Download PDF Version Show Internal Control over Financial Reporting (ICFR) continues to be an intense focus of regulators. After the SEC recently fined a number of companies for failing to remedy material weaknesses in ICFR, the PCAOB released a Staff Preview of its 2018 Inspection Observations, highlighting the testing of ICFR remains a common audit deficiency. ICFR remains an important component to fostering confidence in a company’s financial reporting, and ultimately, trust in our capital markets. To assist in these concerns, the Center for Audit Quality (CAQ) has updated and re-released its popular Guide to Internal Control over Financial Reporting as an overview to assist stakeholders in understanding key ICFR concepts, roles and responsibilities, and what ICFR means for companies, investors, and the markets. This publication includes the addition of significant research demonstrating the importance and impact of ICFR and integrated audits on the quality of financial reporting at a time when the SEC is proposing amendments to tailor filer definitions potentially reducing the number of companies subject to the auditor ICFR attestation requirement under Section 404(b) of the Sarbanes-Oxley Act (SOX). BackgroundInternal Control over Financial Reporting (ICFR) has been required for public companies and included as part of issuer audits for more than a decade. Often the conversation around ICFR is based on regulatory expectations, but an equally important conversation focuses on the intent of those regulations which is to increase trust in financial reporting by establishing reliable systems and controls. As a result of SOX, most large public issuers are required to have an integrated audit performed[1], which includes an external auditor’s assessment of the effectiveness of the company’s ICFR (in addition to management’s annual assessment of internal control effectiveness). All issuer audits are subject to reviews performed by the PCAOB. Current State of AffairsSEC Activities Impacting ICFR Meanwhile, in May, the SEC voted on proposed amendments to the accelerated filer and large accelerated filer definitions intended to reduce costs for certain lower-revenue companies as a potential means for such companies to redirect the savings into growing their companies by investing in research and human capital and helping promote capital formation. Under the proposal, smaller reporting companies (SRCs) with less than $100 million in revenue would not be required to obtain an attestation from an independent external auditor on ICFR. The proposal would not change other key provisions of SOX, such as the independent audit committee requirements, CEO and CFO certifications on financial reports, or the requirement that companies continue to establish, maintain, and assess the effectiveness of ICFR. For more on the SEC’s proposal, refer to BDO’s Alert here. PCAOB 2018 Inspections Observations on ICFR
For more on the PCAOB inspection observations, refer to BDO’s Alert here. CAQ Guide to ICFRIn May 2019, in its efforts to continually improve audit quality and to enhance investor confidence and public trust in the global capital markets, the CAQ re-issued its Guide to Internal Control Over Financial Reporting ICFR to educate stakeholders on the purpose and benefits of ICFR. The guide provides an overview of the structure and design of ICFR and stresses the importance of internal processes and controls to the integrity of financial reporting. The guide explains what ICFR is and describes management’s responsibility for implementing effective ICFR. It also discusses the responsibilities of the audit committee to oversee ICFR and of the independent auditor to audit the effectiveness of the company’s ICFR. As a reminder, public companies are required to establish and maintain a system of internal accounting controls sufficient to provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP. SOX added a requirement under Section 404(a) that management annually assess the effectiveness of the company’s ICFR and report the results to the public. SOX further requires most large issuers under section 404(b) to have an integrated audit performed by their external auditor. Key ICFR Concepts
ICFR Roles and Responsibilities Summarized
What ICFR Means for Companies, Investors, and Markets
Refer to the CAQ guide for additional resources for further consideration. Next StepsWe encourage audit committees, management, and our audit professionals to remain abreast of the dynamics of ICFR. Please stay tuned for additional thought leadership and educational opportunities from BDO’s Center for Corporate Governance and Financial Reporting on this and many other topics of interest. [1] Auditor reporting on internal control over financial reporting is not required for
non-accelerated filers with market capitalization less than $75 million. Similarly, under the JOBS Act of 2012, Emerging Growth Companies (EGCs) are also excluded from the requirement of having an auditor’s report on the company’s ICFR. An EGC is an issuer with less than $1.07 billion in annual gross revenues in its most recently completed fiscal year. EGC status continues for the first five years after the IPO, but ceases sooner if the issuer (1) issues more than $1 billion in non-convertible
debt in a rolling three-year period, (2) becomes a large accelerated filer (i.e., with a market capitalization exceeding $700 million), or (3) exceeds $1.07 billion in annual revenues. A new issuer may meet the criteria to be considered an accelerated or large accelerated filer after it has been subject to the 1934 Securities Act reporting requirements for one year. Once it meets those criteria, it is required to comply with both the management and auditor internal control reporting requirements
(i.e., generally in its second rather than first Form 10-K). What is internal controls over financial reporting?What is “Internal Control Over Financial Reporting” (ICFR)? “Internal controls” refer to those procedures within a company that are designed to reasonably ensure compliance with the company's policies.
What is the difference between internal control and internal control system?Internal control is a system that comprises of control environment and procedure, which help the organization in achieving business objectives.
...
Comparison Chart.. What is IFC and ICFR?3. IFC Vs ICFR. From the above statutory provisions, it is evident that IFC is applicable to only listed companies and Internal financial controls with respect to financial statements (ICFR) is applicable to all companies other than those exempted by MCA Notification No G.S.R. 583(E) dated 13th June, 2017.
What is the difference between ICFR and Sox?SOX further requires most large issuers under section 404(b) to have an integrated audit performed by their external auditor. Effective ICFR provides reasonable assurance that corporate records are not intentionally or unintentionally misstated.
|