Internal Controls including Sarbanes Oxley Compliance and Clause 49 listing agreement compliances
The COSO framework in 1992 established a solid foundation for a structured look at Internal Controls. Various Governance Regulations since then like Sarbanes Oxley Act in the US, SAS 70 requirements and Clause 49 of the listing agreement in India have sought to improve corporate governance in organisations with stress on certification by CEO’s and CFO’s on adequacy of Internal Controls in the organisation.
We work with organisations in mapping processes and identifying the controls as embedded in the processes. Internal Controls identified are categorised in one of five COSO components – Control Environment, Risk Assessment, Control Activities, Information & Communication and Monitoring and also in terms of Key and Non Key in its ability to mitigate the risk. Each control activity is further identified in terms of its impact on nature of assertion (existence, occurrence, valuation, completion, presentation & disclosure, rights & obligations) made in the financial statements. The internal control design is reviewed and need for strengthening identified. The Performance of the designed internal control is reviewed for effectiveness by auditing relevant samples for each control.
Illustrative Scope and Methodology for an assignment
OBJECTIVETo ensure that the company has established systems and procedures that enable them to comply with the requirements under Clause 49 of the listing agreement.
A compliance review involving study and scrutiny of documents, correspondence between Board members and the Company, Notices for Board Meetings, Papers circulated to the Board for the meetings, Board minutes and Returns and other documents filed with the ROC.
Independent Directors need to review legal compliance reports submitted by the company as well as measures taken to cure any taint. While the onus is on the company to present, we shall support their efforts by reviewing the compliance mechanism to the various requirements under the following statutes as also doing a sample check on the transactions compliance and a review of all returns and compliance certificates filed with the various regulatory authorities –
Name of Acts:
- Trade Marks Act, 1999
- The Payment of Bonus Act, 1965
- The Companies Act, 1956
- The Competition Act, 2002
- Contract Labour (Regulation & Abolition) Act, 1970, if applicable
- The Copyrights Act, 1957
- Customs Act, 1962
- Design Act, 1911
- Payment of Gratuity Act, 1972
- Income Tax Act, 1961
- The Maternity Benefit Act, 1961
- Bombay Municipal Corporation Act, 1888
- The Negotiable Instruments Act, 1881
- Maharashtra Tax on Professions, Trades, Callings and Employments Act, 1975
- Employees Provident Fund and Miscellaneous Provisions Act, 1952
- The Registration Act, 1908
- Guidelines for Disclosure and Investor Protection
- Listing Agreement
- The Bombay Shops and Establishment Act, 1948
- Arbitration and Conciliation Act, 1996
- Employee’s State Insurance Act, 1948
- Equal Remuneration Act, 1976
- Employment Exchanges (Compulsory notification of vacancies), 1959
- Insider Trading Rules
- Information Technology Act, 2000
- Sales Tax Act- Value Added Tax, 2004
- Service Tax Act, 1994
- Foreign Exchange Management Act, 1999
In case there is no manual outlining critical compliances under the various statutes, we shall create a Statutory Manual that can be used by the process owners to review compliances on a regular basis as a first step during our first quarter review. While this manual is not expected to be a reproduction of all provisions, rules and circulars/notifications issued under the various laws from time to time, it shall highlight key compliance requirements including schedule for filing various returns and forms with the required authorities.
The Statutory Manual shall be offered for vetting to the Project Coordinator from the company, which shall be the final authority for signing off this manual. The regular review and updated maintenance of this manual shall be with an identified official from the Legal Department or such other function as deemed suitable by the Company Management.
In case a Code of Conduct does not exist, establish code of conduct for the Board and employees of the company.
A compliance review involving study and scrutiny of documents, correspondence between Audit Committee members and the Company, Notices for Audit Committee Meetings, Papers circulated to the Audit Committee for the meetings and Audit Committee minutes. If required this may also involve discussions with Audit Committee members.
Establishment or maintenance of Whistleblower Policy.
Certification of compliance to Corporate Governance guidelines as given in Clause 49 of the listing agreement.