Companies Act, 2013 vis-a-vis CARO, 2003 on frauds, Internal audit, Internal control and going concern
The Companies Act, 2013 makes drastic changes as far as obligations of company and its auditors are concerned in four areas:
(i)
|
Prevention, Detection and Reporting of frauds by the auditor
| |
(ii)
|
Mandatory obligations of companies regarding internal audit
| |
(iii)
|
Reporting on internal controls by auditors
| |
(iv)
|
Reporting on Going Concern assumption
|
AUDITOR'S DUTIES AS REGARDS FRAUD PREVENTION, DETECTION AND REPORTING
1. Para 4(xxi) of the Companies Auditor's Report Order, 2003 (CARO, 2003) requires the auditor of a company to which CARO, 2003 applies to report "Whether any fraud on or by the company has been noticed or reported during the year; if yes, the nature and the amount involved is to be indicated."
Section 143(12) of the 2013 Act provides that if an auditor of a company,
in the course of the performance of his duties as auditor,
| ||
has reason to believe that an offence involving fraud is being or has been committed,
| ||
against the company,
| ||
by officers or employees of the company, he shall report the matter to the Central Government,
| ||
immediately,
| ||
within such time, and
| ||
in such manner as may be prescribed.
|
Section 143(13) provides that no duty to which an auditor of a company may be subject to (e.g. duty of confidentiality under the CA Act, 1949) shall be regarded as having been contravened by reason of his reporting the matter as above if it is done in good faith.
Section 143(14) extends obligations cast by section 143(12) to cost auditors appointed under section 148 and to secretarial auditors appointed under section 204. Section 143(15) provides that if any auditor, cost accountant or Company Secretary in practice do not report fraud committed or being committed as above, he shall be punishable with fine which shall not be less than Rs. 1,00,000 but which may extend to Rs. 25,00,000 rupees.[Section 143(15)]
The following points emerge from section 143(12):
(i)
|
Only frauds against the company need reporting under section 143(12). Frauds by the company do not require reporting. If auditor reports frauds by the company, he cannot avail the immunity under section 143(13) and would be liable for professional misconduct for breach of confidentiality.
| |
(ii)
|
Section 143(12) requires frauds against company by officers or employees to be reported. Frauds against company by outsiders/third parties are not required to be reported under section 143(12). If auditor reports frauds on the company by outsiders/third parties to Central Government, he cannot avail the immunity under section 143(13) and would be liable for professional misconduct for breach of confidentiality.
| |
(iii)
|
Auditor has to undertake no special efforts to detect fraud beyond what his duties under standards of auditing (made mandatory by the 2013 Act) require him to do. This is clear from the words "in the course of the performance of his duties as auditor". Section 143(12) no wise casts any obligations on the auditor as regards fraud detection is concerned. It requires the auditor to do nothing beyond what is required by SA 240(Revised) as far as fraud detection is concerned. What section 143(12) changes is this——Hitherto, auditors of companies were not permitted to report frauds committed on the company by officers/employees of the company to Central Government. The Code of Ethics under CA Act,1949 casts an obligation of confidentiality on the CAs and barred such reporting to third parties without client's consent unless there is legal or professional obligation to do so. So, section 143(12) overcomes confidentiality bar by imposing a professional obligation to report frauds on the company by officers and employees and section 143(13) grants immunity to auditor for doing his duty u/s 143(12) in good faith.
| |
(iv)
|
There need not be a confirmed finding of occurrence of such fraud. The obligations get triggered if auditor has reason to believe that an offence involving fraud is being or has been committed.
| |
(v)
|
Reporting to Central Government of frauds under section 143(12) is no substitute for making suitable qualifications/disclosures in audit report to the members of the company. Nor is such reporting a substitute for compliance with SA 240(Revised) which is mandatory under section 143(9).
|
MANNER OF REPORTING TO THE CENTRAL GOVERNMENT
2. Rule 10.10 of the [draft] Companies Rules, 2013 prescribes the manner of reporting to Central Government under section 143(12).
WHERE FRAUD IS LIKELY TO BE MATERIAL
3. Rule 10.10(1) provides that for the purpose of sub-section (12) of section 143, in case:
the auditor has sufficient reason and information to believe that an offence involving fraud, is being or has been committed against the company by officers or employees of the company,
| |||||||
such fraud is likely to materially affect the company he shall report the matter:
| |||||||
(A)
|
to the Central Government:
| ||||||
(i)
|
Report shall be sent to the Secretary, Ministry of Corporate Affairs in a sealed cover by Registered Post with Acknowledgement Due or by Speed post followed by an email in confirmation of the same.
| ||||||
(ii)
|
Report shall be on the letter-head of the Auditor and be signed by the Auditor with his seal and shall indicate his Membership Number.
| ||||||
(iii)
|
Report shall be in the form of a statement as given in Form No. 10.3:
| ||||||
(B)
|
immediately but not later than 30 days of his knowledge or information,
| ||||||
(C)
|
with a copy:
| ||||||
•
|
to the audit committee or
| ||||||
•
|
in case the company has not constituted an audit committee, to the Board.
| ||||||
When is a fraud material? -Test of materiality- For the purpose of sub-rule (1), materiality shall mean:
(a)
|
fraud(s) that is or are happening frequently; or
| ||
(b)
|
fraud(s) where the amount involved or likely to be involved is not less than
| ||
5% of net profit or
| |||
2% of turnover of the company
| |||
for the preceding financial year.
In view of the words "For the purpose of sub- rule (1)", it is clear that above criteria of materiality in Rule 10.10 applies only for section 143(12) purposes. Question arises whether auditor can use these criteria for formation of opinion on truth and fairness of accounts or not? It appears that the above materiality criteria cannot be used for forming an opinion on true and fair view of accounts. This matter needs clarification of MCA/ICAI.
WHERE FRAUD IS NOT LIKELY TO BE MATERIAL
4. In all other cases, auditors shall send a report in writing:
to the audit committee, and
| ||
where the company has not constituted an audit committee, to the Board.
|
The audit committee or the Board, as the case may be, shall reply to the auditors in writing as to steps taken by the audit committee or the Board in addressing the issues of fraud, including systemic issues.
In case the audit committee or the Board, as the case may be, is not taking action or the auditor is not satisfied with the action taken, he may report to the Central Government even if the fraud is not material in nature.
APPLICABLE TO BRANCH AUDITORS ALSO
5. Rule 10.9 of the [draft] Companies Rules, 2013 provides that the provisions of sub-section (12) of section 143 read with rule 10.10 hereunder regarding reporting of fraud by auditor shall also extend to branch auditor to the extent it relates to the concerned branch. A question arises as to whether the materiality criteria of 5% of net profit or 2% of turnover are to be applied on net profit or turnover of the concerned branch or of the company? This needs clarification by ICAI/MCA.
Comparison of fraud prevention, detection and reporting obligations under CARO, 2003 and section 143(12) of the 2013 Act
Sr. No.
|
Points of Comparison
|
Para 4(xxi) of CARO, 2003
|
The Companies Act, 2013
|
1.
|
Frauds on the company
|
To be reported by the auditor irrespective of whether committed by employees or officers or by third parties
|
To be reported by the auditor if committed by employees or officers
|
2.
|
Frauds by the company
|
To be reported by the auditor
|
Not to be reported
|
3.
|
Reporting by auditor to
|
Members of the company as part of auditor's report
|
Reporting to Central Government, not part of audit reporting to members
|
4.
|
Frauds detected by whom to be reported
|
Frauds noticed or reported (not necessarily by auditor) to be reported
|
Frauds detected by auditor in course of performance of duties to be reported
|
4.
|
Materiality of frauds detected-whether relevant
|
No express provisions on materiality aspect.
|
Materiality affects speed and manner of reporting under section 143(12) and Rule 10.10
|
5.
|
Companies in respect of which obligations cast on auditor
|
Obligations on auditors only in respect of companies to which CARO, 2003 is applicable
|
Obligations on auditors in respect of all companies.
|
6.
|
Obligations in respect of fraud prevention/fraud detection cast on auditors
|
CARO, 2003 as well as Companies Act, 1956 silent on this aspect
|
Auditing Standards made mandatory. Till SAs notified by Central Govt., those issued by ICAI will be mandatory auditing standards. Thus, auditor's Obligations governed by SA 240(Revised) issued by ICAI till Central Govt. notifies SAs
|
CONTROVERSIAL ISSUES
6. The Following controversial issues emerge:
(i)
|
While section 143(12) only requires that the auditor has "reason to believe" that fraud is being or has been committed, Rule 10.10 requires that auditor has sufficient reason and informationto believe that an offence involving fraud, is being or has been committed. The latter test of sufficiency of reason and information to believe stipulated by the Rules for reporting material frauds is much more stringent than "reason to believe"stipulated by the Act. To that extent Rule 10.10 appears to be ultra vires section 143(12).
| |||||||||
(ii)
|
The use of the words sufficient reason and informationto believemakeslife miserable for auditors. Sufficiency of "reasons to believe" will be challenged in courts by company and its management. Mere bona fide reason to believe is not enough and the immunity to auditors for reporting in good faith in sub-section (13) is rendered nugatory. To that extent also, draft rules are ultra vires the Act.
| |||||||||
(iii)
|
Form No.10.3 of draft rules requires auditor to give "Particulars of the officers or employees who are suspected to be involved in the commission of the offence". This involves fixing accountability which is a management function and not an audit function. This requires auditor to tread into prohibited areas.
| |||||||||
(iv)
|
For immaterial frauds, auditor has to take into account reply of audit committee/BOD before making a report to Central Govt while for material frauds the report to Central Govt. is a fait accompli as far as management and audit committee/BOD is concerned. They will get a copy of report made by auditor to MCA. This kind of drastic action should be required from auditors only when they have reasons to believe that audit committee/BOD is hand in glove with fraudsters and not in normal course.
| |||||||||
(v)
|
In case of immaterial frauds, it is not clear for how much time auditor should wait for management to take satisfactory action before reporting to MCA.
| |||||||||
(vi)
|
If the auditor is satisfied with the action taken, he is not required to report to the Central Government even if the fraud is not material in nature. The provisions of the Act only permit Central Govt. to prescribe manner and time of reporting and not to dispense with it altogether.
| |||||||||
(vii)
|
The expression "fraud" is defined in section 447 of the 2013 Act. That definition is applicable only for the purposes of section 447 only. Section 447 defines "fraud" as under:
| |||||||||
(A)
|
Fraud in relation to the affairs of a company or any body corporate includes:
| |||||||||
(i)
|
any act or omission
| |||||||||
(ii)
|
concealment of any fact
| |||||||||
(iii)
|
abuse of position
| |||||||||
(B)
|
The act/omission/concealment/abuse in (A) above is committed:
| |||||||||
by any person or
| ||||||||||
any other person with connivance in any manner.
| ||||||||||
(C)
|
The act/omission/concealment/abuse in (A) above is committed with intent:
| |||||||||
to deceive or
| ||||||||||
to gain undue advantage from or
| ||||||||||
to injure the interests of
| ||||||||||
-
|
the company or
| |||||||||
-
|
its shareholders or
| |||||||||
-
|
its creditors or
| |||||||||
-
|
any other person.
| |||||||||
(D)
|
If ingredients (A) to (C) above are there, it is fraud. It does not matter whether there is any wrongful gain or wrongful loss or not.[Explanation(i) to section 447]
| |||||||||
It is noteworthy that the section uses not just the word 'fraud' but the expression 'offence of fraud'. So question would arise whether the definition of 'fraud' in section 447 would apply to section 143(12) also? Or the word 'fraud' in section 143(12) should be understood in the sense in which it is defined in SA 240(Revised)?
SA 240(Revised) defines 'fraud' as under:
■
|
An intentional act,
| |
■
|
by one or more individuals among management, TCWG, employees, or third parties,
| |
■
|
involving the use of deception,
| |
■
|
to obtain an unjust or illegal advantage.
|
According to SA 240(Revised), the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor – misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets.
This issue needs clarification by MCA/ICAI.
(viii)The word 'offence of fraud' used in section 143(12) runs contrary to the role and responsibilities of auditor outlined in Auditing Standards. According to SA 240 (Revised), the auditor does not make legal determinations of whether fraud has actually occurred.
MANDATORY INTERNAL AUDIT AND STATUTORY AUDITOR'S RELIANCE ON INTERNAL AUDIT
7. Section 138 of the 2013 Act provides as under:
Such class or description of companies as may be prescribed shall be required to appoint an internal auditor to conduct internal audit of books of account of the company.
| ||
Internal auditor shall be a Chartered Accountant or a Cost Accountant or such other professional as may be decided by the Board.
| ||
The Central Government may make rules to prescribe the manner in which internal audit shall be conducted and reported.
|
Draft Rule 9.15(1) provides that the following class of companies shall be required to appoint an internal auditor or a firm of internal auditors:—
(a)
|
every listed company;
| |||
(b)
|
every public company having paid up share capital of Rupees ten crores or more;
| |||
(c)
|
every other public company:
| |||
(i)
|
which has any outstanding loans or borrowings from banks or public financial institutions exceeding twenty five crore rupees or
| |||
(ii)
|
which has accepted deposits of twenty five crore rupees or more at any point of time during the last financial year.
| |||
Draft Rule 9.15(2) provides that the Audit Committee of the company or the Board shall, in consultation with the Internal Auditor, formulate:
(i)
|
the scope,
| |
(ii)
|
functioning,
| |
(iii)
|
periodicity, and
| |
(iv)
|
methodology for conducting the internal audit.
|
Para 4(vii) of CARO, 2003 issued under the Companies Act,1956 required the auditor of a company to report whether the company has an internal audit system commensurate with its size and nature of its business in respect of these companies:
(A)
|
Listed Companies.
| |||
(B)
|
Unlisted Companies which satisfy one of the following two conditions:
| |||
(a)
|
Company's paid-up capital and reserves as at the commencement of the financial year concerned exceeds Rs. 50 lakhs; or
| |||
(b)
|
Company whose average annual turnover for three consecutive immediately preceding financial years exceeds Rs. 5 crores.
| |||
CARO, 2003 & 1956 ACT VIS-A-VIS 2013 ACT ON INTERNAL AUDIT
8. Neither CARO, 2003 nor Companies Act, 1956 casts any legal obligations on any company to have an internal audit system. Even companies covered by CARO, 2003 are not legally obliged to have an internal audit system. Such companies committed no violation of law or offence by not having an internal audit system. Only that auditors of such companies were required to report whether such companies had an internal audit system and adequacy of such system. Thus obligation was cast on auditors of specified companies to report on existence and adequacy of internal audit without any legal obligation on such companies to have an internal audit in place. However, under 2013 Act, if companies covered by section 138 do not have an internal audit system, it is a contravention of section 138 by the company and is punishable under section 450. The issue of statutory auditor relying on internal audit is not covered by 1956 Act. The 2013 Act makes Standards on Auditing mandatory. Therefore, auditor's reliance on internal audit under 2013 Act should be in accordance with SA 610. Otherwise auditor is liable to be punished under section 147 of 2013 Act
AUDITOR'S DUTIES REGARDING REPORTING ON INTERNAL COPNTROLS
9. Para 4(iv) of CARO, 2003 requires the auditor of a company to which CARO, 2003 applies to report:
(A)
|
Adequacy - Is there an internal control procedure commensu rate with the size of the company and the nature of business for the following transactions:—
| ||||
(i)
|
purchase of inventory and fixed assets
| ||||
(ii)
|
sale of goods and services
| ||||
(B)
|
Continuing failure - Whether there is a continuing failure to correct major weaknesses in internal control.
| ||||
Section 143(3)(i) of the 2013 Act requires that the auditor's report shall also state :
whether the company has adequate internal financial controls system in place, and
| ||
the operating effectiveness of such controls.
|
It would appear that section 143(3)(i) of the 2013 Act should be read and interpreted in the context of section 134(5). Section 134(5) of the 2013 Act requires that the Directors Responsibility Statement (DRS) shall state that the directors, in the case of a listed company, have laid down internal financial controls to be followed by the company and that such internal financial controls have been complied with.
"Internal Financial Controls" means the policies and procedures adopted by the company for ensuring:
the orderly and efficient conduct of its business, including adherence to company's policies,
| ||
the safeguarding of its assets,
| ||
the prevention and detection of frauds and errors,
| ||
the accuracy and completeness of the accounting records, and
| ||
the timely preparation of reliable financial information.
|
In view of section 134(5), it appears that that section 143(3)(i) of the 2013 Act would apply only to listed companies. This matter needs clarification by MCA. If directors of unlisted companies are exempted from making a responsibility statement about internal controls, one wonders how a similar exemption will not apply to auditor's obligation to report on internal controls.
It can be seen that auditor's duty to report on internal controls under CARO, 2003 is limited to:
(i)
|
purchase of inventory and fixed assets,
| |
(ii)
|
sale of goods and services.
|
The Companies Act, 2013 requires auditor to report on existence and operating effectiveness of internal financial controls over all transactions and not limited to purchases of inventory and fixed assets and sale of goods and services.
REPORTING ON GOING CONCERN ASSUMPTION
10. Para 4(iv) of CARO, 2003 requires the auditor of a company to which CARO, 2003 applies to report if substantial part of fixed assets have been disposed of during the year whether it has affected the going concern. ICAI's Statement on CARO, 2003 opines that it is not correct to say that "if there is no substantial sale of fixed assets, there is no need to consider the going concern question". According to ICAI's Statement on CARO, 2003, CARO, 2003 does not absolve the auditor of his responsibilities under SA 570(Revised). As there will be several other indications of risk that going concern assumption is appropriate, the auditor, notwithstanding his comments under Para 4(i)(c) of CARO, 2003, should also comply with SA 570.(Revised). Auditing Standards are not recognized under the Companies Act, 1956. The 2013 Act has accorded statutory recognition to auditing standards and has made it mandatory for auditors to comply with them. Till SAs notified by Central Govt., those issued by ICAI will be mandatory auditing standards. Thus, auditor's obligations governed by SA 570(Revised) issued by ICAI till Central Govt. notifies SAs
CONCLUSION
11. The Central Government is yet to notify the equivalent of CARO, 2003 under section 143(11) of the Companies Act, 2013. Nevertheless, from the provisions of the 2013 Act and Draft Companies Rules, 2013, it is possible to discern which way the wind is blowing.
■■
CA SANJAY DEWAN
Updating with the latest technology and implementing it is the only way to survive in our niche. Thanks for making me this article.
ReplyDeleteNode JS training in chennai | Node JS training institute in chennai
YENİ PERDE MODELLERİ
ReplyDeletesms onay
mobil ödeme bozdurma
nft nasıl alınır
ankara evden eve nakliyat
trafik sigortası
dedektör
kurma websitesi
aşk kitapları