ICFR Applicability under Companies Act, 2013 (Thresholds & Exemptions)
This article explains ICFR applicability, and how it relates to Internal Financial Controls (IFC), along with key process areas, approach, benefits and deliverables.
Understanding IFC vs ICFR
As per Section 134 of the Companies Act 2013, the term ‘Internal Financial Controls’ means the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, safeguarding of its assets, prevention and detection of frauds and errors, accuracy and completeness of the accounting records, and timely preparation of reliable financial information.
Internal Control over Financial Reporting (ICFR) is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.
IFC & ICFR Applicability at a Glance:
| Company Type | IFC Applicability (Broader) | ICFR Applicability (Reporting) |
|---|---|---|
| Listed Company | Applicable (Section 134) | Applicable (Section 143(3)(i)) |
| Unlisted Public Company | Applicable (Section 134) | Applicable (as per class) |
| Private Company (Above thresholds) | Applicable if reporting required | Applicable if Turnover > ₹50 Cr OR Borrowings > ₹25 Cr |
| Private Company (Below thresholds) | Recommended (good practice) | Generally Exempt from ICFR audit reporting |
| OPC / Small Company (below thresholds) | Recommended (good practice) | Exempt |
Note: The thresholds above (₹50 crore turnover / ₹25 crore borrowings) apply to ICFR audit reporting only. IFC as a management control framework is expected for all companies.
Applicability of IFC (Management Responsibility)
IFC is a management responsibility under Section 134(5)(e) of the Companies Act, 2013, applicable to all companies regardless of size or thresholds. While ICFR reporting is optional for smaller private companies, all companies must design and maintain effective internal financial controls to safeguard assets, prevent fraud, and ensure accurate accounting. IFC is the broader framework; ICFR is the financial reporting lens that becomes the auditor’s reporting focus under Section 143(3)(i).
Areas of Review
- Order to Cash
- Logistics & Distributions
- Procurement to Payment
- Inventory Management
- Human Resources & Payroll
- Finance & Accounts
- Capital Expenditure
- Information Technology
- Entity Level Controls
Approach
- Identifying financial reporting elements, critical processes, supporting systems
- Account-level materiality and chart of accounts analysis
- Prepare a project plan and Identify process owners
- Prepare the RCM (Risk Control Matrix) & draft process flowcharts
- Identify gaps and what could go wrong in existing processes
- Testing of control design effectiveness
- Discuss & understand the root cause for the design weakness
- Suggest remedial action for gaps identified, in line with leading practices
Benefits
- An accurate and fair reflection of transactions and dispositions of the assets of the company;
- Provides reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and
- Provides reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Deliverables
- Process Flows
- Risk Control Matrix
- Testing Results/Report
Related Resources
- ICFR & IFC Service Overview (PDF): Our service deck covering ICFR design, evaluation, & testing
- Design & Evaluation of IFC/ICFR: In-depth guide to ICFR implementation and compliance
