Legal Aspects of Business

A Case for Governance Audit for Better Corporate Governance

Submitted to Dr. I. Sridhar

By
Madhavi Bhoyar
2014PGPM011

Date of submission: March 28, 2015

LETTER OF TRANSMITTAL
28-Mar-2015

Dr. I. Sridhar
Legal Aspects of Business
IIM Indore

Dear Sir,
Sub: Submission of A Case for Governance Audit for Better Corporate Governance.

As per your instructions, I have analyzed the impact of Governance Audit on corporate
governance as part of LAB course. The report that contains the results of the analysis is
attached.

Yours sincerely,
Madhavi Bhoyar

INDEX
1.
2.
3.
4.
5.
6.
7.

Introduction .
Conceptual Discussion ..
Implementation of the Auditing Governance in India
Alternative systems in other countries ..
Data Analysis & Interpretation .
Conclusion
Bibliography

4
7
13
17
18
19
20

1. INTRODUCTION
Doing the right thing and doing it in the right way is the essence of Corporate Governance.
To meet the needs of all the stakeholders, an excellent Corporate Governance is supposed to
include effective internal control systems, policies, procedures and a group of direct
management.

Benefits of Good Corporate Governance:

Some of the benefits of good corporate governance are:

Brings stability to markets

Strengthens competitiveness (companies and economies)
Strengthens institutions
Improves risk mitigation
Promotes investment, lowers cost of capital
Weakens corruption
Strengthens lending
Promotes reform of state-owned enterprises
Promotes successful privatization
Builds transparent relationships between business and state
Helps to combat poverty

Reasons of failure of Corporate Governance:

Management incompetence

Non-observance of the procedures stipulated in internal regulations

Insufficient attention paid to risk management

Inconsistent distribution of duties and responsibilities

Inefficiency of internal audit

Ignorance showed to the signals provided by external audit

Influencing the external auditors to express an audit opinion inconsistent with reality.

Corporate Governance Framework

Following table depicts the fraudulent companies due to improper governance in their
companies :

No
1
2
3
4

Company Name
Satyam
Enron
Tyco
Wal-mart

Country
India
USA
USA
USA

5
6
7

Worldcom
Parmalat
Xerox

USA
Italy
USA

Reasons for Failure

Understatement of Liability & Inflated Earnings
Inflated Earnings
Improper Share Details
Government Interventions due to weak internal
controls & class action lawsuits by employees
Expenses showed as capital expenditure
Incorrect Transaction recorded
Accelerated revenue recognition

Internal Audit:
Due to above mentioned reasons for failure of good governance; the concept of internal
auditing was introduced. Internal Auditing is designed in such a way so as to improve
organization's operations. It helps in aligning the objective a firm by incorporating a disciplined
approach to gauge and improve the effectiveness of risk management, control, and governance
processes.

Internal Auditing involves activities like risk management, managing operations efficiently and
safeguarding assets effectively and compliance with laws and regulations. To identify
fraudulent cases, auditors may conduct proactive frauds audits. Thus they can detect financial
losses if any by participating in fraud investigations under the direction of fraud detection
professionals.
There was no provision for the concept of Internal Audit in the 1956 Act. But in the 2013 Act,
for better internal control and corporate governance, utility of internal audit was recognized.

2. CONCEPTUAL DISCUSSION
The Auditor(s) do not have a direct control over the company; rather they are sort of inspectors of
all the records in the financial year.
Role of Audit Committee in Corporate Governance
Directors, who form the members of the board of the company, may exercise their power either
directly or indirectly through appointment of managers. As it is difficult for the Board of Directors
to operate, they delegate their responsibilities to managers who are specialized in respective
domains. One of the mandatory tasks is to prepare financial statements and annual accounts.
Annual Report of the company from the perspective of the prospective investors as it indicates
the financial health of the company. Annual Report forms such an important part which
represents the financial status of a company, managers tends to put forth a rosy picture may be
by altering few numbers to avoid questions from the board. To avoid such circumstances it is now
made compulsory to conduct audit of the annual account of the company. The auditors need to
ascertain if the annual report is of fair value based on the information collected from the
company. However, there have been instances of accounting and audit failure which led to
several brainstorming sessions by the regulators who suggested different modes of ensuring that
such scandals become events of the past. Instances of such failures like those in the cases of
Maxwell, BCCI and Polypeck in the United Kingdom led to the appointment of Cadbury Committee
on Financial Aspects of Corporate Governance (Cadbury 2003).

Audit Committee Composition:

Any Audit committee member should be financially sound. The committee should comprise of
minimum number of independent members. Audit committee should have communication to
auditor and shareholders too. Chairman of SEC Levitt (1998) has stated Qualified, committed
independent and though-minded audit committees represent the most reliable guardians of the
public interest. 2/3 members of the audit committee must be independent as per the provision
of Companies Act 1956. As per Clause 49 of the listing agreement, the members of the audit
committee must possess financial knowledge in terms of corporate clients and expertise in
accounting aspects. The committee is accountable to provide with just view as it is the most
important decision to execute corporate governance successfully. For successful execution the
committee should comprise of qualified and committed members from all walks of life with
knowledge. The capability of the audit committee to perform independently and raise questions
to management will stimulate auditor to work efficiently and their fair performance will facilitate

good corporate governance

Roles and responsibilities
The duties of directors may be classified into four categories fiduciary duties, duties of care,
statutory duties and other duties. Across the world, the company laws classify two important
duties of the directors one is the duty of loyalty and other is duty of care. It is observed that
most of corporate fraud have occurred on account of breach of these primary duties by directors.
However, emphasis is more on conflict on duties loyalty to the company and accountability to
the investing community. As far as the India is concerned, the Security Exchange Board of India
(SEBI) has been very serious about introducing new rules intensifying the audit committee so as to
guard the interests of the investors in a better manner than before. In May 1999, the SEBI
adopted several new rules based on the suggestion of the report submitted by Kumar Mangalam
Birla committee on improving the efficacy of audit committee. The audit committee as per these
new rules was supposed to perform following roles:
Role of Audit Committee

To have a overview on the financial report progress of a company

To recommend statutory auditor to Board, their appointment, re-appointment,
substitution or elimination, terms and amount of audit fees , approval for payment for any
other services rendered by statutory auditors.
To have reviewed quarterly and annual financial statement along with the management
before they are forwarded to the board for approval.
To make significant adjustment in financial statement as a result of audit findings.
Compliance in listing and other legal requirement relating to financial statement
Disclosure of any party transactions Qualifications in draft audit report
To review the statement of uses/ application of funds which have rose through any issue
and IPO proceedings.
To review performance of statutory and internal auditor and the adequacy of internal
control system and function
Discussion with the internal auditor and any momentous conclusion and follow up there
on and review finding of any internal investigations by internal auditors where fraud and
irregularity is suspected

Following are the important points for formation and regulation of an Audit Committee

Audit Committee
(A) Qualified and Independent Audit Committee
An Audit Committee would be a qualified and independent one, subject to following condition:
(i) The audit committee shall have minimum three directors as members. Two-thirds of the
members of audit committee shall be independent directors.
(ii) All members of audit committee shall be financially literate and at least one member shall
have accounting or related financial management expertise.
Explanation 1: The expression financially literate implies that the auditor should be able to
read and comprehend basic financial statements which include balance sheet, profit and loss
account, and statement of cash flows.
Explanation 2: A member who has experience in finance and accounting or professional
certification in accounting will be considered for the Audit Committee. A person having any
other equivalent experience like being or having been a chief executive officer, chief financial
officer or other senior officer with financial oversight responsibilities can also be considered for
Audit Committee.
(iii) The Chairman of the Audit Committee shall be an independent director;
It is the responsibility of the Chairman of the Audit Committee to be present Annual
General Meeting to clarify queries raised by the shareholder ;
The Audit Committee may invite executives who they feel as appropriate and who is the
head of a finance function to become a part of the meetings of the committee. But there
may be times when the committee meets in absence of any executives of the company.
The Audit Committee may be graced with the presence of finance director, head of
internal audit and a representative for their meetings; The Company Secretary shall act as
the secretary to the committee.

(B) Meeting of Audit Committee

It is mandatory for an audit committee to meet at least four times in a year. Moreover there
should not be a gap of more than four months between any two meetings. The quorum for
the meeting of the audit committee shall be either two members or one third of the members
of the committee whichever is greater. But the meeting should have a minimum of two
independent members present.
(C) Powers of Audit Committee
The members of the audit committee should be empowered with the following powers:
1.
2.
3.
4.

Right to investigate any kind of activity which comes within its purview.
Authorized to seek information from any employee of the company.
To be able to gain outside legal or other professional advice.
To secure attendance of outsiders with relevant expertise, if it considers necessary.

(D) Role of Audit Committee

The role of the audit committee shall include the following:

Overview of the companys financial reporting process

Disclosure of its financial information so as to ensure that the company's financial
statement is correct and credible.
The Auditors can recommend to the Board in matters of appointment, re-appointment
and, if required, the replacement or removal of the statutory auditor. They can also have a
say in the fixation of audit fees.
Approval of payment to statutory auditors for any other services rendered by the statutory
auditors.
Before submission of the financial statements to the board for approval, reviewing it
thoroughly along with the management, with particular reference to:
o Matters required to be included in the Directors Responsibility Statement to be
included in the Boards report in terms of clause (2AA) of section 217 of the
Companies Act, 1956
o Amendments, if any, in policies and practices of accounting principals
o Entries involving major accounting estimates which are dependent on the exercise
of judgment by management

10

o Relevant modification made in the financial statements in view of the findings of

the audit
o Conformity with listing and other legal requirements relating to financial
statements
o Revelation of any related party transactions
o Qualifications in the draft audit report

Assessment of the quarterly financial statements with the management, before

submission of the same to the board for approval

Reviewing, with the management, performance of statutory and internal auditors,

adequacy of the internal control systems.

Reviewing the sufficiency of internal audit function, if any, including the composition of
the internal audit department, staffing and seniority of the official heading the
department, reporting structure coverage and frequency of internal audit.

Follow up on the discussion with internal auditors and its considerable findings

Reviewing the results of any internal investigations by the internal auditors where a fraud
is suspected or abnormality or a breakdown of internal control systems of a material
nature and reporting the matter to the board.

Prior to audit, a dialogue with statutory with respect to the nature and scope of audit. Also
a post-audit discussion to make certain any area of apprehension.

To probe the reasons for substantial defaults in the payment to the depositors, debenture
holders, shareholders and creditors.

To examine the functioning of the Whistle Blower mechanism, in case the same is existing.

Following other activities that are mentioned in the terms of reference of the Audit
Committee.

Explanation (i): The term "related party transactions" shall have the same meaning as
contained in the Accounting Standard 18, Related Party Transactions, issued by The Institute

11

of Chartered Accountants of India.

Explanation (ii): If the company has set up an audit committee pursuant to provision of the
Companies Act, the said audit committee shall have such additional functions / features as is
contained in this clause.
(E) Review of information by Audit Committee
The Audit Committee shall compulsorily review the following information:
1. Discussion of Management and examination of financial condition and results of operations;
2. Statement of significant which are submitted by management related to party transactions (as
defined by the audit committee);
3. Management letters / letters of internal control weaknesses released by the statutory
auditors;
4. Internal control weakness in line with Internal audit reports and
5. Audit Committee will verify the appointment, removal and terms of remuneration of the Chief
internal auditor

12

3. IMPLEMENTATION OF THE AUDITING GOVERNANCE IN INDIA

There are different levels of control on the company. There is a team who controls ethics and
culture. Another level is responsible for regulation of rules and procedures. Below is the
framework which highlights the different building blocks of an Internal Financial Control
Framework:

Implementation:
The below model of "Three Lines of Control" provides an effective medium for
communication on Financial Controls by clarifying roles and responsibilities.

13

The first line is majorly responsible for controls mechanism, mitigation of risk and
defining policies and procedures to be complied with
The second line monitors compliance with the laid down control mechanism. It is not
an independent guarantee function, but a monitoring tool for the management
The third line provides the independent assurance on the activities of first and second
lines of defense
Audit Committee and board of directors provide overall direction and oversight

Below is a diagram which shows how an audit committee functions in an organization :

Securities and Exchange Board of India (SEBI) via the Clause 49 of Listing Agreement has
enforced certain mandatory as well as recommendatory corporate governance provisions in
Clause 49 of the Listing Agreement applicable to listed entities. Some of the important
requirements of the Clause 49 pertaining to internal audit are as follows:

14

Section 292A of the Companies Act, 1956 Companies (Auditor's Report) Order, 2003 Others
In addition, Section 292A of the Companies Act, 1956, needs public companies to pay a
capital not less than Rs. 5 crores to constitute a committee of the Board, i.e., the Audit
Committee. In terms of sub section 5 of the said Section, the internal auditor is mandated to
attend and contribute at the meetings of such Audit Committees
Companies (Auditor's Report) Order, 2003
The Central Government, in terms of the power vested under Section 227(4A) of the
Companies Act, 1956 had notified the Companies (Auditor's Report) Order, 2003. Clause (vii)
of the said 2003 order requires the auditor to report as follows: whether in case of listed
companies and/ or other companies having paid-up capital and reserves exceeding Rs. 50
lakhs as at the commencement of the financial year concerned, or having an average annual
turnover exceeding five crore rupees for a period of three consecutive financial years
immediately preceding the financial year concerned, whether the company has an internal
audit system commensurate with its size and nature of its business. Though the clause does
not by itself mandate internal audit in the subjected companies, yet a company to which the
same is applicable, would incur a negative remark from the auditor if it does not have an
internal audit system.

Internal Audit: Adding Value to the Organization

In the past, internal audit model was considered to be transaction-based and cost-driven.
Today, internal audit is undergoing significant change in migrating from a reactive,
historically focused function to a proactive group that takes a risk based focus. It is often
privy to the inner workings and culture. From the management and Audit Committee
perspective this point of view is invaluable. Leading organizations are looking for the internal
audit function to assume a leadership role in assessing and managing their strategic risks,
adding value to the organization and identifying operational improvement opportunities

Risk Management:
The business environment is increasingly throwing up newer challenges and opportunities
with globalization, disruptive technologies and rules being continuously rewritten. New risks
are hence coming up frequently. Risk management is the process of st measuring or assessing
risk and developing strategies to manage it. The 21 century internal auditors have the

15

following vital areas of responsibility in the field of risk management:

Review operations, policies, and procedures.
Help ensure goals and objectives are met.
Understanding the big picture and diverse operations.
Make recommendations to improve economy and efficiency.

Providing assurance about internal controls

Internal controls are a system consisting of specific policies and procedures which are
prepared to offer management with reasonable assertion that the goals and objectives it
believes important to the entity will be met. The internal audit function constitutes a separate
component of internal control with the objective of determining whether other internal
controls are well designed and properly operated. The internal auditor's role is to examine the
effectiveness of the system through continuous evaluation. The audit committee also has right
to make recommendations, if any, for improving that effectiveness. Thus, the focus is towards
improving the internal control structure and promoting better corporate governance.

Compliance
Internal auditor plays an significant role in evaluating the organizations conformity with
external regulations. It can brief management on the actual or potential impact of identified
compliance concerns. It can also make easy the establishment of corrective actions related to
gaps in compliance programs. Internal auditor can also aid in establishing processes to
consistently enforce conformity requirements. It can also be influential in managing the
relationship with external review agencies.

Fraud Detection
Fraud is an ever-present threat to the valuable utilization of resources in an organization and
the risk of fraudulent activities has always been an important management concern. Potential
fraud needs to prevented from happening where as existing fraud needs to be brought in the
lime light. The primary accountability for prevention and detection of fraud rests with
management and those charged with governance. Internal Audit also plays a vital role in
helping the management to fulfill its responsibilities relating to fraud prevention and
detection. Internal audit is in a unique position to identify potentially fraudulent situations
during the course of audit and, thus, plays a strong role in preventing fraud and other illegal
acts.

16

4. Alternative System in Other Countries:

Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002 was enacted because of the series of scandals that took place
in high-profile corporates. It recognized a series of necessities that concerns corporate
governance in the U.S. and influenced similar laws in many other countries. The law required,
following:
The Public Company Accounting Oversight Board (PCAOB) is established to standardize
the auditing profession. Earlier this was self-regulated. Auditors are the ones who are
responsible for verifying the financial statements of corporations as well as issuing an
opinion as to their reliability.
The Chief Executive Officer (CEO) and Chief Financial Officer (CFO) attest to the financial
statements. Prior to the law, CEO's had claimed in court they hadn't reviewed the
information as part of their defense.
The Board audit committees includes members who are independent. They also make it
public whether or not at least one is a financial expert, or justify the reasons why the
committee is without a financial expert.
External audit firms cannot provide certain types of consulting services and must rotate
their lead partner every 5 years. Further, an audit firm cannot audit a company if those
in specified senior management roles worked for the auditor in the past year. In
absence of this law, there existed conflict of interest between providing an
independent opinion on the accuracy and reliability of financial statements when the
same firm was also providing lucrative consulting services

17

5. DATA INTERPRETATION

Satyam

Satyam is another case of a resounding failure in corporate governance, this time in India. It is a
failure that occurred with the fourth largest software company from the country. Satyam is a
little different story as the Chairmen himself admitted the fraud. He wrote to the Board of
Directors and the Capital Market Regulator telling them about the manipulations, which led to
all regulatory frameworks a ridicule. Accounting manipulations included understatement of
liabilities and inflated cash balance. The company had reported a net profit of Rs. 649 cores
whereas the real profit was only Rs.61 cores. Although financial statements were prepared in
accordance with Indian GAAP, IFRS and U.S. GAP, in 2008, the year that we reference, have
been audited by the PWC only those drawn in concordance with Indian GAP. The Board of
Satyam had two teachers from two major schools of business, Mr. Rammohan Rao was from
the Hyderabad Indian Business School, which is the leading business school in India, Mr. Krishna
Paleppu was from the famous Harvard Business School, who allowed such errors in spite of
their skills and competencies. Like in Enron and Lehman Brothers cases, PWC has slowed to
hide the fraud, selective audit test were applied. The stock market was ruptured after this
Satyam incident.
Satyam faces a loss of 70 per cent in the market. There were 50,000 employees who were
jeopardize. investors faced huge losses. Ramalinga Raju resigned from the Board and the
company was blacklisted.

18

6. CONCLUSION:
The Indian regulatory and legal system is well-designed to provide robust auditing services to
investors, capital markets and other stakeholders. However, implementation of checks and
balances often becomes lax, defeating the strength of the structure.
The attestation of a companys financial information by an auditor is only as good as his/her
reputation backed by training and knowledge for doing a thorough audit unhampered by conflicts
of interest. Reputational risk is found to be the strongest insurance against auditor complicity and
therefore assurance of audit quality. Whenever there is a financial crisis, there are strident cries of
greater accountability and increased liability for auditors. However, litigation or threat of litigation
as a means of promoting audit quality has several limitations.
It also raises the cost of auditing across board since the law does not distinguish between one set
of auditors and another. Costs may include costs of extra checking, payment of insurance
premium, costs of defending litigation, etc. There are facts and there are perceptions. When faced
with the prospect of a lawsuit, an audit firm may choose to settle rather than go through the long
drawn process of a trial even if it has strong defenses and put its business fate to hang in balance
till the conclusion of the trial. This may, therefore, cause considerable reputational damage to the
firm if the investing public considers the settlement as an admission of guilt.
Business reversals often are just thatbusiness reversals and nothing more insidious like
collusion of auditors is usually proven. (Enron would probably have failed anyway, regardless of
who the auditor was, because its business model was faulty). The overall rate of fraud conviction
globally is lowand frauds in which auditors participate are lower still (Arthur Anderson was
exonerated by the US Supreme Court but too late in the day). Populist sentiments often force
regulators to be seen taking action but that may really not help improve the overall system in the
long term.
What is needed is constant attention to the regulatory mechanism and ensuring that it works
efficiently rather than more laws and regulations. (Annexure I list out regulations concerning
auditors that are followed in various countries.)

19

7. BIBLIOGRAPHY

file:///C:/Users/sir/Downloads/Auditors.pdf

http://www.corpgov.deloitte.com/binary/com.epicentric.contentmanagement.servlet.
ContentDeliveryServlet/USEng/Documents/Deloitte%20Periodicals/Audit%20Committ
ee%20Brief/ACBrief_2015Issue1.pdf

http://www.corpgov.deloitte.com/binary/com.epicentric.contentmanagement.servlet.
ContentDeliveryServlet/USEng/Page%20Copy/Audit%20Committee/Audit%20Committ
ee%20Resource%20Guide/Audit%20committee%20leading%20practices%20and%20tr
ends.pdf

https://docs.google.com/a/iimidr.ac.in/document/d/14Ngc6C_J53BTzPj1qh_fqsnxtNO
158F1kcDGdAr4avc/edit#heading=h.25l21embebhy

http://www2.deloitte.com/in/en/pages/risk/articles/audit-committee.html

http://www.cipe.org/sites/default/files/publication-docs/CG_USAID.pdf

file:///C:/Users/sir/Downloads/ME20120700004_79216559.pdf

http://ipasj.org/IIJM/Volume1Issue2/IIJM-2013-07-08-001.pdf

http://ipasj.org/IIJM/Volume1Issue2/IIJM-2013-07-08-001.pdf

http://taxguru.in/company-law/critical-analysis-internal-audit-provisions-companiesact-2013.html

http://www.ey.com/Publication/vwLUAssets/EY-companies-act-13-gearing-up-to-bein-control-of-internal-financial-controls/$FILE/EY-companies-act-13-gearing-up-to-bein-control-of-internal-financial-controls.pdf

http://www.actionamresponsabil.ro/failure-of-corporate-governance-intention-ornegligence/17037

20