Last May 9, The Center for Audit Quality issued Guide to Internal Control Over Financial Reporting, that originally had issued in the year 2013.
It is a publication mainly of an educational nature.
Its 24 pages are organized in 4 sections: (1) Introduction; (2) Key ICFR Concepts; (3) ICFR Roles and Responsibilities; and (4) What ICFR means for companies, investors, and markets.
It is a guide for entities that participate in the securities markets. That is why it is key to understand the paragraph with which the introduction begins:
“Preparing reliable financial information is a key responsibility of the management of every public company. The ability to effectively manage the company’s business requires access to timely and accurate information that informs decisión making. Moreover, investors must be able to place confidence in a company’s financial reports if the company wants to raise capital in the public securities markets.”
According to my understanding, here is the key to an effective understanding of internal control. It is the responsibility of the management. This in Colombia is not understood because many, too many (including, mainly to the CTCP) think that it is the responsibility of the accountants and, more specifically, of the auditors or revisores fiscales.
Another important precision that it does is that:
“While no practical control system can absolutely assure that financial reports will never contain material misstatements, an effective system of internal control over financial reporting (ICFR) can substantially reduce the risk of such misstatements in a company’s financial statements.”
This guide makes it clear that:
“ICFR is one element of the broader concept of internal control.”
COSO yes, but in the line of SOA and as a statutory requirement according to the FCPA. That is why the development is around the financial reporting and not necessarily the other objectives of the internal control according to COSO. This is another important precision:
“ICFR refers to the controls specifically designed to address risks related to financial reporting. In simple terms, a public company’s ICFR consists of the controls that are designed to provide reasonable assurance that the company’s financial statements are reliable and prepared in accordance with GAAP.”
Here, PCGA should be read as US-GAAP.
In addition to being a pleasant guide to reading, it helps pinpoint other things: reasonable assurance, the control environment, and control activities, each of which is approached with extreme precision.
When developing what is related to roles and responsibilities, in addition to those of the management, it refers to those of independent auditors and audit committees.
The final part is a summary of the available evidence, mainly research, to support the claim that:
“Investor confidence and the efficient operation of our capital markets depend on reliable public company financial reporting.”
This guide is applicable in the capital markets. Hence its specialized nature. Certainly something that they do not understand in the CTCP where, still in the 21st century, they continue insisting on implementing generalist approaches that worked in the past, but are not effective today.
Particularly among us, where progress is being made so slowly in an increasingly accelerated and disruptive environment.Internal-Control-May-2019