United Arab Emirates

Share   

What is Internal Control over Financial Reporting (ICFR)?

Click to download in PDF

What is Internal Control over Financial Reporting (ICFR)?

ICFR refers to the controls specifically designed to address risks related to financial reporting. In simple terms, a company’s ICFR consists of the controls that are designed to provide reasonable assurance that the company’s financial statements are reliable and prepared in accordance with IFRS.

GET A FREE CONSULTATION

Effective ICFR provides reasonable assurance that corporate records are not purposefully misstated in response to pressures for reporting high revenues, earnings or other targets. ICFR should therefore be designed and implemented with the risk of fraud in mind and tailored to the particular circumstances of the company. Controls can, however, be designed and implemented to address the process by which accounting judgments are made and thereby provide reasonable assurance that the financial reports are presented in accordance with applicable GAAP. A company’s ICFR includes those policies and procedures that:

  • (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;

  • (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with IFRS, and that receipts and expenditures of the company are being made only in accordance with authorisation of management and directors of the company; and

  • (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Components of ICFR

1. Control Environment

It refers to the standards, processes, and structures and values within the organization. Controls designed to generate reliable financial reporting are more likely to succeed if the company’s culture—including the “tone-at-the-top” established by senior management—reflects the importance of integrity and ethical values and a commitment to reliable financial reporting.

2. Risk Assessment

Risk assessment with reference to ICFR refers to the process adopted by the company to identify the Risk of Material Misstatements (RoMM) in financial statements. This component calls for a structured analysis of potential risks of misstatements, at two levels:

  • Financial statement level

  • Account balance and transaction type level

Risk assessment for ICFR needs to be conducted by persons competent to understand the financial reporting process, the disclosure requirements, the vulnerabilities to fraud, the temptations for misstatement at employee and or management levels, etc. The risk assessment needs to be done keeping in view the known stakeholders and expected readers of the financial statements

3. Control Activities

The specific actions established through policies and procedures designed to mitigate financial reporting risk—are another key component of ICFR. The following concepts are helpful to understanding control activities:

  • segregation of duties,

  • information technology (IT) controls and

  • entity-level and process-level controls

Mapping of risks with controls. It includes preparing a list of applicable controls and numbering it

  • Identifying controls that are no more required

  • Ensuring that IT controls are appropriately mapped

4. Information System and Communications

In the context of ICFR, this component refers to multiple types of information flows and communication channels:

First, the entire flow of information from the occurrence or non-occurrence of all relevant events or transactions, its flow into the accounting system and ultimately into financial statements to ensure that the financial statements are complete, accurate and present a true and fair view.

Second, the flow of relevant information including regulatory developments to those charged with governance and/or those responsible for selection of accounting policies, finalizing accounting treatment and making financial estimates, to ensure transparency and fairness in financial reporting. Third, the communication of financial statements from the company to the owners and other stakeholders, including IA.

The presentation of financial statements free from any material misstatement necessitates that all these information and communication channels are operating effectively.

5. Monitoring of Controls

This component entails the processes established by the management to ensure that controls as designed are operating effectively and that lapses are identified and remedied in a timely manner. The monitoring activities may be carried out by introducing Control Self-Assessment (CSA), where each process owner periodically tests the process controls, or by an independent review by the internal auditors, quality auditors or management representatives, or by periodic management reviews.

Ensuring periodic review of all documented policies and processes.

Requiring all RCMs to be updated periodically to reflect the changes in the risk profile and controls. Including, as part of internal audit scope, testing of controls depicted in the RCMs.

Responsible for ICFR

Management of the company is responsible for the design, implementation, and monitoring of ICFR. While management structures vary, in many companies, the principal financial officer (the chief financial officer or the chief accounting officer) and his or her staff have day-to-day responsibility for ICFR.

ICFR Deficiencies & Its Hierarchy

A deficiency in ICFR exists if the design or operation of a control does not allow management or employees, in the normal course of performing their assigned duties, to prevent or detect misstatements on a timely basis.

ANY REGULATIONS ON IT?

Insurance Authority of UAE (“IA”) has issued Circular No. (47) of 2020 regarding 2021 Reporting Requirements for all Insurance Companies operating in the UAE, IA requires a report highlighting the findings of the initial assessment of the Internal Controls over Financial Reporting (“ICFR”).

The Phase I requirements for the year-end 2020, the management should assess and evaluate the design and implementation of the existing ICFR and also test its operating effectiveness, considering an appropriate internal control framework. The existing gaps and failures in the ICFR identified during the internal assessment should be communicated to the respective “control owners”. The companies should provide a report to the IA highlighting the results of this assessment by 30th April 2021. The report may be brief and may cover only those gaps and control failures which in the company’s assessment pose the highest risk.

The Phase II is from the year 2021 onwards, which requires that the opinion should be issued as at 31 December 2021 (31 December 202X for subsequent years) and submitted to the IA as a part of the year-end submission on or before 30th April following the year-end

HOW PB CAN HELP?

We can help you verify the accuracy and completeness of your accounting records, and thereby achieve the timely preparation of reliable financial information. We can also help verify if internal control with respect to financial reporting are working effectively.

GET A FREE CONSULTATION

Prepared by: Rishi Aggarwal, Partner

If you want to discuss more IFRS 16, please drop us an email at rishi.aggarwal@premier-brains.com or call us at + 971 4 3542959, 971-56 6828172

ALWAYS DOING THE RIGHT THING”

Let us answer your question ?

Categories

Recent Posts