United States

ICOFR reference guide

KPMG’s insights on assessing internal controls over financial reporting. KPMG’s guide to understanding and assessing ICOFR, including the 2013 COSO framework and deficiency evaluation.

Applicability

  • Company that continues to report its assessment of the effectiveness of its ICOFR
  • Company that is implementing ICOFR

Relevant date

  • Effective immediately

Key impacts

Based on continued emphasis placed by the SEC and the PCAOB, KPMG has expanded its guidance on:

  • The scope of management’s ICOFR assessment
  • The consideration of the evidence necessary to evaluate the effective operation of controls
  • The importance of Management Review Controls (MRCs) and considerations
  • Controls over the completeness and accuracy of Information Produced by an Entity (IPE)
  • The determination of whether a control deficiency exists and evaluating the severity

Report contents

  • Documentation
  • Control environment
  • Risk assessment
  • Understanding ‘what could go wrongs’ (WCGWs)
  • Control activities
  • Management review controls
  • Understanding and responding to information technology (IT) risks
  • Information and communication
  • Monitoring
  • Identifying and evaluating deficiencies

 

Download ICOFR reference guide