Working of

Audit Committee
Faculty
Anupam Kulshreshtha
M.Sc., LL.B., MBA, CISA, CISM, CRISC
Retired as Dy. Comptroller and Auditor General of India in March, 2012
Director, NIFM: 2012-13, earlier LBSNAA, NAAA, iCISA
President, Institute of Public Auditors of India (April 2015 – March 2018)
International Experience. Consultant: Auditor General, Nepal 2013 - 2014
Visiting Faculty at FMS, University of Delhi and NIFM, Faridabad

On the Board of Directors – GAIL India

WB/ADB Consultant
anupam8@gmail.com
How the session is planned

• Corporate Governance Initiatives in India

• Regulatory framework for Corporate Governance in India
• Role of Audit Committees towards promoting Good Governance
• How effective are the Audit Committees – an evaluation
The issue of Governance

• Why regulations?
• Law and Policy
• Government and Governance
• Good Governance
• Corporate Governance
What is the expectation of the Government
from the Corporate world
• Sound Corporate Governance
• Improving Performance
• Unlocking wealth generation capabilities
• Protection of share holders/minorities
• Balancing of Social Interest/Finacial Stability/Sustainability
• Improved investor confindence and market sentiments
• Greater ability of Corporates to attract and retain talent
• Non-compliance to be 'very costly' for companies: Government
• Ministry of Corporate Affairs has already struck off more than 2.24
lakh companies that have not been doing business for long
• It has also disqualified over three lakh directors associated with such
entities
• Things are being simplified for legitimate businesses while checks are
being strengthened against illegal business activities.
• "It should be very easy to be compliant and very costly to be non-
compliant. We want this... There should be a strong deterrent against
illegal business.
Corporate Governance Initiatives in India
• Corporate governance in India gained prominence in the wake of
liberalization during the 1990s and was introduced by the industry
association Confederation of Indian Industry as a voluntary measure to be
adopted by Indian companies.
• SEBI - India's securities market regulator - formed in 1992
• It acquired a mandatory status in early 2000s through the introduction of
Clause 49 of the Listing Agreement, as all companies (of a certain size)
listed on stock exchanges were required to comply with these norms.

• 2009, the Ministry of Corporate Affairs released a set of voluntary

guidelines for corporate governance, which address a myriad corporate
governance issues.
Birla Committee
• After CII came up with the first voluntary code of corporate
governance in 1998, It was felt that under Indian conditions a
statutory rather than a voluntary code would be far more purposive
and meaningful, at least in respect of essential features of corporate
governance.
• Consequently, the nest major corporate governance initiative in the
country was undertaken by SEBI.
• In early 1999, it set up a committee under Kumar Mangalam Birla to
promote and raise the standards of good corporate governance.
Birla Committee
• The Birla Committee specifically placed emphasis on independent
directors in discussing board recommendations and made specific
recommendations regarding board representation and independence.
• The Committee recognized importance of audit committees and
made many specific recommendations regarding the function and
constitution of board audit committees.
• In early 2000, SEBI accepted and ratified the key recommendations of
Birla Committee, which were incorporated into Clause 49 of the
Listing Agreement of the Stock Exchanges
Naresh Chandra Committee
• The Naresh Chandra committee was appointed in 2002 by the
Department of Company Affairs (as it was known then) to examine
various corporate governance issues.
• The Committee made recommendations in terms of two key aspects
of corporate governance: financial and non-financial disclosures, and
independent auditing and board oversight of management.
• It also made a series of recommendations regarding, among other
matters, the grounds for disqualifying auditors from assignments, the
type of non-audit services that auditors should be prohibited from
performing, and the need for compulsory rotation of audit partners
Narayana Murthy Committee
• SEBI constituted this Committee to review Clause 49 in 2002, and to
suggest measures to improve corporate governance standards.
• Some of the major recommendations of the committee primarily related to
audit committees, audit reports, independent directors, related party
transactions, risk management, directorships and director compensation,
codes of conduct and financial disclosures.
• Murthy Committee examined a range of corporate governance issues
relating to corporate boards and audit committees, as well as disclosure to
shareholders and, in its report, focused heavily on the role and structure of
corporate boards, while strengthening the definition of director
independence in the then-existing Clause 49, particularly to address the
role of insiders on Indian boards.
Clause 49
• Came into effect from December 2005. It has been formulated for the
improvement of corporate governance in all listed companies.

• Clause 49, called ‘Corporate Governance’, contained eight sections

dealing with the Board of Directors, Audit Committee, Remuneration
of Directors, Board Procedure, Management, Shareholders, Report on
Corporate Governance, and Compliance, respectively.

• Firms that do not comply with Clause 49 could be de-listed and

charged with financial penalties.
Irani Committee
• Government constituted an Expert Committee on Company Law
under the Chairmanship of Dr. J.J. Irani in 2004 to offer advice on a
new Companies Bill.
• Based, among other things, on the recommendations of the Irani
Committee, the Government of India introduced the Companies Bill,
2008, which resulted in the Company Act 2013.
• Amended in 2015
• Rules framed under the Act
More
Kotak Committee on Corporate Governance
• constituted by SEBI in June 2017. It was given four months to submit its recommendations. In its
suggestions it has recommended major overhaul of Corporate Governance
Companies (Amendment) Bill, 2017
• Ratification of Auditor
• Process of private placement of securities has been simplified.
• Concept of Significant Beneficial Owner Introduced
• Penal Provisions Rationalized
• Loan to related parties categorized into prohibited, conditional and eligible.
• Loans to Director of company/ holding company or partner/relative/firm of such director is
expressly prohibited.
• Additional filing fees of Rs.100 per day may be levied.
• Participation through Video Conferencing
Enron and Satyam

• Enron hiding behind RPT (2001)

• Sarbans-Oxley Act (2002)

• The Control Fraud of Satyam (2008)

Sarbans-Oxley Act

• Sec. 204. Auditor reports to audit committees.

• Sec. 301. Public company audit committees.
• Sec. 404. Management assessment of internal controls
• Sec. 407. Disclosure of audit committee financial expert.
SOX - Mandatory measures for audit
committees
• Management notification of significant internal control deficiencies and any
instance of fraud involving management;
• Receipt of reports from auditors on critical accounting policies and practices;
• Direct responsibility for appointment, compensation, and oversight of external
auditors;
• Establishment of procedures for receiving and dealing with complaints regarding
the company's accounting and internal controls for auditing matters;
• Setting up of procedures for handling employee concerns-whistle blowing-on
accounting issues; and
• Inclusion of members that are financially literate. SEC requires that at least one
member observe the financial expert definition, while both NYSE and NASDAQ
require all members to be financially literate
Germany
• Two-tier board structure; also used in several other European countries.
• A supervisory board (Aufsichtsrat) comprising mainly external members, and
sometimes employees is the highest authority and oversees the management
board (Vorstand).
• Supervisory board is also involved in making strategic decisions, but the degree to
which it should be involved in these decisions, as they become more tactical, is
often debated.
• A challenge is the interaction between the two boards. Since management (and
the CEO) plays a role in nominating members of the supervisory board, there is a
need to ensure that the supervisory board has full access to all relevant
information from management. To address this, the German corporate
governance code (the Cromme Code) prescribes that a supervisory board shall
set up an audit committee, that the chairman of the supervisory board must not
be the chairman of the audit committee, and that the latter must not be a former
member of the management board.
Japan
• Both types of corporate governance models (single and two-tier board structures)
exist for listed companies.
• Historically, Japanese corporate law has used a two-tier board structure,
consisting of a board of directors and a board of corporate auditors (kansayaku).
• Distinguishing feature of the Japanese approach is that the two boards are of
equal hierarchy vis-à-vis the shareholders, to whom they report directly, though
in parallel.
• Amendments to the Japanese company law are directed toward strengthening
the definition of a non-executive director, effective 2005. Other reforms give
Japanese companies the option, as of 2003, to adopt a unitary board
configuration, provided they establish committees for nomination, audit, and
remuneration, each comprising three or more members, half of which must be
outside directors.
Regulatory framework for Corporate
Governance in India
• Company Act 2013
• Section 134 - mandates reporting to every Financial statement by Board of Directors
containing all the details of the matter including the statement containing director’s
responsibility.
• Section 177 requires constituting an Audit Committee.
• Section 184 mandates disclosure of interest of Directors. The director is required to
disclose any such interest at the first meeting of the board and if there is any change
in the interest then the first meeting held after such change.
• SEBI
• Clause 49
• LODR
• Insider Trading
• Cost Audit Rules
 177. Audit Committee
• BoD of every listed company and such other class or classes of companies, as may be
prescribed, to constitute AC
• Minimum 3 directors with IDs forming a majority - majority of members including the
Chairperson shall be persons with ability to read and understand, the financial statement.
• AC to act in accordance with the ToRs specified in writing by the Board which shall, inter
alia, include,—
• Recommendation for appointment, remuneration and terms of appointment of auditors of the
company;
• Review and monitor the auditor‘s independence and performance, and effectiveness of audit process;
• Examination of the financial statement and the auditors‘ report thereon;
• Approval or any subsequent modification of transactions of the company with related parties: (omnibus
approval for related party transactions subject to such conditions as may be prescribed;)
• Scrutiny of inter-corporate loans and investments;
• Valuation of undertakings or assets of the company, wherever it is necessary;
• Evaluation of internal financial controls and risk management systems;
• Monitoring the end use of funds raised through public offers and related matters.
 177. Audit Committee
• May call for the comments of the auditors about internal control systems, the scope of audit, including the
observations of the auditors and review of financial statement before their submission to the Board and
may also discuss any related issues with the internal and statutory auditors and the management of the
company.
• Authority to investigate into any matter in relation to the items specified in sub-section (4) or referred to it
by the Board and for this purpose shall have power to obtain professional advice from external sources and
have full access to information contained in the records of the company.
• The auditors of a company and the key managerial personnel shall have a right to be heard in the meetings
of the Audit Committee when it considers the auditor‘s report but shall not have the right to vote.
• Board‘s report (section 134(3)) to disclose the composition of an Audit Committee and where the Board had
not accepted any recommendation of the Audit Committee, the same shall be disclosed in such report
along with the reasons therefor.
• Every listed company or such class or classes of companies, as may be prescribed, to establish a vigil
mechanism for directors and employees to report genuine concerns in such manner as may be prescribed.
• The vigil mechanism to provide for adequate safeguards against victimisation of persons who use such
mechanism and make provision for direct access to the chairperson of the Audit Committee in appropriate
or exceptional cases: Provided that the details of establishment of such mechanism shall be disclosed by the
company on its website, if any, and in the Board‘s report.
SEBI LODR 18 - Audit Committee
• Every listed entity to constitute a qualified and independent AC, minimum 3 directors, 2/3
members IDs, all members to be financially literate and at least one member to have accounting
or related financial management expertise. (financially literate - ability to read and understand
basic financial statements)
• Chairperson to be an ID and to be present at AGM to answer shareholder queries.
• Company Secretary to act as the secretary to the audit committee.
• Discretion to invite the finance director, head of internal audit and a representative of the
statutory auditor and any other such executives to be present at the meetings of the committee:
occasionally AC may meet without the presence of any executives of the listed entity.
• To meet at least 4 times in a year and not more than 120 days shall elapse between two
meetings.
• Quorum two members or one third of the members, whichever is greater, with at least two IDs.
• Powers to investigate any activity within its terms of reference, seek information from any
employee, obtain outside legal or other professional advice and secure attendance of outsiders
with relevant expertise, if it considers necessary.
• Role of AC in Part C of Schedule II.
Role of Audit Committee - Ensuring Good
Governance
Plays key role in Corporate Governance by providing an independent and objective source
of assurance on matters relating to Accountability and Transparency.

• Financial reporting and the Annual Financial Statements

• Related Party Transactions
• Internal Controls
• Risk Management
• Internal and External audit
• Whistle-blowing and fraud prevention

Role of audit committees is essentially one of oversight, since management is ultimately

responsible for matters such as internal controls and the financial statements.
Powers of Audit Committee
The Audit Committee has the following powers:

• To investigate any activity within its terms of reference.

• To seek information from any employee.
• To obtain outside legal or other professional advice.
• To secure attendance of outsiders with relevant expertise, if it
considers necessary
Risk, Control and Governance – issues of
Accountability
• With increase in cases of Corporate frauds, role of Audit Committee
has developed significantly in recent years.

• There is a need to embed effective risk management at all levels of

the corporate management, which has increased the need for explicit
assurance about risk, control and governance in the organisation.

• Consequently, the reliance that accounting officers and boards place

on the work of audit committees has increased.
Risk Management
• COSO, ISO 31000, INTOSAI
• S.134 of the Company Act, Regulations 17 and 21 of SEBI LODR – A
risk management policy approved by the Board must be in place
• The Risk Management Process

• Establishing the Context

• Risk Assessment (identification, analysis & evaluation)
• Risk Treatment (mitigation plan)
• Monitoring, review and reporting
• Communication and consultation
Internal Controls towards Good Governance
• The Company’s internal control system ensures efficiency, reliability,
completeness of accounting records and timely preparation of
reliable financial and management information. In addition, it also
ensures compliances of all applicable laws and regulations, optimum
utilisation and protection of the Company’s assets
• Section 143: The auditor’s report should also state whether the company has
adequate IFC system in place and the operating effectiveness of such controls.
• Schedule IV: to satisfy on the integrity of financial information and ensure
that financial controls and systems of risk management are robust and
defensible.
• CONTROLS ACCOUNTABILITY AND DISCRETION
Discretion and Internal Controls
• Controls assist in the accountability process
• Discretion without control and transparency would defeat the
accountability process
• Discretion has an inverse relationship with controls
• More the controls, less the discretion
• More transparency, less is the extent of arbitrariness in discretion
Discretion and Accountability

D
I
S Q-2 Q-4
C
R
E
T
I Q-1 Q-3
O
N

Accountability
Internal Control – Statutory Provisions
• Section 134(5)(e) : Directors’ Responsibility Statement shall state, “the directors,
in case of a listed company, had laid down internal financial controls to be
followed by the Company and that such internal financial controls are adequate
and were operating effectively;
• Section 134(5)(f) : Directors’ Responsibility Statement shall state, “the directors
had devised proper systems to ensure compliance with the provisions of all
applicable laws and that such systems were adequate and operating effectively.”
• Explanation – For the purpose of this clause, the term “internal financial
controls” means the policies and procedures adopted by the company for
ensuring the orderly and efficient conduct of its business, including adherence to
company’s policies, the safeguarding of its assets, the prevention and detection
of frauds and errors, the accuracy and completeness of the accounting records,
and the timely preparation of reliable financial information;”
Internal Control on Financial reporting
(ICOFR) - Statutory Provisions

• ICoFR is a requirement of SEBI (LODR) Regulations, 2015.

• Companies Act, 2013 introduced Internal Financial Control (IFC) which

is broader in nature and includes ICoFR requirements.
Internal Financial Control Framework
• Internal Financial Control Framework (IFC) as per the Companies Act,
2013, inter-alia, covers objectives, requirements, control levels
(including Entity Level control & Process Level control, scope of work,
and control assessment dashboard etc.)

• IFC is an extension to the existing Internal Control Over Financial

Reporting (ICOFR) in terms of SEBI (Listing Obligations and Disclosure
Requirements) Regulations, 2015 with some additional features
Cost Audit
• MCA notified Companies (Cost Records and Audit) Rules, 2014 superseding the
earlier Companies Cost Records and Audit Rules, 2011. This was further amended
on 31st December 2014 and again on 15th July 2016. As per the Amendment
Rules notified by the MCA on 31st December 2014, all products and services of
the Company except E&P and Trading business are covered under the said
provisions
• Every company has to prepare Abridged Cost Statement considering the product /
group of products covered under Central Excise Tariff Act (CETA) heading. Services
for which CETA code is not applicable, the Abridged Cost Statement shall be
prepared for each service.
• As per Companies Act, 2013, the Cost Audit Report along with Annexures is
required to be approved by the BoD 180 days of the close of the financial year.
Further, the Cost Audit Report is to be filed with MCA within 30 days of the
approval by the Board of Directors.
• Cost Audit and Variance Analysis
Audit Committee and Vigil Mechanism
• S. 177 of the Act, rule 7 of the Companies (Meetings of Board and its
Powers) Rules,2014 and Regulation 22 of LODR provide that every listed
company shall establish a Vigil mechanism or their Directors and
employees to report their genuine concerns and grievances.
• Audit Committees are required to oversee the Vigil Mechanism.
• Vigil Mechanism to provide for safeguards against victimisation of persons
who use this mechanism and make provision for direct access to the
Chairperson of the Audit Committee in appropriate or exceptional cases.
• Mechanism for direct access to the Chairperson of AC
• Details of all such mechanism to be disclosed on the website and also in
the Board’s report
Board and the Audit Committee - Disclosure
in Board’s Report

• The Board’s Report is required to disclose the Composition of the

Audit Committee.

• Where the Board had not accepted any recommendation of the Audit
Committee, the same is also required to be disclosed in the Board’s
Report along with the reasons thereof.
A Good practice model (NAO)
Role of the audit committee
• The committee should be independent and objective. Committee members
should understand the objectives and priorities of the organisation and
their roles on the committee.
Membership, independence, objectivity and understanding
• The committee should possess, or have at its disposal, an appropriate mix
of skills to perform its functions well.
• Skills and experience
• The scope of the committee should be suitably defined and should
encompass all of the assurance needs of the board. The committee should
have particular engagement with the work of internal and external audit
and with financial reporting issues.
Good practice model (NAO) Contd.

Scope of work
• The committee should communicate effectively with the board, internal and
external auditors and other key stakeholders.
Communication
• The chair should ensure that the committee works effectively, is appropriately
resourced and maintains effective communication with stakeholders.
Role of the chair
• The chair should ensure that the committee works effectively, is appropriately
resourced and maintains effective communication with stakeholders.
Secretariat
• There should be a secretariat, supporting the work of the committee and helping
committee members to be effective in their roles.
DPE Guidelines for Audit Committee
Role of CAG - PSUs
• Certifying the Accounts

• Performance Audit

• Comments on Corporate Governance

• Audit Checklist
CAG and Audit Committee
• Section 177(1) and (2) of the Company Act, 2013, Clause 49 (III) (A) of
listing agreement and Regulation 18 of LODR, 2015 stipulates that
there shall be an Audit Committee with a minimum of three directors
as members of which two-thirds shall be Independent Directors.
However, no Audit Committee was constituted in respect of FIVE
CPSEs.
• Two-thirds of the members of the Audit Committee were not
Independent Directors in respect of 14 CPSEs.
CAG and Audit Committee
Chairman of the Audit Committee
• Clause 49 (III) (A) (3) stipulates that the Chairman of the Audit
Committee shall be an Independent Director. However, it was
observed that Chairman of the Audit committee in respect Fertilizers
and Chemicals Travancore Limited was not an independent director
despite having Independent Director on the Board.
• Clause 49 (III)(A)(4) stipulates that the Chairman of the Audit
Committee shall be present at AGM to answer shareholder queries.
However, the Chairman of the Audit Committee of 11 CPSEs was not
present in the AGM held during 2015-16.
CAG and Audit Committee
Meetings of Audit Committee
• Clause 49 (III) (B) of the listing agreement and Regulation 18 (2) (a) and (b)
of SEBI LODR, 2015 stipulates that the Audit Committee should meet at
least four times in a year and not more than 120 days shall elapse between
two meetings. The quorum shall be either two members or one-third of
members of the Audit Committee whichever is greater, but a minimum of
two Independent Directors must be present.
• Only one meeting was held in Hindustan Cables Limited and Hindustan
Organic Chemicals Limited and 3 meetings were held in ITI Limited.
• Instances of insufficient quorum were observed in 8 PSUs.
• There was gap of more than 120 days between two audit committee meetings
in 4 PSUs
CAG and Audit Committee
• Clause 49 (III) (A) (5) of the Listing Agreement and Regulation 18 (1)
(f) of SEBI (Listing Obligations and Disclosure Requirements)
Regulations, 2015 stipulate that the Audit Committee may invite such
of the executives, as it considers appropriate (and particularly the
head of the finance function) to be present at the meetings of the
Committee. The Audit Committee may also meet without the
presence of any executives of the company. The Finance Director,
Head of Internal Audit and a representative of the Statutory Auditor
may be present as invitees for the meetings of the Audit Committee.
• This was violated in respect of 4 PSUs
CAG and Audit Committee
Secretary to the Audit Committee

• Regulation 18 (1) (e) of SEBI (Listing Obligations and Disclosure

Requirements) Regulations, 2015 stipulate that Company Secretary
shall act as Secretary to the Audit Committee.

• In respect of Bharat Immunologicals and Biologicals Limited, the

Company Secretary did not act as Secretary to Audit Committee.
CAG and Audit Committee
Evaluation of Internal Control Systems

• Clause 49 (III) (D) (11) and Part C (A) (11) of schedule II to SEBI (Listing
Obligations and Disclosure Requirements) Regulations, 2015 stipulate
that the Audit Committee should evaluate internal financial control
systems and risk management systems.

• In respect of 3 CPSEs, the Audit Committee did not evaluate the

Internal Control systems
CAG and Audit Committee
Review of performance of Statutory and Internal Auditors

• Further, Clause 49 (III) (D) (12) of the Listing Agreement and Part C (A)
(12) of schedule II to SEBI (Listing Obligations and Disclosure
Requirements) Regulations, 2015 stipulate that the Audit Committee
should review with the management, the performance of Statutory
Auditors and Internal Auditors.

• In respect of 6 CPSEs, such performance evaluation was not done

CAG and Audit Committee
Adequacy of Internal Audit Function
• Clause 49 (III) (D) (13) of the Listing Agreement and Part C (A) (13) of
schedule II to SEBI (Listing Obligations and Disclosure Requirements)
Regulations, 2015 stipulate that the Audit Committee should review
the adequacy of internal audit function, if any, including the structure
of the internal audit department, staffing and seniority of the official
heading the department, reporting structure, coverage and frequency
of internal audit.
• In respect of four CPSEs, the Audit Committee did not review the
internal audit functions.
CAG and Audit Committee
• As per clause 49 (III) (D) (14) of the Listing Agreement and Part C (14)
of Schedule II to SEBI (Listing Obligations and Disclosure
Requirements) Regulations, 2015, it is also the responsibility of the
Audit Committee to hold discussion with internal auditors of any
significant findings and follow up there on. It was observed that in
respect of Hindustan Organic Chemicals Limited, the audit committee
did not conduct any discussion with internal auditors
CAG and Audit Committee
Review of Supplementary Audit findings of CAG
• All the CPSEs are subject to the audit of CAG of India as per the
statutory mandate.
• Section 143(6) of the Companies Act, 2013, authorizes CAG to carry
out supplementary audit of accounts of Government Companies.
Further, section 177(4)(iii) of the Companies Act, 2013 provides that
Audit Committee shall examine the Financial Statements and
Auditors’ Report thereon. Thus, in case of CPSEs, it is the
responsibility of the Audit Committee to review the findings of the
CAG.
• Not done in 2 CPSEs
CAG and Audit Committee
Discussion with Statutory Auditors

• Clause 49 (III) (D) (16) of Listing Agreement and Part C (A) (16) of SEBI
(Listing Obligations and Disclosure Requirements) Regulations, 2015
provide that the Audit Committee should hold discussion with
statutory auditors before the audit commences about the nature and
scope of audit as well as hold post-audit discussion to ascertain any
area of concern.
• In respect of 8 CPSEs, the Audit Committees did not hold such
discussions.
GAO and AC
• GAO studied audit committees of the largest U.S. banks, focusing on the extent to which
the committees had the necessary independence, expertise, and information on bank
operations to perform their corporate governance functions. GAO surveyed 40
chairpersons
• 25 reported that their committees included members who were large customers of the
bank; in 3 cases, committees were comprised solely of large customers of the bank;
• 19 reported that their committee members had little or no expertise in banking, even
though their committees were responsible for approving the bank's response to findings
from regulatory examinations;
• 13 reported that their committee members had no expertise in law and never met
independently with the bank's legal counsel, even though they were responsible for
assessing management compliance with banking laws and regulations; and
• Many indicated that independent evaluations of internal controls and compliance with
laws and regulations by external auditors, beyond those which are currently provided,
would be of great use to bank audit committees in overseeing bank operations.