the companies act 2013: the dawn of a new era corporate...
TRANSCRIPT
© Grant Thornton India LLP. All rights reserved. 1
The Companies Act 2013: The dawn of a new era
Corporate Fraud
June 2014
Presented by:
Vidya Rajarao & Kunal Gupta
© Grant Thornton India LLP. All rights reserved. 2
Companies Act, 2013
The dawn of a new era…
Improve
Governance
Auditor
Regulation
Investor
Protection
Contemporary
Reform
© Grant Thornton India LLP. All rights reserved. 3
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• identification and determination of what
constitutes 'Fraud'
• implications for Board, audit committee and
management
• nature, extent and impact on corporate
controls
• assessment and commencement of
investigation
• establishment of an effective vigilance
mechanisms
• how can companies and Boards maintain
oversight and control of this process?
© Grant Thornton India LLP. All rights reserved. 4
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• identification and determination of what
constitutes 'Fraud'
© Grant Thornton India LLP. All rights reserved. 5
Identification and Determination of what constitute 'Fraud'
The erstwhile Companies Act of
1956 had provisions dealing with
fraud but never defined fraud.
Section 447 of the Companies Act 2013
defines fraud as "Fraud in relation to affairs of a
company or any body corporate, includes any
act, omission, concealment of any fact or
abuse of position committed by any person or
any other person with the connivance in any
manner, with intent to deceive, to gain undue
advantage from, or to injure the interests of,
the company or its shareholders or its creditors
or any other person, whether or not there is any
wrongful gain or wrongful loss."
• broad definition: Covers all
persons; not restricted to officers,
directors or board members;
• intent of the act, omission or
concealment is an essential
element of proving fraud; and
• wrongful loss or wrongful gain is
no longer important.
What has changed in Fraud ? What is Fraud?
Key aspects of this definition
© Grant Thornton India LLP. All rights reserved. 6
Identification and Determination of what constitute 'Fraud'
Focus on intent
Companies have to invest in techniques
and mechanisms, which preserve and
identify intent:
• forensic technology tools;
• navigating legal issues in forensic
imaging; and
• updating backup rules and processes.
Widening of fraud coverage
Fraud is not only limited to officers,
employees or board of the company but
also covers third parties who provide
services to the company as long as other
elements of the definition are met.
This widens coverage to consultants,
advisors, agents etc. Practically, this
implies widening of identification tools
such as whistleblower hotline to cover
third parties as well.
What does this change mean for Indian Companies
© Grant Thornton India LLP. All rights reserved. 7
Identification and Determination of what constitute 'Fraud'
Identification of Fraud
Companies have to invest in techniques and mechanisms to properly identify and determine
fraud in addition to or different from errors. This would include determining:
• how - broad or narrow search; reactive or proactive
• what – emails, accounting data, contracts, secretarial documents, whistleblower calls,
internal audit reports, risk management reports etc.
• where – corporate office, branches (India and overseas), third party locations, advisers,
etc.
• when – wait for events to be reported or search using an agreed plan
• who – will conduct the search, investigation, determination and reporting
What does this change mean for Indian Companies
© Grant Thornton India LLP. All rights reserved. 8
Identification and Determination of what constitute 'Fraud'
Addressing definitional issues
• an act NOT falling within the definition of section 447 but is 'considered' a fraud within
the company. For example, instances where direct evidence of intent is not there.
- documents to consider: Company's policies, code of conduct
- internal committee and counsels
• error of judgment versus fraud
- instances where "error" is repeated over a period of time
- how is the "error" dealt with by third parties such as vendors to the company?
What does this change mean for Indian Companies
© Grant Thornton India LLP. All rights reserved. 9
Identification and Determination of what constitute 'Fraud'
• consult legal counsel as early in the process:
- corporate liability versus Individual liability;
• document the process;
• determination should be "independent"; and
• build robust processes that promote early identification of fraud (discussed later in this
presentation).
Tips for companies dealing with identification of fraud:
© Grant Thornton India LLP. All rights reserved. 10
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• implications for Board, audit committee
and management
© Grant Thornton India LLP. All rights reserved. 11
Implications for Board, audit committee and management
• directors need to report if they have laid down internal financial controls to be followed and whether
there are proper systems to ensure compliance with the provisions of ‘all’ applicable laws and, if
such controls and systems are adequate and have been operating effectively;
• the Board of Directors will now have to approve a charter for Audit Committees;
• the Board of Public companies may have to reconstitute the Audit Committees to ensure that
majority of the committee members are financially literate;
• a performance evaluation of directors and board committee members by independent experts; and
• in an event of conviction, the Director will be disqualified from holding such office in any company*.
* Applies to any company (listed or not) as opposed to other points which apply only to listed companies
Implication of new provisions under the Companies Act 2013 for the Board of Directors
© Grant Thornton India LLP. All rights reserved. 12
Implications for Board, audit committee and management
• there is a reconstitution and new emphasis on the additional roles and responsibilities of audit
committees;
• a stronger emphasis on the role of the audit committee on internal controls and risk management;
• there is a requirement for auditors to also attest to the design and operating effectiveness of such
internal financial controls;
• Audit committees will need to monitor the end use of funds raised by the companies through
public offers; and
• Audit Committees will have the authority to investigate, to obtain professional advice from external
sources and have full access to information in the records of companies.
Implication of the new provision under the Companies Act 2013 for audit committees
© Grant Thornton India LLP. All rights reserved. 13
Implications for Board, audit committee and management
• there are significant penalties prescribed under the Act for various offences such as misstatement
in prospectus, submission of false information with the ROC, failure to repay deposits, insider
trading, etc.
• fraud on the company versus fraud by the company. Any fraudulent activities reported from or
against the Company or its directors or auditor or the auditing firm of the company are now liable
under class action suits and member of the company or depository can claim damages or
compensation;
• management needs to have an independent whistleblower mechanism for reporting of any
fraudulent activities related to the Company.
• management is also required to establish a vigil mechanism for directors and employees to report
concerns related to fraud or fraudulent activities and even directly to the chairperson of the audit
committee for appropriate cases.
• management is required to report to the board of directors and audit committee on company-wide
controls for orderly and efficient conduct of its business.
Implication of the new provision under the Companies Act 2013 for the management
© Grant Thornton India LLP. All rights reserved. 14
Implications for Board, audit committee and management
Board of Directors
• Board of Directors should have clear and written charters for the various committees of the
Board;
• proper documentation of the compliance program to be mentioned in the Board meeting which will
help the company in the future to take or justify the action in court of law. This should be in
substance over form;
• Board may consider taking proactive steps such as keeping compliance assessment on agenda of
every board meeting, designating specific members of the board to report on fraud issues.
Audit Committee
• the audit committee needs to be adequately constituted to undertake statutory responsibilities;
• the audit committee should have a formal process to evaluate the auditor and the auditing
process;
• the audit committee should formally participate in the process to set the policies for internal
controls, risk management and compliance before recommending to the Board of Directors.
Key action items for the Board, audit committee and management
© Grant Thornton India LLP. All rights reserved. 15
Implications for Board, audit committee and management
Management
• management should have a formal process and system in place for periodic fraud risk
assessment and compliance controls review;
• management should have clearly written and articulated policies and procedures for assessing
and managing fraud risks;
• management should assess the key fraud risks, vulnerabilities and plans to address these fraud
risks;
• management should have sufficient authority to ensure that the standards for anti-fraud measures
are strictly adhered and adequate resource is available to implement and monitor the anti-fraud
program; and
• management shall oversee the activities of employees, assess the vulnerability of the entity to
fraud and establish and maintain an effective internal control at a reasonable cost.
Key action items for the Board, audit committee and management
© Grant Thornton India LLP. All rights reserved. 16
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• nature, extent and impact on
corporate controls
© Grant Thornton India LLP. All rights reserved. 17
Nature, extent and impact on corporate controls
31%
60%
9%
Design strong internal controls – and regular testing of the
same
Setting policies and procedures for reporting fraud - whistleblowing
Independent and/ or external audits
Design strong internal controls and regular testing of
the same 60%
Source: Fraud - A key governance risk A Grant Thornton Survey
Traditionally, corporate controls were
only viewed as a tool for compliance /
regulatory purpose and not as a way to
mitigate fraud risks.
However, most corporate officers now realize
the importance of effective controls in
addressing fraud issues proactively and period
assessments as an effective method of fraud
mitigation. This is also reflected in our most
recent survey findings.
Which is the most effective method for fraud mitigation in an organization?
With new technologies and changing business dynamics, a heightened degree of fraud risk is associated in conducting business for an organization.
© Grant Thornton India LLP. All rights reserved. 18
Nature, extent and impact on corporate controls
41%
Corruption,
money
laundering
and/ or
bribery
24%
Window
dressing,
or financial
reporting
fraud
17%
Tax
evasion
9%
Embezzlem
ent
(siphoning
of assets/
funds)
9%
Informatio
n theft/
data
integrity
Corruption, money laundering and/ or bribery 41%
"More than 41% of the respondents in
the survey responded that damage to
their organizations’ brand and market
reputation is mainly due to corruption,
money laundering and bribery."
Source: Fraud - A key governance risk A Grant Thornton Survey
An effective fraud control will help an
organisation to meet its compliance
requirement but also give an
opportunity to actualise its investment
in fraud control by stemming the fraud
and results in increased "bottom line".
Which of the fraud risks creates maximum damage to the
organisation? "29% of the respondents in
the survey cited that
identification and a quick
response to the warning
signals was the sole reason
they were able to highlight
fraud and misconduct in the
organisation."
© Grant Thornton India LLP. All rights reserved. 19
Nature, extent and impact on corporate controls
Source: Fraud - A key governance risk A Grant Thornton Survey
Key considerations for designing an effective fraud control in an organisation:
• who reviews and evaluates the fraud control plan?
• who analyses the fraud risks in my organisation?
• when do we report fraud or errors in the organisation?
• where is the guidance on how to report fraud in my organisation?
• why is governance so important to an effective fraud control?
• how does my organisation decide if a suspected fraud will be investigated?
© Grant Thornton India LLP. All rights reserved. 20
Nature, extent and impact on corporate controls
Preventive Controls
• comprehensive Fraud Policy and Code of
Conduct;
• exhaustive fraud risk management process;
• detailed background checks related to
employee, and third party;
• frequent Fraud Awareness Training; and
• internal controls to ensure accurate reporting
of information.
Detective Controls
• regular reviews (including surprise audits);
• retrospective reviews using data mining
and analysis;
• continuous auditing or continuous
monitoring; and
• internal and external reporting mechanisms
(hotlines, website and internal reporting
channels).
Risk
Fraudulent
Payment for POs
through SAP
Control
Detailed Delegation of
Power covering PO
payment process.
Result
Control will fail
Test of Design
Issue
Delegation of Power not
mapped in SAP.
Need for
Remediation
Test - Is your corporate control capable of preventing and correcting a significant fraud risk?
© Grant Thornton India LLP. All rights reserved. 21
Nature, extent and impact on corporate controls
Testing the effectiveness of a fraud control plan should be carried out by company and should
ensure that:
• fraud risk assessments are performed in an effective and efficient manner;
• continuous monitoring of the awareness-raising and training are evaluated;
• proper recording of allegations and comprehensive analysis is carried out in a timely matter;
• cases of fraud are dealt with according to applicable external and internal standards; and
• accurate information is provided to the Audit Committee on a timely basis.
Considerations in testing effectiveness of a fraud control plan
© Grant Thornton India LLP. All rights reserved. 22
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• assessment and commencement of
investigation
© Grant Thornton India LLP. All rights reserved. 23
Assessment and commencement of investigation
Investigation Triggers
Investigation triggers plays a pivotal role in creating a culture of
compliance and enhances the mechanism of reporting. It is
classified as:
• Internal Triggers: Third Party Due Diligence, Whistle
Blower, Data Analytics, Supervisors, Internal Audit,
Human Resource, Interviews, and Hotlines; and
• External Triggers: Regulators, Police, Media, Third Party
Complaints and Whistle blower.
A response plan to assess, investigate and resolve issues related to fraud investigation is based on:
Triage
Use a standard process to review and filter
allegations to develop initial response plan.
© Grant Thornton India LLP. All rights reserved. 24
Assessment and commencement of investigation
Investigation
Based on analysis of preliminary information, we conduct investigation based on:
• potential team members in the investigation team;
• engage experts to address technical issues;
• identify and preserve evidence such as identifying the key witnesses and involve a counsel
to have attorney client privilege or electronic evidence admissible in the court of law;
• conduct data analytics and document review to understand how the transaction is captured
in the accounting system, flow of funds and internal controls environment;
• prepare a fact finding report to conduct in depth analysis based on investigation triggers
and also to find any additional information related to the investigation; and
• conduct interview with the suspects and the alleged for corroborating of facts and finding.
A response plan to assess , investigate and resolve issues related to fraud investigation is based on:
Remediation
Corroborate the fact finding report and prepare a report of
recommendation on disclosure and internal control improvement.
© Grant Thornton India LLP. All rights reserved. 25
Assessment and commencement of investigation
Understand the allegations
Conduct Interview
3rd Party Verification/
Corporate Intelligence
Forensic Technology
Solutions
Transaction Testing
Reporting
Incident description Degree of involvement
Modus Operandi Related parties
Red flags identification Establish relationships
E-discovery Transaction trails
Credential check Relationship mapping
Win-lose situation analysis Remediation
Investigation process Common Pitfalls
First 72 Hours
Overlook Fraud
Schemes
Trampling of
Evidence
Culture Clash
Retaliation
Parallel Investigation
© Grant Thornton India LLP. All rights reserved. 26
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• establishment of an effective vigilance
mechanisms
© Grant Thornton India LLP. All rights reserved. 27
Establishment of an effective vigilance mechanism
Some of the key internal controls to mitigate fraud risk:
• segregation of duties;
• supervisory control;
• receiving control;
• authorisation/approval control;
• reconciliation controls; and
• recording controls.
Key aspects related to internal controls for an organisation:
• operational efficiency and effectiveness of organization operation;
• reporting of financial and non-financial information related to internal and external policies;
and
• compliance to laws and the regulation.
© Grant Thornton India LLP. All rights reserved. 28
Establishment of an effective vigilance mechanism
Define &
Map Relevant
Processes
2
Develop Linkage between
Special Audit & Fraud
Management Systems
(FMS) Teams
3
1 Code of Conduct
& Whistle Blower
Policy
7 Develop
dashboards for
periodic
monitoring
& review
Develop
templates &
formats for
audit team's
deliverables
6
Develop
standard
methodology
for Targeted
testing and
reviews
5
Recommended
Standard forensic
tools to be used
4
Effective Vigilance
Mechanism
Tone/Behaviour
Risk
Ombudsman
Policies &
Procedures
Internal Controls
Business Partners
Training
Whistle blowing
© Grant Thornton India LLP. All rights reserved. 29
Establishment of an effective vigilance mechanism – What
should you do ?
1 Is your vigilance
mechanism reasonable?
An effective vigilance
mechanism should not be a
burden on the business or a
threat in conducting normal
business operation
Is your vigilance
mechanism consistent?
We need to establish a
standardized reporting
mechanism to drive
consistency across different
business process or units.
Is the vigilance mechanism
responsive?
A strong Board oversight on
the vigilance mechanism
helps in making a transparent
and sound decision making.
2 3 Is the vigilance mechanism
independent?
We need to have
independence to minimize
potential conflict of interest and
ensure a structured and
objective decision making.
4
Key aspects for an effective vigilance mechanism
Independence Both in fact and in appearance
Objectivity Investigations must be entirely based on facts and evidence gathered legally
Mandate and Clarity Types of investigations handled; No restrictions as to team’s mandate.
Authority Conduct investigations, obtain data and appoint external specialists where needed
Capabilities Successful investigations demand professionals with the right skills and experience.
Unbiased process Process to gather, analyze and report data should be free from bias; closely related
with Objectivity
Reporting Lines Independent reporting line to the Board of Directors or Audit Committee or
Governance Committee; Closely related with Independence
© Grant Thornton India LLP. All rights reserved. 30
The Companies Act 2013: The dawn of a new era
Corporate Fraud
• how can companies and Boards
maintain oversight and control of this
process?
© Grant Thornton India LLP. All rights reserved. 31
How can companies and Boards maintain oversight and
control of this process?
Board of Directors can maintain control and oversight by:
• creating a sense of authority in the compliance program through active participation and
involvement;
• providing an independent oversight of the compliance program;
• insisting on proper documentation of the compliance program;
• benchmarking management response to industry and global standards;
• retain ability to seek independent professional assistance; and
• actively involving in the audit committee to obtain knowledge about the content and operation of
the compliance program.
Board of Directors is responsible for effective and responsible fraud governance and is tasked with overseeing management actions to manage fraud.
© Grant Thornton India LLP. All rights reserved. 32
How can companies and Boards maintain oversight and
control of this process?
Company can maintain better control and oversight by:
• ensuring that fraud control and prevention is not only a statutory compliance exercise but is seen
as a value enhancer
• creating an effective vigil mechanism;
• invest in creating a 'substance over form' culture in fraud prevention;
• inform the board and relevant investors/audits early on in the process; and
• develop a program to test and improve the design to address newer business areas, technology
and laws.
The Company is the ultimate beneficiary of the greater oversight and control
© Grant Thornton India LLP. All rights reserved. 33
Five key takeaways for the companies to brace themselves
to the change
1. Develop an appropriate vigil mechanism. The mechanism should be independent, responsive
and robust. Considering using external help to triage complaints and independent reporting;
2. Identify areas where controls are missing or need an update. Are your controls capable of
preventing and correcting a significant fraud risk?
3. Develop a response plan to assess , investigate and resolve issues related to fraud investigation.
4. Involve the board and external advisors (auditors, investors) earlier in the process.
5. Appropriately document each of the steps taken by the company to address fraud risks.
© Grant Thornton India LLP. All rights reserved. 34
The Companies Act 2013: The dawn of a new era
Thank you!
For any further discussions, please contact us-
Vidya Rajarao
www.grantthornton.in
Kunal Gupta
Contact Us
To know more about Grant Thornton India LLP, please visit www.grantthornton.in or contact any
of our offices as mentioned below:
© Grant Thornton India LLP. All rights reserved.
Grant Thornton India LLP (formerly Grant Thornton India) is registered with limited liability with identity number AAA-7677 and its registered office at
L-41 Connaught Circus, New Delhi, 110001
Grant Thornton India LLP is a member firm within Grant Thornton International Ltd (‘Grant Thornton International’).
Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered by the member firms independently.
For more information or for any queries, write to us at [email protected]
www.grantthornton.in
NEW DELHI National Office Outer Circle L 41 Connaught Circus New Delhi 110 001 T +91 11 4278 7070
BENGALURU “Wings”, 1st floor 16/1 Cambridge Road Ulsoor Bengaluru 560 008 T +91 80 4243 0700
CHANDIGARH SCO 17 2nd floor Sector 17 E Chandigarh 160 017 T +91 172 4338 000
CHENNAI Arihant Nitco Park, 6th floor No.90, Dr. Radhakrishnan Salai Mylapore Chennai 600 004 T +91 44 4294 0000
GURGAON 21st floor, DLF Square Jacaranda Marg DLF Phase II Gurgaon 122 002 T +91 124 462 8000
HYDERABAD 7th floor, Block III White House Kundan Bagh, Begumpet Hyderabad 500 016 T +91 40 6630 8200
KOLKATA
10C Hungerford
Street
5th floor
Kolkata 700 017
T +91 33 4050 8000
MUMBAI
16th floor, Tower II
Indiabulls Finance
Centre
SB Marg, Elphinstone
(W)
Mumbai 400 013
T +91 22 6626 2600
NOIDA
Plot No. 19A, 7th Floor
Sector – 16A,
Noida – 201301
T +91 120 7109001
PUNE 401 Century Arcade Narangi Baug Road Off Boat Club Road Pune 411 001 T +91 20 4105 7000