The scale of Satyam Scandal of 2009 and inability of the audit process to find the financial fraud committed by the management bought to focus various loopholes in the regulatory and legal framework dealing with board of directors and auditors of the company.
The Satyam scandal made Indian legislators search for best practises across the world like Sarbanes Oxley regulations in United States (US), Turnbull Guidance in United Kingdom (UK) and JSOX in Japan to raise the bar of corporate governance in India. The outcome of that search was the introduction of IFC regulations in Companies Act -2013.
|Statutory Provisions||Area||Regulatory mandate||Applicability|
|Section 134 (5)(e) of Companies Act 2013||Directors Responsibility Statement||Board of Directors have to confirm that they have laid down IFC and that such IFC are adequate and were operating effectively.||Listed Entities|
|Section 177 of Companies Act 2013||Audit Committee||Should evaluate IFC and risk management systems. Call on the auditors to comment on IFC.||All Entities having an Audit committee|
|Section 149 (7), Schedule IV of the Companies Act 2013||Independent directors||Should satisfy themselves on the integrity of financial information and that financial controls and systems of risk management are robust and defensible||All Entities having independent directors|
|Section 143 (3)(i) of Companies Act 2013*||Auditors Report||Auditors have to report whether the company has adequate internal financial controls and the operating effectiveness of such controls||All Entities (Listed/ unlisted)|
|Rule 8 (5) of Companies Accounts Rules||Board of Directors report||The details in respect of adequacy of internal financial controls with reference to financial statements||All Entities (Listed /Unlisted)|
* Please note Ministry of Corporate Affairs (MCA) has notified that Section 143(3)(i) of the Companies Act 2013 shall not be applicable for those audit reports of private limited companies /One-person companies (OPC) which has Annual turn over of less than Rs 50 Crores or has aggregate borrowings of less than 25 Crores from banks, Financial institutions or body corporate at any time during the financial year issued after 13th June 2017.
From the above statutory provisions, it is evident that IFC is applicable to only listed companies and Internal financial controls with respect to financial statements (ICFR) is applicable to all companies other than those exempted by MCA Notification No G.S.R. 583(E) dated 13th June, 2017. Hence it is necessary to understand the difference between IFC and ICFR.
On reading of the above definition, it is clear that intent of the legislation is to have control framework beyond financial reporting controls. However, one cannot expect the auditor to comment of operational conduct of the business, hence it can be logically concluded reporting of Internal financial controls by the auditors is on Financial reporting aspect only which led to the birth of term Internal Controls over Financial Reporting (ICFR).
The term ICFR has not been defined by the Guidance note of ICAI as the process designed to provide reasonable assurance regarding the reliability of the financial reporting and the preparation of financial statements for external purpose in accordance with the generally accepted accounting principles. Thus, the components of ICFR include
Hence to put it in simply IFC as a concept is much wider in scope when compared to ICFR
|IFC||=||ICFR||+||Operational Controls||+||Anti-Fraud Controls|
Management and Auditors need some set of benchmarks to assess the adequacy and effectiveness of IFC. Without these benchmarks assessment will be subjective without any guiding posts. The bench marks are called as framework. Like the Accounting Standards which are used the framework to evaluate the financial statements, The frame work of IFC is given by Standard on Auditing (SA) 315 issued by the Institute of Chartered Accountants of India (ICAI). The frame work explains the following components.
“The 3 Cs in life Choice, Chance, Change. We must make the choice, to take the chance, if you want anything in life to change.”– Anonymous
The introduction of IFC regulations has definitely given us the chance to improve the internal control environment in most organisations by drawing the attention of Board of Directors and auditors to this neglected concept earlier.
It has been 2 years since the IFC regulations has been introduced, now it is our responsibility as the management and auditors to look at it from a fresh perspective beyond compliance and use it as an opportunity to promote risk management and governance process within their organisations so that we don’t have another satyam in making.