Internal Financial Control (IFC/ICFR)

Consulting Services

Internal Financial Control (IFC)

Posted By

ICFR Implementation services:

  1. Background of ICFR
  2. Relevant provisions of ICFR
  3. Applicability matrix
  4. IFC vs. ICFR
  5. Our services in ICFR
    1. Deliverables
    2. Scope of work
    3. Execution strategy


Background of ICFR

  1. To understand the background of Internal Financial Control over Financial Reporting (ICFR), let’s divide the period in two parts:
    Up to Financial Year 2014-15:
  2.  So far, companies were to satisfy their Statutory Auditors about the adequacy of Internal Controls related to purchase of inventory and fixed assets and sale of goods and services for Auditor’s reporting under CARO.
  3. However, in case of listed company, Clause 49 of the Equity Listing Agreement requires that CEO and CFO of listed companies to certify to the board of directors that they accept responsibility for establishing and maintaining internal controls for financial reporting and that they have evaluated the effectiveness of internal control systems of the company pertaining to financial reporting.

From Financial Year 2015-16 onwards:

  1. The Companies Act, 2013 has stated specific responsibilities on the board of companies towards the company’s internal controls and, inter alia, requires the board to state that they have laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively.
  2. Statutory auditor of company will be giving a separate report on the adequacy and effectiveness of Internal Financial Control over Financial Reporting with effective from Financial Year 2015-16.
  3. Compliance of Clause 49 of the Listing agreement will continue to be complied by the listed companies.


Relevant provisions of ICFR

Section/RuleRelated toDescription
Rule 8(5)(viii) of Companies Accounts Rules, 2014Board ReportBoard’s report to include the details in respect of adequacy of internal financial controls with reference to the financial statements.
Section 143 of Companies Act, 2013Statutory AuditReport  on whether the company has adequate internal financial controls system and operating effectiveness of such controls
Section 134 of Companies Act, 2013Director Responsibility statementDirector’s responsibility statement to state that directors
-had laid down internal financial controls to be followed by the Company
-and that such internal financial controls were adequate and operating effectively
Section 177 of Companies Act, 2013Audit committee-Evaluation of internal financial controls and risk management systems
-Call for / discuss  the comments of the auditors about internal control systems, the scope of audit, including the observations of the auditors and review of financial statement before their submission to the Board and
-May also discuss any related issues with the internal and statutory auditors and the management of the company
Schedule IV of the Companies Act, 2013Independent DirectorsSatisfy themselves on the integrity of financial information and that financial controls and the systems of risk management are robust and defensible


Applicability matrix

Applicability > Requirements  of the Statutes / ActsListed companiesUnlisted Public Limited companies*Other companies
Rule 8 of the Companies (Accounts) Rules, 2014

Statutory Auditor Report (Sec. 143)

Director’s Responsibility Statement (Section 134)

Audit Committee (Sec. 177)

Independent Directors (Schedule IV)

Specified class of companies:

  1. public companies with a paid up capital of Rs.10 Crores or more;
  2. public companies having turnover of Rs.100 Crores or more;
  3. public companies, having in aggregate, outstanding loans or borrowings or debentures or deposits exceeding Rs.50 Crores or more

The above thresholds as existing on the date of last audited Financial Statements shall be taken into account



Basis of differenceIFCICFR
Full formInternal Financial Control (IFC)Internal Financial Control over Financial Reporting (ICFR)
ScopeIt’s scope is very vast (refer the definition in the next slide)It’s scope is restricted to financial reporting only
Definition sourceIt’s defined in the Companies Act, 2013 under Section 134It’s defined in the Guidance Note issued by ICAI in Sep’2015
ApplicabilityMandatory for listed companiesMandatory for unlisted companies
Auditor’s reportWill not comment on IFCWill comment on the adequacy and effectiveness of ICFR

Definition of IFC:

As per Section 134 of the Companies Act, 2013, the term “Internal Financial Control” means the policies and procedures adopted by the company for:

  1. Orderly and efficiently conduct of it’s business, including adherence to company policies,
  2. Safeguarding of it’s assets
  3. Prevention and detection of frauds and errors,
  4. Accuracy and completeness of accounting records, and
  5. Timely preparation of reliable financial information

Definition of ICFR:

A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal financial control over financial reporting includes those policies and procedures that:

  1. pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;
  2. provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and
  3. provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements

Guidance note issued by ICAI in September’2015 has borrowed the definition of Internal Financial Control over Financial Reporting (ICFR) from Auditing Standard (AS) 5, An Audit of Internal Control Over Financial Reporting that Is Integrated with An Audit of Financial Statements issued by the Public Company Accounting Oversight Board (PCAOB), USA.


Our services for ICFR implementation:


Our deliverables  under ICFR


Scope of work

Our broad scope of work will be to review the IFC system related to Financial Reporting to comply with the regulatory requirement. Scope of work has been divided in the following sections:

  • Coverage of scope as per materiality concept
    • Identify significant accounts
    • Discuss the scope with statutory auditors, if required by client
    • Define materiality – Key/ non-key Risks
  • Design assessment of existing IFC system over Financial reporting
    • Perform & document walkthroughs to understand the design of existing IFC system
    • Document process maps with input, output, risk/ controls
    • Segregate controls into Entity level control, Process controls & IT general controls
    • Identity controls into Manual, Automated, Preventive & Detective
    • Perform segregation of duties analysis
    • Prepare a Risk Control Matrix for each significant accounts/process to be covered for review
    • Identify design gaps based on walkthroughs, interviews & discussion
  • Gap remediation
    • Prioritize control gaps into Material and non-material
    • Discuss the control gaps with process owners and co-develop the remedial plan
    • Periodic monitoring of remediation implementation plan
    • Enhance or optimize IT Controls to mitigate the control gaps, to the extent possible
    • Enhance SOP/ MIS/ DOA etc
    • Interim testing to confirm remediated gaps
  • Testing the operating effectiveness
    • Prepare testing plan & templates
    • Timing of testing
    • Document testing results
    • Prioritize testing gaps into Material and non-material
    • Identify mitigation/ compensating controls for material gaps
    • Co-develop remediation plans for testing gaps by engaging process owners.


Execution strategy

To see how Blue Consulting can help you in IFC compliance, get in touch with us at or call us at 0120-4113075 or Click here.

Leave a Reply