Introduction
If your team discovers fixed asset problems only during the year-end audit, the issue is usually not effort—it is weak fixed asset lifecycle controls and poor control design. Without a clear fixed asset control matrix, weak approvals, delayed reconciliations, poor custody tracking, and missing exception reviews allow problems to build quietly over time. These issues can lead to ghost assets, stale disposals, CWIP leakage, and depreciation errors.
An audit of fixed assets helps confirm what exists, where it is located, and whether the records are accurate. Internal control for fixed assets includes the policies, approvals, reconciliations, custody rules, and monitoring activities that keep the physical assets, fixed asset register, and general ledger aligned.
In this guide, you will learn:
- What strong internal control for fixed assets should look like across approvals, custody, reconciliations, monitoring, and audit evidence.
- How organizations can design fixed asset controls across the full asset lifecycle, including acquisition, transfers, verification, depreciation, and disposal.
- Which segregation-of-duties models, control matrices, and monitoring KPIs help finance and internal audit strengthen accountability and reduce asset-related risks.
- Common fixed asset control failures, why they happen, and how teams can improve control effectiveness across finance, IT, operations, and audit functions.
What strong fixed asset control looks like
Strong fixed asset control keeps three realities aligned at all times: what the business physically holds, what the fixed asset register says, and what the books report. Regular audits of fixed assets makes that alignment visible and verifiable. Therefore, a strong control environment is not only about preventing theft. It also protects capitalization accuracy, depreciation integrity, disposal completeness, and management confidence in reporting.
In practice, strong fixed asset control has five visible outcomes:
- Authorized change: People cannot add, move, write off, or dispose of assets informally.
- Reliable records: The register carries accurate IDs, locations, custodians, status, and financial details.
- Timely evidence: Management can show supporting documents, approvals, photos, count logs, and reconciliation files without scrambling.
- Early exception detection: Discrepancies surface during the year instead of at year-end.
- Cross-functional accountability: Finance, procurement, IT, operations, and internal audit each know their role.
A company can have good intentions and still have weak controls if evidence ownership, review frequency, and escalation paths are unclear.
What risks should fixed asset controls address?
Fixed asset controls should address the risks most likely to distort records, reduce accountability, or create audit findings. Although every company has unique asset classes, the core risk themes repeat across industries.
Risk event | What usually goes wrong | Why the control matters |
|---|---|---|
| Miscapitalization | Routine repairs or low-value purchases are capitalized, or capital assets are expensed | Asset values, depreciation, and profit are misstated |
| Unrecorded additions | Assets are delivered and used, but no FAR record or tag is created | Completeness fails and future verification becomes harder |
| Movement without update | Assets move between sites, departments, or employees without a recorded transfer | The register becomes unreliable even though the asset still exists |
| Ghost assets | Assets remain on the books after loss, retirement, or undocumented disposal | The balance sheet is overstated and insurance / tax costs may rise |
| Useful-life and impairment errors | Asset lives are not reviewed even when use, condition, or technology changes | Depreciation and carrying values become unreliable |
| CWIP leakage | Projects remain in CWIP long after the asset is ready for use | Depreciation starts late and management loses visibility |
| Unauthorized disposal | Assets leave service without proper approval, evidence, or derecognition | Fraud, missing sale proceeds, and stale records become more likely |
| Low-value attractive asset leakage | Portable devices or tools fall below capitalization thresholds and are not tracked at all | Losses repeat because no one owns the risk formally |
Design controls around risk and portability, not only around accounting value. A building and a laptop do not deserve the same control frequency, even if both sit on the fixed asset schedule.
The AssetCues five-layer fixed asset control model
Most fixed asset problems happen because teams focus on one control point and ignore the system around it. For example, they may count assets regularly but still lack transfer approvals, CWIP review, or disposal evidence. A more reliable approach is to design controls in layers.
The AssetCues five-layer fixed asset control model helps controllers and internal auditors test whether the system is complete:
Layer | Core question | Typical owner | Example evidence |
|---|---|---|---|
| Policy | Are the rules clear? | Controller / finance leadership | Capitalization policy, useful-life policy, disposal approval matrix |
| Authorization | Was the change approved before it hit the records? | Budget owner / controller / approving manager | Approved capex request, transfer approval, write-off approval |
| Custody | Do we know where the asset is and who is responsible for it? | IT / operations / site custodian | Tag record, custodian assignment, movement log, handover acknowledgment |
| Proof | Can management prove the record is still accurate? | Finance fixed asset team / verification team | Physical count logs, reconciliation files, exception tracker, photos |
| Monitoring | Is management reviewing the right exceptions and trends? | Controller / internal audit / management review owner | KPI dashboard, aged exception report, CWIP aging review, minutes of review |
This model is useful because it exposes blind spots quickly. If your team has a good policy but weak monitoring, exceptions will accumulate. If your team has strong field verification but weak authorization, the count may confirm assets that were capitalized incorrectly from day one. Strong fixed asset control needs all five layers.
Annual verification is proof. It is not the whole control system. Controllers who treat the annual count as the only control usually inherit backlogged transfers, stale disposals, and unresolved register exceptions.
How should fixed asset controls work across the lifecycle?
Lifecycle control design works best when each stage has a clear objective, a defined owner, and a reviewable evidence trail. The goal is not to create bureaucracy. The goal is to make sure every material change in asset status leaves a clean trail behind it.
-
Acquisition and capitalization controls
The control objective at acquisition is simple: only valid, approved, and supportable costs should become fixed assets, and they should enter the register at the right amount and at the right time.
A strong acquisition control set usually includes:
-
- Approved capex requests tied to budget or management authority.
- Purchase order issuance and receipt confirmation.
- Invoice-to-PO-to-receipt matching before payment or capitalization.
- Finance review of capitalization criteria and asset class selection.
- Asset ID and tag creation before or at the point the asset is placed in service.
- Attachment of serial number, location, custodian, and supporting documents to the FAR.
- Separate review for self-constructed assets and CWIP transfers.
- Ownership or lease documentation for land, buildings, vehicles, and large equipment.
A common failure occurs when the business starts using the asset before finance receives the final document pack. The asset exists. The business benefits from it. But the FAR record appears late, or the cost is incomplete, or the in-service date is wrong. That creates avoidable depreciation and completeness issues later.
-
Tagging, custody, and movement controls
The control objective during use is to preserve visibility. The business should know what the asset is, where it is, who holds it, and whether it moved under an authorized workflow.
That usually requires:
-
- A unique tag, serial, or identifiable reference tied to the FAR.
- An assigned custodian or department owner.
- Mandatory location and status fields in the register.
- Transfer requests and approvals before assets change site or custodian.
- Check-in / check-out logs for shared or portable assets.
- HR-triggered return steps for employee assets during transfer or exit.
- Time-bound updates to the FAR after movement, swap, repair, or reassignment.
This is where many organizations drift. The purchase control is strong, but ongoing movement control is informal. As a result, the asset still exists but the register becomes progressively less reliable.
-
Physical verification and reconciliation controls
The control objective during verification is to confirm that the records still match the physical world and that discrepancies are investigated, not normalized.
A well-designed verification control set includes:
-
- A formal count calendar approved in advance.
- Risk-based frequency by asset class, portability, and site risk.
- Independent or at least partially independent count teams.
- Documented count instructions and escalation rules.
- Count evidence such as scan logs, photos, geotags, and exception notes.
- Both file-to-floor and floor-to-file testing where practical.
- Reconciliation of count results to the FAR and then to the general ledger.
- Aging and closure tracking for unresolved exceptions.
Verification should be independent of routine custody where possible. If the person who uses the asset also controls the count and the update, the process may remain fast but the evidence becomes weaker.
-
Depreciation, useful-life, and impairment controls
The control objective for valuation is to keep carrying values aligned with how assets are actually used and maintained.
Strong valuation controls usually include:
-
- Locked or controlled master data for useful life, depreciation method, and residual assumptions.
- Monthly review of depreciation runs and exception reports.
- Review of assets that are fully depreciated but still active.
- Review of assets that are idle, damaged, obsolete, or repeatedly under repair.
- Impairment trigger communication from operations to finance.
- Periodic review of major classes where technology change or operating intensity affects useful life.
- Review of revaluation or major estimate changes by an appropriate finance authority.
A common weakness appears when asset condition changes operationally but never reaches finance. The machine is partially idle. The device fleet is obsolete. The project asset is in use earlier than expected. Without a review path, the books lag reality.
-
Transfers, write-offs, and disposal controls
The control objective at retirement is to ensure no asset leaves service without authorization, evidence, and complete accounting follow-through.
A strong disposal control set usually includes:
-
- Disposal request initiation by the custodian or department.
- Approval by the relevant manager and finance.
- Data-wipe or destruction confirmation for IT assets.
- Sale, scrap, donation, or insurance documentation where relevant.
- Asset removal from custody records, maintenance schedules, and insurance lists.
- Derecognition of cost and accumulated depreciation in the books.
- Gain / loss calculation and review.
- Closure of the FAR record with date, reason, and supporting evidence.
The most expensive disposal problem is often not the sale itself. It is the stale record left behind. If the asset is physically gone but the FAR still shows it as active, the company may continue depreciating it, counting it, insuring it, or failing audit procedures for fixed assets that check whether assets exist, records are complete, and valuations are accurate.
What about low-value but attractive assets below the capitalization threshold?
Low-value does not mean low-risk. Laptops, tablets, handheld scanners, cameras, tools, test devices, and some medical or industrial instruments may fall below the capitalization threshold, yet their mobility and theft risk make them important from a control standpoint.
This is why many mature teams maintain a shadow register for attractive assets. A shadow register should track items that do not sit in the fixed asset schedule but still need accountability. At minimum, it should include:
- Unique ID or serial number.
- Description and model.
- Custodian / employee assignment.
- Location.
- Issue date and return date.
- Current status.
- Handover acknowledgment.
- Disposal / destruction or data-wipe evidence when retired.
A simple shadow-register rule
Use a shadow register when an item meets one or more of these tests:
Track in shadow register if the item is- | Why it belongs |
|---|---|
| Portable and easy to remove | Loss and theft risk is high |
| Assigned to an employee or field team | Custody changes often |
| Operationally important even if low-value | Loss disrupts business activity |
| Sensitive from a security or data perspective | Disposal and return need evidence |
| Commonly transferred between locations | Informal movement quickly weakens accountability |
It solves a fixed asset control blind spot: finance-only thresholds often miss operational leakage in attractive assets.
How should segregation of duties work for fixed assets?
Segregation of duties for fixed assets means no one person should control a transaction from request through disposal without oversight. The goal is not to make the process slow. The goal is to reduce error, override, and concealment risk.
A practical fixed asset SoD model looks like this:
Activity | Primary owner | Independent review or approval | Should not be the same person where avoidable |
|---|---|---|---|
| Request asset purchase | Department / site owner | Budget owner / manager | FAR maintainer and disposal approver |
| Approve capital spend | Budget owner / controller | Senior approver based on threshold | Receiver and payment processor |
| Receive asset | Stores / IT / operations | Receipt evidence reviewed by finance or AP matching | Payment approver and FAR creator |
| Create or update FAR record | Finance fixed asset team | Controller review of key exceptions | Daily custodian of the same asset |
| Assign custodian / issue to employee | IT / operations / site admin | Manager acknowledgment | FAR reviewer and independent verifier |
| Approve transfer | Sending and receiving manager | Finance or asset-control workflow review | Person changing the register without approval |
| Perform physical verification | Independent count team / internal team not holding custody | Controller / audit review of discrepancies | Day-to-day custodian alone |
| Approve disposal or write-off | Manager + finance + IT security if relevant | Controller or disposal committee based on threshold | Person benefiting from or executing disposal alone |
| Post derecognition / gain or loss | Finance | Review by controller | Asset custodian alone |
Compensating controls when full SoD is not feasible
Smaller teams or remote branches may not achieve perfect segregation. In those cases, compensating controls become essential:
- Independent monthly review of additions, transfers, and disposals.
- Exception reports reviewed by the controller.
- Periodic surprise counts by someone outside local custody.
- Mandatory document upload before record changes finalize.
- Restricted system access and audit-log review.
- Threshold-based second approval for write-offs and transfers.
This is a useful control principle: where you cannot separate duties, increase review intensity and evidence retention.
A finance-IT-ops SoD model for distributed assets
Portable enterprise assets often cross functional boundaries. Therefore, the strongest model is usually cross-functional:
- Finance owns capitalization policy, FAR integrity, depreciation, and final derecognition.
- IT or operations own custody, deployment, collection, and field condition status.
- Procurement / AP own ordering and invoice processing.
- Managers authorize business need, transfers, and disposals within authority limits.
- Internal audit evaluates whether the process was designed and operated effectively.
This matters most when assets move frequently. Distributed laptops, branch devices, project tools, and medical equipment cannot be controlled by finance policy alone.
Sample fixed asset control matrix
A control matrix becomes useful only when it is specific enough to run. Vague rows like “periodic verification performed” do not help management or internal audit. Good matrix rows define the risk, control activity, owner, frequency, evidence, and review outcome.
Risk | Control objective | Control activity | Type | Owner | Frequency | Evidence | KPI |
|---|---|---|---|---|---|---|---|
| Invalid or unsupported capitalization | Ensure only approved, supportable costs are capitalized | Match approved capex request, PO, receipt, and invoice before FAR creation or capitalization | Preventive | Finance + AP | Per addition | Approved request, PO, GRN, invoice, capitalization sheet | % additions with full document pack |
| Asset used before register creation | Ensure assets enter the FAR on time | Create asset ID, tag, location, and custodian record before or at in-service date | Preventive | Finance fixed asset team | Per addition | FAR creation log, tag record, in-service approval | Aged untagged additions |
| Asset moves without record update | Preserve location and custodian accuracy | Route transfers through approval workflow; update FAR within defined SLA | Preventive / Detective | IT / ops + finance | Per transfer + weekly review | Transfer approval, receiving acknowledgment, FAR update log | Transfers open > SLA |
| Missing or ghost assets | Detect assets recorded but not found | Perform annual or rolling verification by asset class and investigate discrepancies | Detective | Verification team | Quarterly / annual by risk | Count sheets, scan logs, photos, exception tracker | % assets not sighted |
| FAR and GL drift apart | Keep records and books aligned | Reconcile FAR to GL and investigate unexplained variances | Detective | Finance controller | Monthly | Reconciliation file, review sign-off, adjustments | Unreconciled variance value |
| Useful lives go stale | Keep depreciation supportable | Review fully depreciated active assets and classes with changed usage or obsolescence signals | Detective | Finance + operations | Quarterly / annual | Review memo, approved estimate changes | % active assets fully depreciated |
| CWIP remains open too long | Move assets to service timely | Review CWIP aging, project status, and readiness for capitalization | Detective | Finance + project owner | Monthly | CWIP aging report, completion certificate | CWIP > 90 / 180 days |
| Unauthorized or incomplete disposal | Ensure assets leave service only with approval and complete accounting | Require disposal request, approval, evidence of exit, and derecognition posting | Preventive / Detective | Ops / IT + finance | Per disposal + monthly review | Disposal form, sale / scrap docs, wipe certificate, journal entry | Disposals pending derecognition |
| Leakage in attractive low-value assets | Maintain accountability for non-capital portable assets | Keep shadow register with custodian, location, issue / return, and retirement evidence | Preventive / Detective | IT / ops | Ongoing + monthly review | Shadow register, handover forms, return logs | Items with no active custodian |
How should internal audit test design and operating effectiveness?
Internal audit should test fixed asset controls in two steps. First, confirm the control is designed effectively. Second, confirm it operated effectively during the period. A control is designed effectively when, if people follow it, the control would prevent or detect the targeted risk in time. A control operates effectively when the evidence shows people actually followed it consistently.
A practical 7-step testing method
- Define the risk and the control objective.
Start with the misstatement or leakage risk, not with the document name. For example: “unauthorized asset transfers may create missing assets and location errors.” - Walk through the process from start to finish.
Observe one real example. Confirm who initiates, approves, records, reviews, and retains evidence. - Inspect policy, workflow logic, and access rights.
Check whether the control design actually addresses the risk. If the same person can request, approve, and update the register, the design may already be weak. - Select samples across risk areas.
Do not test only easy items. Include portable assets, remote sites, aged exceptions, unusual disposals, CWIP balances, or high-value additions. - Inspect evidence of execution, not only templates.
A blank control template proves nothing. Look for dated approvals, uploaded support, reconciliation sign-offs, exception closures, and audit logs. - Assess exception handling and timeliness.
A control can exist and still fail if exceptions remain open too long. Check whether discrepancies were investigated, resolved, escalated, and posted correctly. - Grade the issue and assign remediation.
Conclude whether the issue is a design gap, an operating failure, or both. Then assign an owner, a due date, and a retest point.
Design effectiveness questions internal audit should ask
- Does the control target a clearly stated risk?
- Is the owner identified by role, not just by department?
- Is the control frequency suitable for the risk?
- Is the evidence specific enough for review?
- Is there a second-level review where the risk warrants it?
- Is there a clear escalation path for exceptions?
Operating effectiveness questions internal audit should ask
- Did the control run when the policy says it should run?
- Is the evidence dated, complete, and attributable to the right person?
- Did reviewers challenge exceptions or only sign off mechanically?
- Were aging items closed within the defined time?
- Did the control operate consistently across sites and asset classes?
Internal audit should not confuse a repeated activity with an effective control. Teams may perform counts or reconciliations regularly, but if they do not resolve exceptions, the control environment is still weak.
What monitoring KPIs should finance and internal audit review each month?
Monthly monitoring turns controls into management discipline. Without KPI review, even well-designed controls degrade quietly. Controllers should keep the KPI set simple enough to review every month and specific enough to trigger action.
KPI | What it shows | Why it matters |
|---|---|---|
| FAR-to-GL unreconciled variance | Difference between detailed records and books | Reveals data drift, posting issues, or missing entries |
| Assets not sighted in the last scheduled cycle | Verification gaps by class or site | Highlights ghost-asset and custody risk |
| Assets with missing custodian or location | Incomplete accountability fields | Shows where the register is not operationally usable |
| Transfers open beyond SLA | Delayed record updates after movement | Identifies location drift before counts fail |
| Disposals pending derecognition | Assets physically retired but still on books | Prevents stale depreciation and audit findings |
| CWIP aged beyond policy threshold | Delayed capitalization review | Flags projects that may already be in service |
| Active assets that are fully depreciated | Possible useful-life or replacement review need | Surfaces estimate and planning issues |
| High-value additions without full document pack | Incomplete capitalization support | Detects weak onboarding of new assets |
| Attractive low-value assets without active acknowledgment | Shadow-register leakage | Strengthens control over portable items |
| Aged verification exceptions | Open discrepancy backlog | Shows whether the organization actually closes control gaps |
A simple monthly management pack
A useful monthly pack for the controller can fit on one page:
- Top 10 open exceptions by value or risk.
- Assets not sighted by site.
- Aged transfers and aged disposals.
- CWIP aging summary.
- Unreconciled FAR-to-GL items.
- Commentary on root causes and remediation status.
This approach keeps the conversation practical. Instead of saying “controls need improvement,” management can say “branch transfers exceed SLA at three sites” or “18 disposals are still active in the FAR after physical removal.”
Common fixed asset control failures and root causes
Control failures rarely happen because no one cares. They usually happen because responsibilities, evidence, or review loops are unclear.
Failure pattern | What it usually looks like | Likely root cause | Practical fix |
|---|---|---|---|
| Additions appear late in the FAR | Asset is already in use before tag, custodian, or location fields exist | Finance receives support late or no one owns in-service handoff | Add mandatory in-service checklist and FAR creation SLA |
| Transfers happen by email or phone only | Asset exists but remains booked at old site | No approved movement workflow or weak ownership | Route transfers through approval workflow with receiving acknowledgment |
| Counts occur, but discrepancies stay open | Verification file exists, but unresolved exceptions repeat | No escalation path or no owner for closure | Add aging report, threshold-based escalation, and closure deadlines |
| Fully depreciated assets keep running for years with no review | Book value is zero but asset remains critical to operations | No useful-life review discipline | Review fully depreciated active assets quarterly or at least annually |
| Disposal is approved, but derecognition lags | Asset has left service but remains active in books | Physical exit and finance posting are disconnected | Tie disposal closure to proof of journal posting and status update |
| Low-value attractive assets disappear repeatedly | Portable items fall outside fixed asset policy and outside IT accountability | Threshold-based blind spot | Maintain a shadow register and signed custody records |
| CWIP stays open long after go-live | Project assets are operational but not capitalized | Weak project-close controls or unclear handoff | Add monthly CWIP aging review with project-owner certification |
Not every variance means fraud or major failure. Sometimes a late update is simply a process bottleneck. However, repeated “small” lapses usually indicate a design weakness that will surface under audit pressure.
Country-specific notes for the USA, India, and the UK
→ USA
For organizations operating under SOX or PCAOB-style internal control expectations, fixed asset controls should do more than safeguard equipment physically. They should also support records that accurately reflect asset transactions and dispositions, authorized activity, and timely detection of unauthorized acquisition, use, or disposition.
In practice, that means approval trails, reconciliation evidence, and exception review need to be retained in a way management and auditors can inspect quickly. Even where a company is not subject to public-company ICFR requirements, finance teams often adopt the same discipline because it reduces audit surprises and improves close quality.
→ India
For many Indian companies, weak fixed asset controls become visible through statutory audit pressure. Proper records, physical verification at reasonable intervals, and treatment of material discrepancies are not housekeeping issues. They affect statutory reporting quality directly. Therefore, Indian controllers should pay particular attention to PPE register completeness, CWIP tracking, title or support documentation, and timely closure of verification exceptions.
Controls over internal financial reporting also matter because the discipline around safeguarding assets, accuracy of records, and documented review strengthens the statutory audit file as well.
→ United Kingdom
UK organizations should not treat fixed asset controls as an annual exercise only. Boards and management increasingly need evidence from monitoring and review to support control statements and governance expectations. For companies working under the UK Corporate Governance Code, this raises the bar on what “effective” looks like in practice.
A count file alone is not enough. Management review evidence, escalation of weaknesses, and consistent monitoring become more important. For reporting teams using FRS 102, the principal Periodic Review 2024 effective date of 1 January 2026 also reinforces the need for cleaner asset data and stronger review discipline across asset classes.
How software strengthens fixed asset controls without becoming the control itself
Software helps most when it makes control evidence consistent, timely, and reviewable. Software does not replace management judgment, approval discipline, or policy design. A strong fixed asset platform should help you:
- Import and maintain a cleaner master asset list.
- Assign ownership, location, and status consistently.
- Enforce role-based approvals for movements and disposals.
- Capture field evidence such as scans, photos, timestamps, and geolocation.
- Route discrepancies into review and re-verification workflows.
- Sync verified changes back to ERP or financial records.
- Keep audit logs of who changed what and when.
- Surface KPI dashboards and aged exceptions for management review.
This is where software supports the control environment rather than pretending to be the control itself. The approval still belongs to the right manager. The review still belongs to finance or internal audit. The platform simply standardizes evidence capture and makes exceptions harder to ignore.
For example, AssetCues can support this model by importing the asset register, assigning field tasks, capturing mobile verification evidence, routing discrepancies, syncing verified data back to ERP, and preserving audit logs with photo and geotag support. That makes the control environment easier to operate across multiple teams and locations without relying on spreadsheet memory.
Key takeaways
- Strong fixed asset control is a system, not a yearly count.
- The best control environments connect policy, authorization, custody, proof, and monitoring.
- Segregation of duties matters most where assets are portable, frequently moved, or easily overridden.
- Low-value attractive assets often need a shadow register even when they are not capitalized.
- A practical control matrix should define risk, owner, frequency, evidence, and KPI for every important control.
- Monthly monitoring is what turns a documented control into a reliable management process.
- Software works best when it strengthens evidence and exception handling rather than replacing human review.
Conclusion
Strong fixed asset controls work best when organizations treat them as a continuous lifecycle process rather than a year-end activity. A well-designed fixed asset control matrix helps teams define ownership, approvals, monitoring frequency, and evidence requirements clearly across acquisition, movement, verification, depreciation, CWIP review, and disposal. As a result, businesses reduce errors, improve accountability, and detect exceptions before they become audit issues.
At the same time, effective fixed asset lifecycle controls keep the physical asset, the fixed asset register, and the financial records aligned throughout the asset’s life. When finance, IT, operations, and internal audit follow connected workflows with timely reviews and documented evidence, organizations gain stronger reporting accuracy, smoother audits, and better visibility into asset risk and performance.
Frequently asked questions
Q1: Which fixed asset controls matter most?
Ans: The most important fixed asset controls usually cover acquisitions, capitalization approval, tagging or identification, custody changes, physical verification, monthly reconciliation, useful-life review, and disposal authorization. The right emphasis depends on asset value, portability, and movement frequency.
Q2: How often should fixed assets be physically verified?
Ans: Material fixed assets should usually be verified at least annually, while portable or higher-risk assets often need rolling or quarterly checks. The right frequency should follow risk, not habit.
Q3: Who should own the fixed asset register?
Ans: Finance should usually own the integrity of the fixed asset register, but finance should not own all source data alone. IT, operations, procurement, and site custodians must feed timely updates into the process.
Q4: What evidence should management retain for fixed asset controls?
Ans: Management should retain approvals, supporting documents, FAR logs, count evidence, reconciliation files, exception trackers, disposal support, and review sign-offs. Good control evidence is dated, attributable, and easy to inspect.
CA Sunny Shah
