Strictly Private and Confidential

ICAI Ahmedabad
Internal Financial Controls Effectiveness 28-12-2015

CA Kartik B. Radia

Table of Content
1

IFC Basics

IFC Implementation Scope

IFC Implementation Approach & Methodology

Some important considerations

Some Important questions

Revised Guidance Note of ICAI

IFC for different types of companies

Questions and Answers

ICAI Ahmedabad IFC: 28-12-2015

Slide 2

1
IFC Basics

Opportunity for Improvement rather than a mere

tick in the box compliance requirement
1.

Improve the discipline of internal controls

2.

Transparency of reporting to Board on key controls based on Inherent risk assessment

3.

Improve accountability and Ownership Enhance controls consciousness by establishing

strong 1st line of defense

4.

Reinforce senior managed focus and visibility on key risks and controls by Controls Self
Assessment (2nd Line of defense)

5.

Establish Independent Testing 2nd Line and 3rd Line and Independent Internal Reporting
and its reporting to Board

ICAI Ahmedabad IFC: 28-12-2015

Slide 4

New IFC Compliance Requirements Whats changed?

Applicability

Responsibility

Coverage

Term internal
financial controls
is defined in the Act
as to mean:

Orderly and efficient

conduct of its business
including adherence to
companys policies

Safeguarding
of its assets

Prevention and
detection of
frauds and
errors

Accuracy and
completeness of
the accounting
records

Timely preparation
of reliable
financial
information

Coverage enhanced to orderly and efficient conduct of business, safeguarding of

assets, Prevention and detection of frauds and errors

Responsibility for ensuring adequacy in IFCs and reporting responsibility has moved from
CEO/ CFO to Board of Directors

Applicable to both listed and unlisted companies a significant difference compared to

applicability of codes in various other countries which is mainly applicable to listed
companies

ICAI Ahmedabad IFC: 28-12-2015

Slide 5

..What the implementation issues could be?

Lack of formally documented basis

Need to have adequate

demonstrability of the mechanism

Requisite accountability for financial

reporting structure

Lack of clarity over financial reporting

objectives (the financial reporting
assertions)

Lack of documentation of controls that

actually mitigate the risk of significant
misstatements

Absence of a demonstrable documented framework for internal financial controls

ICAI Ahmedabad IFC: 28-12-2015

Slide 6

Key Considerations to be addressed for IFC

implementation
1. Controls classification Internal Financial Controls to be classified into
Critical, Key and non-key
2. Controls categorization Financial Controls, Reporting Controls, Antifraud
Controls, Entity Level Controls and Operating Controls
3. Coverage and reliance on Entity Level Controls
4. IT General Controls to be covered for IFC Scope Automated controls
although accurately applied - still need to be tested. Scoping of key Business
Applications.
5. Updated Documentation and evidence availability is key for Demonstrability
6. Selection of Right Internal Controls Framework COSO careful application
of 1st Line, 2nd Line and 3rd Line Controls and independence of testing
7. IFC set is a sub-set of Management Set for CSA
8. Selection of IFC Set is to be based on Inherent risk criteria and not Residual
risk criteria
ICAI Ahmedabad IFC: 28-12-2015

Slide 7

Internal Financial Controls Requirements - As defined

Internal Controls Over
Financial Reporting (ICOFR)

Internal
Financial
Controls

Benchmarked
to a Globally
recognized
Internal
Controls
Framework

Controls designed to provide

reasonable assurance that the
companys financial
statements are reliable &
prepared in accordance with
Accounting Standards
What is included?
Financial Controls
Financial Reporting Controls
Anti-fraud Controls
Entity level Controls
Examples:
Sales Cut off Procedures
3rd Party Balance Confirmation

Operating Controls (good to have)

Controls designed to provide

reasonable assurance on business
operations, process efficiency
and effectiveness, other than
those covered in ICOFR.
To derive real business benefit it is
important to include the some 10% of
Operating Controls that would have a
wider financial implication?
Examples:
Input-output ratio
Quality inspection of inward material
Preventive maintenance procedures

Entity Level Controls, Anti Fraud Controls

will be applicable to all companies
ICAI Ahmedabad IFC: 28-12-2015

Slide 8

Internal Financial Control - Regulatory Mandate

Directors Responsibility
Statement

Board of Directors report

Powers and duties of auditors

and auditing standards

Section 134 (5)(e) of Cos Act 2013

Rule 8 (5) of Companies

(Accounts) Rules

Section 143 (3) (i) of Cos Act 2013

Directors, in the case of a listed company,

had laid down internal financial controls
& that such internal financial controls are
adequate and were operating
effectively

The details in respect of adequacy of

internal financial controls with reference
to the Financial Statements

All Entities Listed or

Unlisted

Only Listed entities

Whether the company has adequate

internal financial controls system in place
and the operating effectiveness of
such controls

All Entities Listed or

Unlisted

Code for Independent Directors (ID)

Audit Committee (AC) terms of reference

Section 149 (7), Schedule IV of Cos Act 2013

Section 177 of Cos Act 2013

Satisfy themselves on the integrity of financial

information and that financial controls and the
systems of risk management are robust and
defensible

Listed Entities, Entities with Public

borrowing

Sub Section (4) - Evaluation of internal financial controls and risk

management systems
Sub Section (5) Call on auditors to comment in internal control systems
& before their submission of Financial Statements to
the Board, may also discuss any related issues with the
internal & statutory auditors and the management

Listed Entities, Entities with Public borrowing

Clause 49 of Listing Agreement as per SEBI Guidelines already have IC compliance requirements for Listed Entities
ICAI Ahmedabad IFC: 28-12-2015

Non compliance
may lead to:

Monetary penalty

Imprisonment

up to Rs. 25 lacs

up to 3 years

Auditors
Slide 9
qualification

In addition to enactments, some principles are

developing as cornerstone for IFC
Adherence to written
policies and procedures
may not be sufficient

Auditors to provide
reasonable assurance only

Attestation of Control is
on Balance Sheet Date;
Testing needs to be
during the financial year

IFC requirements apply

Annual - Standalone
financial statements and
Consolidated Financial
Statements

IFC Framework is
different from ERM
Framework

Material Weakness in
IFC is not necessarily
equal to Material
Misstatement in
Financial statement

ICAI Ahmedabad IFC: 28-12-2015

Slide 10

2
IFC Scope

Scope of IFC requirements for complying

Conducting design review and GapAssessment Entity level Controls and
Framework level
Developing a robust Internal Financial
Control framework

Framework Component -Role of 1st line, 2nd line

and 3rd line of defense in IFC Testing

Identification of Significant Processes, Sub Process

Control testing methodology.

Sampling Methodology & Proposed Samples for

CSA and independent internal audit testing

CSA framework

Ownership Mapping of Controls

Classification of key moderate and non-key controls

Developing Risk and Controls Matrices for

process level controls
ICAI Ahmedabad IFC: 28-12-2015

Slide 12

Deliverables the entire set end to end.

Phase I: Assess and Document
Gap Assessment Report for entity level control gaps
IFC Framework:
o Framework Component -Role of 1st line, 2nd line and 3rd line of
defense in IFC Testing
o Identification of Significant Processes, Sub Process
o Control testing methodology.
o Sampling Methodology & Proposed Samples for CSA and
independent internal audit testing
o CSA framework
o Ownership Mapping of Controls
o Classification of key moderate and non-key controls
Risk Control Matrices including process level control gaps

Phase II: Operating Effectiveness Testing

Control operating effectiveness test results highlighting control failures
Remediation plans co-developed with process owners to address gaps

Phase III: Automation *

CSA tool deployed on your server
User and admin training sessions
Handholding support of the CSA tool post go live

ICAI Ahmedabad IFC: 28-12-2015

Slide 13

Entity Level Controls and Policies

Following is the list of illustrative Entity Level Policies and Controls that need to
be tested for its pervasive application:

1. Whistleblower Policy
2. Code of conduct
3. Risk Management policy
4. HR Policies

5. Organization Structure, roles and responsibilities including job descriptions

6. Related party policy
7. Business Continuity Plan and Disaster Recovery Plan
8. MIS & Reporting
9. KPI Framework
10. Delegation Of Authority
11. Training and Development Framework
12. Segregation of Duties

ICAI Ahmedabad IFC: 28-12-2015

Slide 14

IFC Framework controls operating at various levels

Group Level

Functional/Process Level

Entity Level
Organizational Structure

Delegation of Authority Matrix

Statutory Compliance
Mechanism

Policies Including Risk Management

Policy
Code of Conduct/ Ethics Policy

Segregation of Duty

Risk Control Matrix

MIS Reporting

Internal Audit Mechanism

Standard Operating Procedures (SOP)*

Whistleblower Mechanism
KPI/ Compensation Policy*

Disaster Recovery *

Business Continuity *

Combines (PLC) process & (ELC)

entity level controls. ELC to be
mapped to group control as needed

ICAI Ahmedabad IFC: 28-12-2015

IT General Control including Access Rights

*All asks are not mandatory for IFC

Compliance but a must have for
operating business efficiently be it
listed or unlisted

Fraud and IT controls needs to

be addressed while designing
both ELC, PLC

Slide 15

IFC Scoping Spectrum based on Companies Act 2013

and COSO 2013
IFC Set for Board
(Section 134) and
Statutory Auditors
(Section 143)

Key and Moderate Financial Controls

Key and Moderate Reporting Controls
Key Anti-Fraud-Controls
Key Entity Level Controls
Key Operating Controls

Management Set for

CSA (Controls Self
Assessment) and CEO
/ CFO Certification
(Management Letter)

IFC Set
+
Moderate Antifraud controls
+
Moderate Operating Controls
Slide 16

Deliverable Illustration - Comprehensive Risk &

Control Registers and Matrix
A. Identify the Control Risk, Mitigation

B. Classify the Control Impact, Owners

Mitigating Control Type Control Type

Control Sub Risks Control
Control (P)reventive or (A)utomated
Ref. No Process Event Objective
Activities
(D)etective
or (M)annual
1
2
3
4
5
6
7

Financial Statement
Assestions (E)xistence ,
COSO
(C)ompleteness
(Control
(R)ights&oblig,
Framework)
(V)aluation
Assersion
(D)isclosure,
13
(S)afeguarding
14

Test
Plan
15

Control Type
(O)perating,
(F)inancial,
(C)ompliance
8

Periodicity
Sample
(Y)early /
(As Per
(Q)uarterly / Control
Methodology
(M)onthly /
Gaps
approved by
(W)eekly / Observed
designated
(D)aily /
18
authority)
(O)ther
16
17

Control Criticality
Responsibility
(F)raud,
Responsibility Mapping to
(Process
(M)anagement,
(Reviewer)
GL Code
Owner)
Both - (FM)
11
12
10
9

Root Cause/
Control Pass
Document Concluding
Weakness Status Remedia ation Comment Design /
Yes, No, Needs
l Action Source, Auditor, Audit
Adequacy/
Remediation,
Plan
Design,
Committee,
Operating Need additional
21
Evidence
Board
Effectiveness
testing
22
23
19
20

D. Assessment & Testing

C. Link Assertions

E. Remediation, Documentation, Reporting

22 key Data Points- Aligned to Control Self Assessment Preferably Driven through Tool
Source Point
Global knowledge library
for Insurance
Standard Risk and
Control
Matrix
Review SOPs
ICAI Ahmedabad IFC: 28-12-2015

Draft risk registers

Interviews and
Deliberations
with Process
Owners

Circulation of Draft
RCMs

Final risk registers

Senior
Management
deliberations

Finalization and Signoff of RCMs

Slide 17

3
Implementation Approach &
Methodology

Implementation Approach

Phase II

Phase I
1

Scoping

Review Financial
statement/trial
balance to
identify
significant
accounts
Identify relevant
processes to be
covered
Finalize scoping

with respect to
anti fraud and IT
General Controls

Assessment

Assess Entity Level

Controls
Discuss with process

owners and identify

risks
Develop internal

financial control
documentation
(RCMs) for in scope
processes
Identify Key Controls
Review and identify

controls gaps

Documentation
and roll out

Discuss control gaps

and
recommendations
with management
and agree on changes
to controls
Update and finalize

RCMs
Develop control test

procedures for key

controls
Map anti-fraud

controls

Testing

Conduct the

operating
effectiveness
testing for key
controls
Prepare draft

control test results

highlighting
control failures
Discuss test results

with management
and finalize
control failure
report

Provide

Phase III*
5

Automate

Develop

questionnaire for
control self
assessment to be
uploaded in the CSA
tool
Assign ownerships

to controls
Deploy CSA tool on

your server
Conduct user and

admin training
workshops
Go-live of CSA tool

recommendations to
address gaps

3 Months

1 Month
Project Management

ICAI Ahmedabad IFC: 28-12-2015

* Phase II & III is not a part of current proposition in this proposal

Slide 19

4
Key Questions

Key Questions
1.

Whether Input-Output ratio included as an Operating Control?

2. Whether Input-Output ratio included as a Internal Financial Control?

3. Whether Discount Authorization covered as an IFC?
4. Whether Bad-debt covered as an IFC?
5. Whether Fixed Assets use / acquisition / disposition is covered?
6. Then why do we say Internal Financial Controls over
Financial Reporting???

ICAI Ahmedabad IFC: 28-12-2015

* Phase II & III is not a part of current proposition in this proposal

Slide 21

5
COSO Framework

IFC Alignment to COSO Framework 2013 - 3 lines of

defense

Holistic approach to the risk & controls landscape of the entities and the group

Recognition by Board of Directors & professional bodies globally of three lines of defence as per COSO,
which should be a cornerstone for Indian Companies driving IFC
IFC emphasizes the Governing body focus on further strengthening of 1st & 2nd line of Defense through :
Entity Level Control, Process Level Controls adequacy and operating effectiveness
Enhanced Control Awareness of Organization through Controls-Self-Assessment
Greater role of Board of Directors to ensure a timely disclosure of all risks and mitigation
External Auditors to
attest adequate and
effective internal
control framework run
by the Companys
Governing Body

Regulators to ensure
vigilance & penalties
for non compliance

Additional Role of Independent Internal Audit teams to

cover IFC testing for ensuring the independent testing
line (3rd Line) for Board Assurance.
ICAI Ahmedabad IFC: 28-12-2015

Slide 23

IFC Reporting Spectrum based on COSO 2013

Shareholders/
Regulators/
Stock Exchanges
DRS (Directors
Responsibility
Statement)
BOARD

Board Report
3rd Line - Internal
Audit Independent
Testing Report

CEO/CFO
2nd Line Independent
Testing

1st Line - CSA

Results
1st Line of
defense Line
Management

Statutory
Auditors
Independent
Opinion

2nd Line of
defense
Controller and Risk
Management
function
Independent Testing

ICAI Ahmedabad IFC: 28-12-2015

3rd Line of
defense
Independent Internal
Audit Testing

External Statutory
Auditor

Slide 24

Alignment to COSO Framework 2013

To assess the adequacy of the internal control framework of Any Entity, it needs to be assessed
against a suitable, recognized control framework. The COSO Internal Control Integrated
Framework is one of the most popularly adopted framework for Internal Controls. A comprehensive
COSO 2013 replaces the COSO 1992 Framework

Elements of COSO Framework:

3 Objectives: Operations, Reporting, Compliance

5 integrated components, each spanning across three

objectives

17 principles representing the fundamental concepts

associated with each component

77 Points of Focus aligned to the principles

Addresses increased relevance and dependence on IT

Expands operations and reporting objectives

Increased guidance on fraud risk assessment and

responses

Updated for changes in business and operating

environments

ICAI Ahmedabad IFC: 28-12-2015

Slide 25

Alignment to COSO Framework 2013

Need for addressing 17 principles linked to the 5 components
Component

Control
Environment

Principles

1.
2.
3.
4.
5.

Demonstrate commitment to integrity and ethical values

Ensure that board exercises oversight responsibility
Establish structures, reporting lines, authorities and
responsibilities
Demonstrate commitment to a competent workforce
Hold people accountable

Risk Assessment

6.
7.
8.
9.

Specify appropriate objectives

Identify and analyze risks
Evaluate fraud risks
Identify & analyze changes that could significantly affect
internal controls

Control
Activities

10. Select and develop control activities that mitigate risks

11. Select and develop technology controls
12. Deploy control activities through policies and procedures

Information &
Communication

13. Use relevant, quality information to support the internal

control function
14. Communicate internal control information internally
15. Communicate internal control information externally

Monitoring

16. Perform ongoing or periodic evaluations of internal controls (or

a combination of the two)
17. Communicate internal control deficiencies

ICAI Ahmedabad IFC: 28-12-2015

17 Principles
further drill
down to 77
points of focus
which need to
be mapped for
IFC compliance

Slide 26

6
Risk Assessment
for IFC Inherent
and Residual Risk
Assessment

Option 1: Simplistic Model Internal Financial Controls and

Operating Controls Effectiveness

INHERENT IMPACT (I)

Controls Classification

Operating Effectiveness (Controls Pass status)

Critical

Key

Not Operating

High

Key

Operating

Moderate

Non-Key

Operating

Low

Non-Key

Not Operating

ICAI Ahmedabad IFC: 28-12-2015

Slide 28

Option 2 Selection of Key Controls / Non-Key Controls

based on Inherent Risk criteria (COSO Based)

Operating
& Financial
Risks
observed
across 11
Business
Cycles

Gross Risk
Impact

Likelihood Risk
Probability

Derived from our

understanding of
the inherent risk
from the process

Likelihood of risk to be based on

occurrence of the risk event
(future & historical)

Scale:
Low
Moderate
High
Critical

Scale:
Expected
High Likely
Likely
Not Likely

Gross Risk Impact X Probability = Inherent Risk

ICAI Ahmedabad IFC: 28-12-2015

Inherent
Risk Rating

Inherent Risk
Rating: Red, Amber
=

Key Control

Inherent Risk
Rating: Yellow and
Green
=

Non Key Control

Inherent Risk Rating

Slide 29

Deriving the final risk Key Control (Critical, High)

INHERENT
INHERENT LIKLIHOOD
IMPACT (I) PROBABILITY RATING (P)

INHERENT RISK
RATING (IR)

Expected

Red

Highly Likely

Red

Likely

Red

Not Likely

Amber

Expected

Red

Highly Likely

Amber

Likely

Amber

Not Likely

Yellow

Critical

High

ICAI Ahmedabad IFC: 28-12-2015

EXISTING MITIGATION
EFFECTIVENESS (M)

EXISTING FINAL RISK RATING

(EFR)

Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective

Critical
High
Moderate
Critical
High
Moderate
Critical
High
Moderate
High
Moderate
Low
Critical
High
Moderate
High
Moderate
Low
High
Moderate
Low
Moderate
Moderate
Low
Slide 30

Deriving the final risk Non Key Control (Moderate, Low)

INHERENT
IMPACT (I)

INHERENT LIKLIHOOD
PROBABILITY RATING
(P)

INHERENT RISK
RATING (IR)

Expected

Amber

Highly Likely

Amber

Likely

Yellow

Not Likely

Green

Expected

Yellow

Highly Likely

Yellow

Likely

Green

Not Likely

Green

Moderate

Low

ICAI Ahmedabad IFC: 28-12-2015

EXISTING MITIGATION
EFFECTIVENESS (M)

EXISTING FINAL RISK RATING

(EFR)

Needs Improvement

High

Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective
Needs Improvement
Reasonably Adequate
Effective

Moderate
Low
High
Moderate
Low
Moderate
Moderate
Low
Low
Low
Low
Moderate
Moderate
Low
Moderate
Moderate
Low
Low
Low
Low
Low
Low
Low

Slide 31

Basis of impact assessment

Rating

Financial
Impact

Qualitative
Description
Inability to achieve business objectives, ex.
- Loss of significant business capacity
- Loss of high value customers, customer loyalty and sales opportunities due to process failure

Critical

- High costs dramatically impacting profitability and business viability

5% or - Material financial misstatement, material error in books of accounts
more of
- Penalty from regulatory non compliance related to financial, operating process
PAT
- Disruption of relationship with a strategic partner (vendor, channel partner)
- Serious non compliance with internal corporate policies and procedures resulting loss of asset,
sensitive information, reputation
- Significant operational losses leading to significant reduction of market value

Constrained ability to achieve business objectives, ex.

- Inability to recover significant revenue amount; significant profitability erosion
- Significant reduction in service and business capacity
- Incurring excessive costs that impact current earnings and profitability

High

3% to 5% - Loss or misappropriation of significant assets

of PAT
- Process deviations (compared to SOP) without mitigating controls, high risk rated audit findings
- Non compliance with internal corporate policies and procedures resulting loss of asset, sensitive
information, reputation
- Financial misstatement, material error in books of accounts, significant adjustment to accounts
after close

This is based on standard of materiality defined by ICAI and PCAOB

ICAI Ahmedabad IFC: 28-12-2015

Slide 32

Basis of impact assessment

Rating

Financial

Qualitative

Impact

Description
Moderate impact on achievement of business objectives
- Less that material gaps in books of account

Moderate

1% to 3% of
PAT

- Process failure leading to loss of transaction with moderate value restricted to small number
of transaction
- Moderate errors in books of accounts, financial statement which was fixed before closing
- Delay, Inability to reconcile key vendor, partner accounts impacting short terms transaction
- Moderate rated audit findings on process gaps
- Non compliance with internal polices and procedures which have penalty

- Short term increase in costs or loss of revenue

Limited impact on achievement of business objectives

Low

Less than 1%

- Policy, procedure non compliance with low impact

- genuine error in accounting, corrected on scrutiny
- Transaction level error in dealing with partner, detected and corrected
- Minimal impact to revenue or earnings

ICAI Ahmedabad IFC: 28-12-2015

Slide 33

Risk Probability
PROBABIILITY RATING GUIDANCE
Rating

Expected

Highly Likely

Likely

Inherent Probability of the risk events to occur and lead to assessed consequences
Occurrence in future

% Chance

Occurrence in the past

Very High, will be almost a

routine feature within the
immediate next year

Over 80%

Similar instances have commonly occurred

in the past

High, may arise several times

50% to 80%
within the immediate next year
Possible, may arise once or
twice within the immediate
next year

10% to 49%

Not likely, almost impossible to

occur or may occur atmost once
Not Likely
Less than 10%
or twice between year 2 (from
now) to 5 years

ICAI Ahmedabad IFC: 28-12-2015

Similar instances have occurred several

times in past
There have been 1 or 2 similar instances in
the year

Similar instances have rarely or never

occurred in the past

Slide 34

Inherent Risk considering impact & probability scale

1. We will do the inherent risk assessment for risks with critical and high impact. No such assessment will be done for
moderate and low impact risks
2. Likelihood assessment is going to be based on proposed number that we would suggest is on our understanding (on basis
of interviews and explanations done with him and our understanding of the process) and will have to be validated by the
management
3. Year 2 onwards the inherent likelihood assessment would be based on the data actually collected and analysed (without
consideration of mitigating controls). Inherent risk assessment will have to be done on an annual basis after considering
the change in the internal control environment and exceptions noted during internal audit process and root causes
ICAI Ahmedabad IFC: 28-12-2015
Slide 35
identified.

Mitigating Control Effectiveness

Mitigation Effectiveness Rating Guidance
Rating
Needs improvement
Reasonably
Adequate

Description

Mitigation plans though in place but do not ensure any control over
risk occurrence and impact.
Mitigation plans involved duly laid down approval and reporting
norms though not ensuring complete control over the risk

occurrence and impact.

Mitigation plans involved stringent approval and reporting norms

Effective

with responsibility for execution duly mapped to various

management levels ensuring complete control over the risk
occurrence.

ICAI Ahmedabad IFC: 28-12-2015

Slide 36

Final Risk Rating

Final Risk Rating = Inherent Risk Rating X Mitigation Effectiveness

ICAI Ahmedabad IFC: 28-12-2015

Slide 37

7
Live Case Studies
on
Implementation

8
Professional
Profile of the
speaker

Professional Profile of the speaker Kartik B. Radia

Kartik Radia
Partner,
Risk Assurance Services

Chartered Accountant, Institute of Chartered

Accountants of India

Certified Public Accountant (USA)

Professional Qualifications
& Memberships

FCA, AICWA, CS, CIA, CPA, CISA, B.com

Background: Kartik is currently working Price Waterhouse as a Partner in Risk Assurance Services
and helps clients implement Internal Financial Controls, Risk Management Frameworks and Internal
Audit Co-sourcing models. Kartik specializes in Risk Management Solutions like Enterprise Risk
Management, Internal Financial Controls and Internal Audit Effectiveness. After working for nearly 15
years in profession, Kartik firmly believes that there should be visible and transparent business value
addition that should come out from any Risk Management or Internal Controls solutions and the
delivery model should be based on Business Context.
Consulting activities and services:
1.

Kartik has worked on some of the complex Risk Modeling assignments such as Capital Adequacy
Reviews, Stress testing financial reviews, Internal Audit Effectiveness and Governance
Effectiveness Reviews for Banks and Financial Institutions and Large MNCs.

2.

Kartik has worked on Capital Adequacy Reviews, Stress testing financial reviews, Internal Audit
Effectiveness and Corporate Governance Policy Framework.

ICAI Ahmedabad IFC: 28-12-2015

Slide 40

Professional Profile of the speaker Kartik B. Radia

Kartik Radia
Partner,
Risk Assurance Services

Chartered Accountant, Institute of Chartered

Accountants of India

Certified Public Accountant (USA)

Professional Qualifications
& Memberships

FCA, AICWA, CS, CIA, CPA, CISA, B.com

Consulting activities and services (contd):

3.

Kartik has in past worked with Ernst & Young, WPP Group (for implementing SOX in North
Americas and European Region for 3 years).

4.

Have worked on International assignments across geographies incluing United States, UK,
Canada, France, Germany, Netherlands, Africa, Japan, Singapore, Hong Kong, Greece, Spain.

Professional Qualifications and Certifications:

1.
2.
3.
4.
5.
6.
7.

Fellow Chartered Accountant - Fellow Member of Institute of Chartered Accountants of India;

Associate Company Secretary - ICSI
Cost and Works Accountant ICWAI
CIA (Certified Internal Auditor) Certified Internal Auditor from Institute of Internal Auditors Florida USA.
CISA (Certified Information Systems Auditor) ISACA USA.
Certified Public Accountant (USA, Colorado State Board) AICPA.
Bachelor of Commerce Mumbai University

ICAI Ahmedabad IFC: 28-12-2015

Slide 41

Thank you

The views expressed in the presentation and webcast are the views of the authors in their
individual capacity and should not be taken as views of ICAI or to any other organizations
ICAI Ahmedabad IFC: 28-12-2015

Slide 42