DPNC Global

Internal Financial Control (IFC) Audit

The scale of the Satyam Scandal of 2009 and the inability of the audit process to find the financial fraud committed by the management bought to focus various loopholes in the regulatory and legal framework dealing with the board of directors and auditors of the company.


The Satyam scandal made Indian legislators search for best practices across the world like Sarbanes Oxley regulations in the United States (US), Turnbull Guidance in the United Kingdom (UK) and JSOX in Japan to raise the bar of corporate governance in India. The outcome of that search was the introduction of Internal Financial Control (IFC) regulations in The Companies Act, 2013.


IFC is defined in the explanation to Section 134(5)(e) of The Companies Act 2013 as the policies and procedures adopted by the company for ensuring:-


  • The orderly and efficient conduct of its business, including adherence to company’s policies,
  • The safeguarding of its assets,
  • The prevention and detection of frauds and errors,
  • The accuracy and completeness of the accounting records, and
  • The timely preparation of reliable financial information.




With adequate and effective Internal Financial Controls, some of the benefits that the companies would experience include:-

  • Senior Management Accountability.
  • Improved controls over financial reporting process.
  • Improved investor confidence in entity’s operations and financial reporting process.
  • Promotes culture of openness and transparency within the entity.
  • Trickling down of accountability to operational management.
  • Improvements in Board, Audit Committee and senior management engagement in financial reporting and financial controls.
  • More accurate, reliable financial statements.
  • Making audits more comprehensive.





Section 134 of Companies Act All listed entities The Directors Responsibility Statement shall state the directors had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and operating effectively.
Section 143 of Companies Act All entities (listed/ unlisted) The auditor’s report shall state whether the company has adequate internal financial controls with reference to financial statements in place and the operating effectiveness of such IFC.
Section 177 of the Companies Act All entities having an audit committee The audit committee shall evaluate internal financial controls and risk management systems.

The audit committee may call for comments of auditors about internal control systems before their submission to the Board.

Schedule IV All entities having independent directors The independent directors should satisfy themselves on the integrity of financial information and ensure that financial controls and systems of risk management are robust and defensible.
Rule 8 (5) of Companies Accounts Rules All entities (listed /unlisted) The board report shall state the details in respect of adequacy of internal financial controls with reference to the financial statements.




Management and Auditors need some set of benchmarks to assess the adequacy and effectiveness of IFC. Without these benchmarks assessment will be subjective without any guiding posts. The bench marks are called as framework. Like the Accounting Standards which are used the framework to evaluate the financial statements. The frame work of IFC is given by Standard on Auditing (SA) 315 issued by the Institute of Chartered Accountants of India (ICAI).


The frame work explains the following components:-


  • Control Environment
  • Risk Assessment
  • Control Activities Information system and communication
  • Monitoring.




The introduction of IFC regulations has definitely given us the chance to improve the internal control environment in most organizations by drawing the attention of the board of directors and auditors to the neglected concept earlier. It’s our responsibility as the management and auditor to look at it from a fresh perspective beyond compliance and use it as an opportunity to promote risk management and governance process within their organization.


To download the pdf file of the above post, please click on the download button below.




DPNC Global LLP is a full service consulting firm providing multi-disciplinary services to clients ranging from MNCs, Indian Corporates from across industries to Family Offices and UHNIs, both in and outside India.


Our Risk Advisory Services (RAS) team offers solutions to help organizations and their management to effectively balance risk management, governance and compliance while moving towards their short-term and long-term strategic goals. Our team comprises a group of qualified and experienced professionals with in-depth knowledge and specialization in risk advisory services including for conducting Internal Audits, developing Standard Operating Procedures etc. We leverage our knowledge of industry best practices and domains across organizations of all sizes and sectors to streamline and develop systems, processes & solutions that are tailored to be suitable for our clients. To know more about our services in Risk Advisory Services, visit https://dpncglobal.com/risk-advisory/



The information contained herein is in summary form and is based on information available in public domain. While the information is believed to be accurate to the best of our knowledge, we do not make any representations or warranties, express or implied, as to the accuracy or completeness of such information. This document is not an offer, invitation, advice or solicitation of any kind. We accept no responsibility for any errors it may contain or for any loss, howsoever caused or sustained, by the person who relies on it.