Internal Financial Controls (IFC / ICFR) Audit Template — Section 143(3)(i)

A working paper for the auditor's reporting on adequacy and operating effectiveness of Internal Financial Controls over Financial Reporting, as required by Section 143(3)(i) of the Companies Act 2013.

Free · ICAI AASB (June 2023)

Updated 28 May 2026

Statutory basis

Section 143(3)(i), Companies Act 2013

Guidance

ICAI Guidance Note on IFC

Scope

Adequacy + operating effectiveness

Applies to

All companies, with relaxations for OPCs/small/private cos.

Your firm — letterhead

Appears at the top of the document as the audit firm letterhead.

Audit firm name

Audit firm address

Used as the letterhead block.

Engagement partner

ICAI membership no.

Firm registration no.(optional)

Engagement details

The client and period this document is for.

Client / company name

Period ended

The financial year-end this engagement covers, e.g. 31 March 2026.

Date of letter

Live preview

6 required fields left to fill

Internal Financial Controls

29 May 2026

(Following draft may be used as an example)

Purpose:

This workpaper is designed to understand Internal Control over financial Reporting of a Company, its processes and how it is designed. Companies’ internal financial control over financial reporting includes those policies and procedures that:

Pertain to the maintenance of the records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company.

Provides reasonable assurance that transactions are recorded as necessary to permit preparation of financial statement in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and director of the company.

Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material impact on the financial statement.

The auditor needs to obtain reasonable assurance to state whether an adequate internal financial control system was maintained and whether such internal financial controls system operated effectively in the company in all material respects with respect to financial reporting only.

Procedures Planned and Performed: The auditor should properly plan the audit of internal financial controls over financial reporting and properly supervise any assistants.

The auditor should evaluate whether the following matters are important to the company's financial statements and internal financial controls over financial reporting and, if so, how they will affect the auditor's procedures:

Knowledge of the company's internal financial controls over financial reporting obtained during other engagements performed by the auditor;

Matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes;

Matters relating to the company's business, including its organisation, operating characteristics, and capital structure;

The extent of recent changes, if any, in the company, its operations, or its internal financial controls over financial reporting;

The auditor's preliminary judgements about materiality, risk, and other factors relating to the determination of material weaknesses;

Control deficiencies previously communicated to the audit committee or management by the auditor or the internal auditor;

Legal or regulatory matters of which the company is aware;

The type and extent of available evidence related to the effectiveness of the company's internal financial controls over financial reporting;

Preliminary judgements about the effectiveness of internal financial controls over financial reporting;

Public information about the company relevant to the evaluation of the likelihood of material financial statement misstatements and the effectiveness of the company's internal financial controls over financial reporting;

Knowledge about risks related to the company evaluated as part of the auditor's KYC guidelines; and

The relative complexity of the company's operations.

Testing controls-testing design effectiveness:

The auditor should test the design effectiveness of controls by determining whether the company's controls, if they are operated as prescribed by persons possessing the necessary authority and competence to perform the control effectively, satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements. This would also enable the auditor to conclude if the company has an adequate internal financial control system over financial reporting in place.

Testing controls-testing operating effectiveness:

The auditor should test the operating effectiveness of a control by determining whether the control is operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively.

Procedures that the auditor performs to test operating effectiveness include a mix of inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and re-performance of the control.

Free · Email required once · Firm data stays in your browser

What’s inside

An excerpt from the template.

Pertain to the maintenance of the records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company.

↑ Excerpt only — the full template is what you download as Word

About this template

What you’re downloading, and when to use it.

This template follows the format published by the Institute of Chartered Accountants of India (ICAI) in the AASB Audit Working Paper Templates (June 2023), the authoritative reference for Indian statutory-audit documentation. Fill in your firm’s letterhead and the engagement details on the form above, click Download Word file, and you’ll get a fully formatted .docx ready to use.

Everything is generated in your browser and on a stateless API endpoint — no account, no email gate, nothing stored. Edit freely in Word, Google Docs or Pages before sending to your client.

Common questions

FAQs.

Which companies are exempt from IFC audit reporting?

Per MCA notification, IFC audit reporting under Section 143(3)(i) is NOT required for One Person Companies (OPCs), small companies, and private companies that meet certain thresholds (turnover up to ₹50 crore AND aggregate borrowings up to ₹25 crore). All other companies must include the IFC opinion in the audit report.

What's the difference between IFC and ICFR?

IFC (Internal Financial Controls) is the broader concept defined in Section 134(5)(e) of the Companies Act 2013 — covering all controls relevant to financial reporting, safeguarding of assets, and prevention/detection of fraud. ICFR (Internal Controls over Financial Reporting) is the narrower subset specifically over reporting reliability. The ICAI guidance note uses both terms; the audit reports on IFC over Financial Reporting (IFCoFR), which equates to ICFR.

Related templates

You might also need.

CARO 2020 Checklist — Companies (Auditor's Report) Order

Free CARO 2020 clause-by-clause checklist for statutory audits in India. Covers all 21 reporting clauses. ICAI

Auditor's Report Format — Statutory Audit under Companies Act 2013

Free statutory auditor's report template — SA 700/701/705/706 compliant under Section 143 of the Companies Act

Audit Strategy Memorandum Template

Free audit strategy memorandum template under SA 300 — Indian statutory audits. Scope, timing, materiality, ri