internal controls - ixcfo-proteus - ver. 2015 show
TRANSCRIPT
Implementing Internal Controls Framework
With our Network Partner :
Proteus Advisors
Index
A
C
B
C O
N T
E N
T S
> Cost effective, High quality, Innovative Process Consulting Solutions
Understanding Your Context
Implementing Internal Controls
Our Credentials
3
10
15
Understanding Your Context
Understanding Your Context
Go to Index
Are you growing or plan to grow 30% + Y-O-Y?
Do you intend toraise funds ( Debt/Equity) fromOutside investors ?
Are you looking for higher margin & therefore higher Business Valuation?
Is Companies Act changes made in 2013, applicable on controls to your organisation ?
need to consider
Orderly
Internal Controls
forachieving
Control Growth
OR
OR
OR
If Yes, then
You
1
Have you launched Process Re-engineering , IT AuotmationERP Implementation for scaling up ?
2
3
4
5
OR
Are your Control Activities keeping pace with your Growth?
Go to Index
Do you know what kind of Internal controls most suited for your growing business?
Business is not systems driven but people driven
Organization structure and reporting lines are ineffective and inefficient
Technology backwardness is hampering further growth
Retaining professional work force is a challenge
Reduced margins Loss, leakage of revenue & Increased Overheads
Lurking fraud risk is bothering
Bad Growth Indicators
Haphazard Process Re-Engineering without capturing organizational routines and behaviors and half hearted
ERP implementation can too damage your growth
Haphazard Process Re-Engineering without capturing organizational routines and behaviors and half hearted
ERP implementation can too damage your growth
Do you know why buyers or investors place higher value when Internal Controls are robust and matured?
Go to Index
Gro
wth
Ope
ratio
ns
Core Functions
Ris
k / C
ompl
ianc
e
Executive Functions (Board / CEO)
Reduced risk of hidden liabilities
Reliable Financial Reporting
Better Relationship with Stakeholders and Regulators
Lesser legal and compliance hassles
Implies Management Depth
Efficient Operations
What Robust Internal Controls Indicate?
Risk Horizon
Do you know your Internal Control Responsibilities under Companies Act, 2013?
Go to Index
Directors to lay down and maintain Internal Financial Controls
They should also ensure its adequacy and operating effectiveness
Certify adequacy of internal financial controls, identified deficiency, if any and corrective measures taken in their report
Statutory Auditors to make a statement in their report on adequacy of Internal control system and its operating effectiveness
Auditor to report to CG, if he has reason to believe that fraud has been committed against the company by its officers or employees.
Audit Committee to evaluate internal financial controls.
Independent directors to satisfy themselves on the integrity of financial information
Independent Directors to ensure financial controls and risk management systems are robust and defensible
Directors(Sec 134, Rule 8 (5)
VII)
Statutory Auditors
Sec 143 (3) i & (12)
Audit Committee & Ind. Directors
Sec 177 & Schedule VI
Do you know penalty for non compliances to the responsibilities under Companies Act, 2013?
Go to Index
Officer in default include:
Whole-time Directors, Key Managerial Personnel including CEO, CFO, Company Secretary Any person in accordance with whose advice, boards acts Every director, in respect of a contravention of any of the provisions of this Act,
who is aware of or participated in such contraventions
Penal Provisions under Companies Act, 2013
Imprisonment up to 5 years or fine up to Rs. 5 lakh or both
Penal provisions for non compliance u/s 134 on IFC disclosure
Rs. 25 lakh on the company and 3 years imprisonment and / or up to INR 5 lakh on the “Officers in default”
DirectorsStatutory Auditors
Audit Committee & Independent
Directors
Responsibility & Accountability COSO Framework
Each COSO Cell has a responsibility triangle
Audit Committee
Board
Corporate Head
Unit Head
Segment Head
Breadth of Responsibilities
Responsibilities are less at the top but accountability is high
Everyone's responsibility and accountability touches components of the Internal
Controls as well as all its objectives in some way or other.
A robust system needs to be developed that provides high level assurance
Go to Index
Understanding and ImplementingInternal Controls =
Improving Margins + Plugging Leakages +
Controlling overheads + =
Orderly Growth & Navigating Control
Internal Control ‘Quality’ Framework = IxCFO + Proteus
Strategy and Commitment refers sound corporate governance by ensuring that the organization is appropriately and Effectively guided, managed and controlled.
Capability refers to refers to the ability to carry out the necessary business activities competently. It includes the adequacy of resources (human, technical, physical & financial); responsibility, authority, accountability; & training.
Performance Management refers to the ongoing management, measurement and analysis of information, activities and progress toward goals and objectives.
Active Monitoring refers to the continuous learning, transformation and verification of controls to ensure business activities have been carried out in accordance with established policies and procedures.
Organisational ControlsCode of Conduct Business Plans HR Induction & Training Risk Identification and Evaluation Management
Key Internal Control Elements – Policy & Procedures
Procedural Controls:Approval AuthoritySegregation of Duties Documentation of ControlsFinancial Accounting ControlsManagement Accounting Controls to Safeguard Asset MIS and IT Controls Independent Monitoring
Key Control Environment Elements
Key Internal Control Processes
Business Internal Control Processes can be articulated in a standardized way by utilizing the following cascading levels:Business Line Results Activity Key Business Processes Business Process Internal Controls
Control Environment: The internal control environment is the framework under which internal
controls are developed, implemented and monitored
Internal control policy & procedures:
Internal controls are the policies and procedures established and
implemented alone, or in concert with other policies or procedures, to
manage and control a particular risk or business activity, or combination of risks or business activities, to which
the organization is exposed or in which it is engaged.
Internal Control Processes: The process, effected by an
organization's executive management, senior management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the
effectiveness and efficiency of operations, the reliability of financial
reporting and compliance with applicable laws and regulations.
Go to Index
ReportingReporting
Our Internal Control ‘Design’ Framework
Identification of: Process Activities TasksIdentification of: Input Output I/O relationshipDefining: Responsible Accountable Consult Informed
Linkages with other processes
Linkages with other functions
Review Policies & Business Rules
Risk identification Risks description Measurement Categorization
Monitoring Framework Tools & Techniques On the job Training
Identifying Value and Volume
Nature of transaction viz. routine or non-routine
Defining Reporting norms Disclosure Norms MIS structure
Defining Benchmarks KPIs KRAs
Process InterfaceProcess Interface MeasurementMeasurement
Actual transactions
Actual transactions
MonitoringMonitoringRisksRisks
ProcesscontrolsProcesscontrols
Control description Control type Control effectiveness Control efficiency
Process Documentatio
n
Process Documentatio
n
Policies &Business
Rules
Policies &Business
Rules
12 Go to Index
Internal Control Maturity Objective
COSO Control FrameworkOperations Financial Reporting Compliance
Design Implementation Knowledge Retention
Control Maturity
Process People Technology
Process Maturity
Data Analysis Strategic Cost Management
Performance Measurement
Management Accounting
Reporting Style to TopUse of Numbers Use of Graphics Use of Animations &
Sound
COSO Control FrameworkOperations Financial Reporting Compliance
Design Implementation Knowledge Retention
Control Maturity
Process People Technology
Process Maturity
Data Analysis Strategic Cost Management
Performance Measurement
Management Accounting
Reporting Style to TopUse of Numbers Use of Graphics Use of Animations &
Sound
Internal Audit & change
management initiative
Enterprise
wide Risk
Management
Business Intelligence
Control Activities & Risk
Management
Strategy Building
Comprehensive AS-Is process review and identification of gaps
Developing and documenting Standard Control Procedures as per COSO Internal control framework.
Preparing separate Action Plan for Design, Implementation and Technology related issues
Implementing RACI for robust internal communication and reporting
Building strong Monitoring function, MIS/ dash board for enhanced organizational control and visibility.
Reporting to top Management, Board and Audit Committee along with results of update testing and process improvement reporting
Controls Scoring Methodology implementation
To achieve control maturity with effective
monitoring and responsiveness at the top
we follow 7 steps rigorously.
Desired Control Maturity
DetectiveControls
PreventiveControls
Manual Controls
Automated Controls
Missing Controls
D I T
Desired Control Maturity
DetectiveControls
PreventiveControls
Manual Controls
Automated Controls
Missing Controls
D I T
Go to Index
Fraud Prevention Objective
▲ Knowing which areas to target isn’t self-evident, however, and we
mainly use inductive analysis which entails:
Becoming familiar with the business or operation to be studied.
Understanding the kinds of fraud that could occur.
Determining what symptoms or signs the most likely frauds would display.
Using queries to search corporate information systems for such symptoms.
Evaluating the symptoms found to see whether fraud or other factors
caused them.
It is also important to know nature of fraud that are possible in a given
industry.
To identify incorrect practices followed in the business routinely.
Understanding operations at new business location or remote business
location
To identify inadequate control over dealings with related parties and other
business allies
Circumstances for fraud:
Concealment: Chance of remaining undetected.
Opportunity: The right place and right time for fraudster.
Motivation: a personal need – greed
Attractive: a desirable target Success: the chance of
avoiding prosecution
Possible Indicators of Fraud
Inadequate internal controls Poor computer security High staff turnover Poor segregation of duties Duplication in the process Inventory Mismatches Negative Cash balances
Understanding Fraud Risk
Go to Index
Our Credentials
Our Score-card = Integrity led Multiplier = Ix
© Private & Confidential 16
Score Card = Xcellence in ServicesSector Agnostic Clients
( Revenue size Rs.10cr. - Rs.300 Cr)
45+ ( Owners - Family set-ups/PE Portfolio Cos/Professionals)
Team Members & cumulative experience
12 CFO/FC level Partners with 100 + Man-years domain expertise
Modules in our mandate 2 Way positioning with 24 x 7 presence Shared ( On-site) and
Virtual ( Off-site)
CFO Services (Retainership + Project specific) engagement
3 Segmentation of deliverables / products/services around
Tx + Fx + Ix
Key Knowledge Partners 18+ Network Partners across 6 major cities in India
Current aggregate Revenue of ixCFO Clients
Rs.1200 cr. + under CFO mandates
THANK YOU
Go to Index
Sanjay Gaggar, CEO, ixCFO [email protected]
Cell: +9198675 55852
A presentation by – Sanjay Gaggar & Narayan Mantri
:
Narayan Mantri, CEO Proteus Advisors Pvt [email protected]
Cell: +9198207 51265