<p>Indian regulations on financial reporting are being aligned to international practices and the introduction of Internal Financial Controls (IFC) in the Companies Act 2013 is reflective of this trend. The trend underscores two important evolutions in globalised business; Governance and Technology. As technology adoption in businesses is growing rapidly, businesses have to rely on controls more and more while boards have to ensure that a robust control environment is designed and deployed to achieve business objectives. To this effect, the Companies Act, 2013 has imposed specific responsibilities on the Board of Directors towards the company's internal financial controls and requires the board to state that they have laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively. While similar reporting requirements have existed elsewhere in the world (in US it's the Section 404 under Sarbanes Oxley Act, the Turnbull Guidance on Internal Control with the London Stock Exchange for listed companies and Japan's Financial Instruments and Exchange Law (J-SOX) are similar rules for public companies), in India there was no such requirement until the new act came into force. <br><br>As part of Internal Financial Controls, Indian public and private companies are expected to establish frameworks that provide assurances about the soundness of governance and internal controls, elaborated as follows -</p><ul><li>For listed companies, the management would have to identify and document financial and non-financial controls (referred to in the act as policies and procedures for orderly and efficient conduct of business), assure the boards of the adequacy of such controls and also demonstrate results of testing operating effectiveness of such controls.</li><li>For unlisted companies, the Directors' Report for FY 2014-15 would have to disclose adequacy of controls related to financial statements.</li><li>Annual reports for the year FY 14-15 will be required to have Director Responsibility Statement carrying disclosure on what steps companies have taken to implement Internal Financial Controls.</li></ul><p><br>Additionally, for both listed and private companies, it is mandated that from FY 2015-16, statutory auditors would be expected to make opine on operating effectiveness of controls related to financial reporting.<br><br>As with many other important provisions of the new Act, Internal financial control has been made a board and individual director's responsibility. This means enhanced level of engagement and scrutiny by the board and directors into IFC framework of a company and whether such frameworks are "adequate" and "effective". Currently, many companies are assessing the impact these new requirements will have on the operations and processes of the company, including the financial reporting process.<br><br><strong>Role of Board of Directors</strong><br>One of the significant implications of the new Companies Act, 2013, is the reporting responsibilities of the director and auditors with regard to internal financial controls. Consequent to the formal responsibility introduced under the 2013 Act, the role of the Board and the Audit Committee in the oversight of internal control has become increasingly critical. In case of listed companies, the directors are expected to play an important role in establishing the control environment, including clarity of expectations regarding integrity and ethics and adherence to codes of conduct and creating clear accountability for performance of internal control responsibilities. The board's assessment of the risk of management overrides internal control and to that effect, some of the other responsibilities for the board of directors include establishing open lines of communication between management and the board, as well as providing separate lines of communication such as whistle blower hotlines. The need for boards to perform this self-evaluation and that of the committees and individual directors and ensure maintenance of appropriate skills and expertise is a critical success factor in meeting the new requirement of the 2013 Act.<br><br><strong>Role of Audit Committees</strong><br>Audit committees are expected to place a stronger emphasis than before on internal financial controls and risk management. In context of the act, the expectations of the audit committee's role have expanded due to enhanced company and external auditor reporting requirements, along with an increased focus on compliance by regulators. It may also be advisable to seek results on the effectiveness of IFC on a real time basis while also understanding how management addresses the risks highlighted by test of internal controls. The act also necessitates for statutory auditors to assert whether the company has adequate internal financial controls in place and the operating effectiveness of such controls. To this effect, the audit committee will need to view their controls framework from an auditability standpoint with requisite documentation to the satisfaction of external auditors.<br><br><strong>Treating IFC as a bridge to excellence in governance</strong><br>Many enterprises today have siloed approaches to compliance and controls with sporadic documentation. Towards this end, by placing more accountability and responsibility on the Board and Audit Committee with respect to internal financial controls, the 2013 Act is attempting to align the corporate governance and financial reporting standards with global gold standards. Establishing the right internal controls provides greater assurance that a corporation will achieve its operating, financial reporting and compliance objectives and making governance more robust and wholesome.<br><br>It is critical therefore that businesses approach Internal financial controls as an opportunity to improve overall business performance through bringing excellence models, structured policies & procedures, technology enablement and not consider it as mere compliance served to 'tick in the box'. Apart from the obvious solutions of improving control environment, Internal Financial Controls can enhance shareholder and investor confidence in the longer term. Companies can use this opportunity to internally promote a culture of compliance and integrity among employees. Compliance for the sake of compliance, has less appeal than if residual or other long term benefits can't be derived from compliance efforts. Enterprises need to recalibrate on how to take advantage of the effort that will undoubtedly be expended towards enhancing their Internal Financial Controls; to achieve more deep rooted benefits of improving their operating effectiveness, adopting leading technologies to enable better efficiencies and thereby creating a future ready business.<br><br><em>The author is, Sachin Paranjape, Senior Director at Deloitte in India </em></p>