Handbooks | August 2023

Insight

Handbook: Internal control over financial reporting

Our guide to designing, implementing and maintaining an effective system of internal control over financial reporting.

Michal Dusza

Michal Dusza

Partner, Dept. of Professional Practice, KPMG US

Jennifer Klebold

Jennifer Klebold

Senior Manager, Dept. of Professional Practice, KPMG US


Using Q&As and examples, KPMG provides interpretive guidance on the key elements of a risk-based approach to the design, implementation and maintenance of an effective system of internal control over financial reporting (ICFR) using the COSO Internal Control – Integrated Framework. The Handbook addresses hot topics such as precision of controls, information used in controls, controls at service organizations and the evaluation of control deficiencies. It also provides guidance for management’s assessment of the effectiveness of ICFR.

Applicability

  • All companies

Relevant dates

Effective immediately

Key impacts

Effective ICFR provides many benefits: promoting accountability, safeguarding a company’s assets from fraud or significant loss, maintaining integrity of financial data and transactions, facilitating compliance with the applicable financial reporting and statutory compliance frameworks, and enabling information flows across the entity. Simply put, ICFR forms the bedrock of public and investor confidence in the capital markets. Without effective ICFR, companies risk significant financial and reputational harm.

Although the Sarbanes-Oxley Act of 2002 (SOX) is more than 20 years old, ICFR remains in the spotlight as an essential part of an entity’s financial reporting agenda. One reason for this is that continuous change is now the normal state for many companies. For example, companies continue to implement increasingly complex systems to support financial reporting and operating performance, and frequently involve specialized service providers in business and financial reporting processes. External factors also contribute to companies facing new and evolving risks – the recent pandemic, international conflicts and uncertain economic environment. Effective ICFR is needed to manage these risks.   

In this Handbook, we discuss and illustrate the key elements of a risk-based approach to the design, implementation and evaluation of ICFR using the predominant framework employed in practice – the 2013 Internal Control – Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission. The Handbook also addresses a number of hot button issues that are the focus areas of regulators, including the SEC and the PCAOB.

Report contents

  • Entity-level controls
  • Risk assessment
  • Process understanding
  • Process control activities
  • Information used in controls
  • General IT controls
  • Service organizations
  • Identifying and evaluating deficiencies 

Related content

Subscribe to our newsletter

Receive timely updates on accounting and financial reporting topics from KPMG.

Receive timely updates on accounting and financial reporting topics from KPMG.

Accounting Research Online

Access our accounting research website for additional resources for your financial reporting needs.

Access our accounting research website for additional resources for your financial reporting needs.