Internal controls of company in Nepal refer to the policies, procedures, and mechanisms that a company puts in place to ensure accurate financial reporting, regulatory compliance, operational efficiency, and prevention of fraud. The concept of internal controls is well-recognized under Nepalese corporate law, accounting standards, and regulatory frameworks.
Every registered company in Nepal whether private, public, or listed must maintain a proper internal control system to protect the interests of shareholders, creditors, employees, and other stakeholders.
What Are Internal Controls of a Company?
Internal controls are the systematic measures that a company adopts to ensure that its operations run in an orderly and ethical manner. These controls help a company:
- Safeguard its assets from loss, theft, or misuse
- Ensure accuracy and reliability of financial statements
- Promote operational efficiency
- Ensure compliance with applicable laws and regulations
- Prevent and detect fraud and errors
In Nepal, the requirement for internal controls is primarily governed by the Companies Act, 2063 (2006), the Securities Act, 2063 (2007), the Nepal Rastra Bank Act, 2058, various directives issued by the Securities Board of Nepal (SEBON), and international standards such as the COSO Internal Control Framework.
Legal Framework Governing Internal Controls in Nepal
Companies Act, 2063 (2006)
The Companies Act, 2063 is the primary legislation governing companies in Nepal. Under this Act:
- Section 87 requires the Board of Directors to prepare financial statements that give a true and fair view of the company’s financial position.
- Section 111 mandates the appointment of auditors to audit the books of accounts.
- Section 86 requires the Board of Directors to maintain proper books of accounts.
The Companies Act also holds directors personally liable for any failure to maintain adequate financial records and controls.
Securities Act, 2063 (2007)
For publicly listed companies, the Securities Act, 2063 and regulations issued by SEBON (Securities Board of Nepal) impose additional internal control obligations. SEBON has issued various directives requiring listed companies to:
- Establish an audit committee
- Submit quarterly financial reports
- Disclose material information related to financial management and risk
Nepal Rastra Bank Directives
For banks and financial institutions, the Nepal Rastra Bank (NRB) issues specific directives on internal controls, risk management, and compliance. NRB’s Unified Directives require banks to:
- Establish an internal audit department
- Implement risk-based internal audit systems
- Maintain a compliance function separate from operations
Nepal Standards on Auditing (NSA)
The Institute of Chartered Accountants of Nepal (ICAN) has adopted Nepal Standards on Auditing, which are aligned with International Standards on Auditing (ISA). NSA 315 specifically deals with “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment,” which includes the evaluation of a company’s internal control system.
Types of Internal Controls in a Nepalese Company
Internal controls in a company in Nepal are broadly classified into three types:
1. Preventive Controls
Preventive controls are measures designed to prevent errors or fraud from occurring in the first place. Examples include:
- Segregation of duties among employees
- Authorization requirements for financial transactions
- Password-protected accounting systems
- Background checks for employees in sensitive roles
2. Detective Controls
Detective controls are measures designed to identify errors or irregularities after they have occurred. Examples include:
- Internal audits and periodic reviews
- Bank reconciliation statements
- Physical verification of assets and inventory
- Surprise cash counts
3. Corrective Controls
Corrective controls are measures taken to correct identified errors or deficiencies. Examples include:
- Re-processing of incorrect transactions
- Disciplinary actions against erring employees
- System patches to fix software vulnerabilities
- Recovery plans after fraud incidents
Key Components of Internal Controls
The COSO (Committee of Sponsoring Organizations of the Treadway Commission) Framework is internationally recognized and widely adopted in Nepal as well. The COSO framework identifies five key components of internal controls:
| COSO Component | Description | Relevance in Nepal |
|---|---|---|
| Control Environment | Tone set by management and governance | Board of Directors’ accountability under Companies Act, 2063 |
| Risk Assessment | Identification and analysis of relevant risks | Required by Nepal Rastra Bank directives for BFIs |
| Control Activities | Policies and procedures to mitigate risks | Audit Committee requirements under Securities Board of Nepal |
| Information & Communication | Systems to capture and share accurate information | Financial reporting obligations under Companies Act, 2063 |
| Monitoring Activities | Ongoing evaluation of internal control effectiveness | Internal Audit function requirements |
Internal Audit Function in Nepal
The internal audit function is a core part of the internal control system of a company in Nepal.
Legal Requirement for Internal Audit
- For Banks and Financial Institutions (BFIs): NRB mandates that all BFIs maintain a separate internal audit department headed by a qualified professional. The internal audit must report directly to the Audit Committee of the Board.
- For Listed Companies: SEBON’s directives require listed companies to establish an internal audit mechanism and report internal audit findings to the Audit Committee.
- For Other Companies: Although the Companies Act does not expressly mandate an internal audit for all private companies, large companies with significant operations typically maintain one to meet governance standards.
Functions of the Internal Audit Department
- Review and evaluate the adequacy of internal controls
- Examine financial transactions for accuracy and compliance
- Assess risk management systems
- Submit internal audit reports to the Audit Committee or Board
- Follow up on audit recommendations
Audit Committee: A Legal Requirement
Under Section 86A of the Companies Act, 2063 (as amended) and SEBON regulations, publicly listed companies in Nepal must constitute an Audit Committee. The Audit Committee plays a vital role in overseeing internal controls.
Composition of the Audit Committee
- The Audit Committee must consist of at least three members.
- The majority of members must be independent directors.
- The chairperson of the Audit Committee must be an independent director.
- At least one member must have financial expertise.
Responsibilities of the Audit Committee
- Oversee the financial reporting process
- Review internal audit reports and findings
- Recommend appointment of external auditors
- Monitor internal control deficiencies and corrective actions
- Review related-party transactions
Financial Reporting Controls in Nepal
Financial reporting controls are a subset of internal controls that specifically focus on ensuring the accuracy of financial statements.
Books of Accounts
Under Section 86 of the Companies Act, 2063, every company must maintain proper books of accounts including:
- Cash book
- General ledger
- Sales and purchase records
- Fixed asset register
- Payroll records
- Bank statements and reconciliations
Nepal Accounting Standards (NAS) and NFRS
The Accounting Standards Board of Nepal (ASB Nepal) has issued Nepal Accounting Standards (NAS) and Nepal Financial Reporting Standards (NFRS) which are aligned with International Financial Reporting Standards (IFRS). Companies must prepare financial statements in compliance with these standards.
For more information, you can visit the Accounting Standards Board Nepal website or ICAN’s official portal.
Steps to Establish an Internal Control System in a Company in Nepal
The following steps outline the process for establishing an internal control system in a Nepalese company:
- Conduct a Risk Assessment — Identify all financial, operational, and compliance risks faced by the company.
- Design Control Policies — Develop written policies and procedures addressing identified risks.
- Segregate Duties — Assign responsibilities so that no single individual controls all aspects of a critical transaction.
- Implement Authorization Levels — Define who has the authority to approve transactions at various amounts.
- Set Up Accounting Systems — Adopt accounting software that maintains audit trails and access logs.
- Establish an Internal Audit Function — Appoint qualified internal auditors to periodically review controls.
- Form an Audit Committee — Constitute an Audit Committee as required by law for listed companies.
- Train Employees — Conduct regular training on internal control policies and ethical conduct.
- Monitor and Review — Periodically assess the effectiveness of controls and update them as needed.
- Report to Management and Board — Submit regular internal control reports to the Board of Directors and Audit Committee.
Common Internal Control Weaknesses in Nepali Companies
| Common Weakness | Risk | Recommended Control |
|---|---|---|
| Lack of segregation of duties | Fraud and errors go undetected | Assign separate roles for authorization, custody, and recording |
| Absence of internal audit | Non-compliance and financial misstatement | Establish internal audit department |
| Poor record-keeping | Inability to produce accurate financials | Maintain books of accounts as per Companies Act, 2063 |
| No physical verification of assets | Asset misappropriation | Conduct annual physical asset counts |
| Inadequate IT controls | Unauthorized access to financial systems | Implement access controls and audit trails |
| No whistleblower mechanism | Fraud remains unreported | Establish a confidential complaint reporting system |
Role of External Auditors in Evaluating Internal Controls
External auditors appointed under Section 111 of the Companies Act, 2063 are required to evaluate the internal control environment of the company as part of their audit process. The external auditor:
- Reviews the company’s internal control system to assess audit risk
- Reports significant deficiencies or material weaknesses in internal controls to management
- Includes observations on internal control effectiveness in the management letter
The Office of the Auditor General of Nepal also plays a supervisory role in auditing government-owned companies and public entities.
Penalties for Non-Compliance with Internal Control Requirements
Under the Companies Act, 2063 and related regulations:
- Directors who fail to maintain proper books of accounts may face fines and personal liability under Section 86.
- Non-compliance with SEBON directives may result in suspension of trading, fines, or delisting of the company’s shares.
- Failure to comply with NRB directives on internal controls can lead to regulatory sanctions, license suspension, or cancellation for banks and financial institutions.
FAQs
1. What is the legal basis for internal controls of companies in Nepal?
The primary legal basis is the Companies Act, 2063 (2006), particularly Sections 86 and 87. Additional requirements come from the Securities Act, 2063, NRB Directives, and SEBON regulations, depending on the type of company.
2. Is an internal audit mandatory for all companies in Nepal?
No. Internal audit is mandatory for banks, financial institutions, and listed companies under NRB and SEBON directives. Private companies are not expressly required but are encouraged to adopt internal audit for good governance.
3. What is the role of the Audit Committee in internal controls?
The Audit Committee oversees the internal audit function, reviews financial reporting, monitors risk management, and ensures that internal control deficiencies identified by auditors are addressed promptly by management.
4. Which international framework is used for internal controls in Nepal?
The COSO Internal Control Framework is widely adopted in Nepal. It identifies five components: control environment, risk assessment, control activities, information and communication, and monitoring activities.
5. What are the consequences of weak internal controls for a Nepalese company?
Weak internal controls expose a company to financial fraud, regulatory penalties, inaccurate financial statements, reputational damage, and potential legal liability for directors under the Companies Act, 2063.
6. Can a small private company in Nepal ignore internal controls?
No. Even small private companies must maintain proper books of accounts under Section 86 of the Companies Act, 2063. Ignoring internal controls exposes directors to personal liability and increases the risk of financial loss and legal sanctions.
Conclusion
Internal controls of a company in Nepal are a legal and operational necessity. The Companies Act, 2063, Securities Act, 2063, NRB Directives, and SEBON Regulations collectively create a framework within which companies must operate with accountability and transparency. A strong internal control system protects shareholders, prevents fraud, ensures accurate financial reporting, and builds long-term business credibility. Companies must invest in building robust internal control mechanisms, including internal audit functions, audit committees, segregation of duties, and regular monitoring, to remain compliant and operationally sound in Nepal’s evolving regulatory environment.
