Corporate Governance as a Shield

for Fraud

1
Contents

• Understanding corporate governance

• Indian and global governance trends

• Lessons learnt from high-profile corporate frauds

• Practices to combat fraud – Companies and Regulators

2
Understanding Corporate Governance

3
What does good governance entail?

World Bank Definition: Corporate governance is about promoting corporate fairness, transparency and
accountability
Financial
Institutions

Strategic
investors  Input to strategy
 Right management team -succession planning and
Promoters performance evaluation
 Risk Management
Minority The Board
stakeholders  Monitor performance
 Stakeholder relations / accountability
Independent
directors  Monitor compliance
Company
stakeholders Employees

 Establish the right culture

Customers
and vendors  Right people in the right roles
 The right framework to monitor performance Management
Regulators  Financial Reporting integrity
 Independent and objective assurance
Analysts
 Stakeholder relations / accountability
Society at
large

4
Why is good corporate governance important?

What is expected… And why is this important …

Wealth creation for

Shareholders Enhances reputation and brand

A new S&P study on corporate

governance at Indian companies
Integrity and Ethics in Adds value to strategy
suggest:
Business
• There is a link between corporate
governance and market value
Attracts Investors
Responsibility to • Specifically, for every 1 point increase
communities in the S&P governance score, a
company's market value increased
Improves positioning in the market
by 3%.

Development of Human • Firms having high corporate

Capital Transition to professional governance scores were less
management / succession leveraged with higher ROI and stable
profit margin.

Focus on Sustainability Reduces cost of capital

Issues

5
Indian and Global Governance Trends

6
Governance trends in India

Increasingly Indian companies are focusing on quality of information, risk oversight and board evaluation processes
to enhance the effectiveness of their oversight. Respondents also indicate that there is a significant need to enhance
integrity and ethical values in the larger eco-system.

Governance regulations Stakeholder concerns

 Stronger regulatory review and exemplary  Weak oversight and monitoring
enforcement  Empowerment to independent directors
 Principles based framework is more effective
 Protect minority shareholder interests
than Rules – Comply or Explain
 Skill-sets of board

KPMG’s Corporate governance

poll (2009) – key highlights

 Sufficiency of time and quality of information  Linking CEO remuneration to company

 Risk management practices and board performance
oversight  Enhancing integrity and ethical values
 CSR and sustainability need greater attention  Accountability for oversight

Board practices and priorities Transparency and Accountability

7
Global developments that emphasize a paradigm shift in
corporate governance . . .

While enhancements to existing regulations are being proposed, corporates too are improving their practices

There is greater directness and intensity in oversight

Principles based governance is taking firm roots

Risk oversight and management is assuming centre stage

Institutional activism– segregating the CEO and Board chair

roles
Greater scrutiny of executive compensation and aligning it to
long term performance

More focus on strengthening assurance functions

8
 The nature of oversight is changing….

There is a paradigm shift in Board and Audit Committee Oversight which means:

1 2 3 4 5 6
A change in A review of An increased
Greater board’s An intense
interaction disclosures discussion at Focus on
attention to focus on Risk
strategy with Management and earnings executive Fraud risk
management releases sessions

What highly influential Boards do differently?

 Higher priority on succession planning
 Greater priority on scrutiny of performance and comparison to industry peers – is this too
good to be true?
 Have expertise in financial knowledge, performance and talent management
 Engage management in substantive debates about strategy
 Have access to significant executives beyond the most senior levels
 Good or optimal access to leading industry indicators and data

“Oversight” has a different meaning from what it was a year or two ago

9
Lessons Learnt from High-Profile Corporate Frauds

10
 Recent corporate frauds – key issues that led to it

Enron a case of ethical breakdown……

What were the issues that led to the fraud?

• Board members were not truly independent
• Board and board committees’ oversight practices were ineffective
• Breakdown of ethical procedures
• Lack of auditor independence

Parmalat and Satyam, cases where promoters were involved in committing fraud

What were the issues that led to

What were the issues that led to
the fraud?
• Board and board committees’ lacked
independence
• Executive directors were not accountable
• Promoter CEO wielded absolute control
the fraud?
• Inability of a high profile board to
challenge promoters on
dubious related-party transactions
•Lack of independent and objective assurance
•Lack of antifraud program and controls

11
Accounting frauds – Common red flags

Cost reduction initiatives increase the potential for internal

control breakdowns and frauds

Oversight of senior management activities is lacking thereby giving rise

to the potential for management override

Disagreements between the auditors and management are either not known
or known too late by the audit committee

Complex accounting issues, frequent changes to accounting policies with

inadequate time to review them

Access controls and segregation of duties ineffectively configured at the time of

implementing new IT systems

Management incentives tied to short term performance measures

Urge to beat market expectations on earnings

Internal audit does not have adequate stature, independence and skill sets

12
 Practices to combat fraud

-What should companies be doing?

-What should regulators be doing?

13
What should companies be doing?

14
 The 3 Ps of combating fraud

1
Philosophies
The Ethical Ecosystem of
an Organization is based
on three corner stones

2 3

People Processes

1. Philosophies 2. People 3. Processes

• Recruitment • Policies
• Governance
• Training • Control environment
• Leadership value system
• Performance management • IT systems
• Code of Conduct, Ethics
• Delegation • Assurance

15
Strengthening governance structure to combat fraud – key
focus areas

1 Enhance audit committee effectiveness

2 Operationalize the value system and code of conduct / ethics

3 Establish an effective anti-fraud program

4 Use technology driven assurance processes

16
Enhance audit committee effectiveness 1

Explicitly review and approve the appointment of auditors and the audit plans
for adequacy of scope, coverage and performance

Proactively monitor major financial transactions and compensation policies

including coordinating with other board committees

Conduct executive sessions with internal and external auditors

Review and approve anti fraud programs and controls

Scrutinize related-party transactions closely

17
 Lessons Learnt by Audit Committees from Global
Accounting Frauds

Need for independent audit committees with deeper

financial expertise

Need to get external perspectives on the company

Broadening the
scope of the
audit committee

Need for a strong and objective internal audit function

Need for audit committees to be attentive to all aspects of

the external and internal audit process

18
 Improving oversight of financial reporting – aspects to
consider by the audit committee (1)

Interactions with external auditor:

• Challenge the external audit risk assessments and audit plan for key differences with management’s assessment
of risks
• Review external auditor’s assessment of internal control systems and anti –fraud controls (including whether
and how the external auditor has reviewed areas susceptible to management override)
• Adopt procedures with respect to independence of the external auditor and private sessions
• Determine to what extent the external auditors place reliance on Internal Audit work
• Evaluate how external auditors have assessed complex areas (significant estimates, alternative accounting
treatments, disclosures)
• Resolution of audit differences with management

Accounting and Reporting:

Be informed of:
• Actual or likely changes in accounting rules and regulations, which will affect the company’s financial statements
• Changes in the business environment and the auditors’ reaction to these changes
• Critical accounting policies of the company and material alternative accounting treatments selected by the
management, including reasons for selection

19
 Improving oversight of financial reporting – aspects to
consider by the audit committee (2)

Quarterly Discussions on Financial Reporting

Review:
• Consistency of reported and planned results
• Review the inter-linkages between operational / strategic developments and its impact on financials (is it in line
with expectations)
• Company financial results relative to peer group and competitors
• Consistency of facts presented in financial statements with those in the Management’s Discussion and Analysis
and other non-financial statement disclosures
• Accounting principles and practices relative to industry norms
• Significant accounting estimates and judgments
• Significant complex and/or unusual transactions
• Significant related party transactions
• Complaints received regarding accounting and auditing matters, including ‘whistleblower’ information

20
Operationalise the code of conduct 2

Operationalizing the Code of Conduct entails having:

An objective and independent whistle Strong internal audit to monitor code of

blower program conduct compliance

21
An objective and independent whistle blower program

Attributes of a best-in-class whistle blower process/mechanism:

Confidentiality: All matters reported are treated confidentially.

Anonymity: The organization’s protocols allow for anonymous submission of issues.

Organization-wide applicability: Employees at international locations are able to use the

process/mechanism 24*7
Multiple channels: The mechanism offers multiple communication channels such as hotline,
email and website for employees to raise issues

Real-time assistance: The mechanism provides immediate “live” response (Eg: Hotline)

Data management process: The mechanism uses consistent protocols to gather relevant facts

Audit committee notification: The mechanism has protocols to determine which allegations are to
be escalated to the audit committee

Prominent communications: The whistle blower process is well publicized and its awareness
among employees increased through formal/informal training sessions

22
 Strong internal audit to monitor code of conduct compliance:
a Unilever example
? Is your staff familiar with the code?

? How have you communicated the code of conduct to staff

members? Some questions that
auditors ask staff at
? How do you monitor breaches to the code of conduct? Unilever

? How do you investigate and deal with suspected breaches?

> Audit areas where staff is not getting enough training on the
meaning of the code

Audit areas where there is evidence that management action in

>
response to confirmed code breaches is not appropriate

How do they monitor Reflect on whether senior executives and business managers value
>
compliance? the work of internal auditing
Survey if evidence on staff attitudes about the importance of
> control and compliance flags a disconnect between what the
leadership says and what is actually happening
Monitor whether there are any trends in the issues employees are
>
raising
23
 Strengthening Internal Audit to combat accounting fraud

What is required from Internal Audit?

• Flexible audit planning / scheduling methodologies with rolling risk assessments

• Greater reliance on technological tools that facilitate monitoring key risk indicators and continuous
auditing/ monitoring

Results from a recent IIA Gain survey of senior executives at Fortune 500 companies points to the
following major benefits with continuous auditing/continuous monitoring (CA/CM):

89% Greater coverage

85% Continuous 61% Lower audit
testing of key controls costs

On-going
Ability to test 100% of
67% the population 67% identification of
changing risk levels

24
Establish an effective anti-fraud program 3

1 Is there a fraud risk management program in place?

2 Do organizations assess fraud risk exposure periodically?

3 Are preventive and detective anti-fraud techniques in place?

4 Is there a consistent approach to investigate fraud or suspected occurrences including a

reporting process?

25
Undertaking a comprehensive fraud risk assessment – key
aspects to consider
> Organizational assets, operations that are susceptible to fraud

> Reports of auditors – internal and external audits

> Segregation of duties

> Employee morale and turnover

> Adequacy of existing anti-fraud programs and their monitoring

> Past events and responses

> Likelihood of a significant fraud happening

> Compliance issues / response to audit findings and surveys

> Monitoring of ethical breaches

> How are subsidiary performances monitored?

26
 Use technology driven assurance processes 4

A recent KPMG survey reveals that more is expected of internal audit in the sphere of fraud

56% IA has the primary responsibility for

fraud risk assessment and monitoring

IA either does not focus on fraud risk

41% or conduct investigations concerning

frauds – only if required by
management
KEY CHALLENGES:

• Shortage of specialist skill

• Low level of skills, confidence in
Data mining tools are effective in
60% preventing or detecting frauds in
organizations
use of technological aids
• IA’s position / stature

27
What should regulators be doing?

28
 5
More clarity needed on roles, responsibilities and liabilities

Regulators could consider strengthening regulations by providing more clarity on fiduciary responsibilities of the
board and auditors, and introducing penalty clauses for breach of duties. More importantly, regulators should
strengthen their enforcement framework.

1 Increased clarity around duties, responsibilities and liabilities of directors

2 Transparent and unambiguous penalties and prosecution for breach of duties

Strengthening the enforcement framework/ simplifying the judicial process (e.g. rules
3 and criteria to fund investor associations in class action suits)

Feedback mechanism between directors and regulators (e.g. recent spate of resignations
4 in directors and how the regulator responded)

29
Key global regulatory best practices 6

Clear mandate, resources and tools are fundamental to ensure effective regulatory oversight

The review of “Operating and Financial Review” by the

1
Financial Reporting Review Panel in the UK

Audit Inspection Unit, which undertakes inspection of

2
individual audit firms and makes its reports publicly available

3 SEC in the US prosecutes over 50 cases every quarter of insider

trading with sizeable penalties

Financial Fraud Enforcement Task Force – a recently set-up

4 interagency task force in the US– to combat financial fraud at a
national level.

30
Questions

31
Thank you!