Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Regulatory Framework
4.Wider
3.Empha
Director &
sise On
Manageme
Investor
nt
Protectio
Responsibil
n
ity
5.Easier 6.Inclusive
Restructuri CSR
ng Agenda
New definition of subsidiary, associate, Joint
Venture company [sections 2(6) and 2(87)]
Mandatory requirement for Consolidated
Financial Statement (CFS) [section 129]
a. In addition to standalone financial statements,
every company to prepare CFS if it has
a.Subsidiary; or
b.Associate; or
c.Joint Venture company
b. No exemption for intermediate holding Cos for
preparing CFS
Mandatory Internal Audit and reporting on
Internal Financial Controls [section 138]
a. Internal Audit made mandatory for all listed
companies; and public limited companies with:
loans/deposits INR 250 mn ; or paid up capital
INR 100 mn for Pvt cos having turnover of 200cr ;
borrowings exceeding 100cr.
b. Internal audit to be done by CAs; or CWAs; or
other professionals decided by Board
Assurance on adequacy and effectiveness of
Internal Financial Controls (which includes orderly
and efficient conduct of business, and prevention
and detection of frauds and errors) to be given: in
Directors and Auditors report for all listed
entities; and only in Auditors report for all other
entities
Corporate governance practices are affected by attempts to
align the interests of stakeholders. Interest in the corporate
governance practices of modern corporations, particularly in
relation to accountability, increased following the high-
profile collapses of a number of large corporations during
20012002, most of which involved accounting fraud; and
then again after the recent financial crisis in 2008. Corporate
scandals of various forms have maintained public and
political interest in the regulation of corporate governance.
In the U.S., these include Enron and MCI Inc. (formerly
WorldCom). Their demise is associated with the U.S. federal
government passing the Sarbanes-Oxley Act in 2002,
intending to restore public confidence in corporate
governance. Comparable failures in Australia (HIH,
One.Tel) are associated with the eventual passage of the
CLERP reforms
USA
FY2001
In cases of WorldCom 2nd largest long-distance
communications company) and Enron (7th largest energy
company [Gross sales basis]), window-dressing settlement
by fraudulent accounting were found. Both companies went
bankrupt with historical largest liabilities in the U.S.
Managements of both companies who deeply participated in
the window-dressing settlement had cruel punishments and
Arther Andersen, one of Big Five audit firms in the world,
had liquidated.
Investors who relied on public information made big losses.
Securities market lost their reliability with distrust of
corporate accounting
In June 2003, the Securities and Exchange Commission
(SEC) of the United States of America adopted Rules for the
implementation of Sarbanes Oxley Act, 2002 (SOX) that
required certification of the Internal Controls over Financial
Reporting (ICFR) by the management and by the auditors.
October 2004
Fraudulent misstatements were found in the
annual securities report of Seibu Railway
company which was delisted based on the fact.
June 2006
In June 2006, the Financial Instruments and
Exchange Act (J-SOX) was passed by the Diet,
the National Legislature of Japan. The
requirements of this legislation are similar to
the requirements of internal controls over
financial reporting under SOX.
COSO Framework
Entity Level
Controls
IT General
Transaction
Controls
Level Controls
Entity level controls (ELC), provide the tone at the top of the
organization, and as a result directly or in-directly impact all
underlying controls.
Effective ELCs can provide excellent leverage to reduce testing at
lower levels. Ineffective ELCs can spell disaster for all underlying
controls.
ELC - direct and indirect.
Direct entity level controls - specific business and financial risks,
operating at precision level necessary to detect breakdowns in
the application of an organizations policies and procedures.
Example: CFO and Director of Finance review the quarterly and
annual financial statement and related disclosures.
Indirect entity level controls help define the control consciousness
of an organization without directly mitigating any one specific
financial or operational risk.
Example: An organizational code of conduct distributed via the
intranet
Reduce the extent of reliance on transaction level
controls
Increase the effectiveness of internal controls
through leveraging senior and experienced
personnel
Better define and communicate the expectations of
management across the organization (i.e., tone at
the top)
Reduce redundancy in controls performed across
the organization
The starting point for assessing the
effectiveness of the transaction level controls is
defining what business processes are in scope.
In order to assess the ICFR, we need to work
backwards from the end objective, which in
this case is the financial statements.
Step 1 identify the significant accounts
Step 2 associate the significant business
processes
Step 3 perform a detailed risk assessment
Determination of what accounts are deemed to
be significant is a matter of judgement.
Assess the materiality of the underlying
account results, and assess the inherent risks
related to each account
A combined risk based approach uses the
results of these two approaches to determine
significance of each account presented on the
financial statements.
Each financial statement account is comprised of
financial statement assertions:
Existence / Occurrence
Completeness
Valuation
Presentation & Disclosure
Rights & Obligations
From a risk based perspective, each assertion by
significant account must be considered to
prioritize the extent of identified risks.
Example: Generally speaking, the risk of
completeness is greater for liability based accounts
than asset accounts
The key objective in risk identification is to
focus on key risks related to financial reporting
(and disclosure).
A key risk, if not mitigated by a control (or
suite of controls), could cause a material error
to the financial statements.
Focus on identifying the key controls related to
the identified key risks.
Each identified key risk must have at least one
associated key control.
Controls can be preventative or detective in
nature. Ideally, a mix of both should be
identified.
IT controls protect data integrity and are a significant
component of an organizations ICFR.
IT controls relate to the security (confidentiality,
integrity, and availability) of data, as well as the
overall management of the organization business
functions.
Information systems support the flow of
information from initiation to recording and are one of
the most important and pervasive pieces of an
organizations financial reporting system.
IT systems are increasingly relied upon as tools to
provide efficient processing and reporting for decision
making purposes.
Reduce the extent of testing and reliance on
manual transaction-level controls
Increase the effectiveness, efficiency and reduce
costs of internal controls by establishing a sound
information system foundation and leveraging
systems across the organization
Improve the consistency of control operation (i.e.
automated processes vs. manual)
Improve the security (confidentiality, integrity and
availability) of corporate information
Improve reliability of manual controls dependent
on IT information
Director Responsibility statement on adequacy &
operating effectiveness of IFC [Sec134 (5) (e)]
In case of listed company
Company has laid down internal finacial controls
Controls are adequate
Operating effectively
Board Report on adequacy of IFC [The
Companies Accounts) Rules 2014 rule 8(5)(viii)]
the details in respect of adequacy of internal
financial controls with reference to the Financial
Statements
Auditors to evaluate & report on adequacy and
operating effectiveness of IFC [Sec 143 (3)]
Whether the company has adequate internal
financial controls system in place and the
operating effectiveness of such controls
The scope for reporting on internal financial
controls over financial reporting is significantly
larger and wider than the reporting on internal
controls under CARO. Under CARO the reporting
on internal controls is limited to the adequacy of
controls over purchase of inventory and fixed
assets and sale of goods and services. As such,
CARO does not require reporting on all controls
relating to financial reporting and also does not
require reporting on the adequacy and operating
effectiveness of such controls
Audit Committee to evaluate IFC [Sec 177 (4) ; Clause 49(III)(D)]
Every listed companies and
Specified classes of Companies as prescribed under Rule 6 of Companies
(Meetings of Board and its powers) Rules,2014 to constitute an Audit
Committee.
(i) all public companies with a paid up capital of Rs.10 Crores or more;
(ii) all public companies having turnover of Rs.100 Crores or more;
(iii) all public companies, having in aggregate, outstanding loans or
borrowings or debentures or deposits exceeding Rs.50 Crores or more.
as existing on the date of last audited Financial Statements shall be taken into
account for the purposes of this rule.
Composition - minimum of 3 directors with independent directors forming a
majority. Committee members to be persons with ability to read and
understand, the financial statement. The Boards report under section 134(3) to
disclose the composition of an Audit committee and where the Board had not
accepted any recommendation of the Audit Committee, the same to be
disclosed in such report along with the reasons there for.
Audit Committees task- evaluation of internal financial controls and risk
management systems;
Identify controls
Identify which address
applications, risk
associated IT of material
environment, misstatements
ITGC
Assess the Assess the Appropriate
design Implementati design &
of controls on Implementation
of controls of controls?
End
Reporting requirement by Auditor- auditors are required to
express an opinion on the effectiveness of an entitys
internal controls over financial reporting, such opinion is in
addition to and distinct from the opinion expressed by the
auditor on the financial statements
Auditor Appointment & Rotation
Restriction on Non Audit Services
Establishment of National Financial Reporting Authority
Easier Restructuring
Rationalizing Multi Layerd Structure
Simplyfying Procedures for Mergers
Cross Border Mergers
Fast Track Mergers
Share Capital Reduction
Related Party Transaction
Insider Trading
Oppression & Mismangement
Fraud Risk Mitigation
Additional Responsibility on Independent
Director
Audit Committee Responsibility of
Evaluation of Internal Financial Controls &
Risk Management Systems
Revised form of Directors Report For
specified Cos whether Internal Financial
Controls have been laid down and are
operating effectively
Contribution to Society through Governance
Specific class of Companies i.e. Networth of
500 cr, Turnover of 1000 cr. or Profit of 5 Cr.
CSR Committee to include at least one
Independent Director
Board Report to disclose CSR Committee, CSR
Policy, CSR Project and its implementation
1.Whether Corporate Governance done in existing
scenario is in right direction and adequate ?
2.Are we willing to adhere to it ?
3.Are We CAs not required to look beyond the
regulatory framework only and develop controls?
4.Upcoming opportunity Total management of
the organisation Including Start ups where Bulk
Investment is coming.