Key Takeaways:

• Audit committees can ensure smooth ICFR implementation by encouraging early planning, helping secure adequate resources, being familiar with management’s process to identify risks and management’s processes and controls in place to manage those risks.
• Boards should be particularly focused on controls addressing areas of the business that are inherently higher risk.
• IT systems are critical and thorough evaluations of the IT environment and the IT general controls should be done early to avoid the late detection of control flaws over systems and relevant data that may have pervasive impacts on the effectiveness of the entire internal control environment.
• Depending on the severity of any deficiencies, the board should understand the root cause of the deficiency and what management’s plans are to remediate; and further, hold management accountable to their remediation plans.
• Board should ensure that the control environment is continually reviewed and that management takes into account, among other things, changes in risks, policies and procedures that may require enhancements to the controls environment.