the companies act 2013: the dawn of a new era corporate...

© Grant Thornton India LLP. All rights reserved. 1

The Companies Act 2013: The dawn of a new era

Corporate Fraud

June 2014

Presented by:

Vidya Rajarao & Kunal Gupta


Companies Act, 2013

The dawn of a new era…

Improve

Governance

Auditor

Regulation

Investor

Protection

Contemporary

Reform



Corporate Fraud

• identification and determination of what

constitutes 'Fraud'

• implications for Board, audit committee and

management

• nature, extent and impact on corporate

controls

• assessment and commencement of

investigation

• establishment of an effective vigilance

mechanisms

• how can companies and Boards maintain

oversight and control of this process?



Corporate Fraud

• identification and determination of what

constitutes 'Fraud'


Identification and Determination of what constitute 'Fraud'

The erstwhile Companies Act of

1956 had provisions dealing with

fraud but never defined fraud.

Section 447 of the Companies Act 2013

defines fraud as "Fraud in relation to affairs of a

company or any body corporate, includes any

act, omission, concealment of any fact or

abuse of position committed by any person or

any other person with the connivance in any

manner, with intent to deceive, to gain undue

advantage from, or to injure the interests of,

the company or its shareholders or its creditors

or any other person, whether or not there is any

wrongful gain or wrongful loss."

• broad definition: Covers all

persons; not restricted to officers,

directors or board members;

• intent of the act, omission or

concealment is an essential

element of proving fraud; and

• wrongful loss or wrongful gain is

no longer important.

What has changed in Fraud ? What is Fraud?

Key aspects of this definition



Focus on intent

Companies have to invest in techniques

and mechanisms, which preserve and

identify intent:

• forensic technology tools;

• navigating legal issues in forensic

imaging; and

• updating backup rules and processes.

Widening of fraud coverage

Fraud is not only limited to officers,

employees or board of the company but

also covers third parties who provide

services to the company as long as other

elements of the definition are met.

This widens coverage to consultants,

advisors, agents etc. Practically, this

implies widening of identification tools

such as whistleblower hotline to cover

third parties as well.

What does this change mean for Indian Companies



Identification of Fraud

Companies have to invest in techniques and mechanisms to properly identify and determine

fraud in addition to or different from errors. This would include determining:

• how - broad or narrow search; reactive or proactive

• what – emails, accounting data, contracts, secretarial documents, whistleblower calls,

internal audit reports, risk management reports etc.

• where – corporate office, branches (India and overseas), third party locations, advisers,

etc.

• when – wait for events to be reported or search using an agreed plan

• who – will conduct the search, investigation, determination and reporting




Addressing definitional issues

• an act NOT falling within the definition of section 447 but is 'considered' a fraud within

the company. For example, instances where direct evidence of intent is not there.

- documents to consider: Company's policies, code of conduct

- internal committee and counsels

• error of judgment versus fraud

- instances where "error" is repeated over a period of time

- how is the "error" dealt with by third parties such as vendors to the company?




• consult legal counsel as early in the process:

- corporate liability versus Individual liability;

• document the process;

• determination should be "independent"; and

• build robust processes that promote early identification of fraud (discussed later in this

presentation).

Tips for companies dealing with identification of fraud:



Corporate Fraud

• implications for Board, audit committee

and management


Implications for Board, audit committee and management

• directors need to report if they have laid down internal financial controls to be followed and whether

there are proper systems to ensure compliance with the provisions of ‘all’ applicable laws and, if

such controls and systems are adequate and have been operating effectively;

• the Board of Directors will now have to approve a charter for Audit Committees;

• the Board of Public companies may have to reconstitute the Audit Committees to ensure that

majority of the committee members are financially literate;

• a performance evaluation of directors and board committee members by independent experts; and

• in an event of conviction, the Director will be disqualified from holding such office in any company*.

* Applies to any company (listed or not) as opposed to other points which apply only to listed companies

Implication of new provisions under the Companies Act 2013 for the Board of Directors



• there is a reconstitution and new emphasis on the additional roles and responsibilities of audit

committees;

• a stronger emphasis on the role of the audit committee on internal controls and risk management;

• there is a requirement for auditors to also attest to the design and operating effectiveness of such

internal financial controls;

• Audit committees will need to monitor the end use of funds raised by the companies through

public offers; and

• Audit Committees will have the authority to investigate, to obtain professional advice from external

sources and have full access to information in the records of companies.

Implication of the new provision under the Companies Act 2013 for audit committees



• there are significant penalties prescribed under the Act for various offences such as misstatement

in prospectus, submission of false information with the ROC, failure to repay deposits, insider

trading, etc.

• fraud on the company versus fraud by the company. Any fraudulent activities reported from or

against the Company or its directors or auditor or the auditing firm of the company are now liable

under class action suits and member of the company or depository can claim damages or

compensation;

• management needs to have an independent whistleblower mechanism for reporting of any

fraudulent activities related to the Company.

• management is also required to establish a vigil mechanism for directors and employees to report

concerns related to fraud or fraudulent activities and even directly to the chairperson of the audit

committee for appropriate cases.

• management is required to report to the board of directors and audit committee on company-wide

controls for orderly and efficient conduct of its business.

Implication of the new provision under the Companies Act 2013 for the management



Board of Directors

• Board of Directors should have clear and written charters for the various committees of the

Board;

• proper documentation of the compliance program to be mentioned in the Board meeting which will

help the company in the future to take or justify the action in court of law. This should be in

substance over form;

• Board may consider taking proactive steps such as keeping compliance assessment on agenda of

every board meeting, designating specific members of the board to report on fraud issues.

Audit Committee

• the audit committee needs to be adequately constituted to undertake statutory responsibilities;

• the audit committee should have a formal process to evaluate the auditor and the auditing

process;

• the audit committee should formally participate in the process to set the policies for internal

controls, risk management and compliance before recommending to the Board of Directors.

Key action items for the Board, audit committee and management



Management

• management should have a formal process and system in place for periodic fraud risk

assessment and compliance controls review;

• management should have clearly written and articulated policies and procedures for assessing

and managing fraud risks;

• management should assess the key fraud risks, vulnerabilities and plans to address these fraud

risks;

• management should have sufficient authority to ensure that the standards for anti-fraud measures

are strictly adhered and adequate resource is available to implement and monitor the anti-fraud

program; and

• management shall oversee the activities of employees, assess the vulnerability of the entity to

fraud and establish and maintain an effective internal control at a reasonable cost.

Key action items for the Board, audit committee and management



Corporate Fraud

• nature, extent and impact on

corporate controls


Nature, extent and impact on corporate controls

31%

60%

9%

Design strong internal controls – and regular testing of the

same

Setting policies and procedures for reporting fraud - whistleblowing

Independent and/ or external audits

Design strong internal controls and regular testing of

the same 60%

Source: Fraud - A key governance risk A Grant Thornton Survey

Traditionally, corporate controls were

only viewed as a tool for compliance /

regulatory purpose and not as a way to

mitigate fraud risks.

However, most corporate officers now realize

the importance of effective controls in

addressing fraud issues proactively and period

assessments as an effective method of fraud

mitigation. This is also reflected in our most

recent survey findings.

Which is the most effective method for fraud mitigation in an organization?

With new technologies and changing business dynamics, a heightened degree of fraud risk is associated in conducting business for an organization.



41%

Corruption,

money

laundering

and/ or

bribery

24%

Window

dressing,

or financial

reporting

fraud

17%

Tax

evasion

9%

Embezzlem

ent

(siphoning

of assets/

funds)

9%

Informatio

n theft/

data

integrity

Corruption, money laundering and/ or bribery 41%

"More than 41% of the respondents in

the survey responded that damage to

their organizations’ brand and market

reputation is mainly due to corruption,

money laundering and bribery."


An effective fraud control will help an

organisation to meet its compliance

requirement but also give an

opportunity to actualise its investment

in fraud control by stemming the fraud

and results in increased "bottom line".

Which of the fraud risks creates maximum damage to the

organisation? "29% of the respondents in

the survey cited that

identification and a quick

response to the warning

signals was the sole reason

they were able to highlight

fraud and misconduct in the

organisation."




Key considerations for designing an effective fraud control in an organisation:

• who reviews and evaluates the fraud control plan?

• who analyses the fraud risks in my organisation?

• when do we report fraud or errors in the organisation?

• where is the guidance on how to report fraud in my organisation?

• why is governance so important to an effective fraud control?

• how does my organisation decide if a suspected fraud will be investigated?



Preventive Controls

• comprehensive Fraud Policy and Code of

Conduct;

• exhaustive fraud risk management process;

• detailed background checks related to

employee, and third party;

• frequent Fraud Awareness Training; and

• internal controls to ensure accurate reporting

of information.

Detective Controls

• regular reviews (including surprise audits);

• retrospective reviews using data mining

and analysis;

• continuous auditing or continuous

monitoring; and

• internal and external reporting mechanisms

(hotlines, website and internal reporting

channels).

Risk

Fraudulent

Payment for POs

through SAP

Control

Detailed Delegation of

Power covering PO

payment process.

Result

Control will fail

Test of Design

Issue

Delegation of Power not

mapped in SAP.

Need for

Remediation

Test - Is your corporate control capable of preventing and correcting a significant fraud risk?



Testing the effectiveness of a fraud control plan should be carried out by company and should

ensure that:

• fraud risk assessments are performed in an effective and efficient manner;

• continuous monitoring of the awareness-raising and training are evaluated;

• proper recording of allegations and comprehensive analysis is carried out in a timely matter;

• cases of fraud are dealt with according to applicable external and internal standards; and

• accurate information is provided to the Audit Committee on a timely basis.

Considerations in testing effectiveness of a fraud control plan



Corporate Fraud

• assessment and commencement of

investigation


Assessment and commencement of investigation

Investigation Triggers

Investigation triggers plays a pivotal role in creating a culture of

compliance and enhances the mechanism of reporting. It is

classified as:

• Internal Triggers: Third Party Due Diligence, Whistle

Blower, Data Analytics, Supervisors, Internal Audit,

Human Resource, Interviews, and Hotlines; and

• External Triggers: Regulators, Police, Media, Third Party

Complaints and Whistle blower.

A response plan to assess, investigate and resolve issues related to fraud investigation is based on:

Triage

Use a standard process to review and filter

allegations to develop initial response plan.



Investigation

Based on analysis of preliminary information, we conduct investigation based on:

• potential team members in the investigation team;

• engage experts to address technical issues;

• identify and preserve evidence such as identifying the key witnesses and involve a counsel

to have attorney client privilege or electronic evidence admissible in the court of law;

• conduct data analytics and document review to understand how the transaction is captured

in the accounting system, flow of funds and internal controls environment;

• prepare a fact finding report to conduct in depth analysis based on investigation triggers

and also to find any additional information related to the investigation; and

• conduct interview with the suspects and the alleged for corroborating of facts and finding.

A response plan to assess , investigate and resolve issues related to fraud investigation is based on:

Remediation

Corroborate the fact finding report and prepare a report of

recommendation on disclosure and internal control improvement.



Understand the allegations

Conduct Interview

3rd Party Verification/

Corporate Intelligence

Forensic Technology

Solutions

Transaction Testing

Reporting

Incident description Degree of involvement

Modus Operandi Related parties

Red flags identification Establish relationships

E-discovery Transaction trails

Credential check Relationship mapping

Win-lose situation analysis Remediation

Investigation process Common Pitfalls

First 72 Hours

Overlook Fraud

Schemes

Trampling of

Evidence

Culture Clash

Retaliation

Parallel Investigation



Corporate Fraud

• establishment of an effective vigilance

mechanisms


Establishment of an effective vigilance mechanism

Some of the key internal controls to mitigate fraud risk:

• segregation of duties;

• supervisory control;

• receiving control;

• authorisation/approval control;

• reconciliation controls; and

• recording controls.

Key aspects related to internal controls for an organisation:

• operational efficiency and effectiveness of organization operation;

• reporting of financial and non-financial information related to internal and external policies;

and

• compliance to laws and the regulation.


Establishment of an effective vigilance mechanism

Define &

Map Relevant

Processes

2

Develop Linkage between

Special Audit & Fraud

Management Systems

(FMS) Teams

3

1 Code of Conduct

& Whistle Blower

Policy

7 Develop

dashboards for

periodic

monitoring

& review

Develop

templates &

formats for

audit team's

deliverables

6

Develop

standard

methodology

for Targeted

testing and

reviews

5

Recommended

Standard forensic

tools to be used

4

Effective Vigilance

Mechanism

Tone/Behaviour

Risk

Ombudsman

Policies &

Procedures

Internal Controls

Business Partners

Training

Whistle blowing


Establishment of an effective vigilance mechanism – What

should you do ?

1 Is your vigilance

mechanism reasonable?

An effective vigilance

mechanism should not be a

burden on the business or a

threat in conducting normal

business operation

Is your vigilance

mechanism consistent?

We need to establish a

standardized reporting

mechanism to drive

consistency across different

business process or units.

Is the vigilance mechanism

responsive?

A strong Board oversight on

the vigilance mechanism

helps in making a transparent

and sound decision making.

2 3 Is the vigilance mechanism

independent?

We need to have

independence to minimize

potential conflict of interest and

ensure a structured and

objective decision making.

4

Key aspects for an effective vigilance mechanism

Independence Both in fact and in appearance

Objectivity Investigations must be entirely based on facts and evidence gathered legally

Mandate and Clarity Types of investigations handled; No restrictions as to team’s mandate.

Authority Conduct investigations, obtain data and appoint external specialists where needed

Capabilities Successful investigations demand professionals with the right skills and experience.

Unbiased process Process to gather, analyze and report data should be free from bias; closely related

with Objectivity

Reporting Lines Independent reporting line to the Board of Directors or Audit Committee or

Governance Committee; Closely related with Independence



Corporate Fraud

• how can companies and Boards

maintain oversight and control of this

process?


How can companies and Boards maintain oversight and

control of this process?

Board of Directors can maintain control and oversight by:

• creating a sense of authority in the compliance program through active participation and

involvement;

• providing an independent oversight of the compliance program;

• insisting on proper documentation of the compliance program;

• benchmarking management response to industry and global standards;

• retain ability to seek independent professional assistance; and

• actively involving in the audit committee to obtain knowledge about the content and operation of

the compliance program.

Board of Directors is responsible for effective and responsible fraud governance and is tasked with overseeing management actions to manage fraud.


How can companies and Boards maintain oversight and

control of this process?

Company can maintain better control and oversight by:

• ensuring that fraud control and prevention is not only a statutory compliance exercise but is seen

as a value enhancer

• creating an effective vigil mechanism;

• invest in creating a 'substance over form' culture in fraud prevention;

• inform the board and relevant investors/audits early on in the process; and

• develop a program to test and improve the design to address newer business areas, technology

and laws.

The Company is the ultimate beneficiary of the greater oversight and control


Five key takeaways for the companies to brace themselves

to the change

1. Develop an appropriate vigil mechanism. The mechanism should be independent, responsive

and robust. Considering using external help to triage complaints and independent reporting;

2. Identify areas where controls are missing or need an update. Are your controls capable of

preventing and correcting a significant fraud risk?

3. Develop a response plan to assess , investigate and resolve issues related to fraud investigation.

4. Involve the board and external advisors (auditors, investors) earlier in the process.

5. Appropriately document each of the steps taken by the company to address fraud risks.



Thank you!

For any further discussions, please contact us-

Vidya Rajarao

[email protected]

www.grantthornton.in

Kunal Gupta

[email protected]/

[email protected]

Contact Us

To know more about Grant Thornton India LLP, please visit www.grantthornton.in or contact any

of our offices as mentioned below:

© Grant Thornton India LLP. All rights reserved.

Grant Thornton India LLP (formerly Grant Thornton India) is registered with limited liability with identity number AAA-7677 and its registered office at

L-41 Connaught Circus, New Delhi, 110001

Grant Thornton India LLP is a member firm within Grant Thornton International Ltd (‘Grant Thornton International’).

Grant Thornton International and the member firms are not a worldwide partnership. Services are delivered by the member firms independently.

For more information or for any queries, write to us at [email protected]

www.grantthornton.in

NEW DELHI National Office Outer Circle L 41 Connaught Circus New Delhi 110 001 T +91 11 4278 7070

BENGALURU “Wings”, 1st floor 16/1 Cambridge Road Ulsoor Bengaluru 560 008 T +91 80 4243 0700

CHANDIGARH SCO 17 2nd floor Sector 17 E Chandigarh 160 017 T +91 172 4338 000

CHENNAI Arihant Nitco Park, 6th floor No.90, Dr. Radhakrishnan Salai Mylapore Chennai 600 004 T +91 44 4294 0000

GURGAON 21st floor, DLF Square Jacaranda Marg DLF Phase II Gurgaon 122 002 T +91 124 462 8000

HYDERABAD 7th floor, Block III White House Kundan Bagh, Begumpet Hyderabad 500 016 T +91 40 6630 8200

KOLKATA

10C Hungerford

Street

5th floor

Kolkata 700 017

T +91 33 4050 8000

MUMBAI

16th floor, Tower II

Indiabulls Finance

Centre

SB Marg, Elphinstone

(W)

Mumbai 400 013

T +91 22 6626 2600

NOIDA

Plot No. 19A, 7th Floor

Sector – 16A,

Noida – 201301

T +91 120 7109001

PUNE 401 Century Arcade Narangi Baug Road Off Boat Club Road Pune 411 001 T +91 20 4105 7000

http://www.grantthornton.in/

the companies act 2013: the dawn of a new era corporate...

Documents