Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement

Auditors’ Dilemma – reporting requirementson Internal Financial Controls under theCompanies Act 2013 and Clause 49 of theListing agreement

V. Venkataramanan

10 September 2014

Agenda

•Definitions

•Clause 49 of the Listing Agreement

•Section 134 of Companies Act 2013

•International experience

•Perspectives and practical considerations

Definitions

Internal controls

•An accounting procedure or system designed to promote efficiency orassure the implementation of a policy or safeguard assets or avoid fraudand error etc.

•Methods put in place by a company to ensure the integrity of financial andaccounting information, meet operational and profitability targets andtransmit management policies throughout the organization.

•Internal control is a process, effected by the entity’s board of directors,management and other personnel, designed to provide reasonableassurance regarding the achievement of objectives relating to operations,reporting and compliance.”

Clause 49 of the Listing Agreement

CEO and CFO certification that “they accept responsibility forestablishing and maintaining internal controls and that they haveevaluated the effectiveness of the internal control systems of thecompany and they have disclosed to the auditors and the AuditCommittee, deficiencies in the design or operation of internal controls,if any, of which they are aware and the steps they have taken orpropose to take to rectify these deficiencies.”

Clause 49 of the Listing Agreement

•Establishing controls

•Testing controls

•Disclosing deficiencies relating to the design or operation of internalcontrols

•Remedial steps initiated

Section 134 of the Companies Act 2013

The directors, in the case of a listed company, had laid down internalfinancial controls to be followed by the company and that such internalfinancial controls are adequate and were operating effectively.

Explanation.—For the purposes of this clause, the term “internalfinancial controls” means the policies and procedures adopted by thecompany for ensuring the orderly and efficient conduct of its business,including adherence to company’s policies, the safeguarding of itsassets, the prevention and detection of frauds and errors, the accuracyand completeness of the accounting records, and the timelypreparation of reliable financial information

Section 134 of the Companies Act 2013

•Adequacy

•Effectiveness

•Orderly and efficient conduct

Section 134 of the Companies Act 2013

•Differences from Clause 49

•Increase in scope – Board, management and auditors

•Qualitative in nature

•Lack of prescribed framework to complete the evaluation

International experience

•Sarbanes Oxley Act

•Applicable to listed companies only

•Use of COSO framework

•Costs and benefits

•Reporting of weaknesses only when there is an incident

International experience – COSOframework

•Five components

•Control environment

•Risk assessment

•Control activities

•Information and communication

•Monitoring activities

COSO 2013 framework

•Provides example Points of Focus to assist management indetermining whether a principle is present and functioning.

•An effective system of internal control requires that:

•Each of the five components and relevant principles are present andfunctioning and,

•the five components operate together in an integrated manner.

•A major deficiency exists if the organization cannot conclude thatthese are met.

COSO framework – 2013 – 17 principles

Control Environment

1. Demonstrates commitment to integrity and ethical values.

2. Exercises oversight responsibility.

3. Establishes structure, authority and responsibility.

4. Demonstrates commitment to competence.

5. Enforces accountability.

Risk Assessment

6. Specifies suitable objectives.

7. Identifies and analyzes risk.

8. Assesses fraud risk.

9. Identifies and analyzes significant change.

Control Activities

10. Selects and develops control activities.

11. Selects and develops general controls over technology.

12. Deploys through policies and procedures.

Information &Communication

13. Uses relevant information.

14. Communicates internally.

15. Communicates externally.

Monitoring Activities

16. Conducts ongoing and/or separate evaluations.

17. Evaluates and communicates deficiencies.

Proposed roadmap

•ICAI Guidance Note on Audit of Internal Financial Controls

•PCAOB AS 5 – An audit of internal control over financial reporting thatis integrated with an audit of financial statements

•COSO 1992 and 2013 frameworks

Questions still open on

•Applicability

•Timelines

•Framework

Perspectives and practical considerations

•SOX / COSO vs SA 315

•ICOFR vs Internal Financial Controls

•Interim vs year end vs ongoing reporting

•What is a reportable matter?

•Is it “out of our syllabus”?

•Directors reactions and responsibilities

•Who will bell the cat (Management vs Internal Audit vs Externalauditors)?

•Documentation vs business benefits

Perspectives and practical considerations

What would you do ? – some food for thought

•Known instances of non compliance

•‘Minor’ illegal acts – what would be material?

•If you read a negative report?

Thank you