CA FINAL

ELECTIVE PAPER 6A: RISK MANAGEMENT

Case Study

ZEO Payment Technology is one of promising Financial Technology Start Up

Company in India. ZEO is founded in 2015 and has emerged as one of the largest
player in India’s Domestic Money Transfer (DMT) (Cash to Bank) segment. It is an
award winning Online Transaction platform for DMT, Payments and Travel. ZEO
has won several accolades and awards such as the prestigious National Payments
Excellence Award 2016 organized by the National Payment Council of India for the
largest number of transactions on the IMPS (non-Bank category). ZEO has one of
the largest cash collection network agents in the country to work on cash collection
and banking activities.
RA has founded ZEO and is now aspiring to apply for the Small Payment Bank
License. The application has to be made to a Statutory Authority. As per the
Statutory Authority’s guidelines the payment bank applicant have to submit the top
10 risk scenarios that they would face while operating a Small Payment Bank in
India.
The Board of ZEO would then evaluate the risk scenarios and prepare a formal
report to adopt the risk scenarios with specific risk management actions. Post
discussions at the Board and adoption of the risk scenarios, RA would make the
application to the Statutory Authority for transforming ZEO into a Small Payment
Bank.
Required:
1. Design any 5 risk scenarios in the following format out of risk scenarios given in
Exhibits.
Risk Scenario Title

Scenario description

Impact of scenario

Current measures to
manage risks

(4 marks for each scenarios)

© The Institute of Chartered Accountants of India 1

 2. Prepare a report to the Board of ZEO including:
(i) Bucketing of above identified risks
(ii) Likelihood Scale (10 marks)
3. Multi Choice Questions (MCQs)
(i) Which among the following is the most potent measure to prevent a
cyber-attack on a Small Payment Bank?
(a) Control of physical access to the system
(b) Strong Password
(c) Multi-layer authentication
(d) All of the above
(ii) What is the most important advice that the RBI gave to banks to
prevent bank frauds?
(a) Thorough performance evaluation of bank employees.
(b) Conducting investor awareness programs regularly to inform
and train customers to apprehend fraud.
(c) Proactive fraud control initiatives.
(d) All of the above
(iii) How RBI ensures to prevent money laundering activities?
(a) All cash transactions of more than `10,00,000 requires an
Aadhar number.
(b) Any financial transaction above `500000 required an Aadhar
Number.
(c) Both (a) and (b)
(d) None of the above
(iv) Every unlisted company having a paid up share capital of `10 crore
or more is not required to constitute a/an
(a) Audit committee
(b) Nomination and Remuneration Committee
(c) Risk Management Committee
(d) Suitable policy for training and performance evaluation of
directors.
(v) What is the main source of worry to banks regarding their
customers?
(a) Cashback facilities offered by e-wallet companies.

© The Institute of Chartered Accountants of India 2

 (b) Non-banks are getting access to their customer information
through third party applications.
(c) Deficiencies in sale of third party investment products by
lenders.
(d) Non-adherence to the RBI instructions with regard to mobile
or electronic banking services.
(vi) In a Risk Enabled and Risk Managed Organisations is
a Monitoring tool to track progress of risk management.
(a) Flow Charts with Risk Flags
(b) Risk Event Maps
(c) Risk Scorecards
(d) Value at Risk
(vii) On likelihood scale an event that happens every 10 years or more in
the industry shall be placed at level .
(a) 1
(b) 2
(c) 3
(d) 4
(viii) The two oil shocks in 1970s triggered unusually severe economic
consequences. These episodes for many institutions represent
stress scenarios.
(a) Normal
(b) Severe
(c) Near Default
(d) Stress to Default
(ix) ABN-Amro Bank, Amsterdam, wants to purchase `15 million against
US$ for funding their Vostro account with Canara Bank, New Delhi.
Assuming the inter-bank, rates of US$ is `51.3625/3700, what
would be the rate Canara Bank would quote to ABN-Amro Bank?
Further, if the deal is struck, the equivalent US$ amount would be.
(a) US$ 2,92,041.86
(b) US$ 2,94,041.86
(c) US$ 2,91,999.22
(d) US$ 2,93,999.22

© The Institute of Chartered Accountants of India 3

 (x) Which of the following technique to hedge interest rate risk the
premium is least or nil.
(a) Cap
(b) Floor
(c) Collar
(d) None of these (10 x 2 = 20 marks)

© The Institute of Chartered Accountants of India 4

 Exhibit 1
Cyber-attack on the website and systems
Recently, the systems of a PSU Bank have been hacked to create fake documents
that may have been used to raise money outside India or help in dealing of
prohibited items. The fake document may be letter of credit (LC) or guarantees.
The bank later realised that their SWIFT (Society for World Wide Interbank
Financial Telecommunication) system have been used to create fake documents.
SWIFT is a financial messaging service which is used by banks to move millions of
dollars and documents in various countries.
Therefore, the person who hacked into the system to create a fake LC may put it
before a foreign bank for finance. However, the Indian Bank, whose system has
been used to create a fake L.C., may face a claim for money when a foreign bank
tries to recover its money released against an LC.
Some measures have been taken to prevent such reoccurrences in future. Firstly,
physical access to the system must be controlled. Secondly, strong password and
multi-layer authentication policy should be there. And, lastly, identity and token
management policies are needed to control who has access to data.
SWIFT customers should have in place a system of detecting any unusual activity
and how the staff shall respond when such an untoward event happens.
(Extract from an article)

Exhibit 2
Bank Fraud
In a leading multinational bank, a banking fraud of `400 has been taken place. The
fraud has happened because of the mastermind of an employee named Lalit. The
modus operandi of Lalit was to sell investment products to high net worth
individuals (HNIs). He falsely projected to the HNIs that these financial products
are authorised by the bank’s investment product committee.
So, he lured them by convincing them that their investments would be invested in
lucrative schemes giving good returns. Then, he transferred the funds accumulated
from HNIs to some fictitious accounts. Funds amounting to Rs 400 crore belonging
to about 20 customers were transferred to such accounts. He, then, used the
money to invest it into the stock market.
Modus operandi was simple. He lured customers with a fake circular by SEBI promising 2-
3% returns per month. The fake circular also mentioned a custodian that route investor
funds. Lalit also use some blank cheques and he used this to transfer money out of their
accounts directly to the brokerages to be invested in the stock market.
The RBI has issued master circular advising banks to set up internal control system
to combat frauds and to take pro-active fraud control and enforcement measures.
(Source : Extract from a leading financial daily)

© The Institute of Chartered Accountants of India 5

 Exhibit 3
Use of company channels for illegal business or money laundering activities
In ABC Bank, allegations of money laundering surfaces. Allegation was that foreign
exchange to the value of 557 crore has been sent out of India through 11 fictitious
firms under the shadow of imports.
Further, investigations disclosed that a person alongwith his partner operated 66
accounts at ABC. Further, bank records showed that `505 was deposited by the
accused and remitted abroad through this bank during 2012 to 2016.
He was making illegal fund transfers to Hong Kong on the basis of forged import
documents. He had two companies in Hong Kong PQ and ZY. Funds were actually
remitted to these two firms. The accounts in Hong Kong were in the CEO Bank
from where the funds were transferred to China.
The Government of India has taken some initiatives to curb the practice of money
laundering as illustrated above on the following lines:
The Government has made it mandatory for banks and financial institutions to
check the original identification documents of individuals dealing in cash above the
prescribed threshold, to weed out the use of forged or fake copies.
As per Rule 9 of RBI, every reporting entity shall at the time of commencement of
an account-based relationship, identify its clients, verify their identity and obtain
information on the purpose and intended nature of the business
relationship. Intermediaries like stockbroker, Chit Fund Company, cooperative
bank, housing finance institution and non-banking finance companies are also
classified as reporting entities.
Biometric identification number Aadhaar and other official documents are required
to be obtained by the reporting entities from anyone opening a bank account as
well as for any financial transaction of Rs 50,000 and above.
The same is also required for all cash dealing of more than Rs 10 lakh or its
equivalent in foreign currency, cash transactions where forged or counterfeit
currency notes have been used and all suspicious transactions.
All cross-border wire transfers of more than Rs 5 lakh in foreign currency and
purchase and sale of immovable property valued at Rs 50 lakh or more also fall
under this category, according to the reporting rules.
The Gazette notification said in case the officially valid document furnished does
not contain updated address, a utility bill like electricity, telephone, post-paid
mobile phone, piped gas or water bill which is not more than two months old can be
considered as a proof of address.
Also, property or municipal tax receipt, pension or family pension payment orders
issued to retired employees by Government departments, or letter of allotment of
accommodation from employer can be considered for the same purpose.
(Source : Extract from a leading financial daily)

© The Institute of Chartered Accountants of India 6

 Exhibit 4
Natural Calamity impacting continuity of business operations
Small businesses are personally affected by a storm, earthquake or extreme
weather. Since ZEO payment technology is a small financial technology company,
it can feel the pinch of a natural disaster, in case it happens.
When a natural calamity took place, it affects the supply chain of an organisation
severely. When the devastating flood took place in Thailand in 2011, the impact
was felt the world over, affecting almost every industry from electronics to
automobile. It leads to break down of supply of many crucial components. This
prompted many companies to outsource their supply chain to a few low cost
countries. However, the business of a fintech company may also be impacted if the
physical office from which it conducts its business is also being affected by the
natural disaster.
(Source : Extract from a leading Financial Daily)

Exhibit 5
Non-compliance with legal requirements leading to penalties
ZEO is a fintech company. Peer to Peer (P 2 P) lending is currently in vogue in
ZEO as is te case in other companies. P 2 P lending creates a market for lenders
and borrowers to connect immediately.
Further, with the use of P 2 P remittance platforms such as Transferwise creates a
market place where outgoing remittances are matched with incoming remittances.
For example, if a person in London wants to remit some money to India would
deposit the amount in platforms’ London office. The platforms’ algorithm would
detect another person in India who would want to transfer some money to London.
Then, the platform matches and “nets” the transaction. So, the money never
actually leaves the jurisdiction of a country.
However, the difficulty is that Indian rupee is not freely convertible and Foreign
Exchange Management Act, 1999 i.e. FEMA has provided certain regulations which
curbs the free flow of money. Compliance function has to ensure strict compliance
of Banking Regulation Act, RBI Act, FEMA, Prevention of Money Laundering Act
etc.
All peer-to-peer lending (P2P) platforms will be regulated by the Reserve Bank of
India (RBI), according to a government of India notification. The Reserve Bank of
India (RBI) said, through an 18 September, 2017 gazette notification, those peer-
to-peer lenders (P2P)—companies that provide loan facilitation services from their
platform—will be treated as non-banking financial companies (NBFCs).
The Reserve Bank of India's move to allow up to 100% foreign direct investment
(FDI) in regulated financial services companies other than banks or insurance
companies through the automatic route is likely to benefit several fintech startups

© The Institute of Chartered Accountants of India 7

 as it is expected to ease equity funding norms, increase investor interest, and also
help them expand into more financial services.
(Source : Extract from a leading Financial Daily)

Exhibit 6
Corporate Governance Issues
ZEO Payment Technology is a small unlisted company willing to venture into the
field of Small Payment Bank. ZEO has 6 directors out of which one is independent
director. The paid up share capital of the company is `12 crore. However, the
company is yet to draft a suitable policy for training and performance evaluation of
directors.
Some of the provisions of the Companies Act, 2013 relating to Corporate
Governance have been given in the following sentences. Every company having a
paid up share capital of `10 crore or more has to constitute an audit committee and
shall have atleast two independent directors. Further, it is required to appoint a
Nomination and Remuneration Committee and draft a suitable policy for training
and performance evaluation of directors. Also, a company having a paid share
capital of `50 crore or more OR a turnover of `200 crore or more has to appoint an
internal auditor to conduct internal audit of the functions and activities of the
company.
The new Companies Act has given powers to Serious Fraud Investigation Office
(SFIO) to carry out arrests, raids and seizure in respect of certain offences of the
act which attract the punishment for fraud. Further, as per the section 212, on the
intimation of special resolution passed by the company, SFIO can investigate into
the affairs of the company or on the receipt of a report of the Registrar or inspector
or in the public interest or on request from any Department of the Central
Government or a State Government.
Moreover, the Companies Act, 2013 do not contain any compulsory provision for
constitution of a Risk Management Committee. However, it requires its Board to
develop and implement a risk management policy and identify risks which may
threaten the existence of the company.

© The Institute of Chartered Accountants of India 8

 Exhibit 7
3.2 million debit cards compromised; IBS, CFDH Bank, CCC Bank,
No Bank and ITU Bank worst hit
Banks in India will either replace or ask users to change the security codes of as
many as 3.2 million debit cards in what's emerging as one of the biggest ever
breaches of financial data in India, people aware of the matter said. Several victims
have reported unauthorised usage from locations in China.
Of the cards, 2.6 million are said to be on the Visa and Master-Card platform and
600,000 on the RuPay platform. The worst-hit of the card-issuing banks are IBS,
Bank, CFDH Banks, CCC Bank and No Bank.
The breach is said to have originated in malware introduced in systems of Sakura
Payment Services, enabling fraudsters to steal information allowing them to steal
funds.
CFDH Bank said it had already taken action in the matter a few weeks back.
"Besides advising those customers who we know have used a non- CFDH Bank
ATM in the recent past to change (their) ATM PIN, we are advising our customers
to use only CFDH Bank ATMs as we believe security controls at some of the other
bank ATMs may not be at par with HDFC Bank ATMs”.
The newspaper had reported on Wednesday that IBS Bank would reissue 600,000
debit cards following a malware-related security breach and has asked customers
to change their PIN numbers as well.
(Source : Extract from a leading Financial Daily)

Exhibit 8

Legal suits, claims by third parties

PhoneSe is a third party app owned by Blipmart. And, it becomes a part of UPI
through a partnership with No Bank. Blipmart recently integrated UPI payments on
its website and is offering customers cashback on their e-wallet on PhoneSe UPI
payment.
However, banks have expressed worry that non-banks are getting access to their
customer information through third party applications developed for the Unified
Payment Interface (UPI).
Therefore, PQRST Bank has blocked customers from accessing their accounts
using the PhoneSe UPI applications.
The RBI on June, 2017 has widened the scope of its Banking Ombudsman Scheme
2006 to include deficiencies arising out of sale of third-party investment products
by lenders. Under the amended scheme, a customer would also be able to lodge a

© The Institute of Chartered Accountants of India 9

 complaint against banks for non-adherence to the RBI instructions with regard to
mobile or electronic banking services.
Following the amendment, the pecuniary jurisdiction of the ombudsman to pass an
award has been doubled from `10 lakh to ` 20 lakh. The ombudsman has been
empowered to award compensation not exceeding ` 1 lakh for loss of time,
expenses incurred and also harassment and mental anguish suffered by the
complainant. There is also an option for customers to go in for appeal in respects
to closed complaints which was not available earlier.
(Source : Extract from a leading Financial Daily)

Exhibit 9

Rumors Spark Run On Indian Bank

Wall Street's worries made their way to India Tuesday as CCC Bank , the country's
largest private-sector bank, saw hundreds of clients withdrawing cash at branches
and ATMs in some parts of the country on rumors that the bank could fail.
Chief Executive K.V. Kumar said the rumors were "baseless and malicious."
Central Bank, in an unprecedented move, issued a statement saying there was
enough liquidity at CCC Bank and the Central Bank had arranged to provide
adequate cash to the bank to meet the demands of customers.
So far, CCC is the only Indian bank that has been directly hit by the recent
disasters on Wall Street. Its U.K. subsidiary has $80 million in exposure to Lehman
Brothers , a substantial portion of which may have to be written down, said Ajit
Saxena, an analyst with Benaam Securities, a Mumbai-based financial services
firm, in a report. The subsidiary has a provision of about $12 million against
investment in these bonds.
"The key worry, of course, remains that if any other global bank or financial
institution files for bankruptcy, CCC may have to take further losses, the extent of
which is not known," the Benaam report says. Total capital base of overseas
subsidiaries stood at $800 million in the first quarter of fiscal year 2009.
CCC Bank, through its U.K. and Canadian subsidiaries, has around $5 billion of
investment book (largely bonds, certificates of deposit and other treasury assets).
Of this, roughly 60% is invested in various U.S. and European banks. "The recent
crisis could lead to high MTM [mark-to-market] losses in the overseas investment
book," Saxena added.
According to Indian media reports, anxious CCC customers rushed to withdraw
their money from ATMs and branches after rumors the bank was in trouble due to
exposure to Wall Street's mess.
CCC, which has consolidated assets of $105 billion, saw net profits of $900 million
in fiscal year 2008 on revenue of $10 billion and $155 million in the first quarter of

© The Institute of Chartered Accountants of India 10

 this year on revenue of $2.2 billion. But it has seen its stock price hammered from
a 52-week high of $37 (Jan. 14) to $9.60 Tuesday.
As of June 30, it had a capital adequacy ratio of 13.4%, well above the regulatory
requirement of 9%. Kumar added that the U.K. subsidiary had zero exposure to
U.S. subprime credit and zero non-performing loans. If only Wall Street was so
lucky.
(Source: Extract from a leading Financial Magazine)

Exhibit 10

EMAIL
From: Lee Port
To: Mr. Z (CEO of ZBO Payment Bank)
Dated:……………………………………
Subject: Pitch Presentation for financing of proposed small payment bank
under the FDI Scheme of Govt. of India
Hi Z,
This has reference to your last week’s Pitch Presentation at Singapore for making
investment in your proposed Small Payment bank in India. While the idea of this
type of banking is naïve in India but the most catchy feature of the same is to reach
consumers through mobile phones rather than traditional system of bank branches
as it is quite uneconomical affair for the banks to open branch in each and every
village of India. This is a good initiate by Govt. of India as a major step towards
financial inclusion in India where a major part of population is living in villages.
Before we forward your proposal of investing the funds in your start-up to the
Board please confirm the following unique features of the proposed Small Payment
Banks:
• Payment bank will reduce the dependency on Cash and will increase m-
commerce as mobile wallet will be used as payment option.
• Payment Bank will invest 75% of its demand deposits in Government
Securities and Treasury Bills and balance 25% can be held as fixed deposits
with other Scheduled Commercial Banks.
• Payment bank can also provide Forex Cards to the travellers.
• Payment Bank will get a big chunk of deposit comparing to commercial banks
due to reason of providing higher interest rates.
In case there is any deviation in above points please let us know immediately.
Thanks,
Lee Port

© The Institute of Chartered Accountants of India 11

 ELECTIVE PAPER 6A – RISK MANAGEMENT
SUGGESTED SOLUTION – CASE STUDY 1

1.

Source- Exhibit 1

Risk Scenario Title Fraud Risk

Scenario description The system of the Bank can be hacked to create may
face a claim for money when a foreign bank tries to
recover its money released against an LC.

Impact of scenario Huge loss to bank if the number of LC transactions is

large.

Current measures to manage risks Bank should have in place a system of detecting any
unusual activity and how the staff shall respond when
such an untoward event happens.

Some measures must be taken to prevent such

reoccurrences in future. Firstly, physical access to the
system must be controlled. Secondly, strong
password and multi-layer authentication policy should
be there. And, lastly, identity and token management
policies are needed to control who has access to data.

Source- Exhibit 2

Risk Scenario Title Governance or Reputation Risk

Scenario description Using name of bank to customers for higher returns

and opening fictitious accounts.

Impact of scenario Bank may lose its reputation and may face
unwarranted litigations.

© The Institute of Chartered Accountants of India

1
 Current measures to manage risks Proper internal control system should be set up to
combat frauds and to take pro-active fraud control and
enforcement measures.

Source- Exhibit 3

Risk Scenario Title Reputation Risk

Scenario description Bank account can be used for illegal transfer of funds
and money laundering activities.

Impact of scenario Bank may face paucity of funds and its reputation
may also take a beating. It will be also being
answerable to various stakeholders.

Current measures to manage risks The bank should check the original identification
documents of individuals dealing in cash above the
prescribed threshold, to weed out the use of forged
or fake copies.

Source- Exhibit 4

Risk Scenario Title Natural Hazardous Risk

Scenario description Small businesses are generally affected by a

storm, earthquake or extreme weather.

Impact of scenario The business of a bank may also be impacted by

the natural disaster by which the physical office
from which it conducts its business is also being
affected by the calamity.

Current measures to manage risks It can insure itself from any natural calamity.

© The Institute of Chartered Accountants of India

2
 Source- Exhibit 5

Risk Scenario Title Regulatory or Compliance Risk

Scenario description In case payment bank is engaged in the business of P

2 P and their receipt and payment of money from India
to any foreign country and vice-versa takes place.
However, the platform matches and netted the
transaction and the money never actually leaves the
jurisdiction of a country.

Since, Indian rupee is not freely convertible and

Foreign Exchange Management Act, 1999 i.e. FEMA
has provided certain regulations which curbs the free
flow of money.

Impact of scenario Non-compliance of FEMA provisions will attract

penalty.

Current measures to manage risks The risk can be managed to a large extent with the
compliance of RBI notifications.

Source- Exhibit 6

Risk Scenario Title Regulatory or Governance Risk

Scenario description The company is yet to draft a suitable policy for training and
performance evaluation of directors and it has not appointed any
committees.

Impact of scenario This may invite penalties from the court and wrath of the
investors.

Current measures to Constitute an audit committee and shall have atleast two
manage risks independent directors. Further, it is required to appoint a
Nomination and Remuneration Committee and draft a suitable
policy for training and performance evaluation of directors.

© The Institute of Chartered Accountants of India

3
 Even though, the Companies Act, 2013 do not contain any
compulsory provision for constitution of a Risk Management
Committee, but it is in the interest of bank to constitute a Risk
Management Committee.

Source- Exhibit 7

Risk Scenario Title Cyber or Technology Risk

Scenario description Breaches of financial data and security of debit

cards were compromised. The malware introduced
in systems enabling the fraudsters to steal
information and allow them to steal funds.

Impact of scenario Penalties and litigations to be faced by bank.

Current measures to manage risks Banks may either replace or ask users to change
the security codes.

Reissue of debit cards and asking customers to

change their PIN numbers as well.

Source- Exhibit 8

Risk Scenario Title Fraud or Data Security Risk

Scenario description Non-banks are getting access to the bank’s

customer information through third party
applications developed for the Unified Payment
Interface (UPI).

Impact of scenario Privacy is the issue here. Customers’ details are

getting compromised.

© The Institute of Chartered Accountants of India

4
 Current measures to manage risks
Risk Scenario Title
Scenario description
Impact of scenario
Current measures to manage risks
Risk Scenario Title
Scenario description
© The Institute of Chartered Accountants of India
Bank should be very careful while entering into any
agreement with a third party app like PhoneSe.
Agreement shall be entered into only after proper
verification and knowledge about their business.
Source- Exhibit 9
Reputation or Business Continuity Risk
The rumour that bank is the only bank which has
been hit directly by the recent disasters and it could
fail.
This may leads to people flocking to ATMs and
bank branches to withdraw cash. Also, bank’s
stock price hammered.
Such rumour should be taken care of by proper
media and people management. There should be
a prompt response on the part of the Bank to ward
off such rumour with the help of media. Proper
people management requires action on the part of
banks to pacify and inform customers so that future
reoccurrences of such panic situations can be
avoided.
Source- Exhibit 10
Finance or Forex and Interest Rate Risk
As banks can issue the Forex Card there may be
some variation in the rates at which same has been
acquired and disposed of.
5
 Since the rate of interest offered by the bank on its
deposit is higher in comparison to the traditional
banking and the fund shall be deposited in Govt.
Securities instead of Commercial lending, the
spread between receipt and payment of interest
will be marginalized. Hence any change in the
market interest rate shall lead to erosion in the
spread.

Impact of scenario Loss on account of Forex exchange rate volatility

and squeezing of Interest Spread Gains.

Current measures to manage risks Hedging the forex and interest rate using various
techniques such as Forward, Futures and Option
contracts.

Note: Students are expected to design any 5 risk scenarios in the prescribed format out of
the above-mentioned 10 scenarios.

2.

To: The Board

From: ABC, Risk Consultant

Date: 29 December 2017

Subject: Risk Management

Introduction

This report covers

(i) Bucketing of above identified risks

(ii) Likelihood Scale

© The Institute of Chartered Accountants of India

6
 (i) Bucketing of above identified risks

Risk Risk Scenario Title Bucketing of identified

No. risks

1 Fraud Risk Severe

2 Governance or Reputation Risk Major

3 Reputation Risk Major

4 Natural Hazardous Risk Severe

5 Regulatory or Compliance Risk Major

6 Regulatory or Governance Risk Major

7 Cyber or Technology Risk Major

8 Fraud or Data Security Risk Major

9 Reputation or Business Continuity Risk Moderate

10 Finance or Forex and Interest Rate Risk Moderate

(ii) Likelihood Scale

Exhibit Risk Scenario Title Likelihood Scale

1 Fraud Risk Unlikely

2 Governance or Reputation Risk Likely

3 Reputation Risk Likely

4 Natural Hazardous Risk Unlikely

5 Regulatory or Compliance Risk Likely

6 Regulatory or Governance Risk Likely

© The Institute of Chartered Accountants of India

7
 7 Cyber or Technology Risk Very unlikely

8 Fraud or Data Security Risk Likely

9 Reputation or Business Continuity Risk Very unlikely

10 Finance or Forex and Interest Rate Risk Very likely

Conclusion

As a small bank, some of the risk which especially Risk Nos. 5,6 and 8 needs special
attention.

3. (i) (d)

(ii) (c)

(iii) (a)

(iv) (c)

(v) (b)

(vi) (c)

(vii) (b)

(viii) (b)

(ix) (a)

(x) (c)

© The Institute of Chartered Accountants of India

8
 PAPER – 6A: RISK MANAGEMENT

CASE STUDY 2

ABC Ltd. is a Delhi based company. It was established in 2009 and deals in the manufacturing business of
high-end electronics distributed through retail superstore. The company is currently going through a rapid
growth phase. Its products are receiving good response from the market. The company is experiencing the
challenges of retaining good sales employees and developing an efficient financial system. Ravi Narain is
the CFO of the company.
ABC Ltd. has an outdated computerized accounting system which does not lock out the changes made after
the month end.
ABC is looking to develop a more effective and efficient financial system and considering implementing an
incentive plan for sales employees who are currently paid a flat salary.
ABC Ltd has a turnover of ` 800 crores in 2016-17 and was listed on Indian Stock exchange in 2014. Ajay
and Pawan are the newly appointed directors of Finance and Human Resource divisions respectively.
Ajay is a street smart finance professional and he played a critical role in the areas of budgeting and
forecasting, finance and asset management. He has a team of 25 people including Jatin and Mohit who
directly reports to Ajay.
In spite of a limited salary, Ajay maintains a lavish style of living. Jatin maintains the journal entries
according to Ajay’s directions. One day HSBC bank notified Ravi Narain that Ajay’s personal credit card
balances were being paid off by ABC’s account. Since, Ravi Narain was busy for Board Meeting confirmed
that this might be reimbursement of his Travelling Expenses.
Jatin records the internet sales from the company’s retail outlet as well as carries out following functions:
1. Reconciliation of accounts receivable sub-ledger to general ledger
2. Mailing checks to vendors
3. Coding and recording of checks received for deposit
Ravi normally never reviews financial details as he trusts Ajay.
On the Human Resource front, to overcome the problem of retaining the sales employees, the company has
recently hired Pawan as the HR director who is known for developing good HR policies to manage people
effectively and motivate them to perform well.
Pawan advised the management to implement a compensation plan of base salary and bonus instead of fixed
monthly salary. Sales incentive compensation is based on the performance of sales employees. The
performance can be measured by looking at the revenue they generate for the employees. The management
liked the proposal advised by Pawan and the compensation plan is finalized which was as follows.
Base Salary: 35,000/month
Commission: 5% of Sales exceeding 10,00,000/month + 5% extra commission on sales made over and
above 20,00,000/-
Consequently, the present organization structure comes out as follows:

© The Institute of Chartered Accountants of India

 Board of Directors

Managing
director

Ravi IT head Sales &

HR Head
Narayan Marketing
(Finance
Head)
Ajay Kothari
)
(Finance Manager) Pawan Pandey IT Director Sales & Marketing
(Director) Managers

Jatin
(Manager) HR Manager IT Manager Support Staff

Mohit
(Manager)
HR Analysts IT Analysts

After passing some time, the Board of Directors started realizing that the company is facing liquidity crunch.
Also, the introduction of new compensation plan resulted in unhealthy competition among employees.
Some employees were less willing to provide assistance to struggling co-workers and would prefer to improve
their own productivity. It also promoted an environment of excessive risk – taken by the sales employees for
pursuing short term profits.
The company has a system of identification of risk but only at the functional level and not for processes.
Further these Risks are not communicated among various organization levels.
A. Questions
The Board of Directors approaches you and requests you to submit a report on the following aspects:
(i) Identify the Risks that may be possible and their nature. (5 Marks)
(ii) Scaling of these identified risks based on ICAI Guide on Risk Based Internal Audit. (5 Marks)
(iii) Any three to four approaches to identify and assess the risk. (5 Marks)
(iv) Course of action to be followed to treat these risks. (5 Marks)
(v) Matters on which Risk Governance Framework can define a policy statement. (5 Marks)
(vi) Risk Maturity Level and reasons for the same. (5 Marks)

© The Institute of Chartered Accountants of India

B. Multiple Choice Questions
1. As per the ………. risk has been defined as resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute
its strategies, or from the setting of inappropriate objectives and strategies.
(a) Basel II
(b) ICAI - SA 315
(c) CIMA
(d) None of these
2. Which of the following is not the classification of risk as stated by Enterprise Risk Management?
(a) Knowledge risk
(b) Operational risk
(c) Financial risk
(d) Residual risk
3. Which of the following is not the benefit of the risk management plan?
(a) Saving Valuable resources: time, income, assets, people and property can be saved it fewer claims
occur.
(b) Creating a safe and secure environment for staff, visitors and customers
(c) Reducing legal liability and increasing the stability of your operations
(d) Provide an absolute assurance that risks will be mitigated.
4. In which of the following techniques to assess and evaluate risks, a panel of experts are appointed and
each of them gives his/her opinion in a written and independent manner:
(a) Judgment and intuition
(b) The Delphi approach
(c) Scoring
(d) Quantitative techniques
5. Which of the following is not the risk type that often overlaps or is caused by operational failure?
(a) Regulatory Risk
(b) Financial Risk
(c) Credit Risk
(d) Legal Risk
6. Technique involving acceleration of payments of hard currency and delaying payments of soft currency
payables to hedge forex exposure is called
(a) Netting
(b) Managing Blocked Funds
(c) Leading and Lagging
3

© The Institute of Chartered Accountants of India

 (d) None of these
7. Which of the following option gives the effect of it purchases into a floating rate of interest that is bounded
on both high side and the low side?
(a) Cap Option
(b) Floor Option
(c) Collar Option
(d) Swaption
8. Which of the following exposure measures the effect of fluctuations in foreign exchange rate on the
value of the firm?
(a) Transaction Exposure
(b) Translation Exposure
(c) Economic Exposure
(d) Industry Exposure
9. More risk in a project can be incorporated by decreasing
(a) Estimated future cash inflows from the project
(b) Initial investment in the project
(c) Required rate of return of the project
(d) Internal rate of return of the project
10. Which of the following action is called hedging?
(a) Protection of a profit already made from having undertaken a risky position
(b) Making profit by accepting risk
(c) Reducing or eliminating exposure to risk
(d) None of these (10 x 2 = 20 Marks)

© The Institute of Chartered Accountants of India

 ELECTIVE PAPER 6A: RISK MANAGEMENT

SUGGESTED SOLUTION

Case study 2

Note: Please note these solutions are for guidance purpose only.

(A)

To: The Board

From: ABC, Risk Consultant

Date: 6th April 2018

Subject: Risk Management

Our Report on the various issues raised is as follows:

(i) The possible Risks and their nature are as follows:

• Financial risk - These risks are associated with the financial assets, structure and transactions of the
particular industry. In other words, these risks are related specifically to the processes, techniques and
instruments utilised to manage the finances of the enterprise, as well as those processes involved in
sustaining effective financial relationships with customers and third parties.
• Operational Risk - These risks are associated with the on-going, day-to-day operations of the
enterprise. In other words, these risks associated with the operations of an organization. It is the risk of
loss resulting from failure of people employed in the organization, internal process, systems or external
factors acting upon it to the detriment of the organization. It includes Legal Risk and excludes strategic
and Reputational Risks as they are not quantifiable.
(ii) Scaling of Risk as identified above:
• Measurement of the likelihood of risk
Financial Risk – Likely (score 4)
Operational Risk – Likely (score 4)
• Risk Consequences
Financial Risk – Major
Operational Risk – Major
(iii) Four approaches are suggested to identify and assess the risk as below:
• Analysis of processes – Under this technique, material or significant business processes are flow
chartered. This will facilitate identification of process level operational risks. An approach that helps
improves the performance of business activities by analysing current processes and making decisions
on new improvements.
• Brainstorming – Under brainstorming a group of employees put forward their ideas or sensation of
risk. The employees estimate the risk based on their past experience or intuition involves a focused
group of managers working together to identify potential risks, concerns, root causes, failure modes,
hazards, opportunities and criteria for decisions and/or options for treatment. Brainstorming should

1
© The Institute of Chartered Accountants of India
 stimulate and encourage free-flowing conversation amongst a group of knowledgeable and focussed
people with a fair/objective outlook. The group should not be biased or critical. It is one of the best and
most popular ways to identify both risks and key controls and is the basis for most successful risk
workshops.
• Questionnaires & Interviews - Focused on detecting the concerns of staff with respect to the risks or
threats that they perceive in their operating environment. During a Structured interview, interviewees
are asked through a set of prepared questions to encourage the interviewee to present their own
perspective and thus identify risks. Structured interviews are frequently used during consultation with
key stakeholders when designing the risk management framework. Structured interviews are good to
assess risk appetite and tolerance when developing risk appetite statements. A specialist in risk
prepares interviews with various management level members of the company in order to elicit the
concerns.
• Checklists are information aids to reduce the likelihood of failures from potential hazards, risks or
controls that have been developed usually from past experience, either as a result of a previous risk
assessment or as a result of past failures or incidents or history or industry learning. Auditors often
prepare checklists of key controls to aid in their assessment of control effectiveness and the internal
control environment. Checklists are good guiding tools; however, can lead to herd mentality and risk
managers can miss out on fresh risk thinking and the big picture.
Note: Students can also mention any four techniques other than above.

(iv) Suggested course of action to reduce/ manage risk i.e. risk treatment is as follows:
• Strengthening of Internal Controls System
• Setting up limits for the sanction of amounts.
• Setting up operational risk management department.
Note: Students can also mention other course of action based on their work experience.

(v) The Risk Management (Governance) Framework should define a policy statement on the following
matters:-
(i) Determining when to review the Risk Management Framework (RMF) and the frequency for undertaking
the review.
(ii) Deciding who is responsible for the review. The RMF is generally reviewed by the Audit Committee or
a team of Directors. Once in few years the RMF can be reviewed with external facilitation. This would
provide fresh insights and benchmarking information to the Board.
(iii) Selecting the scope and method for a review. The scope and boundary of the RMF review can be clearly
set out along with the most suited method for review.
(iv) Manner of circulation of results.
(vi) The risk maturity level of the company is “Risk Aware”. The reason is that the risks are identified within
functions and not across processes. Also, risks are not communicated across the enterprise. It is basically a
scattered silo based approach to risk management.
B. Answers to Multiple Choice Questions
1. (b)
2. (d)
3. (d)

2
© The Institute of Chartered Accountants of India
4. (b)
5. (c)
6. (c)
7. (c)
8. (c)
9. (a)
10. (c)

3
© The Institute of Chartered Accountants of India
 PAPER – 6A: RISK MANAGEMENT

CASE STUDY 3

Sunshine Ltd. is a software company specialized in the software development for their clients. In the last
decade it has earned a good name and fame. For example, a super critical boiler in a thermal power plant
takes 10-12 days to be fine-tuned or synchronized. It means system is shut for power generation and lead to
loss of millions of dollars. Sunshine Ltd. came up with a solution that cuts the time taken to synchronize a
boiler from 10-12 days to 3-4 days through the use of software and services of IT Professionals. The main
strength of Sunshine is the IT professional they employed with it.
It captured data through sensors on the boilers, use the algorithm built in house to check nearly 240
parameters and over 10,000 combinations to tune the boiler.
It also helped a global heating, ventilation and air conditioning firm to bring down the time taken to design an
AC solution in a building or office from 9 days to just 2 hours now.
However, traditional outsourcing business of Sunshine Ltd is dying a slow death as clients cutting their
budgets on such services and shifting their focus on newer areas such as digi tal and cloud.
Three-fourth of the revenue of Sunshine Ltd is from traditional services. However, half of its revenue still
comes from fixed price projects which allow it the flexibility to determine the resources it deploys and use
software tools to deliver services. Now, the aim is to increase that goal by reducing the dependency on people
and more on software led services which coincide with it’s goal of IT Modernization.
Sunshine Ltd. derives a major portion of its revenues from customers discretionary spending which is linked
to their business outlook. It’s major revenues are from UK, USA and other European countries.
Some draft legislations in USA has been made to restrict the availability of work visas. Such protectionist
policies threaten the prospect of global mobility of people which may also affect the work of Sunshine Ltd. as
distributed software development requires free movement of people.
Appreciation of the rupee against any major currency results in the revenue denominated in that currency to
appear lesser in reported terms. Then, there may be different exchange rate when sale took place and when
invoice is collected.
The Internal Financial Control System
The internal Financial Control System of Sunshine Ltd. has been laid down as below:
• Recording and providing reliable financial and operation information.
• Safeguarding assets.
• Ensuring compliance with corporate policies.
• Well defined delegation of power.
• Efficient ERP system.
• Internal audit by one of the big audit firm.
• Periodic audit by specialized third party consultants.
• Audit Committee found internal financial control adequate.

© The Institute of Chartered Accountants of India

A. Questions
(1) Discuss the SWOT analysis of Sunshine Ltd. (5 Marks)
(2) Briefly explain the political risk to be encountered by Sunshine Ltd. (3 Marks)
(3) Elucidate the types of exposures risks to be encountered by the company. (6 Marks)
(4) How can the company tackle the exposure of difference in exchange rates when sale took place and
when invoice is collected. (12 Marks)
(5) Discuss the efficacy of the Internal Financial Control System of Sunshine Ltd. (4 Marks)
B. Multiple Choice Questions
1. Risk Adjusted Discount Rate Method is based on the concept that………
(a) investors demand higher returns from more risky projects
(b) investors demand lower returns from more risky projects
(c) investors demand higher returns from less risky projects
(d) None of these
2. A project has a cost of capital of 10% and a payback period of 2 years with annual cash inflows
commencing from year end 2 to 4 of Rs. 60 crore. The initial investment outlay at the beginning of year
1 shall be
(a) Rs. 67.80 crore
(b) Rs. 74.58 crore
(c) Rs. 60.00 crore
(d) Rs. 95.07 crore
3. If interest rates are 3.4% and 1.4% per annum in USA and UK respectively and spot exchange rate is $
1.40/£ then 90-days forward rate shall be
(a) Rs. 1.346976
(b) Rs. 1.347976
(c) Rs. 1.406976
(d) Rs. 1.407976
4. Which of the following risk will not affect foreign exchange rate?
(a) Investment Risk
(b) Inflation Risk
(c) Interest Rate Risk
(d) Sovereign Risk
5. The purpose of Financial Swap is to reduce .
(a) Interest Rate Risk
(b) Exchange Rate Risk
(c) Credit Risk
(d) Both (a) and (b)
6. In case if principal or interest payment overdue between 61-180 days then as per RBI’s framework for
Revisiting Distressed Assets in Economy they are classified in category .

© The Institute of Chartered Accountants of India

 (a) SMA – 0
(b) SMA – 1
(c) SMA – 2
(d) SMA – 3
7. ______________ as a formal discipline for risk and capital management was born out of financial crises.
(a) Substantive procedures
(b) Test of Controls
(c) Corporate Governance
(d) Stress Testing
8. Which of the following is not a type of country risk?
(a) Political Risk
(b) Financial and Economic Risk
(c) Credit Risk
(d) None of the above
9. Which of the following risk action describe:
Reducing the risk likelihood or impact by transferring or, otherwise, sharing a portion of the risk. Common
techniques include purchasing insurance cover, outsourcing activities, engaging in hedging
transactions.
(a) Avoid
(b) Reduce/Manage
(c) Transfer/Share
(d) Accept
10. Speech Recognition, Handwriting Recognition and Intelligent Robots uses .
(a) Block Chain Technology
(b) Distributed Ledger Technology
(c) Artificial Intelligence
(d) None of these (10 x 2 = 20 Marks)

Exhibit 1
Domestic ratings agency ICRA said that the appreciation in the rupee is aggravating the troubles of the Indian
IT sector, which is already hit by a change in the market landscape and compressing revenue growth.
It said the industry is already reeling under pressures like uncertain macroeconomic environment, lower deal
sizes in digital technologies, cloud adoption and high competitive intensity.
The agency said despite a 8.1 per cent growth in USD revenue, IT players have registered a growth of only
three per cent in the second quarter of the current fiscal, due to the rupee appreciation of four per cent during
the quarter.
Due to the difficulties on the currency front, the agency said the $160 -billion industry will be able to notch a
mid-to-high single digit growth till FY20.

© The Institute of Chartered Accountants of India

On margins, it said the industry should brace for an impact on margins as price led competition is likely to
intensify and will negatively impact the spreads.
"IT Services players profitability also remains sensitive to rupee depreciation vis -a-vis major currencies such
as USD, GBP and Euro and the same too will have an impact," it said.
Its vice president Gaurav Jain said future growth will be supported by higher spend on digital technologies,
continued cost benefit offered through outsourcing model and market share gains for the Indian IT sector.
"While companies have increased spending on digital technologies and awarding new contracts, the overall
IT budgets have moderated leading to lower incremental spends," he said.
He, however, warned that an increase in the global IT market, which moved up to 67 per cent in 2016 from
60 per cent in 2012, will be limited as Indian IT Services companies, which are in the midst of re -orienting
their business models focusing more on higher-end services such as IT consulting and digital, are lagging
behind the competition.
"We expect large Indian IT companies to grab a higher share of the digital services space over the next three
years," he said.
From a vertical standpoint, manufacturing is outperforming with a 5.8 per cent growth but the largest revenue
contributor of banking and financial services has shown a muted trend over the last few quarters on
macroeconomic conditions including factors like Brexit.
Over the next decade, the agency expects consolidation in the sector due to the margin pressures.
The rating agency, however, said that despite the pressures on growth and profitability, credit profile for the
sector will remain stable.
(Extract from Economic Times)

Exhibit 2
The U.S. government is toughening up the process for renewing a popular foreign work visa.
This week, U.S. Citizenship and Immigration Services advised its officers to "apply the same level of scrutiny"
to extension requests for the H-1B visa, among other sought after visas.
In other words, officers are instructed to review requests for renewal as t horoughly as they would initial visa
applications.
The H-1B is a common visa pathway for high-skilled foreigners to work at companies in the U.S. It's valid for
three years, and can be renewed for another three years. It's a program that's particularly nea r and dear to
the tech community, with many talented engineers vying for one of the program's 85,000 visas each year.
The directive rescinds the previous guidance, which gave "deference" to previously approved visas "as long
as the key elements were unchanged and there was no evidence of a material error or fraud related to the
prior determination."
"This updated guidance provides clear direction to help advance policies that protect the interests of U.S.
workers," said new USCIS Director L. Francis Cissna, who was sworn in this month. President Donald Trump
announced his intent to nominate Cissna last spring.
In April, Trump directed federal agencies to implement a "Buy American, Hire American" strategy, which
included proposing new rules and guidance for preventing fraud and abuse of work visas. The H-1B program,

© The Institute of Chartered Accountants of India

in particular, is one that President Trump has eyed for reform, criticizing abusers of the program who use the
visa to replace American workers.
Other visas impacted by the new guidance include L-1, for intracompany transfers, TN for Canadian and
Mexican citizens, and O-1, for those with "extraordinary abilities."
Some say the new policy will be unnecessarily burdensome and is aimed at limiting foreign workers.
Betsy Lawrence, the director of government relations for the American Immigration Lawyers Association, told
CNN Tech that the previous guidance made it efficient to review cases. Even then, USCIS had the authority
to question prior decisions and request additional information in reviewing exte nsions.
“We are going to much greater scrutiny of these cases, and thus delays, even when the underlying facts have
not changed," Lawrence told CNNMoney.
Immigration attorney Chris Wright of The Wright Law Firm told CNNMoney that it fits a broader pattern: "It
seems clear that USCIS have been instructed to push back wherever they can..." he said, noting that "the
prevailing attitude seems to be, 'How might we be able to deny this petition?'"
(http://money.cnn.com/2017/10/25/technology/business/h1b-visa-renewal-uscis/index.html)

Exhibit 3
Effect on IT sector due to Brexit
The Indian IT sector, faced with multiple challenges, is already bracing itself for a tough ride with US tightening
its visa norms. Brexit only adds to the growing uncertainty in the business environment for the IT companies.
Of the $108-billion of the IT industry’s estimated exports in 2015-16, 17 per cent was to the UK and about
11.4 per cent to other nations within the EU. For large Indian IT companies, over a fourth of their revenues
come from Europe, in particular from the UK.
Currency has always been a wild card for the IT sector. Wild swings in the pound vis -à-vis dollar and the
rupee, will also impact revenues and profits for Indian IT companies. The British pound revenues make for
10-15 per cent of the overall revenues in the case of TCS, Tech Mahindra and Wipro. For Infosys, GBP
revenue makes for 6.7 per cent of the overall revenue.
With pound depreciating sharply over the past year, dollar revenues of Indian IT companies have been under
pressure. The pound has also depreciated over 20 per cent against the rupee. This can reduce cost arbitrage
for companies outsourcing to the UK.
(Extract from Hindu Business Line)

© The Institute of Chartered Accountants of India

 ELECTIVE PAPER 6A: RISK MANAGEMENT

SUGGESTED SOLUTION

Case study 3

Note: Please note these solutions are for guidance purpose only.

A. (1) SWOT Analysis of Sunshine Ltd. is as follows:

Strength

– Specialization in the software development for their clients.

– Providing unique solutions to the clients.
– IT professional employed with the company.
– Sound Internal Control system
– A major portion of revenue comes from fixed price projects which allow it the flexibility to determine
the resources it deploys and use software tools to deliver services.
Weakness

– Derives a major portion of its revenues from customers discretionary spending which is linked to
their business outlook.
– Three-fourth of the revenue of is from traditional services.
– Dependence on the people.
Opportunity

– More focus on software led services which coincide with newer areas such as digital and cloud.
Threat

– Restrictive visa policy by USA may affect the work of sunshine Ltd. and threaten the prospect of
global mobility of people as distributed software development requires free movement of people.
– Appreciation of the rupee against any major currency results in the revenue denominated in that
currency to appear lesser in reported terms.
– Clients cutting their budgets on such services and shifting their focus on newer areas such as
digital and cloud.
(2) The first political risk is toughening of visa policies by present US Government. The new directive rescinds
the previous guidance, which gave "deference" to previously approved visas as long as the key elements
were unchanged and there was no evidence of a material error or fraud related to the prior determination.
This may affect the free movement of IT people from India across USA thereby also affecting the work of
Sunshine Ltd.
Secondly, the exit of Britain from European Union i.e. Brexit only added to the woes of the IT sector. Of the
$108-billion of the IT industry’s estimated exports in 2015-16, 17 per cent was to the UK and about 11.4 per
cent to other nations within the EU. For large Indian IT companies, over a fourth of their revenues come from
Europe, in particular from the UK. This may affect the profitability position of Sunshine because of the
currency fluctuations.

1
© The Institute of Chartered Accountants of India
(3) The types of exposures risks to be encountered by Sunshine Ltd. are discussed as below:
Transaction Exposure - It measures the effect of an exchange rate change on outstanding obligations
that existed before exchange rates changed but were settled after the exchange rate changes. Thus, it
deals with cash flows that result from existing contractual obligations. For example, in the case of
Sunshine Ltd. if services are exported to USA for $10,00,000 due in one month and if the dollar
depreciates relative to the rupee, a cash loss occurs. Conversely, if the dollar appreciates relative to the
rupee, a cash gain occurs.
Further, domestic ratings agency ICRA has highlighted that the appreciation in the rupee is aggravating the
troubles of the Indian IT sector, which is already hit by a change in the market landscape and compressing
revenue growth.
Economic Exposure – It refers to the extent to which the economic value of a company can decline
due to changes in exchange rate. ICRA has said that despite an 8.1 per cent growth in USD revenue, IT
players have registered a growth of only three per cent in the second quarter of the current fiscal, due to the
rupee appreciation of four per cent during the quarter.
It also pointed out that IT Services players profitability also remains sensitive to rupee depreciation vis-a-vis
major currencies such as USD, GBP and Euro and the same too will have an impact.
(4) The company tackle the exposure of difference in exchange rates when sale took place and when invoice is
collected through hedging currency risks which are explained as below:
(i) Internal Techniques: These techniques explicitly do not involve transaction costs and can be used
to completely or partially offset the exposure. The techniques relevant to Sunshine Ltd. can be
further classified as follows:
– Invoicing in Domestic Currency : Should the seller (exporter) i.e. Sunshine Ltd. elect to
invoice in foreign currency, perhaps because the prospective customer prefers it that way or
because sellers tend to follow market leader, then the seller should choose only a major
currency in which there is an active forward market for maturities at least as long as the
payment period. Currencies, which are of limited convertibility, chronically weak, or with only
a limited forward market, should not be considered.
– The seller’s ideal currency is either his own, or one which is stable relative to it. But often the
seller is forced to choose the market leader’s currency. Whatever the chosen currency, it
should certainly be one with a deep forward market.
– Price Variation: Price variation involves increasing selling prices to counter the adverse
effects of exchange rate change. This tactic raises the question as to why the company has
not already raised prices if it is able to do so. In some countries, price increases are the only
legally available tactic of exposure management.
– Asset and Liability Management : This technique can be used to manage cash flow
exposures. In essence, asset and liability management can involve aggressive or defensive
postures. In the aggressive attitude, the firm simply increases exposed cash inflows
denominated in currencies expected to be strong or increases exposed cash outflows
denominated in weak currencies. By contrast, the defensive approach involves matching cash
inflows and outflows according to their currency of denomination, irrespective of whether they
are in strong or weak currencies.
(ii) External Techniques: Under this category range of various financial products are used which can
be categorized as follows:
– Money Market Hedging: At its simplest, a money market hedge is an agreement to exchange
a certain amount of one currency for a fixed amount of another currency, at a particular date.

2
© The Institute of Chartered Accountants of India
 For example, suppose a business owner in India expects to receive 1 Million USD in six
months. This Owner could create an agreement now (today) to exchange 1Million USD for
INR at roughly the current exchange rate. Thus, if the USD dropped in value by the time the
business owner got the payment, he would still be able to exchange the payment for the
original quantity of U.S. dollars specified.
– Derivative Instruments: A variety of derivative instruments such as Forward, Futures,
Options and Swap are available to hedge the exposure of foreign exchange .
(5) The Internal Financial Control System of the Sunshine Ltd. is more or less efficient. The reasons are
given as below:
• Recording and providing reliable financial and operation information.
• Safeguarding assets.
• Ensuring compliance with corporate policies.
• Well defined delegation of power.
• Efficient ERP system.
• Internal audit by one of the big audit firm.
• Periodic audit by specialized third party consultants.
And, finally Audit Committee found internal financial control adequate which shows that Sunshine Ltd. has a
good Internal Financial Control System.
B. Answers to Multiple Choice Questions
1. (a)
2. (a)
3. (c)
4. (a)
5. (d)
6. (c)
7. (d)
8. (c)
9. (c)
10. (c)

3
© The Institute of Chartered Accountants of India