Everything About Internal Controls Over Financial Reporting
More than a compliance requirement, ICFR engagements are being recognized and seen as opportunities to enhance the efficiency and effectiveness of the operating models by the companies, uplifting themselves to the global leading practices. Indeed, the regulators across the globe have been increasing the reporting requirements in this perspective ever since the introduction of the SOX (Sarbanes-Oxley) Act of 2002. The significance of Internal Controls Over Financial Reporting is undeniable as it eventually intends to protect the interests of investors and other stakeholders, preventing fraud risks and other financial crimes.
What is meant by implementation of ICFR?
The implementation of ICFR refers to the process of incorporating adequate internal controls addressing the risks relating to financial reporting. These controls are designed and effected by the Board of Directors, management and other personnel of the companies with an ultimate aim of providing reasonable assurance on the reliability of their financial statements to the stakeholders.
What are the regulatory implications of ICFR in UAE?
Resolution number 1 by the Abu Dhabi Accountability Authority (ADAA), which became applicable to the subject entities reporting in Abu Dhabi, had brought in new reporting requirements with directives for implementation and testing of ICFR. Also the term Internal Controls Over Financial Reporting has gained more popularity in UAE, since the new requirement has been put forward in the recent circular by Insurance Authority of UAE (IA’s Circular No. (21) of 2019), mandating the external auditors of insurance companies to give their independent opinion on the effectiveness of ICFR. The regulators have listed down the reports to be submitted and their formats in their respective circulars along with conducting various awareness sessions in this regard.
Is there an internal control framework to be followed for ICFR implementation?
The regulators in UAE have not specifically mentioned any particular framework to be followed for the ICFR implementation. However, as per the leading best practices, internal control framework based on COSO can be adopted by the companies to comply with the regulatory requirements in terms of Internal Controls Over Financial Reporting(ICFR).
What are the key objectives of implementing ICFR in companies?
The foremost objective of implementing ICFR is to enhance the quality of the financial reporting processes in the best interests of various stakeholders of the companies. Thereby the emphasis on the internal controls points towards building confidence over the reliability of the financial information and driving the operating models in the companies to align with the global best practices. These exercises aim to bring more efficiency and transparency in the financial reporting processes, which will eventually help in integrating the financial information, for the better usage by its users.
What are the steps involved in implementing ICFR in companies?
The major steps involved in an Internal Controls Over Financial Reporting(ICFR) engagement are as follows:
- Adopting an ICFR framework
- Understanding and documenting the process flows relating to financial reporting, covering all the material inputs from the business operations, support functions and entity level risk management controls
- Documentation of the sub processes and risk control matrix
- Testing the design and operating effectiveness of the controls
- Identifying the gaps with target ICFR framework and lay out the mitigation plans
- Recommendation of best practices
- Submission of reports in compliance with the regulatory requirements
It is to be noted that these steps may vary depending upon the current status of the internal control environment in each entity and the applicable regulatory requirements. Considering the efforts and resources required, it is suggested to consult with subject matter experts to obtain guidance and insights over this matter as this may bring about major change in the operating models of the companies.