Implementing Internal Controls Framework

With our Network Partner :

Proteus Advisors

Index

A

C

B

C O

N T

E N

T S

> Cost effective, High quality, Innovative Process Consulting Solutions

Understanding Your Context

Implementing Internal Controls

Our Credentials

3

10

15

Understanding Your Context

Understanding Your Context

Go to Index

Are you growing or plan to grow 30% + Y-O-Y?

Do you intend toraise funds ( Debt/Equity) fromOutside investors ?

Are you looking for higher margin & therefore higher Business Valuation?

Is Companies Act changes made in 2013, applicable on controls to your organisation ?

need to consider

Orderly

Internal Controls

forachieving

Control Growth

OR

OR

OR

If Yes, then

You

1

Have you launched Process Re-engineering , IT AuotmationERP Implementation for scaling up ?

2

3

4

5

OR

Are your Control Activities keeping pace with your Growth?

Go to Index

Do you know what kind of Internal controls most suited for your growing business?

Business is not systems driven but people driven

Organization structure and reporting lines are ineffective and inefficient

Technology backwardness is hampering further growth

Retaining professional work force is a challenge

Reduced margins Loss, leakage of revenue & Increased Overheads

Lurking fraud risk is bothering

Bad Growth Indicators

Haphazard Process Re-Engineering without capturing organizational routines and behaviors and half hearted

ERP implementation can too damage your growth

Haphazard Process Re-Engineering without capturing organizational routines and behaviors and half hearted

ERP implementation can too damage your growth

Do you know why buyers or investors place higher value when Internal Controls are robust and matured?

Go to Index

Gro

wth

Ope

ratio

ns

Core Functions

Ris

k / C

ompl

ianc

e

Executive Functions (Board / CEO)

Reduced risk of hidden liabilities

Reliable Financial Reporting

Better Relationship with Stakeholders and Regulators

Lesser legal and compliance hassles

Implies Management Depth

Efficient Operations

What Robust Internal Controls Indicate?

Risk Horizon

Do you know your Internal Control Responsibilities under Companies Act, 2013?

Go to Index

Directors to lay down and maintain Internal Financial Controls

They should also ensure its adequacy and operating effectiveness

Certify adequacy of internal financial controls, identified deficiency, if any and corrective measures taken in their report

Statutory Auditors to make a statement in their report on adequacy of Internal control system and its operating effectiveness

Auditor to report to CG, if he has reason to believe that fraud has been committed against the company by its officers or employees.

Audit Committee to evaluate internal financial controls.

Independent directors to satisfy themselves on the integrity of financial information

Independent Directors to ensure financial controls and risk management systems are robust and defensible

Directors(Sec 134, Rule 8 (5)

VII)

Statutory Auditors

Sec 143 (3) i & (12)

Audit Committee & Ind. Directors

Sec 177 & Schedule VI

Do you know penalty for non compliances to the responsibilities under Companies Act, 2013?

Go to Index

Officer in default include:

Whole-time Directors, Key Managerial Personnel including CEO, CFO, Company Secretary Any person in accordance with whose advice, boards acts Every director, in respect of a contravention of any of the provisions of this Act,

who is aware of or participated in such contraventions

Penal Provisions under Companies Act, 2013

Imprisonment up to 5 years or fine up to Rs. 5 lakh or both

Penal provisions for non compliance u/s 134 on IFC disclosure

Rs. 25 lakh on the company and 3 years imprisonment and / or up to INR 5 lakh on the “Officers in default”

DirectorsStatutory Auditors

Audit Committee & Independent

Directors

Responsibility & Accountability COSO Framework

Each COSO Cell has a responsibility triangle

Audit Committee

Board

Corporate Head

Unit Head

Segment Head

Breadth of Responsibilities

Responsibilities are less at the top but accountability is high

Everyone's responsibility and accountability touches components of the Internal

Controls as well as all its objectives in some way or other.

A robust system needs to be developed that provides high level assurance

Go to Index

Understanding and ImplementingInternal Controls =

Improving Margins + Plugging Leakages +

Controlling overheads + =

Orderly Growth & Navigating Control

Internal Control ‘Quality’ Framework = IxCFO + Proteus

Strategy and Commitment refers sound corporate governance by ensuring that the organization is appropriately and Effectively guided, managed and controlled.

Capability refers to refers to the ability to carry out the necessary business activities competently. It includes the adequacy of resources (human, technical, physical & financial); responsibility, authority, accountability; & training.

Performance Management refers to the ongoing management, measurement and analysis of information, activities and progress toward goals and objectives.

Active Monitoring refers to the continuous learning, transformation and verification of controls to ensure business activities have been carried out in accordance with established policies and procedures.

Organisational ControlsCode of Conduct Business Plans HR Induction & Training Risk Identification and Evaluation Management

Key Internal Control Elements – Policy & Procedures

Procedural Controls:Approval AuthoritySegregation of Duties Documentation of ControlsFinancial Accounting ControlsManagement Accounting Controls to Safeguard Asset MIS and IT Controls Independent Monitoring

Key Control Environment Elements

Key Internal Control Processes

Business Internal Control Processes can be articulated in a standardized way by utilizing the following cascading levels:Business Line Results Activity Key Business Processes Business Process Internal Controls

Control Environment: The internal control environment is the framework under which internal

controls are developed, implemented and monitored

Internal control policy & procedures:

Internal controls are the policies and procedures established and

implemented alone, or in concert with other policies or procedures, to

manage and control a particular risk or business activity, or combination of risks or business activities, to which

the organization is exposed or in which it is engaged.

Internal Control Processes: The process, effected by an

organization's executive management, senior management and other personnel, designed to provide

reasonable assurance regarding the achievement of objectives in the

effectiveness and efficiency of operations, the reliability of financial

reporting and compliance with applicable laws and regulations.

Go to Index

ReportingReporting

Our Internal Control ‘Design’ Framework

Identification of: Process Activities TasksIdentification of: Input Output I/O relationshipDefining: Responsible Accountable Consult Informed

Linkages with other processes

Linkages with other functions

Review Policies & Business Rules

Risk identification Risks description Measurement Categorization

Monitoring Framework Tools & Techniques On the job Training

Identifying Value and Volume

Nature of transaction viz. routine or non-routine

Defining Reporting norms Disclosure Norms MIS structure

Defining Benchmarks KPIs KRAs

Process InterfaceProcess Interface MeasurementMeasurement

Actual transactions

Actual transactions

MonitoringMonitoringRisksRisks

ProcesscontrolsProcesscontrols

Control description Control type Control effectiveness Control efficiency

Process Documentatio

n

Process Documentatio

n

Policies &Business

Rules

Policies &Business

Rules

12 Go to Index

Internal Control Maturity Objective

COSO Control FrameworkOperations Financial Reporting Compliance

Design Implementation Knowledge Retention

Control Maturity

Process People Technology

Process Maturity

Data Analysis Strategic Cost Management

Performance Measurement

Management Accounting

Reporting Style to TopUse of Numbers Use of Graphics Use of Animations &

Sound

COSO Control FrameworkOperations Financial Reporting Compliance

Design Implementation Knowledge Retention

Control Maturity

Process People Technology

Process Maturity

Data Analysis Strategic Cost Management

Performance Measurement

Management Accounting

Reporting Style to TopUse of Numbers Use of Graphics Use of Animations &

Sound

Internal Audit & change

management initiative

Enterprise

wide Risk

Management

Business Intelligence

Control Activities & Risk

Management

Strategy Building

Comprehensive AS-Is process review and identification of gaps

Developing and documenting Standard Control Procedures as per COSO Internal control framework.

Preparing separate Action Plan for Design, Implementation and Technology related issues

Implementing RACI for robust internal communication and reporting

Building strong Monitoring function, MIS/ dash board for enhanced organizational control and visibility.

Reporting to top Management, Board and Audit Committee along with results of update testing and process improvement reporting

Controls Scoring Methodology implementation

To achieve control maturity with effective

monitoring and responsiveness at the top

we follow 7 steps rigorously.

Desired Control Maturity

DetectiveControls

PreventiveControls

Manual Controls

Automated Controls

Missing Controls

D I T

Desired Control Maturity

DetectiveControls

PreventiveControls

Manual Controls

Automated Controls

Missing Controls

D I T

Go to Index

Fraud Prevention Objective

▲ Knowing which areas to target isn’t self-evident, however, and we

mainly use inductive analysis which entails:

Becoming familiar with the business or operation to be studied.

Understanding the kinds of fraud that could occur.

Determining what symptoms or signs the most likely frauds would display.

Using queries to search corporate information systems for such symptoms.

Evaluating the symptoms found to see whether fraud or other factors

caused them.

It is also important to know nature of fraud that are possible in a given

industry.

To identify incorrect practices followed in the business routinely.

Understanding operations at new business location or remote business

location

To identify inadequate control over dealings with related parties and other

business allies

Circumstances for fraud:

Concealment: Chance of remaining undetected.

Opportunity: The right place and right time for fraudster.

Motivation: a personal need – greed

Attractive: a desirable target Success: the chance of

avoiding prosecution

Possible Indicators of Fraud

Inadequate internal controls Poor computer security High staff turnover Poor segregation of duties Duplication in the process Inventory Mismatches Negative Cash balances

Understanding Fraud Risk

Go to Index

Our Credentials

Our Score-card = Integrity led Multiplier = Ix

© Private & Confidential 16

Score Card = Xcellence in ServicesSector Agnostic Clients

( Revenue size Rs.10cr. - Rs.300 Cr)

45+ ( Owners - Family set-ups/PE Portfolio Cos/Professionals)

Team Members & cumulative experience

12 CFO/FC level Partners with 100 + Man-years domain expertise

Modules in our mandate 2 Way positioning with 24 x 7 presence Shared ( On-site) and

Virtual ( Off-site)

CFO Services (Retainership + Project specific) engagement

3 Segmentation of deliverables / products/services around

Tx + Fx + Ix

Key Knowledge Partners 18+ Network Partners across 6 major cities in India

Current aggregate Revenue of ixCFO Clients

Rs.1200 cr. + under CFO mandates

THANK YOU

Go to Index

Sanjay Gaggar, CEO, ixCFO Servicessanjay.gaggar@ixcfo.com

Cell: +9198675 55852

A presentation by – Sanjay Gaggar & Narayan Mantri

:

Narayan Mantri, CEO Proteus Advisors Pvt LtdNarayan.mantri@proteusadvisors.com

Cell: +9198207 51265