Governance

Governance refers to "all processes of governing,

whether undertaken by a government, market or
network, whether over a family, tribe, formal or
informal organization or territory and whether
through laws, norms, power or language.
Establishment of Policies and continues monitoring
of their proper implementation, by the members of
the governing body of an organisation. It includes
the mechanism required to balance the powers of
the members and their primary duty of enhancing
the prosperity and viability of the organization.
 Over the years ownership structure of the
Companies has changed and with that
shareholders have become inactive in the
management of their companies. In recent years
there is increase in scams frauds and corrupt
practices that have taken place.
In an environment where on one hand
complexities of Business has increased and on
the other hand ownership and management have
widely separated, the owners are unable to
exercise effective control over the professionally
managed Board, need of Corporate Governance
emerges.
Corporate governance broadly refers to the mechanisms
through which corporations' objectives are set and
pursued in the context of the social, regulatory and
market environment. Governance mechanisms include
monitoring the actions, policies and decisions of
corporations and their agents (which include board of
directors, managers, shareholders, creditors, auditors,
regulators, and other stakeholders). In other words
Corporate Governance includes quality, transparency
and dependability of the relationships between the
shareholders, Board of Directors, Management and
Employees that define the authority and responsibility
at each level for the sustainable growth of organisation.
Corporate Governance structure in each country
has certain charaterstics elements like
Key players in the Corporate Environment

State Ownership pattern in the country

Composition of Board Of Directors

Regulatory Framework

Disclosure Requirements of Companies

Corporate Actions requiring Shareholders

approval
Interaction among Key players
 Models Of Corporate Governance

Anglo-US Model Japanese Model German Model

 This model is based on the principle of separation
of ownership and control. Shareholders are
responsible for appointment of Directors and
Directors in turn appoint mangers who are
responsible for managing the business. Board
generally has limited ownership stake in the
company. Board constitute executive Directors
and Independent Directors. In this model all
important decisions are through shareholder
approval thus establishing an effective
communication channel between Management
Board and Shareholders. They form what is
commonly referred to as the "corporate
governance triangle."
 In the Japanese model, the four key players are:
main bank (a major inside shareholder),
affiliated company or keiretsu (a major inside
shareholder), management and the
government. It shows, there are few truly
independent directors, that is, directors
representing outside shareholders.
 First, the German model prescribes two boards with
separate members. German corporations have a two-tiered
board structure consisting of a management board
(composed entirely of insiders, that is, executives of the
corporation) and a supervisory board (composed of
labor/employee representatives and shareholder
representatives). The two boards are completely distinct; no
one may serve simultaneously on a corporations
management board and supervisory board.
Second, the size of the supervisory board is set by law and
cannot be changed by shareholders.
Third, in Germany and other countries following this model,
voting right restrictions are legal; these limit a shareholder
to voting a certain percentage of the corporations total share
capital, regardless of share ownership position.
 OECD Model has tried to recognise the synergy between
macroeconomic & structural policies in achieving fundamental
policy goals,by providing set of revised principles on corporate
governance.
Ensuring the Basis for an Effective Corporate Governance
Framework
The Rights of Shareholders and Key Ownership Functions
The Equitable Treatment of Shareholders
The Role of Stakeholders in Corporate Governance
Disclosure and Transparency
The Responsibilities of the Board
 Corporate Governance in India gained prominence in
the wake of liberalization during the 1990s and was
introduced by the industry association Confederation
of Indian Industry (CII) as a voluntary measure to be
adopted by Indian companies. Initial Corporate
Governance framework is primarily based on Anglo
Sexon model of governance. It has been observed that
measures related to Corporate Governance are
commonly viewed in India only from compliance
perspective and not from a business strategy view
point. Till Companies Act 2013 came into being
regulations pertaining to corporate governance were
not across the companies act and their enforcement
through the Indian legal system was also weak.
 2.Higher
1.Increased
Auditor
Reporting
Responsi
Framework
bility

4.Wider
3.Empha
Director &
sise On
Manageme
Investor
nt
Protectio
Responsibil
n
ity

5.Easier 6.Inclusive
Restructuri CSR
ng Agenda
 New definition of subsidiary, associate, Joint
Venture company [sections 2(6) and 2(87)]
Mandatory requirement for Consolidated
Financial Statement (CFS) [section 129]
a. In addition to standalone financial statements,
every company to prepare CFS if it has
a.Subsidiary; or
b.Associate; or
c.Joint Venture company
b. No exemption for intermediate holding Cos for
preparing CFS
 Mandatory Internal Audit and reporting on
Internal Financial Controls [section 138]
a. Internal Audit made mandatory for all listed
companies; and public limited companies with:
loans/deposits INR 250 mn ; or paid up capital
INR 100 mn for Pvt cos having turnover of 200cr ;
borrowings exceeding 100cr.
b. Internal audit to be done by CAs; or CWAs; or
other professionals decided by Board
Assurance on adequacy and effectiveness of
Internal Financial Controls (which includes orderly
and efficient conduct of business, and prevention
and detection of frauds and errors) to be given: in
Directors and Auditors report for all listed
entities; and only in Auditors report for all other
entities
 Corporate governance practices are affected by attempts to
align the interests of stakeholders. Interest in the corporate
governance practices of modern corporations, particularly in
relation to accountability, increased following the high-
profile collapses of a number of large corporations during
20012002, most of which involved accounting fraud; and
then again after the recent financial crisis in 2008. Corporate
scandals of various forms have maintained public and
political interest in the regulation of corporate governance.
In the U.S., these include Enron and MCI Inc. (formerly
WorldCom). Their demise is associated with the U.S. federal
government passing the Sarbanes-Oxley Act in 2002,
intending to restore public confidence in corporate
governance. Comparable failures in Australia (HIH,
One.Tel) are associated with the eventual passage of the
CLERP reforms
 USA
FY2001
In cases of WorldCom 2nd largest long-distance
communications company) and Enron (7th largest energy
company [Gross sales basis]), window-dressing settlement
by fraudulent accounting were found. Both companies went
bankrupt with historical largest liabilities in the U.S.
Managements of both companies who deeply participated in
the window-dressing settlement had cruel punishments and
Arther Andersen, one of Big Five audit firms in the world,
had liquidated.
Investors who relied on public information made big losses.
Securities market lost their reliability with distrust of
corporate accounting
 In June 2003, the Securities and Exchange Commission
(SEC) of the United States of America adopted Rules for the
implementation of Sarbanes Oxley Act, 2002 (SOX) that
required certification of the Internal Controls over Financial
Reporting (ICFR) by the management and by the auditors.

The Public Company Accounting Oversight Board (PCAOB)

has issued its Auditing Standard (AS) 5 on An Audit of
Internal Control Over Financial Reporting That Is Integrated
with An Audit of Financial Statements. This Standard
establishes requirements and provides direction that applies
when an auditor is engaged to also perform an audit of the
internal controls over financial reporting in addition to the
audit of the financial statements.
 Japan

October 2004
Fraudulent misstatements were found in the
annual securities report of Seibu Railway
company which was delisted based on the fact.
June 2006
In June 2006, the Financial Instruments and
Exchange Act (J-SOX) was passed by the Diet,
the National Legislature of Japan. The
requirements of this legislation are similar to
the requirements of internal controls over
financial reporting under SOX.
 COSO Framework

Internal control is designed to assist organizations in

achieving their objectives. COSO Framework provided
five components called COSOs Internal Control Integrated
Framework (the COSO Framework) which work in tandem to
mitigate the risks of an organizations failure to achieve
those objectives.
Assurance that all transactions are recorded in accordance
with applicable policies, directives and standards
Internal controls provide a means of efficiently testing
sample pieces of data in order to conclude on the entire
population.
The overall objective of an effective system of internal
controls over financial reporting is to provide an effective
and efficient means of auditing the financial results.
Equally important is the efficiency and effectiveness of the
internal control and risk identification strategy.
 For Financial Reporting Purposes Entitys Risk
Assessment process includes
Identification of Business Risk relevant to the
preparation of financial statement with reference
to applicable financial reporting framework,
estimation of their significance likelihood of their
reoccurence
Risk relevant to external & internal events,
transactions or processes affecting entitys ability
to initiate, record, process and report financial
data
 An information system consists of infrastructure (physical and hardware
components), software, people, procedures, and data. Many information systems
make extensive use of information technology (IT).
The quality of system-generated information affects managements ability to
make appropriate decisions in managing and controlling the entitys activities
and to prepare reliable financial reports.
The information system relevant to financial reporting objectives, which includes
the financial reporting system, encompasses methods and records that:
Identify and record all valid transactions
Describe on a timely basis the transactions in sufficient detail to permit
proper classification of transactions for financial reporting.
Measure the value of transactions in a manner that permits recording their
proper monetary value in the financial statements.
Determine the time period in which transactions occurred to permit
recording of transactions in the proper accounting period.
Present properly the transactions and related disclosures in the financial
statements
Monitoring activities may include using
information from communications from
external parties that may indicate problems or
highlight areas in need of improvement.
Customers implicitly corroborate billing data by
paying their invoices or complaining about their
charges. In addition, regulators may
communicate with the entity concerning
matters that affect the functioning of internal
control,
 Using the COSO framework as a guide, the
control environment plays a significant role in
the overall internal control system.

Entity Level
Controls

IT General
Transaction
Controls
Level Controls
 Entity level controls (ELC), provide the tone at the top of the
organization, and as a result directly or in-directly impact all
underlying controls.
Effective ELCs can provide excellent leverage to reduce testing at
lower levels. Ineffective ELCs can spell disaster for all underlying
controls.
ELC - direct and indirect.
Direct entity level controls - specific business and financial risks,
operating at precision level necessary to detect breakdowns in
the application of an organizations policies and procedures.
Example: CFO and Director of Finance review the quarterly and
annual financial statement and related disclosures.
Indirect entity level controls help define the control consciousness
of an organization without directly mitigating any one specific
financial or operational risk.
Example: An organizational code of conduct distributed via the
intranet
 Reduce the extent of reliance on transaction level
controls
Increase the effectiveness of internal controls
through leveraging senior and experienced
personnel
Better define and communicate the expectations of
management across the organization (i.e., tone at
the top)
Reduce redundancy in controls performed across
the organization
 The starting point for assessing the
effectiveness of the transaction level controls is
defining what business processes are in scope.
In order to assess the ICFR, we need to work
backwards from the end objective, which in
this case is the financial statements.
Step 1 identify the significant accounts
Step 2 associate the significant business
processes
Step 3 perform a detailed risk assessment
 Determination of what accounts are deemed to
be significant is a matter of judgement.
Assess the materiality of the underlying
account results, and assess the inherent risks
related to each account
A combined risk based approach uses the
results of these two approaches to determine
significance of each account presented on the
financial statements.
 Each financial statement account is comprised of
financial statement assertions:
Existence / Occurrence
Completeness
Valuation
Presentation & Disclosure
Rights & Obligations
From a risk based perspective, each assertion by
significant account must be considered to
prioritize the extent of identified risks.
Example: Generally speaking, the risk of
completeness is greater for liability based accounts
than asset accounts
 The key objective in risk identification is to
focus on key risks related to financial reporting
(and disclosure).
A key risk, if not mitigated by a control (or
suite of controls), could cause a material error
to the financial statements.
Focus on identifying the key controls related to
the identified key risks.
Each identified key risk must have at least one
associated key control.
Controls can be preventative or detective in
nature. Ideally, a mix of both should be
identified.
 IT controls protect data integrity and are a significant
component of an organizations ICFR.
IT controls relate to the security (confidentiality,
integrity, and availability) of data, as well as the
overall management of the organization business
functions.
Information systems support the flow of
information from initiation to recording and are one of
the most important and pervasive pieces of an
organizations financial reporting system.
IT systems are increasingly relied upon as tools to
provide efficient processing and reporting for decision
making purposes.
 Reduce the extent of testing and reliance on
manual transaction-level controls
Increase the effectiveness, efficiency and reduce
costs of internal controls by establishing a sound
information system foundation and leveraging
systems across the organization
Improve the consistency of control operation (i.e.
automated processes vs. manual)
Improve the security (confidentiality, integrity and
availability) of corporate information
Improve reliability of manual controls dependent
on IT information
 Director Responsibility statement on adequacy &
operating effectiveness of IFC [Sec134 (5) (e)]
In case of listed company
Company has laid down internal finacial controls
Controls are adequate
Operating effectively
Board Report on adequacy of IFC [The
Companies Accounts) Rules 2014 rule 8(5)(viii)]
the details in respect of adequacy of internal
financial controls with reference to the Financial
Statements
 Auditors to evaluate & report on adequacy and
operating effectiveness of IFC [Sec 143 (3)]
Whether the company has adequate internal
financial controls system in place and the
operating effectiveness of such controls
The scope for reporting on internal financial
controls over financial reporting is significantly
larger and wider than the reporting on internal
controls under CARO. Under CARO the reporting
on internal controls is limited to the adequacy of
controls over purchase of inventory and fixed
assets and sale of goods and services. As such,
CARO does not require reporting on all controls
relating to financial reporting and also does not
require reporting on the adequacy and operating
effectiveness of such controls
 Audit Committee to evaluate IFC [Sec 177 (4) ; Clause 49(III)(D)]
Every listed companies and
Specified classes of Companies as prescribed under Rule 6 of Companies
(Meetings of Board and its powers) Rules,2014 to constitute an Audit
Committee.
(i) all public companies with a paid up capital of Rs.10 Crores or more;
(ii) all public companies having turnover of Rs.100 Crores or more;
(iii) all public companies, having in aggregate, outstanding loans or
borrowings or debentures or deposits exceeding Rs.50 Crores or more.
as existing on the date of last audited Financial Statements shall be taken into
account for the purposes of this rule.
Composition - minimum of 3 directors with independent directors forming a
majority. Committee members to be persons with ability to read and
understand, the financial statement. The Boards report under section 134(3) to
disclose the composition of an Audit committee and where the Board had not
accepted any recommendation of the Audit Committee, the same to be
disclosed in such report along with the reasons there for.
Audit Committees task- evaluation of internal financial controls and risk
management systems;

CEO and CFO to certify to the board [Clause 49

 Just a reference of explanation provided in Companies Act 2013

Explanation.For the purposes of this clause, the term

Internal Financial Controls means the policies and
procedures adopted by the company for ensuring the orderly
and efficient conduct of its business, including adherence to
companys policies,
i. the safeguarding of its assets,
ii. the prevention and detection of frauds and errors,
iii. the accuracy and completeness of the accounting records,
iv. and the timely preparation of reliable financial information
 ICAI issued guidance note on August 25, 2015 on
Internal Controls over Financial Reporting to provide
framework for the reporting requirements of the
statutory auditor and
rules for the evaluation of internal controls over
financial reporting under Section 143(3) of companies
Act, 2013.
The term Internal Financial Controls used in
Guidance Note in the context of the responsibility of
the auditor for reporting on controls under Section
143(3)(i) of the Act, per se implies and relates to
internal financial controls over financial reporting.
 Definition : A process designed to provide
reasonable assurance regarding the reliability
of financial reporting and the preparation of
financial statements for external purposes in
accordance with generally accepted accounting
principles. A company's internal financial
control over financial reporting includes those
policies and procedures that;
(i) pertain to the maintenance of records that, in
reasonable detail, accurately and fairly reflect the
transactions and dispositions of the assets of the
company;
(i) provide reasonable assurance that transactions
are recorded as necessary to permit preparation of
financial statements in accordance with
generally accepted accounting principles, and
that receipts and expenditures of the company are
being made only in accordance with
authorizations of management and directors of the
company; and
(ii)provide reasonable assurance regarding
prevention or timely detection of unauthorized
acquisition, use, or disposition of the company's
assets that could have a material effect on the
financial statements.
 While forming the opinion on internal controls, the
auditor is required
to test the internal controls during the financial year
under audit & not just as at the balance sheet date.
Auditor to comment that while making an assessment
the major weakness noted by him has been corrected
by the management as at the balance sheet date.
If the auditor is of the opinion that the weakness has
not been corrected, then the auditor should report
the fact while commenting upon the clause. i.e. to
report whether Internal Control system is operating
effectively as at the balance sheet date.
 the objectives of the audit of internal controls
over financial reporting and audit of financial
statements are not identical, however auditor
plans and performs the work to achieve the
objectives of both the audits in an integrated
manner.
Auditor should obtain sufficient evidence to
support his opinion on the internal financial
controls as of the year-end, and to support his
control risk assessments for purposes of the
audit of the financial statements.
Planning Start
Identify significant Identify &
Identify risk of
account balances/ understand
material
disclosure Items significant flows
misstatements
of transactions

Identify controls
Identify which address
applications, risk
associated IT of material
environment, misstatements
ITGC
Assess the Assess the Appropriate
design Implementati design &
of controls on Implementation
of controls of controls?

Assess audit impact

Plan operative and plan
effectiveness other suitable
testing procedures
 Plan nature,
Perform Assess
timing
operative findings and
and extent of
effectiven conclude on
testing
ess operative
operative
testing effectiveness
effectiveness

Assess Form opinion

Form audit impact on on
opinion on audit IFC
financial opinion
statements

End
 Reporting requirement by Auditor- auditors are required to
express an opinion on the effectiveness of an entitys
internal controls over financial reporting, such opinion is in
addition to and distinct from the opinion expressed by the
auditor on the financial statements
Auditor Appointment & Rotation
Restriction on Non Audit Services
Establishment of National Financial Reporting Authority
Easier Restructuring
Rationalizing Multi Layerd Structure
Simplyfying Procedures for Mergers
Cross Border Mergers
Fast Track Mergers
Share Capital Reduction
 Related Party Transaction
Insider Trading
Oppression & Mismangement
Fraud Risk Mitigation
 Additional Responsibility on Independent
Director
Audit Committee Responsibility of
Evaluation of Internal Financial Controls &
Risk Management Systems
Revised form of Directors Report For
specified Cos whether Internal Financial
Controls have been laid down and are
operating effectively
 Contribution to Society through Governance
Specific class of Companies i.e. Networth of
500 cr, Turnover of 1000 cr. or Profit of 5 Cr.
CSR Committee to include at least one
Independent Director
Board Report to disclose CSR Committee, CSR
Policy, CSR Project and its implementation
1.Whether Corporate Governance done in existing
scenario is in right direction and adequate ?
2.Are we willing to adhere to it ?
3.Are We CAs not required to look beyond the
regulatory framework only and develop controls?
4.Upcoming opportunity Total management of
the organisation Including Start ups where Bulk
Investment is coming.