Professional Documents
Culture Documents
Case Studies Risk
Case Studies Risk
Case Studies Risk
Scenario description
Impact of scenario
Current measures to
manage risks
Exhibit 2
Bank Fraud
In a leading multinational bank, a banking fraud of `400 has been taken place. The
fraud has happened because of the mastermind of an employee named Lalit. The
modus operandi of Lalit was to sell investment products to high net worth
individuals (HNIs). He falsely projected to the HNIs that these financial products
are authorised by the bank’s investment product committee.
So, he lured them by convincing them that their investments would be invested in
lucrative schemes giving good returns. Then, he transferred the funds accumulated
from HNIs to some fictitious accounts. Funds amounting to Rs 400 crore belonging
to about 20 customers were transferred to such accounts. He, then, used the
money to invest it into the stock market.
Modus operandi was simple. He lured customers with a fake circular by SEBI promising 2-
3% returns per month. The fake circular also mentioned a custodian that route investor
funds. Lalit also use some blank cheques and he used this to transfer money out of their
accounts directly to the brokerages to be invested in the stock market.
The RBI has issued master circular advising banks to set up internal control system
to combat frauds and to take pro-active fraud control and enforcement measures.
(Source : Extract from a leading financial daily)
Exhibit 5
Non-compliance with legal requirements leading to penalties
ZEO is a fintech company. Peer to Peer (P 2 P) lending is currently in vogue in
ZEO as is te case in other companies. P 2 P lending creates a market for lenders
and borrowers to connect immediately.
Further, with the use of P 2 P remittance platforms such as Transferwise creates a
market place where outgoing remittances are matched with incoming remittances.
For example, if a person in London wants to remit some money to India would
deposit the amount in platforms’ London office. The platforms’ algorithm would
detect another person in India who would want to transfer some money to London.
Then, the platform matches and “nets” the transaction. So, the money never
actually leaves the jurisdiction of a country.
However, the difficulty is that Indian rupee is not freely convertible and Foreign
Exchange Management Act, 1999 i.e. FEMA has provided certain regulations which
curbs the free flow of money. Compliance function has to ensure strict compliance
of Banking Regulation Act, RBI Act, FEMA, Prevention of Money Laundering Act
etc.
All peer-to-peer lending (P2P) platforms will be regulated by the Reserve Bank of
India (RBI), according to a government of India notification. The Reserve Bank of
India (RBI) said, through an 18 September, 2017 gazette notification, those peer-
to-peer lenders (P2P)—companies that provide loan facilitation services from their
platform—will be treated as non-banking financial companies (NBFCs).
The Reserve Bank of India's move to allow up to 100% foreign direct investment
(FDI) in regulated financial services companies other than banks or insurance
companies through the automatic route is likely to benefit several fintech startups
Exhibit 6
Corporate Governance Issues
ZEO Payment Technology is a small unlisted company willing to venture into the
field of Small Payment Bank. ZEO has 6 directors out of which one is independent
director. The paid up share capital of the company is `12 crore. However, the
company is yet to draft a suitable policy for training and performance evaluation of
directors.
Some of the provisions of the Companies Act, 2013 relating to Corporate
Governance have been given in the following sentences. Every company having a
paid up share capital of `10 crore or more has to constitute an audit committee and
shall have atleast two independent directors. Further, it is required to appoint a
Nomination and Remuneration Committee and draft a suitable policy for training
and performance evaluation of directors. Also, a company having a paid share
capital of `50 crore or more OR a turnover of `200 crore or more has to appoint an
internal auditor to conduct internal audit of the functions and activities of the
company.
The new Companies Act has given powers to Serious Fraud Investigation Office
(SFIO) to carry out arrests, raids and seizure in respect of certain offences of the
act which attract the punishment for fraud. Further, as per the section 212, on the
intimation of special resolution passed by the company, SFIO can investigate into
the affairs of the company or on the receipt of a report of the Registrar or inspector
or in the public interest or on request from any Department of the Central
Government or a State Government.
Moreover, the Companies Act, 2013 do not contain any compulsory provision for
constitution of a Risk Management Committee. However, it requires its Board to
develop and implement a risk management policy and identify risks which may
threaten the existence of the company.
Exhibit 8
Exhibit 9
Exhibit 10
EMAIL
From: Lee Port
To: Mr. Z (CEO of ZBO Payment Bank)
Dated:……………………………………
Subject: Pitch Presentation for financing of proposed small payment bank
under the FDI Scheme of Govt. of India
Hi Z,
This has reference to your last week’s Pitch Presentation at Singapore for making
investment in your proposed Small Payment bank in India. While the idea of this
type of banking is naïve in India but the most catchy feature of the same is to reach
consumers through mobile phones rather than traditional system of bank branches
as it is quite uneconomical affair for the banks to open branch in each and every
village of India. This is a good initiate by Govt. of India as a major step towards
financial inclusion in India where a major part of population is living in villages.
Before we forward your proposal of investing the funds in your start-up to the
Board please confirm the following unique features of the proposed Small Payment
Banks:
• Payment bank will reduce the dependency on Cash and will increase m-
commerce as mobile wallet will be used as payment option.
• Payment Bank will invest 75% of its demand deposits in Government
Securities and Treasury Bills and balance 25% can be held as fixed deposits
with other Scheduled Commercial Banks.
• Payment bank can also provide Forex Cards to the travellers.
• Payment Bank will get a big chunk of deposit comparing to commercial banks
due to reason of providing higher interest rates.
In case there is any deviation in above points please let us know immediately.
Thanks,
Lee Port
1.
Source- Exhibit 1
Scenario description The system of the Bank can be hacked to create may
face a claim for money when a foreign bank tries to
recover its money released against an LC.
Current measures to manage risks Bank should have in place a system of detecting any
unusual activity and how the staff shall respond when
such an untoward event happens.
Source- Exhibit 2
Impact of scenario Bank may lose its reputation and may face
unwarranted litigations.
Source- Exhibit 3
Scenario description Bank account can be used for illegal transfer of funds
and money laundering activities.
Impact of scenario Bank may face paucity of funds and its reputation
may also take a beating. It will be also being
answerable to various stakeholders.
Current measures to manage risks The bank should check the original identification
documents of individuals dealing in cash above the
prescribed threshold, to weed out the use of forged
or fake copies.
Source- Exhibit 4
Current measures to manage risks It can insure itself from any natural calamity.
Current measures to manage risks The risk can be managed to a large extent with the
compliance of RBI notifications.
Source- Exhibit 6
Scenario description The company is yet to draft a suitable policy for training and
performance evaluation of directors and it has not appointed any
committees.
Impact of scenario This may invite penalties from the court and wrath of the
investors.
Current measures to Constitute an audit committee and shall have atleast two
manage risks independent directors. Further, it is required to appoint a
Nomination and Remuneration Committee and draft a suitable
policy for training and performance evaluation of directors.
Source- Exhibit 7
Current measures to manage risks Banks may either replace or ask users to change
the security codes.
Source- Exhibit 8
Source- Exhibit 9
Scenario description The rumour that bank is the only bank which has
been hit directly by the recent disasters and it could
fail.
Current measures to manage risks Such rumour should be taken care of by proper
media and people management. There should be
a prompt response on the part of the Bank to ward
off such rumour with the help of media. Proper
people management requires action on the part of
banks to pacify and inform customers so that future
reoccurrences of such panic situations can be
avoided.
Source- Exhibit 10
Scenario description As banks can issue the Forex Card there may be
some variation in the rates at which same has been
acquired and disposed of.
Current measures to manage risks Hedging the forex and interest rate using various
techniques such as Forward, Futures and Option
contracts.
Note: Students are expected to design any 5 risk scenarios in the prescribed format out of
the above-mentioned 10 scenarios.
2.
Introduction
Conclusion
As a small bank, some of the risk which especially Risk Nos. 5,6 and 8 needs special
attention.
3. (i) (d)
(ii) (c)
(iii) (a)
(iv) (c)
(v) (b)
(vi) (c)
(vii) (b)
(viii) (b)
(ix) (a)
(x) (c)
CASE STUDY 2
ABC Ltd. is a Delhi based company. It was established in 2009 and deals in the manufacturing business of
high-end electronics distributed through retail superstore. The company is currently going through a rapid
growth phase. Its products are receiving good response from the market. The company is experiencing the
challenges of retaining good sales employees and developing an efficient financial system. Ravi Narain is
the CFO of the company.
ABC Ltd. has an outdated computerized accounting system which does not lock out the changes made after
the month end.
ABC is looking to develop a more effective and efficient financial system and considering implementing an
incentive plan for sales employees who are currently paid a flat salary.
ABC Ltd has a turnover of ` 800 crores in 2016-17 and was listed on Indian Stock exchange in 2014. Ajay
and Pawan are the newly appointed directors of Finance and Human Resource divisions respectively.
Ajay is a street smart finance professional and he played a critical role in the areas of budgeting and
forecasting, finance and asset management. He has a team of 25 people including Jatin and Mohit who
directly reports to Ajay.
In spite of a limited salary, Ajay maintains a lavish style of living. Jatin maintains the journal entries
according to Ajay’s directions. One day HSBC bank notified Ravi Narain that Ajay’s personal credit card
balances were being paid off by ABC’s account. Since, Ravi Narain was busy for Board Meeting confirmed
that this might be reimbursement of his Travelling Expenses.
Jatin records the internet sales from the company’s retail outlet as well as carries out following functions:
1. Reconciliation of accounts receivable sub-ledger to general ledger
2. Mailing checks to vendors
3. Coding and recording of checks received for deposit
Ravi normally never reviews financial details as he trusts Ajay.
On the Human Resource front, to overcome the problem of retaining the sales employees, the company has
recently hired Pawan as the HR director who is known for developing good HR policies to manage people
effectively and motivate them to perform well.
Pawan advised the management to implement a compensation plan of base salary and bonus instead of fixed
monthly salary. Sales incentive compensation is based on the performance of sales employees. The
performance can be measured by looking at the revenue they generate for the employees. The management
liked the proposal advised by Pawan and the compensation plan is finalized which was as follows.
Base Salary: 35,000/month
Commission: 5% of Sales exceeding 10,00,000/month + 5% extra commission on sales made over and
above 20,00,000/-
Consequently, the present organization structure comes out as follows:
Managing
director
Jatin
(Manager) HR Manager IT Manager Support Staff
Mohit
(Manager)
HR Analysts IT Analysts
After passing some time, the Board of Directors started realizing that the company is facing liquidity crunch.
Also, the introduction of new compensation plan resulted in unhealthy competition among employees.
Some employees were less willing to provide assistance to struggling co-workers and would prefer to improve
their own productivity. It also promoted an environment of excessive risk – taken by the sales employees for
pursuing short term profits.
The company has a system of identification of risk but only at the functional level and not for processes.
Further these Risks are not communicated among various organization levels.
A. Questions
The Board of Directors approaches you and requests you to submit a report on the following aspects:
(i) Identify the Risks that may be possible and their nature. (5 Marks)
(ii) Scaling of these identified risks based on ICAI Guide on Risk Based Internal Audit. (5 Marks)
(iii) Any three to four approaches to identify and assess the risk. (5 Marks)
(iv) Course of action to be followed to treat these risks. (5 Marks)
(v) Matters on which Risk Governance Framework can define a policy statement. (5 Marks)
(vi) Risk Maturity Level and reasons for the same. (5 Marks)
SUGGESTED SOLUTION
Case study 2
Note: Please note these solutions are for guidance purpose only.
(A)
1
© The Institute of Chartered Accountants of India
stimulate and encourage free-flowing conversation amongst a group of knowledgeable and focussed
people with a fair/objective outlook. The group should not be biased or critical. It is one of the best and
most popular ways to identify both risks and key controls and is the basis for most successful risk
workshops.
• Questionnaires & Interviews - Focused on detecting the concerns of staff with respect to the risks or
threats that they perceive in their operating environment. During a Structured interview, interviewees
are asked through a set of prepared questions to encourage the interviewee to present their own
perspective and thus identify risks. Structured interviews are frequently used during consultation with
key stakeholders when designing the risk management framework. Structured interviews are good to
assess risk appetite and tolerance when developing risk appetite statements. A specialist in risk
prepares interviews with various management level members of the company in order to elicit the
concerns.
• Checklists are information aids to reduce the likelihood of failures from potential hazards, risks or
controls that have been developed usually from past experience, either as a result of a previous risk
assessment or as a result of past failures or incidents or history or industry learning. Auditors often
prepare checklists of key controls to aid in their assessment of control effectiveness and the internal
control environment. Checklists are good guiding tools; however, can lead to herd mentality and risk
managers can miss out on fresh risk thinking and the big picture.
Note: Students can also mention any four techniques other than above.
(iv) Suggested course of action to reduce/ manage risk i.e. risk treatment is as follows:
• Strengthening of Internal Controls System
• Setting up limits for the sanction of amounts.
• Setting up operational risk management department.
Note: Students can also mention other course of action based on their work experience.
(v) The Risk Management (Governance) Framework should define a policy statement on the following
matters:-
(i) Determining when to review the Risk Management Framework (RMF) and the frequency for undertaking
the review.
(ii) Deciding who is responsible for the review. The RMF is generally reviewed by the Audit Committee or
a team of Directors. Once in few years the RMF can be reviewed with external facilitation. This would
provide fresh insights and benchmarking information to the Board.
(iii) Selecting the scope and method for a review. The scope and boundary of the RMF review can be clearly
set out along with the most suited method for review.
(iv) Manner of circulation of results.
(vi) The risk maturity level of the company is “Risk Aware”. The reason is that the risks are identified within
functions and not across processes. Also, risks are not communicated across the enterprise. It is basically a
scattered silo based approach to risk management.
B. Answers to Multiple Choice Questions
1. (b)
2. (d)
3. (d)
2
© The Institute of Chartered Accountants of India
4. (b)
5. (c)
6. (c)
7. (c)
8. (c)
9. (a)
10. (c)
3
© The Institute of Chartered Accountants of India
PAPER – 6A: RISK MANAGEMENT
CASE STUDY 3
Sunshine Ltd. is a software company specialized in the software development for their clients. In the last
decade it has earned a good name and fame. For example, a super critical boiler in a thermal power plant
takes 10-12 days to be fine-tuned or synchronized. It means system is shut for power generation and lead to
loss of millions of dollars. Sunshine Ltd. came up with a solution that cuts the time taken to synchronize a
boiler from 10-12 days to 3-4 days through the use of software and services of IT Professionals. The main
strength of Sunshine is the IT professional they employed with it.
It captured data through sensors on the boilers, use the algorithm built in house to check nearly 240
parameters and over 10,000 combinations to tune the boiler.
It also helped a global heating, ventilation and air conditioning firm to bring down the time taken to design an
AC solution in a building or office from 9 days to just 2 hours now.
However, traditional outsourcing business of Sunshine Ltd is dying a slow death as clients cutting their
budgets on such services and shifting their focus on newer areas such as digi tal and cloud.
Three-fourth of the revenue of Sunshine Ltd is from traditional services. However, half of its revenue still
comes from fixed price projects which allow it the flexibility to determine the resources it deploys and use
software tools to deliver services. Now, the aim is to increase that goal by reducing the dependency on people
and more on software led services which coincide with it’s goal of IT Modernization.
Sunshine Ltd. derives a major portion of its revenues from customers discretionary spending which is linked
to their business outlook. It’s major revenues are from UK, USA and other European countries.
Some draft legislations in USA has been made to restrict the availability of work visas. Such protectionist
policies threaten the prospect of global mobility of people which may also affect the work of Sunshine Ltd. as
distributed software development requires free movement of people.
Appreciation of the rupee against any major currency results in the revenue denominated in that currency to
appear lesser in reported terms. Then, there may be different exchange rate when sale took place and when
invoice is collected.
The Internal Financial Control System
The internal Financial Control System of Sunshine Ltd. has been laid down as below:
• Recording and providing reliable financial and operation information.
• Safeguarding assets.
• Ensuring compliance with corporate policies.
• Well defined delegation of power.
• Efficient ERP system.
• Internal audit by one of the big audit firm.
• Periodic audit by specialized third party consultants.
• Audit Committee found internal financial control adequate.
Exhibit 1
Domestic ratings agency ICRA said that the appreciation in the rupee is aggravating the troubles of the Indian
IT sector, which is already hit by a change in the market landscape and compressing revenue growth.
It said the industry is already reeling under pressures like uncertain macroeconomic environment, lower deal
sizes in digital technologies, cloud adoption and high competitive intensity.
The agency said despite a 8.1 per cent growth in USD revenue, IT players have registered a growth of only
three per cent in the second quarter of the current fiscal, due to the rupee appreciation of four per cent during
the quarter.
Due to the difficulties on the currency front, the agency said the $160 -billion industry will be able to notch a
mid-to-high single digit growth till FY20.
Exhibit 2
The U.S. government is toughening up the process for renewing a popular foreign work visa.
This week, U.S. Citizenship and Immigration Services advised its officers to "apply the same level of scrutiny"
to extension requests for the H-1B visa, among other sought after visas.
In other words, officers are instructed to review requests for renewal as t horoughly as they would initial visa
applications.
The H-1B is a common visa pathway for high-skilled foreigners to work at companies in the U.S. It's valid for
three years, and can be renewed for another three years. It's a program that's particularly nea r and dear to
the tech community, with many talented engineers vying for one of the program's 85,000 visas each year.
The directive rescinds the previous guidance, which gave "deference" to previously approved visas "as long
as the key elements were unchanged and there was no evidence of a material error or fraud related to the
prior determination."
"This updated guidance provides clear direction to help advance policies that protect the interests of U.S.
workers," said new USCIS Director L. Francis Cissna, who was sworn in this month. President Donald Trump
announced his intent to nominate Cissna last spring.
In April, Trump directed federal agencies to implement a "Buy American, Hire American" strategy, which
included proposing new rules and guidance for preventing fraud and abuse of work visas. The H-1B program,
Exhibit 3
Effect on IT sector due to Brexit
The Indian IT sector, faced with multiple challenges, is already bracing itself for a tough ride with US tightening
its visa norms. Brexit only adds to the growing uncertainty in the business environment for the IT companies.
Of the $108-billion of the IT industry’s estimated exports in 2015-16, 17 per cent was to the UK and about
11.4 per cent to other nations within the EU. For large Indian IT companies, over a fourth of their revenues
come from Europe, in particular from the UK.
Currency has always been a wild card for the IT sector. Wild swings in the pound vis -à-vis dollar and the
rupee, will also impact revenues and profits for Indian IT companies. The British pound revenues make for
10-15 per cent of the overall revenues in the case of TCS, Tech Mahindra and Wipro. For Infosys, GBP
revenue makes for 6.7 per cent of the overall revenue.
With pound depreciating sharply over the past year, dollar revenues of Indian IT companies have been under
pressure. The pound has also depreciated over 20 per cent against the rupee. This can reduce cost arbitrage
for companies outsourcing to the UK.
(Extract from Hindu Business Line)
SUGGESTED SOLUTION
Case study 3
Note: Please note these solutions are for guidance purpose only.
– Derives a major portion of its revenues from customers discretionary spending which is linked to
their business outlook.
– Three-fourth of the revenue of is from traditional services.
– Dependence on the people.
Opportunity
– More focus on software led services which coincide with newer areas such as digital and cloud.
Threat
– Restrictive visa policy by USA may affect the work of sunshine Ltd. and threaten the prospect of
global mobility of people as distributed software development requires free movement of people.
– Appreciation of the rupee against any major currency results in the revenue denominated in that
currency to appear lesser in reported terms.
– Clients cutting their budgets on such services and shifting their focus on newer areas such as
digital and cloud.
(2) The first political risk is toughening of visa policies by present US Government. The new directive rescinds
the previous guidance, which gave "deference" to previously approved visas as long as the key elements
were unchanged and there was no evidence of a material error or fraud related to the prior determination.
This may affect the free movement of IT people from India across USA thereby also affecting the work of
Sunshine Ltd.
Secondly, the exit of Britain from European Union i.e. Brexit only added to the woes of the IT sector. Of the
$108-billion of the IT industry’s estimated exports in 2015-16, 17 per cent was to the UK and about 11.4 per
cent to other nations within the EU. For large Indian IT companies, over a fourth of their revenues come from
Europe, in particular from the UK. This may affect the profitability position of Sunshine because of the
currency fluctuations.
1
© The Institute of Chartered Accountants of India
(3) The types of exposures risks to be encountered by Sunshine Ltd. are discussed as below:
Transaction Exposure - It measures the effect of an exchange rate change on outstanding obligations
that existed before exchange rates changed but were settled after the exchange rate changes. Thus, it
deals with cash flows that result from existing contractual obligations. For example, in the case of
Sunshine Ltd. if services are exported to USA for $10,00,000 due in one month and if the dollar
depreciates relative to the rupee, a cash loss occurs. Conversely, if the dollar appreciates relative to the
rupee, a cash gain occurs.
Further, domestic ratings agency ICRA has highlighted that the appreciation in the rupee is aggravating the
troubles of the Indian IT sector, which is already hit by a change in the market landscape and compressing
revenue growth.
Economic Exposure – It refers to the extent to which the economic value of a company can decline
due to changes in exchange rate. ICRA has said that despite an 8.1 per cent growth in USD revenue, IT
players have registered a growth of only three per cent in the second quarter of the current fiscal, due to the
rupee appreciation of four per cent during the quarter.
It also pointed out that IT Services players profitability also remains sensitive to rupee depreciation vis-a-vis
major currencies such as USD, GBP and Euro and the same too will have an impact.
(4) The company tackle the exposure of difference in exchange rates when sale took place and when invoice is
collected through hedging currency risks which are explained as below:
(i) Internal Techniques: These techniques explicitly do not involve transaction costs and can be used
to completely or partially offset the exposure. The techniques relevant to Sunshine Ltd. can be
further classified as follows:
– Invoicing in Domestic Currency : Should the seller (exporter) i.e. Sunshine Ltd. elect to
invoice in foreign currency, perhaps because the prospective customer prefers it that way or
because sellers tend to follow market leader, then the seller should choose only a major
currency in which there is an active forward market for maturities at least as long as the
payment period. Currencies, which are of limited convertibility, chronically weak, or with only
a limited forward market, should not be considered.
– The seller’s ideal currency is either his own, or one which is stable relative to it. But often the
seller is forced to choose the market leader’s currency. Whatever the chosen currency, it
should certainly be one with a deep forward market.
– Price Variation: Price variation involves increasing selling prices to counter the adverse
effects of exchange rate change. This tactic raises the question as to why the company has
not already raised prices if it is able to do so. In some countries, price increases are the only
legally available tactic of exposure management.
– Asset and Liability Management : This technique can be used to manage cash flow
exposures. In essence, asset and liability management can involve aggressive or defensive
postures. In the aggressive attitude, the firm simply increases exposed cash inflows
denominated in currencies expected to be strong or increases exposed cash outflows
denominated in weak currencies. By contrast, the defensive approach involves matching cash
inflows and outflows according to their currency of denomination, irrespective of whether they
are in strong or weak currencies.
(ii) External Techniques: Under this category range of various financial products are used which can
be categorized as follows:
– Money Market Hedging: At its simplest, a money market hedge is an agreement to exchange
a certain amount of one currency for a fixed amount of another currency, at a particular date.
2
© The Institute of Chartered Accountants of India
For example, suppose a business owner in India expects to receive 1 Million USD in six
months. This Owner could create an agreement now (today) to exchange 1Million USD for
INR at roughly the current exchange rate. Thus, if the USD dropped in value by the time the
business owner got the payment, he would still be able to exchange the payment for the
original quantity of U.S. dollars specified.
– Derivative Instruments: A variety of derivative instruments such as Forward, Futures,
Options and Swap are available to hedge the exposure of foreign exchange .
(5) The Internal Financial Control System of the Sunshine Ltd. is more or less efficient. The reasons are
given as below:
• Recording and providing reliable financial and operation information.
• Safeguarding assets.
• Ensuring compliance with corporate policies.
• Well defined delegation of power.
• Efficient ERP system.
• Internal audit by one of the big audit firm.
• Periodic audit by specialized third party consultants.
And, finally Audit Committee found internal financial control adequate which shows that Sunshine Ltd. has a
good Internal Financial Control System.
B. Answers to Multiple Choice Questions
1. (a)
2. (a)
3. (c)
4. (a)
5. (d)
6. (c)
7. (d)
8. (c)
9. (c)
10. (c)
3
© The Institute of Chartered Accountants of India