2Digital Solutions 
IFC Toolkit has been jointly developed with and is marketed and supported by EPM Digital

A revolutionary approach to identify, document, evaluate and report on internal financial control design and operating effectiveness


Download the IFC Toolkit Brochure

IFC Toolkit

JSE listing requirements state that the CEO and the financial director must make the following responsibility statements in the annual report

  • The annual financial statements fairly present in all material respects the financial position, financial performance and cash flows of the issuer in terms of IFRS
  • No facts have been omitted or untrue statements made that would make the annual financial statements false or misleading
  • Internal financial controls have been put in place to ensure that material information relating to the issuer and its consolidated subsidiaries have been provided to effectively prepare the financial statements
  • Internal financial controls are adequate and effective and can be relied upon to prepare the annual financial statements
  • We have disclosed to the audit committee and the auditors the deficiencies in design and operational effectiveness of the internal financial controls and any fraud that involves directors and have taken the necessary remedial action

IFC Toolkit drives the process of identifying the most important financial controls and evaluating whether they are compliant and fit for purpose to adequately and efficiently mitigate the risk of material misstatement in the financial statements and to enable the CEO and financial director to make the required responsibly statement



CEO and the financial director sign off on internal financial controls with an emphasis on identifying the most important internal financial controls.



Easily identify key financial controls

Add your own processes and custom controls

Online control self assessment

Leverage existing policies and procedures, internal and external audit findings and management insight

Use it to manage risks on an individual project

Draw from the library of over 400 controls


The conclusion that can be drawn is that if the accounting system and related control activities are sound, in terms of design and operating effectiveness, the balances and totals produced will be sound. The IFC Toolkit enables testing of such controls activities to determine whether they produce reliable balances and totals.

Draw from the library of over 400 best practices controls, for processes and activities that can ordinarily be applicable to assist with the focus to get a common understanding by the Board, management at all levels as well as employees on the risks and internal financial controls that matter most.




The IFC Toolkit provides all relevant internal financial controls that should operate as well as the key internal financial controls for self assessment.





Granular control over what needs to be assessed

Administrators can start as many sessions as needed throughout the course of the year so that you can track improvements over controls.
When starting a session

  • Select the processes, sub-processes and controls that form part of the assessment
  • Identify all applicable internal controls and emphasise key internal financial controls (Key Controls)
  • Add custom controls, processes and topics that are unique to your organisation to the library of more than 400 controls
  • Flag key controls to evaluate and highlight for control self assessment/evaluation and reporting


Allocate accountability and responsibility for processes and controls
  • As the session owner, allocate responsibilities to process and control owners, as well as Internal and External Audit who will participate in the assessment
  • Assign up to three process owners (per process) and three control owners (per control)


There is no limit to the number of users that can be added to IFC Toolkit to perform assessments





Assess the controls and processes that have been assigned to you as a process or control owner

Document how the control operates in your environment or if it doesn’t exist and should, indicate it as a “missing” control
Conclude on the effectiveness of control design and operating effectiveness for each of the in-scope controls

Risk Details






Assess effectiveness of controls

Operating effectiveness

Operating effectiveness can be evaluated based on assessments by control self-assessment and governance, risk and compliance observations by management internal audit, either by documenting findings included in internal audit reports or specific controls allocated to internal audit for testing external audit or other assurance providers. It is encouraged that external audit also focus on yearly controls that happen in the process preparing the year-end financial statements.

Controls to be assessed can be allocated as part of the statutory audit or to the various lines of defence such as internal audit, in advance, based on the entity combined assurance framework


Control effectiveness assessments linked to rating classification

Based on the design and operating effectiveness assessments the findings and results link to a rating classification, per process and sub-process as either

  • Housekeeping
  • Less significant
  • Significant
  • Critical

The rating classification is automated and populated based on pre-configured rules to protect against subjective management ‘override’

The tool allows for management to document their compensating control or mitigation response and then provide their final rating classification


Deficiency evaluation

An easy to use deficiency evaluation framework that ensures consistency of deficiency classification between mitigating controls in place, inconsequential, significant deficiency or a material weakness

Practical guidance and examples are provided for design-, operating- and significant deficiencies and material weaknesses to assist with deficiency assessment and evaluation









Detailed Reporting

Detailed and summary reporting and audit committee dashboards
  • Summary of findings based on total population of IFCs
  • Summary of findings based on process ratings
  • Overall process dashboard
  • Listing of controls per process
Audit Committee Reporting
  • Provides evidence for an “independent third party” how management fulfilled their role and function and appropriateness of the conclusions reached
  • Detailed and summary reporting are presented indicating the basis for conclusions
  • Deficiencies in design and operational effectiveness of the internal financial controls can be disclosed in summary, on a line by line item and by category (significant deficiency or material weakness)
  • Compensating and mitigating controls, and other mitigation responses are provided in narrative form
  • Exception reporting, e.g. indicating pre-populated controls not selected

Want to know more?

Get hold of us today and we'll set you up with a demo