Internal Audit Internal Controls Companies Act 2013 Internal

Internal Audit & Internal Controls Companies Act 2013

Internal Audit Definition of Internal Audit (ICAI) • An independent critical appraisal of – An entity’s functioning – With a view to suggesting improvements – And strengthen the overall governance mechanism of the entity

Internal Audit Definition of Internal Audit • Review of internal controls • Both financial and non financial • Alignment to Business Objectives

Internal Audit Types: • Financial • Operations • Management • Efficiency/Performance • Information Security • Social/Environmental

Internal Audit Usefulness of Internal Audit: • Businesses are growing in size • Statutory Auditor has limited time to examine and verify all records and documents. • Board needs assurance that laid down policies and processes are well followed Internal Audit, therefore, becomes an absolute necessity.

Internal Audit • The new Companies Act 2013 provides for appointment of an Internal Auditor for certain prescribed class of Companies.

Internal Audit • Sec 138 covers Internal Audit. • Generic provision • Sub Section (1) – Prescribed Class or Classes of Companies required to appoint an Internal Auditor – Such Auditor shall be a Chartered Accountant or a Cost Accountant or such other Professional as may be decided by the Board

Internal Audit • Internal Auditor to conduct audit of the functions and activities of the Company. Sub Clause (2) • The Central Government may, by rules, prescribe the manner and the intervals in which the internal audit shall be conducted

Internal Audit • Internal Auditor shall submit his/their report to the Board of Directors/ Audit Committee of the Board. • The Audit Committee of the Board or the Board will formulate: – – the scope functioning periodicity and methodology of conducting the Internal Audit.

Internal Audit Rule 13 of the Companies (Accounts) Rules 2014 prescribes classes of Companies covered under Sec 138: - Every Listed Company - Specified Unlisted Companies

Internal Audit Specific Unlisted Public Company: • Turnover of 200 crores or more during the previous financial year; or • Outstanding loans or borrowings in excess of 100 crores due to banks or public financial institutions at any point of time during the previous financial year; or • Paid up share capital of 50 crores or more during the previous financial year; or • Outstanding deposits of 25 crores or more at any point of time during the previous financial year.

Internal Audit Specific Unlisted Private Company: • Turnover of 200 crores or more during the previous financial year; or • Outstanding loans or borrowings in excess of 100 crores due to banks or public financial institutions at any point of time during the previous financial year;

Internal Audit Impact on Companies covered by Sec 138: • Listed Companies already undertake Internal Audit as part of overall corporate governance requirements. • Other Companies will now fall in line. Some of them could already be following the same. • Increased Compliance Cost for Companies coming into fold for the first time.

Internal Audit Impact on Companies covered by Sec 138: • The manner of internal audit has also not been stated. • Expected to relate to financial review only. • Once announced, could lead to a lot of interpretation before things settle down.

Internal Controls • Policies and processes of an organisation governing operations to ensure that the objectives laid down by the Management are responsibly met and all interests of stakeholders are protected.

Internal Controls Companies Act 2013 has introduced specific Requirements relating to: • Risk Management Policy followed by the entity • For certain prescribed companies manner of evaluation of the performance of the Board and individual Directors • Auditor’s Report to contain certain disclosures as per Companies (Auditor’s Report) Order 2015. • In the case of listed companies on internal financial controls.

Internal Controls Risk Management Policy: Directors’ Report to specify • Development of a Risk Management Policy • Implementation of a Risk Management Policy • Identification of Risks that can threaten the very existence of the Company

Internal Controls Risk Management Policy: Definition • A process designed to – Identify potential events that may affect an entity; – Manage risks to be within its appetite; – Provide Reasonable Assurance regarding achievement of entity objectives.

Internal Controls Risk Management Policy: Includes risks related to: • Financial • Operations • Strategy • Environment • Technology

Internal Controls Evaluation of Performance of Board and Individual Directors: Directors’ Report to specify • Manner of Performance evaluation of – Board – Committees – Individual Directors

Internal Controls Evaluation of Performance of Board and Individual Directors: • Self Evaluation is a very difficult process • Evaluating Independent Directors is even harder since they are not whole time.

Internal Controls Companies (Auditor’s Report) Order 2015 Statutory Auditor to Report on: • Fixed Assets – Documentation and Verification • Inventory – Verification • Internal Control System for Purchase and Sale of Goods and Fixed Assets • Grant of Loans

Internal Controls Companies (Auditor’s Report) Order 2015 Statutory Auditor to Report on: • Deposits – Compliance on Rules • Statutory Dues • Cost Records • Transfers to Investor Eduction and Protection Fund

Internal Controls Companies (Auditor’s Report) Order 2015 Statutory Auditor to Report on: • Net Worth in respect of new companies. • Reporting on Fraud • Default in payment of dues to banks/debenture holders • Guarantees given • Usage of Funds received.

Internal Controls Internal Financial Controls: Defined by The Companies Act 2013 as: • Policies and procedures followed by the Company for: Ensuring the orderly and efficient conduct of the business; Adherence to company policies; Safeguarding of its assets; Prevention and detection of frauds and errors; Ensuring the accuracy and completeness of the accounting records; and – Timely preparation of reliable financial information – – –

Internal Controls Internal Financial Controls: Every Directors’ Responsibility Statement to State: • Directors had laid down internal financial controls to be followed; • Such internal financial controls are adequate; • Such controls were operating effectively.

Internal Controls Internal Financial Controls: Auditor’s Report to state: • Whether the Company has adequate internal financial controls in place; • Operating effectiveness of such controls.

Internal Controls Internal Financial Controls: Independent Directors should satisfy themselves on: • The integrity of financial information ; • The systems of risk management and financial control are robust and defensible.

Internal Controls Internal Financial Controls: • These are new requirements under the Act. • Currently the Act looks at Internal Financial Controls in the context of financial reporting. • The Directors need to familiarise themselves with the enhanced responsibilities; • Internal Audit to assume greater assurance role. • Enhanced reporting requirements to add to Cost of Compliance.

Internal Audit and Internal Controls Why the New Provisions: • Many Companies are Listed – Shares are widely held. Small shareholders need comfort that nothing is amiss; • Banks lend a large amount of money for their short term and long term requirements; • Ownership and Management are separate. Professional Managers handle all operations of the Company; • Businesses are growing in size and therefore impact the society in which they operate.

Thank You.