1

Corporate Governance as

a Shield for Fraud

2

Contents

•Understanding corporate governance

•Indian and global governance trends

•Lessons learnt from high-profile corporate frauds

•Practices to combat fraud – Companies and Regulators

3

Understanding Corporate Governance

4

Strategic investors

Promoters

Minority stakeholde

rs

Independent

directors

Employees

Customers and

vendors

Regulators

Company stakeholders

World Bank Definition: Corporate governance is about promoting corporate fairness, transparency and accountability

Analysts

Input to strategy Right management team -succession

planning and performance evaluation Risk Management Monitor performance Stakeholder relations / accountability Monitor compliance

The Board

Management

Establish the right culture Right people in the right roles The right framework to monitor

performance Financial Reporting integrity Independent and objective assurance Stakeholder relations / accountability

What does good governance entail?

Financial Institution

s

Society at large

5

Why is good corporate governance important?

And why is this important …

Enhances reputation and brand

Adds value to strategy

Reduces cost of capital

Transition to professional management / succession

Improves positioning in the market

Attracts Investors

What is expected…

Wealth creation for Shareholders

Integrity and Ethics in Business

Focus on Sustainability

Issues

Development of Human Capital

Responsibility to communities

A new S&P study on corporategovernance at Indian companiessuggest:

• There is a link between corporate governance and market value

• Specifically, for every 1 point increase in the S&P governance score, a company's market value increased by 3%.

• Firms having high corporate governance scores were less leveraged with higher ROI and stableprofit margin.

6

Indian and Global Governance Trends

7

Governance trends in India

KPMG’s Corporate governance poll (2009) –

key highlights

Weak oversight and monitoring Empowerment to independent directors Protect minority shareholder interests Skill-sets of board

Stakeholder concerns

Linking CEO remuneration to company

performance Enhancing integrity and ethical values Accountability for oversight

Transparency and Accountability

Sufficiency of time and quality of information Risk management practices and board

oversight CSR and sustainability need greater attention

Board practices and priorities

Stronger regulatory review and exemplary enforcement

Principles based framework is more effective than Rules – Comply or Explain

Governance regulations

Increasingly Indian companies are focusing on quality of information, risk oversight and board evaluation processes to enhance the effectiveness of their oversight.

Respondents also indicate that there is a significant need to enhance integrity and ethical values in the larger eco-system.

8

Global developments that emphasize a paradigm shift in corporate governance . . .

There is greater directness and intensity in oversight

Principles based governance is taking firm roots

Risk oversight and management is assuming centre stage

Institutional activism– segregating the CEO and Board chair roles

Greater scrutiny of executive compensation and aligning it to long term performance

While enhancements to existing regulations are being proposed, corporates too are improving their practices

More focus on strengthening assurance functions

9

The nature of oversight is changing….

A review of disclosures

and earnings releases

A change in board’s

interaction with

management

An increased discussion at

executive sessions

An intense focus on Risk Management

2 3 54

There is a paradigm shift in Board and Audit Committee Oversight which means:

“Oversight” has a different meaning from what it was a year or two ago

Greater attention to

strategy

Focus on Fraud risk

1 6

Higher priority on succession planning Greater priority on scrutiny of performance and comparison to industry peers – is this too

good to be true? Have expertise in financial knowledge, performance and talent management Engage management in substantive debates about strategy Have access to significant executives beyond the most senior levels Good or optimal access to leading industry indicators and data

What highly influential Boards do differently?

10

Lessons Learnt from High-Profile Corporate Frauds

11

• Board and board committees’ lacked independence

• Executive directors were not accountable

• Promoter CEO wielded absolute control

What were the issues that led to the fraud?

• Inability of a high profile board to challenge promoters on dubious related-party transactions

•Lack of independent and objective assurance

•Lack of antifraud program and controls

What were the issues that led to the fraud?

Recent corporate frauds – key issues that led to it

Enron a case of ethical breakdown……

What were the issues that led to the fraud?

• Board members were not truly independent

• Board and board committees’ oversight practices were ineffective

• Breakdown of ethical procedures

• Lack of auditor independence

Parmalat and Satyam, cases where promoters were involved in committing fraud

12

Accounting frauds – Common red flags

Cost reduction initiatives increase the potential for internal control breakdowns and frauds

Oversight of senior management activities is lacking thereby giving rise to the potential for management override

Management incentives tied to short term performance measures

Disagreements between the auditors and management are either not known or known too late by the audit committee

Complex accounting issues, frequent changes to accounting policies with inadequate time to review them

Access controls and segregation of duties ineffectively configured at the time of implementing new IT systems

Urge to beat market expectations on earnings

Internal audit does not have adequate stature, independence and skill sets

13

Practices to combat fraud

-What should companies be doing?-What should regulators be doing?

14

What should companies be doing?

15

The 3 Ps of combating fraud

People

Philosophies

Processes

The Ethical Ecosystem of an Organization is based on three corner stones

1

2 3

3. Processes1. Philosophies 2. People

• Governance• Leadership value system• Code of Conduct, Ethics

• Recruitment• Training• Performance management• Delegation

• Policies• Control environment• IT systems• Assurance

16

2Operationalize the value system and code of conduct / ethics

Establish an effective anti-fraud program

Use technology driven assurance processes

Strengthening governance structure to combat fraud – key focus areas

3

4

Enhance audit committee effectiveness1

17

Enhance audit committee effectiveness 1

Explicitly review and approve the appointment of auditors and the audit plans for adequacy of scope, coverage and performance

Proactively monitor major financial transactions and compensation policies including coordinating with other board committees

Conduct executive sessions with internal and external auditors

Review and approve anti fraud programs and controls

Scrutinize related-party transactions closely

18

Lessons Learnt by Audit Committees from Global Accounting Frauds

Need for independent audit committees with deeper financial expertise

Need to get external perspectives on the company

Need for a strong and objective internal audit function

Need for audit committees to be attentive to all aspects of the external and internal audit process

Broadening the scope of the

audit committee

19

Improving oversight of financial reporting – aspects to consider by the audit committee (1)

Accounting and Reporting:Be informed of:

•Actual or likely changes in accounting rules and regulations, which will affect the company’s financial statements

•Changes in the business environment and the auditors’ reaction to these changes

•Critical accounting policies of the company and material alternative accounting treatments selected by the management, including reasons for selection

Interactions with external auditor:

•Challenge the external audit risk assessments and audit plan for key differences with management’s assessment of risks

•Review external auditor’s assessment of internal control systems and anti –fraud controls (including whether and how the external auditor has reviewed areas susceptible to management override)

•Adopt procedures with respect to independence of the external auditor and private sessions

•Determine to what extent the external auditors place reliance on Internal Audit work

•Evaluate how external auditors have assessed complex areas (significant estimates, alternative accounting treatments, disclosures)

•Resolution of audit differences with management

20

Improving oversight of financial reporting – aspects to consider by the audit committee (2)

Quarterly Discussions on Financial Reporting

Review:

•Consistency of reported and planned results

•Review the inter-linkages between operational / strategic developments and its impact on financials (is it in line with expectations)

•Company financial results relative to peer group and competitors

•Consistency of facts presented in financial statements with those in the Management’s Discussion and Analysis and other non-financial statement disclosures

•Accounting principles and practices relative to industry norms

•Significant accounting estimates and judgments

•Significant complex and/or unusual transactions

•Significant related party transactions

•Complaints received regarding accounting and auditing matters, including ‘whistleblower’ information

21

Operationalise the code of conduct

An objective and independent whistle blower

program

Strong internal audit to monitor code of conduct

compliance

Operationalizing the Code of Conduct entails having:

2

22

An objective and independent whistle blower programAttributes of a best-in-class whistle blower process/mechanism:

Confidentiality: All matters reported are treated confidentially.

Anonymity: The organization’s protocols allow for anonymous submission of issues.

Organization-wide applicability: Employees at international locations are able to use the process/mechanism 24*7

Real-time assistance: The mechanism provides immediate “live” response (Eg: Hotline)

Data management process: The mechanism uses consistent protocols to gather relevant facts

Audit committee notification: The mechanism has protocols to determine which allegations are to be escalated to the audit committee

Prominent communications: The whistle blower process is well publicized and its awareness among employees increased through formal/informal training sessions

Multiple channels: The mechanism offers multiple communication channels such as hotline, email and website for employees to raise issues

23

Strong internal audit to monitor code of conduct compliance: a Unilever example

How do you monitor breaches to the code of conduct?

Is your staff familiar with the code??

?

?

?

How have you communicated the code of conduct to staff members?

How do you investigate and deal with suspected breaches?

Some questions that auditors ask staff at Unilever

How do they monitor

compliance?

Reflect on whether senior executives and business managers value the work of internal auditing

Audit areas where staff is not getting enough training on the meaning of the code

>

>

>

>

Audit areas where there is evidence that management action in response to confirmed code breaches is not appropriate

Survey if evidence on staff attitudes about the importance of control and compliance flags a disconnect between what the leadership says and what is actually happening

> Monitor whether there are any trends in the issues employees are raising

24

Strengthening Internal Audit to combat accounting fraud

•Flexible audit planning / scheduling methodologies with rolling risk assessments

•Greater reliance on technological tools that facilitate monitoring key risk indicators and continuous auditing/ monitoring

Greater coverage

Continuoustesting of key

controls

Lower audit

costs

89% 85% 61%

Ability to test 100% of the population

67%On-going

identification of changing risk levels

67%

What is required from Internal Audit?

Results from a recent IIA Gain survey of senior executives at Fortune 500 companies points to the following major benefits with continuous auditing/continuous monitoring (CA/CM):

25

Establish an effective anti-fraud program

Do organizations assess fraud risk exposure periodically?

Is there a fraud risk management program in place?

2

1

Are preventive and detective anti-fraud techniques in place?3

Is there a consistent approach to investigate fraud or suspected occurrences including a reporting process?

4

3

26

Undertaking a comprehensive fraud risk assessment – key aspects to consider

>

>

Organizational assets, operations that are susceptible to fraud

Reports of auditors – internal and external audits

Segregation of duties>

Employee morale and turnover>

>

>

Adequacy of existing anti-fraud programs and their monitoring

Past events and responses

Likelihood of a significant fraud happening>

Compliance issues / response to audit findings and surveys

>

>

>

Monitoring of ethical breaches

How are subsidiary performances monitored?

27

Use technology driven assurance processes

IA has the primary responsibility for fraud risk assessment and monitoring

Data mining tools are effective in preventing or detecting frauds in organizations

IA either does not focus on fraud risk or conduct investigations concerning frauds – only if required by management

56%

41%

60%

• Shortage of specialist skill

• Low level of skills, confidence in use of technological aids

• IA’s position / stature

KEY CHALLENGES:

4

A recent KPMG survey reveals that more is expected of internal audit in the sphere of fraud

28

What should regulators be doing?

29

More clarity needed on roles, responsibilities and liabilities

Increased clarity around duties, responsibilities and liabilities of directors

Transparent and unambiguous penalties and prosecution for breach of duties

Strengthening the enforcement framework/ simplifying the judicial process (e.g. rules and criteria to fund investor associations in class action suits)

Feedback mechanism between directors and regulators (e.g. recent spate of resignations in directors and how the regulator responded)

Regulators could consider strengthening regulations by providing more clarity on fiduciary responsibilities of the board and auditors, and introducing penalty clauses for

breach of duties. More importantly, regulators should strengthen their enforcement framework.

1

2

3

4

5

30

Key global regulatory best practices

Audit Inspection Unit, which undertakes inspection of individual audit firms and makes its reports publicly available

The review of “Operating and Financial Review” by the Financial Reporting Review Panel in the UK

SEC in the US prosecutes over 50 cases every quarter of insider trading with sizeable penalties

Clear mandate, resources and tools are fundamental to ensure effective regulatory oversight

6

1

2

3

Financial Fraud Enforcement Task Force – a recently set-up interagency task force in the US– to combat financial fraud at a national level.

4

31

Questions

Thank you!