IntroductionWorldwide, companies are striving to survive in adverse economic and competitive market conditions. This survival struggle often results in some of them engaging in unethical business practices such as fraud, espionage and corruption. To help organisations mitigate these risks, regulatory bodies, both international and national, have reformed and implemented several stringent laws and regulations. These include Foreign Corrupt Practices Act (FCPA) in the US, UK Bribery Act in UK and the new Companies Act, 2013 in India.
The Companies Act 2013 – A new era of corporate governance
According to the 13th Global Fraud Survey, 2013 by EY, 34% of India respondents said that they resorted to unethical actions in a business situation, which is the second highest amongst the surveyed nations. The Companies Act, 2013 is set to be a game changer for corporate India, paving the way for an enhanced control environment, greater transparency and higher standards of governance. Section 447, under the Act for the first time provides a definition of fraud and also makes extensive provisions for penalising fraudulent activities.
The Securities and Exchange Board of India (SEBI) has specifically outlined the Clause 49 of the Listing Agreement to adopt leading global practices on corporate governance and to make the corporate governance framework more effective. The enforcement of these norms demands organisations to provide assurance to the board, audit committee on adequacy of internal controls, effective risk management process, anti-fraud controls and effective legal compliance framework. With these changes in place, the role of an auditor has undergone a significant transformation.
Reporting on internal financial controls
Management is still dependent on auditors to provide them assurance on anti-fraud controls which are in place across businesses, together with the ability to detect and deter a potential fraud. Auditors are expected to evaluate accounting systems for weakness, reviewing and monitoring internal controls, determining the degree of fraud risks and interpreting financial data for picking up unusual trends and following up on red flags.
The Companies Act, 2013 has made it mandatory for the auditors to comment on whether the company has adequate internal financial controls system in place and operating effectiveness for such controls. Here, the term, ‘internal financial controls,’ means the policies and procedures adopted by the company for ensuring orderly and efficient conduct of its business, including the prevention and detection of frauds or errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.
Evaluating fraud risks
An auditor should have the ability to understand how a fraud is committed and how it can be identified. He/ she should also understand the underlying factors that motivate individuals to commit fraud. As per the Companies Act, 2013, the term ‘fraud’ includes any act, omission, concealment of any fact or abuse of the position committed by any person, with intent to deceive, to gain undue advantage from, or to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss.
• Under the Act, liability and punishment for fraud is extended to every individual who has been a party to it intentionally, including the auditors of the organisations.
• Auditors need to be involved in monitoring the whistleblowing mechanism, which is made mandatory for directors and all employees to report genuine cases of frauds.
Therefore, an auditor is expected to be in a position to identify potentially fraudulent situations during the course of the audit and play a vital role in preventing fraud and other unethical acts. It is essential they remain unbiased and must conduct the audit with a clear mind-set to catch possible material misstatements resulting from a fraud. This should be regardless of their relationship with the organisation or their belief about the management’s honesty or integrity. Objectively, the auditor is always in a better position to detect symptoms that accompany fraud, and usually has continual presence in the organisation. This provides them with a better understanding of the organisation and its internal financial controls.
With the new legislations, the auditor will now need to take responsibility over the adequacy of fraud prevention measures in various business processes. He/she is required to exercise professional scepticism, which requires an ongoing questioning of whether the information and evidence obtained suggests that a material misstatement or fraud has occurred. Sometimes, he/ she may even have to undertake extended audit procedures in areas where potential red flags were noticed. Another key consideration is the inclusion of fraud detection procedure as part of every audit and keeping an eye open for red flags.
Proactive auditing to look for fraud risks
In this new era of auditing, ushered in by the Companies Act 2013, Auditors will have to proactively look for fraud vulnerabilities and fraud risks, by extending the audit procedure to:
Examine and evaluate the adequacy and effectiveness of internal financial controls
• Unusual transactions
• Adjustments in the period-end financial reporting process
• Related party transactions
Make use of data analytics to find unfamiliar items and perform detailed analyses of high risk transactions
Identify relevant fraud risks: Understand the business environment. Review the documentation of previous and suspected frauds, monitoring the reporting through whistle-blowing mechanisms and formulating the ethics programme
Outline existing controls to potential fraud schemes and carry out a gap assessment.
In the standard audit reports that accompany corporate financial statements, the auditor’s responsibility for detecting fraud is not discussed. Indeed, the word fraud isn’t mentioned at all. The auditing profession calls the discrepancy between what investors expect and what auditors do an “expectations gap.”
In recent years, audit firms have attempted to close the gap by educating the public on their role. Even though fraud is not one of the main objectives of auditors, it has been observed in past few years they have been instrumental in detecting or raising a warning sign to the management. It has been an increasing trend that the auditors have come across a fraud or a potential fraud and highlighted the same to the management or investigating agencies. It is with their help that investigators are able to crack the toughest cases by using various forensic tools and techniques such as data analytics, disk imaging, extensive public domain searches etc. Understanding fraud risk and developing the necessary skills for fraud detection is now a necessity for auditors; as stakeholders expect them to be red flag bearers of good corporate governance within the company.
The road ahead
Going forward, the role of the auditor is expected to become much more onerous as the board, management and Independent Directors seek increased comfort on newer areas to comply with the complex regulatory environment and legal duties and responsibilities. Their role is set to evolve into a more extensive, outward, forward looking and continuous activity to help deliver a more sustainable, efficient and effective audit function.
Please note: Views expressed in this article are personal to the author.
