confidence: A robust IFC framework provides assurance to investors, creditors and other stakeholders that the organization is well-managed and its financial reporting is credible, potentially attracting more investment and fostering trust.
  • Better Decision-Making: With accurate and timely financial information, management can make more informed strategic and operational decisions.

While the specific documentation may vary based on the company's size and complexity, an IFC audit typically requires a comprehensive set of documents to assess the adequacy and operating effectiveness of controls. These often include:-

  • Internal Financial Control Policy: A formal document outlining the company's approach to IFC.
  • Organizational Charts: Illustrating reporting lines and segregation of duties.
  • Process Flowcharts/Narratives: Detailed documentation of key business processes (e.g. Procure-to-Pay, Order-to-Cash, Payroll, Fixed Assets, Financial Closing).
  • Risk Control Matrix (RCM): A crucial document mapping identified risks to specific controls, their frequency, ownership and testing procedures.
  • Policies and Procedures Manuals: Covering various operational and financial aspects, including authorization limits, reconciliation procedures and accounting policies.
  • Evidence of Control Operation: This includes signed approvals, reconciliation statements, system access logs, audit trails and other records demonstrating that controls are being performed as designed.
  • Management Representation Letters: Formal acknowledgments from management regarding their responsibilities for IFC and the effectiveness of the controls.
  • Previous Internal Audit Reports and Remediation Plans: Showing how deficiencies were identified and addressed.
  • Board Minutes and Audit Committee Minutes: Documenting oversight and review of IFC matters.
  • Financial Statements and Supporting Ledgers: For verification and reconciliation purposes.

The implementation and ongoing assessment of Internal Financial Control is a structured process, often involving these key steps:-

  • Establish the Control Environment: This involves setting the tone at the top, defining clear roles and responsibilities, fostering ethical values and demonstrating commitment to integrity throughout the organization.
  • Identify Key Business Processes: List all critical financial and operational processes within the company (e.g. revenue, procurement, payroll, inventory, treasury).
  • Conduct Risk Assessment and Control Mapping: For each identified process, pinpoint potential financial reporting risks (e.g. misstatements, fraud, errors) and design specific internal controls to mitigate these risks. Document this extensively, often using a Risk Control Matrix (RCM).
  • Design and Document Controls: Develop detailed narratives and flowcharts for each control, outlining how it works, who is responsible and how often it is performed.
  • Perform Walkthroughs: Conduct simulated transactions or discussions with process owners to confirm that the documented controls are understood and implemented in practice.
  • Test the Operating Effectiveness of Controls: Regularly test a sample of transactions to ensure that controls are operating as designed and effectively preventing or detecting errors and frauds. This involves selecting samples, performing tests and documenting exceptions.
  • Document Findings and Remediate Deficiencies: Clearly record the results of control tests, identify any weaknesses or failures and develop corrective action plans.
  • Remediate and Retest: Implement the corrective actions and retest the controls to ensure that the deficiencies have been effectively addressed.
  • Ongoing Monitoring and Reporting: Continuously monitor the effectiveness of controls, report findings to management and the Audit Committee and foster a culture of continuous improvement.

The fees and timelines associated with IFC implementation and audit vary significantly based on several factors:-

  • Size and Complexity of the Organization: Larger companies with more complex operations, numerous processes and higher transaction volumes will naturally incur higher costs and require longer timelines.
  • Scope of Engagement: Whether the engagement is for initial implementation, ongoing advisory or annual audit support will influence the cost.
  • Current State of Controls: Companies with existing strong controls may have a simpler and less costly process compared to those starting from scratch.
  • Engagement Model: Whether the company engages internal teams, external consultants or a combination will affect costs.
  • Professional Fees: Fees charged by Chartered Accountants, consultants and auditors vary based on their experience, reputation and the extent of their involvement. These are typically project-based or time-based, and can range from a few lakhs to several lakhs of rupees for small to medium-sized companies, and significantly higher for large corporations. It is best to obtain a detailed proposal after an initial assessment of your specific needs.

 

    •   Manju Laur: 📞 +97119 94042

 

Timelines: Initial implementation can take several months to over a year, depending on the company's readiness. Annual IFC audits are part of the statutory audit process and must be completed within the financial year's audit cycle.

Frequently Asked Questions

No, it is mandatory for all listed companies and certain unlisted public companies that meet specific turnover or borrowing thresholds as per the Companies Act 2013. Small companies and One Person Companies (OPCs) are generally exempt, provided they meet certain criteria.

The primarily role of Board of Directors is to establish and maintain internal financial controls. The responsibility statement of directors in the annual report must affirm that adequate and effective IFCs are in place particularly for listed companies.

IFC refers to the system of policies and procedures put in place by the management of company to ensure financial integrity and operational efficiency. Internal audit, on the other hand, is an independent function that evaluates the effectiveness of these internal controls and provides assurance to the management and the Audit Committee.

While large companies with dedicated internal teams might manage the process internally, many companies, especially SMEs, benefit significantly from external expert guidance. Consulting firms provide specialized knowledge in designing, implementing and testing IFC frameworks, ensuring compliance and best practices.

Non-compliance can lead to penalties under the Companies Act 2013 including fines for the company and its officers. More importantly, it can result in unreliable financial reporting, increased risk of fraud and errors, loss of investor confidence and difficulty in obtaining external financing.
Connect with our experts
  • +91
  • +1
  • +42
  • +86
or
whatsapp (+91) 97119 94042
Connect with our experts
  • +91
  • +1
  • +42
  • +86
or
whatsapp (+91) 97119 94042