Set the tone to manage fraud risks
The Hindu Business Line
Partner — Fraud Investigation & Dispute Services
Ernst & Young India
The new Companies Bill is an effort in the right direction to modernise the decades-old Company Law and aims to strengthen corporate governance in India. The revised Companies Bill, 2011 was introduced in the last session of Parliament and is expected to be approved in the upcoming Budget session. The Bill will make the role of key managerial personnel, board committees, independent director and auditors more accountable in the management of the company.
Some of the key provisions of the new law would have a significant impact on the fraud risk management initiatives of Corporate India. For example, as per Schedule IV “Code for Independent Directors”, an independent director shall:
- Assist the Company in implementing best corporate governance practices;
- Satisfy themselves on the integrity of financial information and that financial controls and the systems of risk management are robust and defensible;
- Report concerns about unethical behaviour, actual or suspected fraud or violation of the company's code of conduct or ethics policy;
- Ascertain and ensure that the Company has an adequate and functional vigil mechanism. As per Section 134 (5) “The Director's Responsibility Statement” shall state that:
- The directors had taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of the act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities (sub clause c);
- The directors in the case of a listed company had laid down internal financial controls to be followed by the Company and that such controls are adequate and were operating effectively (sub clause e). The term internal financial control has been defined to include policies and procedures adopted by the Company for prevention and detection of frauds.
Risk detection process
Pursuant to these provisions, independent directors and auditors would require the company's management to put in place (or strengthen) formal fraud risk management processes to enable prevention, early detection and remediation of frauds and other improper acts.
A fraud risk management exercise begins with setting the tone at the top and promoting an ethical culture across the organisation. Companies should move away from mere notification of a document (read: code of conduct or ethics policy) to a corporate culture that lives its ethical values on a consistent basis.
In addition to promoting a strong ethical culture, organisations must undertake a formal fraud risk assessment to identify the most significant areas vulnerable to fraud and take remedial actions to strengthen the processes and controls in those areas. Implementing an effective whistle blower mechanism with adequate protection to whistleblowers would help companies in prevention and early detection of frauds.
As per Section 177 of the Bill, every listed company or such class or classes of companies, as may be prescribed, shall establish a vigil mechanism (Whistleblower mechanism) for directors and employees to report genuine concerns. The vigil mechanism shall provide for adequate safeguards against victimisation of persons who use such mechanism and make provision for direct access to the chairperson of the Audit Committee in appropriate or exceptional cases. The details of establishment of such mechanism shall be disclosed by the company on its Web site, if any, and in the Board's report.
As the expectations of audit committee, independent directors and external auditors are bound to increase from internal audit function, companies must revisit their existing internal audit mechanism to confirm that it is effective in evaluating the adequacy and operating effectiveness of their anti-fraud controls. In addition to regular audits, management should conduct mystery shopping and surprise reviews. These reviews are designed and directed towards detailed scrutiny of defined areas for proactive detection of frauds. Conducting continuous fraud analytics in processes with high transaction volumes would enable proactive identification of transactions with red flags and minimise the risks of fraud.
Association of Certified Fraud Examiners (US) recommends that the Fraud Risk Management process must also include an accountability matrix that lists the anti-fraud functions and identifies the personnel that have primary, secondary or a joint responsibility for prevention and detection of fraud.
Last, but not the least, directors and senior management must employ a consistent and comprehensive response to fraud incidents including, conducting thorough investigations, disciplining the individuals responsible, addressing the root cause and communicating appropriately with employees and other stakeholders. Setting a strong example automatically acts as a deterrent and helps in prevention of frauds.
Taking into consideration the extremely tedious penal provisions under the new Companies bill, it is advisable that companies proactively implement a robust fraud risk management process rather than wait for the bill to be converted into a law.