Internal Controls including Sarbanes Oxley Compliance and Clause 49 listing agreement compliances

The COSO framework in 1992 established a solid foundation for a structured look at Internal Controls. Various Governance Regulations since then like Sarbanes Oxley Act in the US, SAS 70 requirements and Clause 49 of the listing agreement in India have sought to improve corporate governance in organisations with stress on certification by CEO’s and CFO’s on adequacy of Internal Controls in the organisation.

We work with organisations in mapping processes and identifying the controls as embedded in the processes. Internal Controls identified are categorised in one of five COSO components – Control Environment, Risk Assessment, Control Activities, Information & Communication and Monitoring and also in terms of Key and Non Key in its ability to mitigate the risk. Each control activity is further identified in terms of its impact on nature of assertion (existence, occurrence, valuation, completion, presentation & disclosure, rights & obligations) made in the financial statements. The internal control design is reviewed and need for strengthening identified. The Performance of the designed internal control is reviewed for effectiveness by auditing relevant samples for each control.

Illustrative Scope and Methodology for an assignment :

OBJECTIVE

To ensure that the company has established systems and procedures that enable them to comply with the requirements under Clause 49 of the listing agreement.

METHODOLOGY

A compliance review involving study and scrutiny of documents, correspondence between Board members and the Company, Notices for Board Meetings, Papers circulated to the Board for the meetings, Board minutes and Returns and other documents filed with the ROC.

Independent Directors need to review legal compliance reports submitted by the company as well as measures taken to cure any taint. While the onus is on the company to present, we shall support their efforts by reviewing the compliance mechanism to the various requirements under the following statutes as also doing a sample check on the transactions compliance and a review of all returns and compliance certificates filed with the various regulatory authorities –

S.No. Name of Acts
1 Trade Marks Act, 1999
2 The Payment of Bonus Act, 1965
3 The Companies Act, 1956
4 The Competition Act, 2002
5 Contract Labour (Regulation & Abolition) Act, 1970, if applicable
6 The Copyrights Act, 1957
7 Customs Act, 1962
8 Design Act, 1911
9 Payment of Gratuity Act, 1972
10 Income Tax Act, 1961
11 The Maternity Benefit Act, 1961
12 Bombay Municipal Corporation Act, 1888
13 The Negotiable Instruments Act, 1881
14 Maharashtra Tax on Professions, Trades, Callings and Employments Act, 1975
15 Employees Provident Fund and Miscellaneous Provisions Act, 1952
16 The Registration Act, 1908
17 Guidelines for Disclosure and Investor Protection
18 Listing Agreement
19 The Bombay Shops and Establishment Act, 1948
20 Arbitration and Conciliation Act, 1996
21 Employee’s State Insurance Act, 1948
22 Equal Remuneration Act, 1976
23 Employment Exchanges (Compulsory notification of vacancies), 1959
24 Insider Trading Rules
25 Information Technology Act, 2000
26 Sales Tax Act- Value Added Tax, 2004
27 Service Tax Act, 1994
28 Foreign Exchange Management Act, 1999
29 ...
30 ...

In case there is no manual outlining critical compliances under the various statutes, we shall create a Statutory Manual that can be used by the process owners to review compliances on a regular basis as a first step during our first quarter review. While this manual is not expected to be a reproduction of all provisions, rules and circulars/notifications issued under the various laws from time to time, it shall highlight key compliance requirements including schedule for filing various returns and forms with the required authorities.

The Statutory Manual shall be offered for vetting to the Project Coordinator from the company, which shall be the final authority for signing off this manual. The regular review and updated maintenance of this manual shall be with an identified official from the Legal Department or such other function as deemed suitable by the Company Management.

In case a Code of Conduct does not exist, establish code of conduct for the Board and employees of the company.

A compliance review involving study and scrutiny of documents, correspondence between Audit Committee members and the Company, Notices for Audit Committee Meetings, Papers circulated to the Audit Committee for the meetings and Audit Committee minutes. If required this may also involve discussions with Audit Committee members.

Establishment or maintenance of Whistleblower Policy.

Certification of compliance to Corporate Governance guidelines as given in Clause 49 of the listing agreement.

DELIVERABLES

Report on the compliance status of the company and its subsidiaries to the Clause requirements on a quarterly basis identifying exceptions of non compliance.

Report on statutory compliances on a quarterly basis on the laws identified and listed for compliance reviews.

Statutory Compliance Manual outlining key compliance points and compliance schedule for returns and payment of various taxes and levies.

Code of Conduct for Board and Employees.

Whistleblower Policy.

Issue of Certificate of Compliance.

So if you are looking to strengthen the Internal Control reporting framework in your organisation, get in touch with us.

Contact us at info@samaaudit.com