Summary: Internal Financial Controls (IFC) testing is a systematic process designed to assess the effectiveness of a company’s internal controls over financial reporting, a requirement under the Companies Act, 2013. The process is a step-by-step procedure that begins with identifying all key financial processes, such as payroll and inventory management. This is followed by a risk assessment and control mapping, often documented in a Risk-Control Matrix, to link potential risks with specific controls. The next steps involve documenting control narratives that detail how each control works, who is responsible, and how frequently it is performed. Once documented, a walkthrough is conducted to verify that the control is designed and implemented correctly. The actual testing of controls involves selecting samples and checking for exceptions. All findings are then documented, outlining whether a control passed or failed, the reason for any failure, and a remediation plan. The final steps include retesting failed controls and compiling a formal IFC report for statutory auditors and the company’s board, ensuring financial transparency, reducing the risk of fraud, and boosting investor confidence.
How do you conduct IFC testing
Here’s a simple, step-by-step guide to help you understand and carry out the IFC testing process smoothly.
What is IFC Testing?
Internal Financial Control (IFC) Testing is a process used to assess whether a company’s internal controls over financial reporting are working effectively. It ensures compliance with Section 134(5)(e) of the Companies Act, 2013, which requires directors to lay down IFCs and confirm their effectiveness.
Step-by-Step Process of IFC Testing
Step 1: Identify the Key Business Processes
Begin by listing all key processes related to finance, such as:
1. Procurement to Pay
2. Order to Cash
3. Payroll
4. Inventory Management
5. Fixed Assets
6. Financial Closing and Reporting
Each of these areas could have risks that need control.
Step 2: Risk Assessment and Control Mapping
1. Identify risks within each process (e.g., incorrect billing, payment fraud).
2. Map each risk with a specific internal control (e.g., invoice approval workflow).
Step 3: Design and Document the Controls
Prepare control narratives that explain:
1. How the control works
2. Who is responsible
3. Frequency of the control
4. Documentation or system used
This helps in standardizing the testing process and ensures audit readiness.
Step 4: Perform Walkthroughs
Walkthroughs are conducted to understand and verify the control in action:
1. Interview the process owners
2. Review documentation
3. Trace transactions from initiation to completion
This helps validate if the control is properly designed and implemented.
Step 5: Test the Controls
Now comes the actual testing:
1. Select samples (transactions, approvals, reports)
2. Perform tests to check if the control operated as designed
3. Note down any exceptions
Step 6: Document Findings
Clearly record the results of each control test:
1. Control Passed or Failed
2. Reason for Failure (if any)
3. Impact on Financial Statements
4. Remediation plan (if needed)
All findings must be backed by proper evidence.
Step 7: Remediate and Retest
If any control fails:
1. Suggest corrective actions
2. Allow time for process owners to fix the issue
3. Retest to ensure the control is now working effectively
This step is crucial for continuous improvement.
Step 8: Final Reporting
At the end, compile your findings into a formal IFC Report:
1. Summary of tests performed
2. Controls tested and results
3. Overall conclusion on IFC effectiveness
This report is essential for statutory audit and Board review.
Why is IFC Testing Important ?
1. Ensures compliance with Companies Act
2. Improves transparency in financial reporting
3. Reduces risk of fraud or error
4. Boosts investor confidence
5. Supports smooth statutory audits
*****
Need help with IFC testing? Connect with YKG Global at Mukul@ykguptaco.com to streamline internal financial controls and stay audit-ready!

