What is Governance?

It refers to ‘all processes of governing’ whether –

• undertaken by a govt, mkt or network,
• over a family, tribe, formal or informal orgn or
territory &
• through laws, norms, power or language.
• It includes –
 Establishment of Policies; and
 monitoring of their continued proper
implementation, by the members of the GB of an
orgn.
 the mechanism to balance the powers of GB
members with a purpose of enhancing the
prosperity and viability of an orgn.
 Background
 Over the years ownership structure of the Companies
has changed,
 Shareholders have become inactive in the management
of their companies.
 In recent years, scams, frauds and corrupt practices
have increased.
 In an environment, where on one hand complexities
of Business has increased, and on the other hand,
ownership and management have widely separated,
the owners are unable to exercise effective control
over the professionally managed Board, need of
Corporate Governance emerges.
 Cadbury Report
 The Cadbury Report, titled Financial Aspects of
Corporate Governance is report issued by “The
Committee on the Financial Aspects of
Corporate Governance and Chaired by Adrian
Cadbury.
 Published in May 1992 and revised and final
version was issued in December the same year.
 Sox Act 2002
 In June 2003, SEC of USA adopted Rules for the
implementation of Sarbanes – Oxley Act, 2002
(SOX) that required certification of Internal
Controls over Financial Reporting (ICFR) by the
management as well as by the auditors.

 The Public Company Accounting Oversight Board

(PCAOB) has issued its Auditing Standard - 5 on
“An Audit of Internal Control Over Financial
Reporting” which requires an auditor to perform
an audit of internal controls over financial
reporting in addition to the audit of FSs.
 CORPORATE GOVERNANCE
Corporate governance broadly refers to the mechanisms
through which corporations' objectives are set and
pursued in the context of the social, regulatory and mkt
environment.
Governance mechanisms include monitoring the actions,
policies and decisions of corporations and their agents
(which include board of directors, managers, shareholders,
creditors, auditors, regulators, and other stakeholders).
It also includes quality, transparency and dependability
of the relationships between the shareholders, BODs,
Mgt and Employees that define the authority and
responsibility at each level for sustainable growth of an
orgn.
 Components of Corporate Governance Structure

 Key players in the Corporate Environment

 State Ownership pattern in the country
 Composition of BODs
 Regulatory Framework
 Disclosure Requirements of Companies
 Corporate Actions requiring Shareholders
approval
 Interaction among Key players
 Principles of Corporate Governance
 For achieving synergy between macroeconomic &
structural policies in attaining fundamental policy
goals, OECD gave following principles of corporate
governance –
 Ensuring an Effective Corporate Governance
Framework
 The Rights of Shareholders and Key
Ownership Functions
 The Equitable Treatment of Shareholders
 The Role of Stakeholders in Corporate
Governance
 Disclosure and Transparency
 The Responsibilities of the Board
 Models of Corporate Governance
 Models Of Traditional Corporate Governance

Anglo-US Model
 Anglo- American Model
 This model is based on the principle of separation of
ownership and control.
 Shareholders are responsible for appointment of
Directors and Directors in turn appoint mangeres who
are responsible for managing the business.
 Board generally has limited ownership stake in the
company.
 Board constitute executive Directors & Independent
Directors.
 All important decisions are taken through shareholders’
approval, thus, establishes an effective communication
channel between Management, Board and Shareholders.
They generally form what is commonly referred to as
the "corporate governance triangle."
 Japanese Model
 In the Japanese model, the four key
players are: main bank (a major inside
shareholder), affiliated company
[keiretsu] (a major inside shareholder),
management and the government.
 It shows, there are few truly
independent directors, i.e., directors
representing outside shareholders.
Japanese Model
 Corporate Governance under
Companies Act 2013
1.Increased 2.Higher
Reporting Auditor
Framework Responsibility

3.Emphasise On 4.Wider Director &

Investor Management
Protection Responsibility

5.Easier 6.Inclusive CSR

Restructuring Agenda
 Indian Scenario
 Corporate Governance in India gained
prominence in the wake of liberalization
during the 1990s.
 Introduced as a voluntary measure by the
Confederation of Indian Industry (CII).
 Measures related to Corporate Governance
are commonly viewed in compliance
perspective and not from a business strategy
view point.
 Till Companies Act 2013, corporate
governance enforcement through the Indian
legal system was weak.
 Increased Reporting Framework
 New definition of subsidiary, associate, Joint
Venture company [sections 2(6) and 2(87)]
 Mandatory requirement for Consolidated
Financial Statement (CFS) [section 129]
 i. In addition to standalone financial statements,
every company to prepare CFS if it has a.
Subsidiary; or
b. Associate; or
c. Joint Venture company
 ii. No exemption for intermediate holding Cos for
preparing CFS
 Mandatory Internal Audit and reporting on
Internal Financial Controls [section 138]
a. Internal Audit made mandatory for all big
companies.
b. Internal audit to be done by CAs; or CWAs; or
other professionals decided by Board
Assurance on adequacy and effectiveness of
Internal Financial Controls (which includes
orderly and efficient conduct of business, and
prevention and detection of frauds and errors) to
be given: in Directors and Auditor’s report for all
listed entities; and only in Auditor’s report for all
other entities
 Global Beginning of ICFR
 Corporate governance practices are affected by
attempts to align the interests of stakeholders.
 Interest in corporate governance particularly in
relation to their accountability, increased
 following the high-profile collapses such as Enron &
WorldCom (US) during 2001–02, most of which involved in
accounting fraud; and then
 again after the recent financial crisis in 2008.
 Corporate scandals of various forms have maintained
public and political interest in the regulation of
corporate governance.
 Their demise is associated with enactment of the
Sarbanes-Oxley Act in 2002, intending to restore
public confidence in corporate governance.
 Statutory Requirement of IFC
 Director’s Responsibility statement on adequacy &
operating effectiveness of IFC [Sec134 (5) (e)]
 In case of listed company
 Company has laid down internal financial controls
 Controls are adequate
 Operating effectively
 Board Report on adequacy of IFC [The Companies
Accounts) Rules 2014 rule 8(5)(viii)]
 the details in respect of adequacy of internal
financial controls with reference to the Financial
Statements
 The Importance of ITGCs
 Reduce the extent of testing and reliance on manual
transaction-level controls
► Increase the effectiveness, efficiency and reduce
costs of internal controls by establishing a sound
information system foundation and leveraging
systems across the organization
► Improve the consistency of control operation (i.e.
automated processes vs. manual)
► Improve the security (confidentiality, integrity and
availability) of corporate information
► Improve reliability of manual controls dependent
on IT information
 Components of Internal Control
 Control Environment
 Entity’s Risk Assessment
Process
 Control Activities
 Information System
 Monitoring of Controls
Control Environment
 Entity’s Risk Assessment Process
 For Financial Reporting Purposes Entity’s
Risk Assessment process includes
Identification of Business Risk relevant to the
preparation of financial statement with
reference to applicable financial reporting
framework, estimation of their significance
likelihood of their re-occurrence
Risk relevant to external & internal events,
transactions or processes affecting entity’s
ability to initiate, record, process and report
financial data
Top down, risk-based approach
Entity Level Controls
CONTROL ACTIVITIES
 Information System
 It consists of infrastructure (physical and hardware components),
software, people, procedures, and data. Many information systems
make extensive use of information technology (IT).
 The quality of system-generated information affects management’s ability to
make appropriate decisions in managing and controlling the entity’s activities
and to prepare reliable financial reports.
 The information system relevant to financial reporting objectives
encompasses methods and records that:
• Identify and record all valid transactions
• Determine the period in which transactions occurred to permit
recording in proper accounting period.
• Measure the value of transactions in a manner that permits recording
their proper monetary value in the financial statements.
• Describe on a timely basis the transactions in sufficient detail to permit
proper classification for financial reporting.
• Present properly the transactions and related disclosures in the financial
statements
 Monitoring of Controls

Monitoring activities may include using

information from communications from
external parties that may indicate
problems or highlight areas in need of
improvement. Customers implicitly
corroborate billing data by paying their
invoices or complaining about their
charges. In addition, regulators may
communicate with the entity concerning
matters that affect the functioning of
internal control,
 Internal Controls over Financial
Reporting- Top Down Approach
 Using the COSO framework as a guide, the
control environment plays a significant role in
the overall internal control system.

Entity Level
Controls

IT General
Transaction
Controls
Level Controls
 Entity Level Controls
 Entity level controls (ELC) provide the “tone at the top” of the
organization, and as a result directly or in-directly impact all
underlying controls.
 Effective ELC’s can provide excellent leverage to reduce testing at
lower levels. Ineffective ELC’s can spell disaster for all underlying
controls.
 ELC - direct and indirect.
 Direct ELC - specific business and financial risks, operating at
precision level necessary to detect breakdowns in the application of
an organization’s policies and procedures.
Example: CFO and Director of Finance review the quarterly and
annual financial statement and related disclosures.
 Indirect ELC - help define the control consciousness of an
organization without directly mitigating any one specific financial or
operational risk.
Example: An organizational code of conduct distributed via the
intranet
 Benefits from leveraging effective ELC’s:

► Reduce the extent of reliance on transaction level

controls
► Increase the effectiveness of internal controls
through leveraging senior and experienced
personnel
► Better define and communicate the expectations of
management across the organization (i.e., tone at
the top)
► Reduce redundancy in controls performed across
the organization
Design of transaction level controls – Sig.
Accounts
 Determination of what accounts are deemed to
be “significant” is a matter of judgement.
► Assess the materiality of the underlying
account results, and assess the inherent risks
related to each account
► A combined risk based approach uses the
results of these two approaches to determine
significance of each account presented on the
financial statements.
 Each financial statement account is comprised of
financial statement assertions:
► Existence / Occurrence
► Completeness
► Valuation
► Presentation & Disclosure
► Rights & Obligations
► From a risk based perspective, each assertion by
significant account must be considered to
prioritize the extent of identified risks.
► Example: Generally speaking, the risk of
completeness is greater for liability based accounts
than asset accounts
 The key objective in risk identification is to focus
on key risks related to financial reporting (and
disclosure).
 A key risk, if not mitigated by a control (or suite
of controls), could cause a material error to the
financial statements.
 Focus on identifying the key controls related to
the identified key risks.
 Each identified key risk must have at least one
associated key control.
 Controls can be preventative or detective in
nature. Ideally, a mix of both should be identified.
 The Importance of ITGCs
 IT controls protect data integrity and are a significant
component of an organization’s ICFR.
► IT controls relate to the security (confidentiality,
integrity, and availability) of data, as well as the
overall management of the organization business
functions.
► Information systems support the flow of
information from initiation to recording and are one of
the most important and pervasive pieces of an
organization’s financial reporting system.
► IT systems are increasingly relied upon as tools to
provide efficient processing and reporting for decision
making purposes.
 Auditors to evaluate & report on adequacy and operating
effectiveness of IFC [Sec 143 (3)]
 Whether the company has adequate internal financial
controls system in place and the operating effectiveness
of such controls
 The scope for reporting on internal financial controls
over financial reporting is significantly larger and wider
than the reporting on internal controls under CARO.
Under CARO the reporting on internal controls is
limited to the “adequacy” of controls over purchase of
inventory and fixed assets and sale of goods and
services. As such, CARO does not require reporting on
all controls relating to financial reporting and also does
not require reporting on the “adequacy and operating
effectiveness” of such controls
 Audit Committee
 Audit Committee to evaluate IFC [Sec 177 (4) ; Clause 49(III)(D)]
 Every listed companies and
 Specified classes of Companies as prescribed under Rule 6 of Companies (Meetings of
Board and its powers) Rules,2014 to constitute an Audit Committee.
 (i) all public companies with a paid up capital of Rs.10 Crores or more;
 (ii) all public companies having turnover of Rs.100 Crores or more;
 (iii) all public companies, having in aggregate, outstanding loans or borrowings or
debentures or deposits exceeding Rs.50 Crores or more.
 as existing on the date of last audited Financial Statements shall be taken into account for
the purposes of this rule.
 Composition - minimum of 3 directors with independent directors forming a majority.
Committee members to be persons with ability to read and understand, the financial
statement. The Board’s report under section 134(3) to disclose the composition of an Audit
committee and where the Board had not accepted any recommendation of the Audit
Committee, the same to be disclosed in such report along with the reasons there for.
 Audit Committee’s task- evaluation of internal financial controls and risk management
systems;

 CEO and CFO to certify to the board [Clause 49

 Internal Financial Control –
 Just a reference of explanation provided in Companies Act 2013
 Explanation.—For the purposes of this clause, the term
“Internal Financial Controls” means “the policies and
procedures adopted by the company for ensuring the orderly
and efficient conduct of its business, including adherence to
company’s policies,
i. the safeguarding of its assets,
ii. the prevention and detection of frauds and errors,
iii. the accuracy and completeness of the accounting records,
iv. and the timely preparation of reliable financial
information”
 Higher Auditor Responsibility
 Reporting requirement by Auditor- auditors are required to express
an opinion on the effectiveness of an entity’s internal controls over
financial reporting, such opinion is in addition to and distinct from
the opinion expressed by the auditor on the financial statements
 Auditor Appointment & Rotation
 Restriction on Non –Audit Services
 Establishment of National Financial Reporting Authority
 Easier Restructuring
 Rationalizing Multi Layerd Structure
 Simplyfying Procedures for Mergers
 Cross Border Mergers
 Fast Track Mergers
 Share Capital Reduction
 Emphasise on Investor Protection

 Related Party Transaction

 Insider Trading
 Oppression & Mismangement
 Fraud Risk Mitigation
 Wider Director & Management
Responsibilty
 Additional Responsibility on Independent
Director
 Audit Committee – Responsibility of
Evaluation of Internal Financial Controls &
Risk Management Systems
 Revised form of Directors Report – For
specified Cos whether Internal Financial
Controls have been laid down and are
operating effectively
 Inclusive CSR Agenda
 Contribution to Society through Governance
 Specific class of Companies i.e. Networth of 500
cr, Turnover of 1000 cr. or Profit of 5 Cr.
 CSR Committee to include at least one
Independent Director
 Board Report to disclose CSR Committee, CSR
Policy, CSR Project and its implementation