1

Legal Aspects of Business

A Case for Governance Audit for Better Corporate Governance

Submitted to Dr. I. Sridhar

By

Madhavi Bhoyar

2014PGPM011

Date of submission: March 28, 2015

2

LETTER OF TRANSMITTAL

28-Mar-2015

Dr. I. Sridhar

Legal Aspects of Business

IIM Indore

Dear Sir,

Sub: Submission of A Case for Governance Audit for Better Corporate Governance.

As per your instructions, I have analyzed the impact of Governance Audit on corporate

governance as part of LAB course. The report that contains the results of the analysis is

attached.

Yours sincerely,

Madhavi Bhoyar

3

INDEX

1. Introduction . 4

2. Conceptual Discussion .. 7

3. Implementation of the Auditing Governance in India 13

4. Alternative systems in other countries .. 17

5. Data Analysis & Interpretation . 18

6. Conclusion 19

7. Bibliography 20

4

1. INTRODUCTION

Doing the right thing and doing it in the right way is the essence of Corporate Governance.

To meet the needs of all the stakeholders, an excellent Corporate Governance is supposed to

include effective internal control systems, policies, procedures and a group of direct

management.

Benefits of Good Corporate Governance:

Some of the benefits of good corporate governance are:

Brings stability to markets

Strengthens competitiveness (companies and economies)

Strengthens institutions

Improves risk mitigation

Promotes investment, lowers cost of capital

Weakens corruption

Strengthens lending

Promotes reform of state-owned enterprises

Promotes successful privatization

Builds transparent relationships between business and state

Helps to combat poverty

Reasons of failure of Corporate Governance:

Management incompetence

Non-observance of the procedures stipulated in internal regulations

Insufficient attention paid to risk management

Inconsistent distribution of duties and responsibilities

Inefficiency of internal audit

Ignorance showed to the signals provided by external audit

Influencing the external auditors to express an audit opinion inconsistent with reality.

5

Corporate Governance Framework

Following table depicts the fraudulent companies due to improper governance in their

companies :

No Company Name Country Reasons for Failure

1 Satyam India Understatement of Liability & Inflated Earnings

2 Enron USA Inflated Earnings

3 Tyco USA Improper Share Details

4 Wal-mart USA Government Interventions due to weak internal

controls & class action lawsuits by employees

5 Worldcom USA Expenses showed as capital expenditure

6 Parmalat Italy Incorrect Transaction recorded

7 Xerox USA Accelerated revenue recognition

6

Internal Audit:

Due to above mentioned reasons for failure of good governance; the concept of internal

auditing was introduced. Internal Auditing is designed in such a way so as to improve

organization's operations. It helps in aligning the objective a firm by incorporating a disciplined

approach to gauge and improve the effectiveness of risk management, control, and governance

processes.

Internal Auditing involves activities like risk management, managing operations efficiently and

safeguarding assets effectively and compliance with laws and regulations. To identify

fraudulent cases, auditors may conduct proactive frauds audits. Thus they can detect financial

losses if any by participating in fraud investigations under the direction of fraud detection

professionals.

There was no provision for the concept of Internal Audit in the 1956 Act. But in the 2013 Act,

for better internal control and corporate governance, utility of internal audit was recognized.

7

2. CONCEPTUAL DISCUSSION

The Auditor(s) do not have a direct control over the company; rather they are sort of inspectors of

all the records in the financial year.

Role of Audit Committee in Corporate Governance

Directors, who form the members of the board of the company, may exercise their power either

directly or indirectly through appointment of managers. As it is difficult for the Board of Directors

to operate, they delegate their responsibilities to managers who are specialized in respective

domains. One of the mandatory tasks is to prepare financial statements and annual accounts.

Annual Report of the company from the perspective of the prospective investors as it indicates

the financial health of the company. Annual Report forms such an important part which

represents the financial status of a company, managers tends to put forth a rosy picture may be

by altering few numbers to avoid questions from the board. To avoid such circumstances it is now

made compulsory to conduct audit of the annual account of the company. The auditors need to

ascertain if the annual report is of fair value based on the information collected from the

company. However, there have been instances of accounting and audit failure which led to

several brainstorming sessions by the regulators who suggested different modes of ensuring that

such scandals become events of the past. Instances of such failures like those in the cases of

Maxwell, BCCI and Polypeck in the United Kingdom led to the appointment of Cadbury Committee

on Financial Aspects of Corporate Governance (Cadbury 2003).

Audit Committee Composition:

Any Audit committee member should be financially sound. The committee should comprise of

minimum number of independent members. Audit committee should have communication to

auditor and shareholders too. Chairman of SEC Levitt (1998) has stated Qualified, committed

independent and though-minded audit committees represent the most reliable guardians of the

public interest. 2/3 members of the audit committee must be independent as per the provision

of Companies Act 1956. As per Clause 49 of the listing agreement, the members of the audit

committee must possess financial knowledge in terms of corporate clients and expertise in

accounting aspects. The committee is accountable to provide with just view as it is the most

important decision to execute corporate governance successfully. For successful execution the

committee should comprise of qualified and committed members from all walks of life with

knowledge. The capability of the audit committee to perform independently and raise questions

to management will stimulate auditor to work efficiently and their fair performance will facilitate

8

good corporate governance

Roles and responsibilities

The duties of directors may be classified into four categories fiduciary duties, duties of care,

statutory duties and other duties. Across the world, the company laws classify two important

duties of the directors one is the duty of loyalty and other is duty of care. It is observed that

most of corporate fraud have occurred on account of breach of these primary duties by directors.

However, emphasis is more on conflict on duties loyalty to the company and accountability to

the investing community. As far as the India is concerned, the Security Exchange Board of India

(SEBI) has been very serious about introducing new rules intensifying the audit committee so as to

guard the interests of the investors in a better manner than before. In May 1999, the SEBI

adopted several new rules based on the suggestion of the report submitted by Kumar Mangalam

Birla committee on improving the efficacy of audit committee. The audit committee as per these

new rules was supposed to perform following roles:

Role of Audit Committee

To have a overview on the financial report progress of a company

To recommend statutory auditor to Board, their appointment, re-appointment,

substitution or elimination, terms and amount of audit fees , approval for payment for any

other services rendered by statutory auditors.

To have reviewed quarterly and annual financial statement along with the management

before they are forwarded to the board for approval.

To make significant adjustment in financial statement as a result of audit findings.

Compliance in listing and other legal requirement relating to financial statement

Disclosure of any party transactions Qualifications in draft audit report

To review the statement of uses/ application of funds which have rose through any issue

and IPO proceedings.

To review performance of statutory and internal auditor and the adequacy of internal

control system and function

Discussion with the internal auditor and any momentous conclusion and follow up there

on and review finding of any internal investigations by internal auditors where fraud and

irregularity is suspected

Following are the important points for formation and regulation of an Audit Committee

9

Audit Committee

(A) Qualified and Independent Audit Committee

An Audit Committee would be a qualified and independent one, subject to following condition:

(i) The audit committee shall have minimum three directors as members. Two-thirds of the

members of audit committee shall be independent directors.

(ii) All members of audit committee shall be financially literate and at least one member shall

have accounting or related financial management expertise.

Explanation 1: The expression financially literate implies that the auditor should be able to

read and comprehend basic financial statements which include balance sheet, profit and loss

account, and statement of cash flows.

Explanation 2: A member who has experience in finance and accounting or professional

certification in accounting will be considered for the Audit Committee. A person having any

other equivalent experience like being or having been a chief executive officer, chief financial

officer or other senior officer with financial oversight responsibilities can also be considered for

Audit Committee.

(iii) The Chairman of the Audit Committee shall be an independent director;

It is the responsibility of the Chairman of the Audit Committee to be present Annual

General Meeting to clarify queries raised by the shareholder ;

The Audit Committee may invite executives who they feel as appropriate and who is the

head of a finance function to become a part of the meetings of the committee. But there

may be times when the committee meets in absence of any executives of the company.

The Audit Committee may be graced with the presence of finance director, head of

internal audit and a representative for their meetings; The Company Secretary shall act as

the secretary to the committee.

10

(B) Meeting of Audit Committee

It is mandatory for an audit committee to meet at least four times in a year. Moreover there

should not be a gap of more than four months between any two meetings. The quorum for

the meeting of the audit committee shall be either two members or one third of the members

of the committee whichever is greater. But the meeting should have a minimum of two

independent members present.

(C) Powers of Audit Committee

The members of the audit committee should be empowered with the following powers:

1. Right to investigate any kind of activity which comes within its purview.

2. Authorized to seek information from any employee of the company.

3. To be able to gain outside legal or other professional advice.

4. To secure attendance of outsiders with relevant expertise, if it considers necessary.

(D) Role of Audit Committee

The role of the audit committee shall include the following:

Overview of the companys financial reporting process

Disclosure of its financial information so as to ensure that the company's financial

statement is correct and credible.

The Auditors can recommend to the Board in matters of appointment, re-appointment

and, if required, the replacement or removal of the statutory auditor. They can also have a

say in the fixation of audit fees.

Approval of payment to statutory auditors for any other services rendered by the statutory

auditors.

Before submission of the financial statements to the board for approval, reviewing it

thoroughly along with the management, with particular reference to:

o Matters required to be included in the Directors Responsibility Statement to be

included in the Boards report in terms of clause (2AA) of section 217 of the

Companies Act, 1956

o Amendments, if any, in policies and practices of accounting principals

o Entries involving major accounting estimates which are dependent on the exercise

of judgment by management

11

o Relevant modification made in the financial statements in view of the findings of

the audit

o Conformity with listing and other legal requirements relating to financial

statements

o Revelation of any related party transactions

o Qualifications in the draft audit report

Assessment of the quarterly financial statements with the management, before

submission of the same to the board for approval

Reviewing, with the management, performance of statutory and internal auditors,

adequacy of the internal control systems.

Reviewing the sufficiency of internal audit function, if any, including the composition of

the internal audit department, staffing and seniority of the official heading the

department, reporting structure coverage and frequency of internal audit.

Follow up on the discussion with internal auditors and its considerable findings

Reviewing the results of any internal investigations by the internal auditors where a fraud

is suspected or abnormality or a breakdown of internal control systems of a material

nature and reporting the matter to the board.

Prior to audit, a dialogue with statutory with respect to the nature and scope of audit. Also

a post-audit discussion to make certain any area of apprehension.

To probe the reasons for substantial defaults in the payment to the depositors, debenture

holders, shareholders and creditors.

To examine the functioning of the Whistle Blower mechanism, in case the same is existing.

Following other activities that are mentioned in the terms of reference of the Audit

Committee.

Explanation (i): The term "related party transactions" shall have the same meaning as

contained in the Accounting Standard 18, Related Party Transactions, issued by The Institute

12

of Chartered Accountants of India.

Explanation (ii): If the company has set up an audit committee pursuant to provision of the

Companies Act, the said audit committee shall have such additional functions / features as is

contained in this clause.

(E) Review of information by Audit Committee

The Audit Committee shall compulsorily review the following information:

1. Discussion of Management and examination of financial condition and results of operations;

2. Statement of significant which are submitted by management related to party transactions (as

defined by the audit committee);

3. Management letters / letters of internal control weaknesses released by the statutory

auditors;

4. Internal control weakness in line with Internal audit reports and

5. Audit Committee will verify the appointment, removal and terms of remuneration of the Chief

internal auditor

13

3. IMPLEMENTATION OF THE AUDITING GOVERNANCE IN INDIA

There are different levels of control on the company. There is a team who controls ethics and

culture. Another level is responsible for regulation of rules and procedures. Below is the

framework which highlights the different building blocks of an Internal Financial Control

Framework:

Implementation:

The below model of "Three Lines of Control" provides an effective medium for

communication on Financial Controls by clarifying roles and responsibilities.

14

The first line is majorly responsible for controls mechanism, mitigation of risk and

defining policies and procedures to be complied with

The second line monitors compliance with the laid down control mechanism. It is not

an independent guarantee function, but a monitoring tool for the management

The third line provides the independent assurance on the activities of first and second

lines of defense

Audit Committee and board of directors provide overall direction and oversight

Below is a diagram which shows how an audit committee functions in an organization :

Securities and Exchange Board of India (SEBI) via the Clause 49 of Listing Agreement has

enforced certain mandatory as well as recommendatory corporate governance provisions in

Clause 49 of the Listing Agreement applicable to listed entities. Some of the important

requirements of the Clause 49 pertaining to internal audit are as follows:

15

Section 292A of the Companies Act, 1956 Companies (Auditor's Report) Order, 2003 Others

In addition, Section 292A of the Companies Act, 1956, needs public companies to pay a

capital not less than Rs. 5 crores to constitute a committee of the Board, i.e., the Audit

Committee. In terms of sub section 5 of the said Section, the internal auditor is mandated to

attend and contribute at the meetings of such Audit Committees

Companies (Auditor's Report) Order, 2003

The Central Government, in terms of the power vested under Section 227(4A) of the

Companies Act, 1956 had notified the Companies (Auditor's Report) Order, 2003. Clause (vii)

of the said 2003 order requires the auditor to report as follows: whether in case of listed

companies and/ or other companies having paid-up capital and reserves exceeding Rs. 50

lakhs as at the commencement of the financial year concerned, or having an average annual

turnover exceeding five crore rupees for a period of three consecutive financial years

immediately preceding the financial year concerned, whether the company has an internal

audit system commensurate with its size and nature of its business. Though the clause does

not by itself mandate internal audit in the subjected companies, yet a company to which the

same is applicable, would incur a negative remark from the auditor if it does not have an

internal audit system.

Internal Audit: Adding Value to the Organization

In the past, internal audit model was considered to be transaction-based and cost-driven.

Today, internal audit is undergoing significant change in migrating from a reactive,

historically focused function to a proactive group that takes a risk based focus. It is often

privy to the inner workings and culture. From the management and Audit Committee

perspective this point of view is invaluable. Leading organizations are looking for the internal

audit function to assume a leadership role in assessing and managing their strategic risks,

adding value to the organization and identifying operational improvement opportunities

Risk Management:

The business environment is increasingly throwing up newer challenges and opportunities

with globalization, disruptive technologies and rules being continuously rewritten. New risks

are hence coming up frequently. Risk management is the process of st measuring or assessing

risk and developing strategies to manage it. The 21 century internal auditors have the

16

following vital areas of responsibility in the field of risk management:

Review operations, policies, and procedures.

Help ensure goals and objectives are met.

Understanding the big picture and diverse operations.

Make recommendations to improve economy and efficiency.

Providing assurance about internal controls

Internal controls are a system consisting of specific policies and procedures which are

prepared to offer management with reasonable assertion that the goals and objectives it

believes important to the entity will be met. The internal audit function constitutes a separate

component of internal control with the objective of determining whether other internal

controls are well designed and properly operated. The internal auditor's role is to examine the

effectiveness of the system through continuous evaluation. The audit committee also has right

to make recommendations, if any, for improving that effectiveness. Thus, the focus is towards

improving the internal control structure and promoting better corporate governance.

Compliance

Internal auditor plays an significant role in evaluating the organizations conformity with

external regulations. It can brief management on the actual or potential impact of identified

compliance concerns. It can also make easy the establishment of corrective actions related to

gaps in compliance programs. Internal auditor can also aid in establishing processes to

consistently enforce conformity requirements. It can also be influential in managing the

relationship with external review agencies.

Fraud Detection

Fraud is an ever-present threat to the valuable utilization of resources in an organization and

the risk of fraudulent activities has always been an important management concern. Potential

fraud needs to prevented from happening where as existing fraud needs to be brought in the

lime light. The primary accountability for prevention and detection of fraud rests with

management and those charged with governance. Internal Audit also plays a vital role in

helping the management to fulfill its responsibilities relating to fraud prevention and

detection. Internal audit is in a unique position to identify potentially fraudulent situations

during the course of audit and, thus, plays a strong role in preventing fraud and other illegal

acts.

17

4. Alternative System in Other Countries:

Sarbanes-Oxley Act

The Sarbanes-Oxley Act of 2002 was enacted because of the series of scandals that took place

in high-profile corporates. It recognized a series of necessities that concerns corporate

governance in the U.S. and influenced similar laws in many other countries. The law required,

following:

The Public Company Accounting Oversight Board (PCAOB) is established to standardize

the auditing profession. Earlier this was self-regulated. Auditors are the ones who are

responsible for verifying the financial statements of corporations as well as issuing an

opinion as to their reliability.

The Chief Executive Officer (CEO) and Chief Financial Officer (CFO) attest to the financial

statements. Prior to the law, CEO's had claimed in court they hadn't reviewed the

information as part of their defense.

The Board audit committees includes members who are independent. They also make it

public whether or not at least one is a financial expert, or justify the reasons why the

committee is without a financial expert.

External audit firms cannot provide certain types of consulting services and must rotate

their lead partner every 5 years. Further, an audit firm cannot audit a company if those

in specified senior management roles worked for the auditor in the past year. In

absence of this law, there existed conflict of interest between providing an

independent opinion on the accuracy and reliability of financial statements when the

same firm was also providing lucrative consulting services

18

5. DATA INTERPRETATION

Satyam

Satyam is another case of a resounding failure in corporate governance, this time in India. It is a failure that occurred with the fourth largest software company from the country. Satyam is a little different story as the Chairmen himself admitted the fraud. He wrote to the Board of Directors and the Capital Market Regulator telling them about the manipulations, which led to all regulatory frameworks a ridicule. Accounting manipulations included understatement of

liabilities and inflated cash balance. The company had reported a net profit of Rs. 649 cores whereas the real profit was only Rs.61 cores. Although financial statements were prepared in accordance with Indian GAAP, IFRS and U.S. GAP, in 2008, the year that we reference, have been audited by the PWC only those drawn in concordance with Indian GAP. The Board of Satyam had two teachers from two major schools of business, Mr. Rammohan Rao was from the Hyderabad Indian Business School, which is the leading business school in India, Mr. Krishna Paleppu was from the famous Harvard Business School, who allowed such errors in spite of their skills and competencies. Like in Enron and Lehman Brothers cases, PWC has slowed to hide the fraud, selective audit test were applied. The stock market was ruptured after this Satyam incident.

Satyam faces a loss of 70 per cent in the market. There were 50,000 employees who were jeopardize. investors faced huge losses. Ramalinga Raju resigned from the Board and the company was blacklisted.

19

6. CONCLUSION:

The Indian regulatory and legal system is well-designed to provide robust auditing services to

investors, capital markets and other stakeholders. However, implementation of checks and

balances often becomes lax, defeating the strength of the structure.

The attestation of a companys financial information by an auditor is only as good as his/her

reputation backed by training and knowledge for doing a thorough audit unhampered by conflicts

of interest. Reputational risk is found to be the strongest insurance against auditor complicity and

therefore assurance of audit quality. Whenever there is a financial crisis, there are strident cries of

greater accountability and increased liability for auditors. However, litigation or threat of litigation

as a means of promoting audit quality has several limitations.

It also raises the cost of auditing across board since the law does not distinguish between one set

of auditors and another. Costs may include costs of extra checking, payment of insurance

premium, costs of defending litigation, etc. There are facts and there are perceptions. When faced

with the prospect of a lawsuit, an audit firm may choose to settle rather than go through the long

drawn process of a trial even if it has strong defenses and put its business fate to hang in balance

till the conclusion of the trial. This may, therefore, cause considerable reputational damage to the

firm if the investing public considers the settlement as an admission of guilt.

Business reversals often are just thatbusiness reversals and nothing more insidious like

collusion of auditors is usually proven. (Enron would probably have failed anyway, regardless of

who the auditor was, because its business model was faulty). The overall rate of fraud conviction

globally is lowand frauds in which auditors participate are lower still (Arthur Anderson was

exonerated by the US Supreme Court but too late in the day). Populist sentiments often force

regulators to be seen taking action but that may really not help improve the overall system in the

long term.

What is needed is constant attention to the regulatory mechanism and ensuring that it works

efficiently rather than more laws and regulations. (Annexure I list out regulations concerning

auditors that are followed in various countries.)

20

7. BIBLIOGRAPHY

file:///C:/Users/sir/Downloads/Auditors.pdf

http://www.corpgov.deloitte.com/binary/com.epicentric.contentmanagement.servlet.

ContentDeliveryServlet/USEng/Documents/Deloitte%20Periodicals/Audit%20Committ

ee%20Brief/ACBrief_2015Issue1.pdf

http://www.corpgov.deloitte.com/binary/com.epicentric.contentmanagement.servlet.

ContentDeliveryServlet/USEng/Page%20Copy/Audit%20Committee/Audit%20Committ

ee%20Resource%20Guide/Audit%20committee%20leading%20practices%20and%20tr

ends.pdf

https://docs.google.com/a/iimidr.ac.in/document/d/14Ngc6C_J53BTzPj1qh_fqsnxtNO

158F1kcDGdAr4avc/edit#heading=h.25l21embebhy

http://www2.deloitte.com/in/en/pages/risk/articles/audit-committee.html

http://www.cipe.org/sites/default/files/publication-docs/CG_USAID.pdf

file:///C:/Users/sir/Downloads/ME20120700004_79216559.pdf

http://ipasj.org/IIJM/Volume1Issue2/IIJM-2013-07-08-001.pdf

http://ipasj.org/IIJM/Volume1Issue2/IIJM-2013-07-08-001.pdf

http://taxguru.in/company-law/critical-analysis-internal-audit-provisions-companies-

act-2013.html

http://www.ey.com/Publication/vwLUAssets/EY-companies-act-13-gearing-up-to-be-

in-control-of-internal-financial-controls/$FILE/EY-companies-act-13-gearing-up-to-be-

in-control-of-internal-financial-controls.pdf

http://www.actionamresponsabil.ro/failure-of-corporate-governance-intention-or-

negligence/17037

Sarbanes-Oxley Act