Handbook: Internal control over financial reporting

Our guide to designing, implementing and maintaining an effective system of internal control over financial reporting.

Using Q&As and examples, KPMG provides interpretive guidance on the key elements of a risk-based approach to the design, implementation and maintenance of an effective system of internal control over financial reporting (ICFR) using the COSO Internal Control – Integrated Framework. The Handbook addresses hot topics such as precision of controls, information used in controls, controls at service organizations and the evaluation of control deficiencies. It also provides guidance for management’s assessment of the effectiveness of ICFR.

Applicability

Relevant dates

Key impacts

Effective ICFR provides many benefits: promoting accountability, safeguarding a company’s assets from fraud or significant loss, maintaining integrity of financial data and transactions, facilitating compliance with the applicable financial reporting and statutory compliance frameworks, and enabling information flows across the entity. Simply put, ICFR forms the bedrock of public and investor confidence in the capital markets. Without effective ICFR, companies risk significant financial and reputational harm.

Although the Sarbanes-Oxley Act of 2002 (SOX) is more than 20 years old, ICFR remains in the spotlight as an essential part of an entity’s financial reporting agenda. One reason for this is that continuous change is now the normal state for many companies. For example, companies continue to implement increasingly complex systems to support financial reporting and operating performance, and frequently involve specialized service providers in business and financial reporting processes. External factors also contribute to companies facing new and evolving risks – the recent pandemic, international conflicts and uncertain economic environment. Effective ICFR is needed to manage these risks.

In this Handbook, we discuss and illustrate the key elements of a risk-based approach to the design, implementation and evaluation of ICFR using the predominant framework employed in practice – the 2013 Internal Control – Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission. The Handbook also addresses a number of hot button issues that are the focus areas of regulators, including the SEC and the PCAOB.