01 linkage of risk to governance processes


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

01 linkage of risk to governance processes

  1. 1. By Huzeifa I. Unwala, FCA, CISASessions on Risk based Auditing27 April 2013
  2. 2. 01 Linkage of Risk to Governance Processes-Five Elements of Governance- Board’s role in Governance of Risk- Board Best Practices- Role of CEO/ CFO- Role of External Auditors in Risk Management2
  3. 3. 3Strong Corporate Governance attracts investors/investmentsCapital will flow elsewhere if:– A country does not have a reputation for strong corporategovernance practices– Investors are not confident of the level of disclosure– A country opts for lax accounting and reporting standards
  4. 4. 4Competing Tensions“If management isabout running business,governance is about seeingthat it is run properly. Allcompanies need governingas well as managing.”Prof. Bob Tricker, 1984(IFC, Washington)
  5. 5. Strong commitment to corporate governance reformsGoodboardpracticesAppropriatecontrolenvironmentandprocessesStrongregimeofdisclosureandtransparencyProtectionof(minority)shareownerrightsThe five key elements ofgood corporate governanceFive elements of corporate governance5
  6. 6. 6How the mighty fall?History shows, repeatedly, that the mighty can fall. The Egyptian Old Kingdom, theChou Dynasty, the Hittite Empire—all fell. Athens fell. Rome fell. Even Britain, whichstood a century before as a global superpower, saw its position erode. Is that theU.S.s fate? Or will America always find a way to meet Lincolns challenge to be thelast best hope of Earth? – Jim Collins• Hubris born of Success• Undisciplined pursuit of more• Denial of risk or peril• Grasping for salvation• Capitulation to irrelevance or death
  7. 7. GOOD BOARD PRACTICES Clearly defined roles and authorities Duties and responsibilities of directors understood Board is well structured Appropriate composition and mix of skills Appropriate board procedures Director remuneration in-line with best practice Board self-evaluation and training conductedCONTROL ENVIRONMENT Independent audit committee established Risk-management framework present Internal control procedures Internal audit function Independent external auditor conducts audits Management information systems established Compliance function establishedBOARD COMMITMENT The board discusses corporate governance issues and hascreated corporate governance committee The company has a corporate governance champion A corporate governance improvement plan has beencreated Appropriate resources are committed Policies and procedures have been formalized anddistributed to relevant staff A corporate governance code has been developed The company is publicly recognized as a corporategovernance leaderTRANSPARENT DISCLOSURE Financial information disclosed Non-financial information disclosed Financials prepared according to IFRS High-quality annual report published Web-based disclosureWELL DEFINED SHAREOWNER RIGHTS Minority shareowner rights are formalized Well-organized general assembly conducted Policy on related-party transactions Policy on extraordinary transactions Clearly defined and explicit dividend policyFive elements of corporate governance(IFC, Washington)7
  8. 8. The board should know about and evaluate the:• Most significant risks facing the company• Possible effects on shareowners• Company’s management of a crisis• Importance of stakeholder confidence in the organization• Communications with the investment communityThe board should ensure that:• Sufficient time is devoted to discuss risk strategy• Appropriate levels of awareness exist throughout the organization• Risk-management processes work effectively• A clear risk-management policy is published• Establish codes of conductBoard’s role in governance of risk(IFC, Washington)8
  9. 9. 9 Context for change Setting up Risk Infrastructure Initial Buy in Launch Integration into organisation’s culture Retrospect & Process MaturityTurning Risk into Opportunity
  10. 10. • The members need to recognize that it is not only the independence that they feelthey possess but also what their conduct tells others. Members who have socialrelationships with the controlling shareholder or management would give out aclear signal to executives and auditors that they are not wholly independent andthat would deter the latter from freely expressing their concerns to those members.• Scope of discussions and participations should be within the boundary of theprimary role. No participation in the executive decision making discussions.(Nawshir Mirza)Board Best Practices10
  11. 11. “The independent audit committee fulfills a vital role incorporate governance. The audit committee can be acritical component in ensuring quality reporting andcontrols, as well as the proper identification andmanagement of risk”- Report of National Association of Corporate Directors (NACD) Blue Ribbon Commission onAudit CommitteesBoard Best Practices11
  12. 12. “To assess the performance of an organization, it is important to assess thequality of the audit Committee” – S. K. Goel, Chairman, IIFCL.“Tough minded audit committees represent the most reliable guardians ofthe public interest” - Arthur Levitt, Former SEC Chairman.“As the proportion of independent, outside directors on a board andits oversight committees increases, the likelihood of corporate frauddecreases” – Study of US Companies published in Financial Analysts Journal.Board Best Practices12
  13. 13. EXISTING REQUIREMENTS OF CLAUSE 49 (V) CLAUSE 134 (5) OF THE COMPANIES BILL 2012 SOX REQUIREMENTSa. The CEO, i.e. the Managing Director or Managerappointed in terms of the Companies Act, 1956and the CFO i.e. the whole-time Finance Directoror any other person heading the finance functiondischarging that function shall certify to the Boardthat they have reviewed financial statements andthe cash flow statement these statements do notcontain any materially untrue statement or omitany material fact or contain statements that mightbe misleading. Further, these statements togetherpresent a true and fair view of the company’saffairs and are in compliance with existingaccounting standards, applicable laws andregulations. There are, to the best of theirknowledge and belief, no transactions entered intoby the company during the year which arefraudulent, illegal or violative of the company’scode of conduct.b. They accept responsibility for establishing andmaintaining internal controls for financial reportingand that they have evaluated the effectiveness ofinternal control systems of the company pertainingto financial reporting and they have disclosed tothe auditors and the Audit Committee, deficienciesin the design or operation of such internal controls,if any, of which they are aware and the steps theyhave taken or propose to take to rectify thesedeficiencies.The Directors’ Responsibility Statement referred to inclause (c) of sub-section (3) shall state that—(a) in the preparation of the annual accounts, theapplicable accounting standards had been followedalong with proper explanation relating to materialdepartures;(b) the directors had selected such accounting policiesand applied them consistently and made judgmentsand estimates that are reasonable and prudent so asto give a true and fair view of the state of affairs of thecompany at the end of the financial year and of theprofit and loss of the company for that period;(c) the directors had taken proper and sufficient carefor the maintenance of adequate accounting records inaccordance with the provisions of this Act forsafeguarding the assets of the company and forpreventing and detecting fraud and other irregularities;(d) the directors had prepared the annual accounts ona going concern basis; and(e) The directors, in the case of a listed company,had laid down internal financial controls to befollowed by the company and that such internalfinancial controls are adequate and were operatingeffectively.Summary of Section 302Periodic statutory financial reports are to includecertifications that:• The signing officers have reviewed the report• The report does not contain any material untruestatements or material omission or be consideredmisleading• The financial statements and related informationfairly present the financial condition and the results inall material respects• The signing officers are responsible for internalcontrols and have evaluated these internal controlswithin the previous ninety days and have reported ontheir findings• A list of all deficiencies in the internal controls andinformation on any fraud that involves employeeswho are involved with internal activities• Any significant changes in internal controls orrelated factors that could have a negative impact onthe internal controlsSummary of Section 401Financial statements are published by issuers arerequired to be accurate and presented in a mannerthat does not contain incorrect statements or admit tostate material information.Role of CEO/ CFO in Governance & Disclosures13
  14. 14. EXISTING REQUIREMENTS OF CLAUSE 49 (V)CLAUSE 134 (5) OF THE COMPANIES BILL2012SOX REQUIREMENTSi. They have indicated to the auditors and the Auditcommittee significant changes in internal controlover financial reporting during the year;ii. significant changes in accounting policies duringthe year and that the same have been disclosedin the notes to the financial statements; andInstances of significant fraud of which they havebecome aware and the involvement therein, ifany, of the management or an employee having asignificant role in the company’s internal controlsystem over financial reporting.Explanation. For the purposes of this clause, theterm “internal financial controls” means thepolicies and procedures adopted by the companyfor ensuring the orderly and efficient conduct ofits business, including adherence to company’spolicies, the safeguarding of its assets, theprevention and detection of frauds and errors, theaccuracy and completeness of the accountingrecords, and the timely preparation of reliablefinancial information; (f) the directors had devisedproper systems to ensure compliance with theprovisions of all applicable laws and that suchsystems were adequate and operating effectively.These financial statements shall also include allmaterial off-balance sheet liabilities, obligations ortransactions.Summary of Section 404Issuers are required to publish information in theirannual reports concerning the scope and adequacyof the internal control structure and procedures forfinancial reporting. This statement shall also assessthe effectiveness of such internal controls andprocedures.The registered accounting firm shall, in the samereport, attest to and report on the assessment on theeffectiveness of the internal control structure andprocedures for financial reporting.Role of CEO/ CFO in Governance & Disclosures14[IIA Bombay Chapter Research Foundation]
  15. 15. Auditors concerns in financial statement reporting Frauds Cash dealings example real estatetransactions, out of book purchase andsales, etc Adjustments in revenue and expenditure Adjustment of Capex to understate profits Related party transactions ValuationsA companys internal control cannot be considered effective if one or more materialweaknesses exist, to form a basis for expressing an opinion, the auditor must plan andperform the audit to obtain appropriate evidence that is sufficient to obtain reasonableassurance about whether material weaknesses exist as of the date specified inmanagements assessment. A material weakness in internal control over financial reportingmay exist even when financial statements are not materially misstated.
  16. 16.  Risk assessment underlies the entire audit process described by this standard(AS 5), including the determination of significant accounts anddisclosures and relevant assertions, the selection of controls to test, and thedetermination of the evidence necessary for a given control. A direct relationship exists between the degree of risk that a material weaknesscould exist in a particular area of the companys internal control over financialreporting and the amount of audit attention that should be devoted to that area. Inaddition, the risk that a companys internal control over financial reporting will failto prevent or detect misstatement caused by fraud usually is higher than the riskof failure to prevent or detect error. The auditor should focus more of his or herattention on the areas of highest risk. On the other hand, it is not necessary totest controls that, even if deficient, would not present a reasonable possibility ofmaterial misstatement to the financial statements. The complexity of the organization, business unit, or process, will play animportant role in the auditors risk assessment and the determination of thenecessary procedures.Role of External Auditors in Risk Assessment16
  17. 17. Role of Internal Auditors in Risk Management17[COSO]