SlideShare a Scribd company logo

Spire Brief - Risk Consulting

Download as PPTX, PDF
P
Prashant Jain
1 of 24
Spire Advisors Pvt Ltd Risk Management Profile 1 SpireSeptember 2015 Management Ensures Auditors Assure
Contents Sr. No. Particulars Page No. 1. Preface 3 2. Risk Management Solutions 5 3. Risk Based Internal Audit 6-9 4. Compliance Audit 10-12 5. Internal Financial Controls (IFC) 13-17 6. Information Technology Audit 18-20 7. Standard Operating Procedures 21 8. Other Allied Services 22 2 Spire
Preface Risk is part of life. Avoiding all risk would result in no achievement, no progress and no reward. All organizations, individuals and communities have predefined objectives at strategic, tactical and operational levels. Anything that makes achieving these objectives uncertain is a risk. However, as our world becomes increasingly volatile and unpredictable, we must cope with greater uncertainty. Risk Management is the systematic process of understanding, evaluating and addressing these risks to maximize the chances of objectives being achieved. An effective risk management process requires an informed understanding of relevant risks, an assessment of their relative priority and a rigorous approach to monitoring and controlling them. 3 Spire
About Us Spire Advisors Private Limited (Spire), established in 1994, has been successfully carrying out its professional activities to facilitate timely and prompt Risk Management services. The core execution team consist of professionals certified from renowned professional bodies across the globe that cater to the needs of its clients in the following core areas of Risk Management defined in the new Companies Act 2013:  Internal Audit [Sec 138]  Risk Management Policy [Sec 134(3)]  Internal Financial Controls [Sec 134(5)] 4 Spire
Risk Management Solutions 5 Spire Risk Based Internal Audit (Proactive Model) Compliance Audit Internal Financial Controls (IFC) IT General & Application Controls Standard Operating Procedures
Risk Based Internal Audit (Proactive Model) 6 Spire Traditional (Reactive) Model New Age (Proactive) Model Audit in silos Risk based (Integrated) audit Auditing around the system Auditing within the system Bottom–up approach Top-down approach Act as an internal control Controls embedded within the process & fixing process owner accountability for continuous monitoring Focus on limited principals such as compliance and assurance. Concurrent focus on multiple principals such as risk assessment, compliance, cost reduction, etc Traditional Internal Audit model has been reviewing / testing past events or transactions that identifies past issues and problems but it fails to inform stakeholders on exposure to emerging risk and potentially fraudulent activities in advance. Hence, there is a need for new, more proactive, IA model that respond to the existing stakeholders concerns about greater assurance, maximized business performance processes and broader risk management efforts….. while providing for traditional compliance audits as well.
New Age Internal Audit Charter In wake of recent changes in regulatory framework, role of internal audit has become very important in helping Board, Audit Committee and Management to fulfill their oversight responsibility and legal duties. 7 Spire Reporting on Internal Financial Controls Robust Enterprise Risk Management Process Enhanced Fraud Risk Assessment Comprehensive Regulatory Compliance Framework New Age Internal Audit Charter Internal Audit function is expected to add value by highlighting leading industry best practices, acting as independent advisor to all stakeholders & actively participate in enterprise risk management.
Internal Audit Process Flow 8 Spire Step 1: Planning Step 2: Walkthrough Step 3: Control Testing Step 4: Reporting  Defining scope  Assessment of materiality  Mapping SPOC  Defining the time plan  Discussion with process owners  Identification of inherent risk  Control Mapping  Assessment of design level deficiencies  Defining control test assertions  Sample selection  Substantive control testing  Assessment of operating efficiencies  Interim discussions with process owners  Revalidation of control test results  Draft summary of IFC deficiencies  Exit meeting & remediation plan  Assessment of deficiencies for materiality levels  Risk Classification  Issue Management report  Compliance Tracking
Internal Audit Documentation 9 Spire Sr. No. Standard Document Control Document Description 1. Process Narrative Detailed narration of the process being tested. It provides details of all control activities embedded within the process. 2. Process Flow Activity wise graphical representation of controls and activities forming the process. 3. Risk Control Matrix (RCM) Serves as the audit plan. Contains the pertinent information about the risk identified with the control activity and the corresponding controls to mitigate these risk. 4. Sampling Grid A matrix listing the frequency of the control being performed and the ideal sample size for testing. 5. Testing Template Detailed description of the testing being performed including the test conclusions. 6. Management Report A summary of the findings, recommendations and action plan based on control assertions tested. 7. Compliance Tracker Periodic update on latest remediation status for deficiencies reported and tracked against the stakeholders.
Need for Compliance Audit Companies Act 2013, has taken some major steps to enforce & hold corporates in India accountable with compliance to “ALL APPLICABLE LAWS”. Directors are responsible for:  Devising adequate systems to help ensure compliance with these provisions  Comment on adequacy & operating effectiveness of such systems & processes 10 Spire In order to discharge its responsibilities effectively, Board needs to demonstrate that all applicable laws are being complied with and non-compliances, if any, have been properly dealt with. Hence, a comprehensive compliance framework is now mandatory to ensure that all applicable laws are identified, mapped to respective process owners across functions and locations. Regular Compliance Audit, including periodic reporting to the Board, is an effective tool that can help every organization:  Assess its compliance management framework  Evaluate existing controls and processes for compliance management  Review its adherence to applicable regulatory guidelines  Continuously monitor and report on adherence to applicable provisions.
Key Compliance Risk 11 Spire Component Key Risk Governance & Risk Assessment  Formal policies and adequate risk mitigation plans are often lacking  Compliance risks not considered in the overall risk assessment  Boards are unaware of compliance risks taken on by Management Business Planning & Strategy  Business decisions made without considering regulatory implications  Inefficiencies due to delay in incorporation of regulatory changes  Operations commenced without necessary licenses result in closure Process Automation  Compliance requirements & reporting process not automated  Manual processes & controls over monitoring resulting in higher risk  Lack of adequate maker-check /escalations within the system Compliance Monitoring & Regular Reporting  Exposure levels to regulatory risks are not monitored  Absence of clear reporting mechanism to highlight non-compliance  Follow up procedures not in place to verify corrective actions taken Employee Management  Employees put business gain ahead of compliance related issues  Absence of rewards for positive performance on compliance goals  Employees not trained to carry out compliance responsibilities
Effective Compliance Framework 12 Spire Process for monitoring legislative changes at both global & national levels to ensure integration of compliance strategies with geographical growth strategies. Development of awareness on various compliance programs to which it is subject to & get an integrated view to assess the compliance levels across the entity. Accountability within the organization for fostering a culture of compliance in their performance goals. Comprehensive system for identification, monitoring & reporting on emerging compliance risk. Periodic reporting system to identify level of non- compliance & steps taken to address & avoid recurrence. Following activities that considerably reduce the compliance risk must be considered in evaluation of an effective Compliance Framework
Internal Financial Control (IFC) 13 Spire What is Internal Financial Controls ??? According to the Companies Act 2013, the term IFC has been defined as: → The policies and procedures adopted by the company → To ensure orderly and efficient conduct of its business, → Including adherence to company’s policies, → Safeguarding of its assets, → Prevention and detection of frauds and errors, → Accuracy and completeness of accounting records and → Timely preparation of reliable financial information. However, the expanded coverage and focus goes way beyond the above definition & includes all “key elements” of a Controls Framework, such as: → Tone at the top & culture within the Organization, → A demonstrable documented framework for internal financial controls, → Documentation of controls to mitigate risk of significant misstatements, → Continuous controls monitoring & Management reporting process, → Requisite accountability for financial reporting structure.
IFC Global Scenario Indian regulations have traditionally been modified to reflect developments in Western world. Introduction of IFC in the new Companies Act 2013, further reflects continuation of this trend. 14 Spire In June 2003, Securities & Exchange Commission (SEC) adopted the Rules for implementation of Sarbanes Oxley Act (SOX) that required certification of Internal Controls over Financial Reporting (ICFR) by Management and Auditors. In June 2006, National Legislature of Japan (DIET), passed the Financial Instruments & Exchange Act (J-SOX). Requirements of this legislation are similar to the requirements of ICFR under SOX. UK Corporate Governance Code specifies the Corporate Governance requirements for the Board, that inter alia, includes matters relating to oversight & review of internal controls in the Company. For Better Corporate Governance & Improved Controls over Financial Reporting
15 Spire Schedule IV: Deals with the Code for Independent Directors which emphasizes the requirement for independent directors to satisfy themselves on the strength of financial controls and the systems of risk management & ensure that the same are robust and defensible. Section 143(3)(i): In the Auditors Report, the Statutory Auditor of all companies have to report on adequate IFC systems and their operating effectiveness. Section 134(5)(e): In the Directors Report, the Board of Directors of listed companies have to assume responsibility of laying down IFC and ensuring that such IFC are not only adequate but are also operating effectively. Section 177: Audit committee should act in accordance with the terms of reference specified in writing by the Board, which should, inter alia, include evaluation of IFC and risk management systems in the Company. The New Companies Act 2013 IFC Scenario in India Sub-clause III (D): Role of the audit committee includes evaluation of internal financial controls and risk management systems. Sub-clause IX(C): CEO & CFO, to certify to the Board that they accept responsibility for establishing & maintaining internal controls for financial reporting & that they have evaluated the effectiveness of internal control systems of the Company pertaining to financial reporting. SEBI’s revision of the Clause 49 of the Listing Agreement
16 Spire IFC Applicability: Type of Companies Companies Act 2013 (Section) Responsibility Listed Company Unlisted Public Company Private Limited Company 134(5)(e) Director’s Report Yes Yes1 Yes3 177 & Sch (IV) Audit Committee Yes Yes2 No 143(3)(i) Auditors Report Yes Yes Yes Notes: 1. While Sec 134(5)(e) specifies “Listed companies”, Rule 8(5)(viii) of Companies (Accounts) Rules, 2014 read with Rule 8(4) talks about listed as well as unlisted public companies having a paid up share capital exceeding Rs. 25 crs at the end of preceding year. 2. Rule 6 & 7 of Companies (Meetings of Board and its Powers) Rules, 2014 the Board of every public company with paid up capital exceeding Rs. 10 crs or turnover exceeding Rs. 100 crs or having an aggregate outstanding loans / borrowings / debentures deposits exceeding Rs. 50 crs must constitute an Audit Committee. 3. Chapter IX – The Companies (Accounts) Rules 2014 dated 31st March 2014 additionally require the Board Report for unlisted companies, to contain the details in respect of adequacy of IFC with reference to Financial Statements only.
IFC Review: 10 Point Strategy 17 Spire Step Description 1 Identify significant account balances for all key processes to be covered 2 Identify risk of material misstatement within these account balances 3 Identify entity level controls (ELCs) defined to mitigate such risks 4 Identify IT general controls (ITGC) designed within the financial applications 5 Identify account level controls (ALCs) at account balance / transaction levels 6 Meet the process owners to understand identified process, risks & controls 7 Determine nature, timing and extent of control testing & required evidences 8 Perform process walkthroughs with key process owners to corroborate above understanding. Confirm that the control descriptions are aligned to the objectives & activities. Ensure that controls are mapped to COSO 2013 principles, designed effectively & placed in operations. 9 Perform testing of controls to confirm operating effectiveness. Report on the test of design & operating effectiveness. 10 Discuss the exceptions noted & mitigation plan with the Management. Rollout the final version after obtaining management comments.
Significant of IT Controls  Organizations today operate in a Dynamic Global Multi-enterprise environment. IT infrastructure & commerce are integrated in almost every business processes within the entity.  Increased connectivity & availability of systems & open environments have proven to be the lifelines of most business entities.  Most important decisions in an organizations are heavily dependent on information processed by IT applications, including the regular & timely flow of such information.  Management wants to meet or exceed their business objectives & attain maximum profitability through an extremely high degree of information availability, faster response time, extreme reliability and a very high level of security.  Design of such systems is complex & management is also very difficult. The increased use of technology therefore necessitates an the need for robust IT controls & greater awareness of IT risk at all levels. 18 Spire
IT General Controls (ITGC) 19 Spire  ITGC apply to all systems components, processes and data within an organizations IT environment.  The objective is to ensure proper development & implementation of applications as well as integrity of programs, data files & computer operations.  It involves review of complex technologies & communications protocols that includes the internet, intranet, electronic data interchange, client servers, local area networks, wide area networks, telecommunications & wireless technology. Logical access controls over IT infrastructure, applications & data System & data backup & recovery controls Program change Management controls Review of IT system network architecture Data center physical security controls System development life cycle controls Incident Reporting & Monitoring system IT Policies & Procedures Common ITGC’s
IT Application Controls 20 Spire  IT application controls are automated processing activities performed by the IT applications.  Application controls are designed to ensure complete and accurate processing of data, from input through output.  These controls vary based on the business purpose of the specific applications and also help in safeguarding privacy and security of data transmitted between applications. All Transactions” are: Completely processed Errors identified & rectified Accurately processed Processed only once Processing Controls Completeness of data Accuracy of data Data distribution Available to users Audit trail of data Output Controls Classification of IT Application Controls “All Transactions” are:  Accepted by system  Completely recorded  Accurately recorded  Entered only once Input Controls
Standard Operating Procedures Written policies & procedures provide insights into the entities philosophies, values and ethical standards. Hence, it is important to define & work according to unambiguous Standard Operating Procedures (SOPs). 21 Spire Clear instructions on the flow of actions performed from beginning to end of the process chain. Prevent duplication of efforts & weed out process redundancies that do not add any value Develop a culture of “Control Consciousness” among all process owners within the entity Provide with sufficient training material to ensure each process is person independent. Advantages of clearly defined SOPs The purpose of a SOP is to carry out the operations correctly and always in the same manner. If deviations from this instruction are allowed, the conditions for these should be documented including who can give permission for this and what exactly the complete procedure will be.
Other Allied Services 22 Spire Business Process Redesign Operational Cost Reduction Studies Management Audits Concurrent Audits Branch Audits
Risk Consulting Team  The lead client service Head for Risk Consulting practice, Mr. Prashant P. Jain, has obtained his Certified Internal Auditor (CIA) designation from Institute of Internal Auditor’s (IIA), Florida (USA).  An Associate Member of the Association of Certified Fraud Examiners (ACFE), Texas (USA), he has an overall risk management experience of more than 15 years includes wide spread exposure to BFSI, Media, Engineering, Construction & Manufacturing segment.  Prior to his association with the firm, he has worked in various capacities with top Indian NBFC’s, Global MNC’s and Big4 consulting firms.  He is supported by a team of experienced professionals, that are also academically certified by top professional institutions and includes Chartered Accountants, Company Secretaries and MBA’s. 23 Spire
24 Spire Thank You Mr. Prashant Jain (Director – Risk Consulting) Direct: +91 22 4315 3075 Mobile: +91 98331 76543 prashantjain@spireindia.com www.spireindia.com 5, Ground Floor, Onlooker Building, 14, Sir P.M. Road, Fort, Mumbai – 400001. Board: +91 (22) 4315 3000 Fax: +91 (22) 4315 3015

Recommended

DMCV
DMCVDMCV
DMCV
Donna Middlemiss
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
Internal auditing
Internal auditingInternal auditing
Internal auditing
Shach Faisal
 
Internal audit department
Internal audit departmentInternal audit department
Internal audit department
Popun
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
Sadafhazel
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 

Recommended

DMCV
DMCVDMCV
DMCV
Donna Middlemiss
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
Vernon Benjamin
 
Internal auditing
Internal auditingInternal auditing
Internal auditing
Shach Faisal
 
Internal audit department
Internal audit departmentInternal audit department
Internal audit department
Popun
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
Sadafhazel
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit
complianceonline123
 
Internal audit
Internal auditInternal audit
Internal audit
Rahul Mithia
 
Basics of internal audit
Basics of internal auditBasics of internal audit
Basics of internal audit
complianceonline123
 
internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation
ArgentinaMorata
 
IAD Introduction - 1-2010
IAD Introduction - 1-2010IAD Introduction - 1-2010
IAD Introduction - 1-2010
Vernon Benjamin
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Ibrahim Jimalle
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
Vernon Benjamin
 
Auditing and Audit Process in Organization
Auditing and Audit Process in OrganizationAuditing and Audit Process in Organization
Auditing and Audit Process in Organization
Anas Mohammed MCILRM
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
ahmad bassiouny
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Jami Martin
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
Muhamad Sugian Nor
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
grifff
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
Desmond Devendran
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...
asvary asvary
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
Khalid Aziz
 
Archimedes Trajano
Archimedes TrajanoArchimedes Trajano
Archimedes Trajano
Archimedes Trajano
 
santosh_resume
santosh_resumesantosh_resume
santosh_resume
Santosh Murarkar
 

More Related Content

What's hot

IAD Introduction - 1-2010
IAD Introduction - 1-2010IAD Introduction - 1-2010
IAD Introduction - 1-2010
Vernon Benjamin
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
Auditing and Audit Process in Organization
Auditing and Audit Process in OrganizationAuditing and Audit Process in Organization
Auditing and Audit Process in Organization
Anas Mohammed MCILRM
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
Muhamad Sugian Nor
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 

What's hot (20)

Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit Audit Process: How to Successfully Plan Audit
Audit Process: How to Successfully Plan Audit
 
Internal audit
Internal auditInternal audit
Internal audit
 
Basics of internal audit
Basics of internal auditBasics of internal audit
Basics of internal audit
 
internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation internal audit function ans controller's role in investors relation
internal audit function ans controller's role in investors relation
 
IAD Introduction - 1-2010
IAD Introduction - 1-2010IAD Introduction - 1-2010
IAD Introduction - 1-2010
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Process Level Auditing Presentation
Process Level Auditing PresentationProcess Level Auditing Presentation
Process Level Auditing Presentation
 
Auditing and Audit Process in Organization
Auditing and Audit Process in OrganizationAuditing and Audit Process in Organization
Auditing and Audit Process in Organization
 
Operational Auditing
Operational AuditingOperational Auditing
Operational Auditing
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Internal_Audit_Competency_Framework
Internal_Audit_Competency_FrameworkInternal_Audit_Competency_Framework
Internal_Audit_Competency_Framework
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...Resume : "Internal audit quality : developing a quality assurance and improve...
Resume : "Internal audit quality : developing a quality assurance and improve...
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 

Viewers also liked

AjayMehta-Resume08012016
AjayMehta-Resume08012016AjayMehta-Resume08012016
AjayMehta-Resume08012016
Ajay Mehta
 
BharathiGurusamyResume21082016
BharathiGurusamyResume21082016BharathiGurusamyResume21082016
BharathiGurusamyResume21082016
Bharathi Gurusamy
 
VikramSaini Resume
VikramSaini ResumeVikramSaini Resume
VikramSaini Resume
VIKRAM SAINI
 
Catalin Gheorghiu Resume November 2016
Catalin Gheorghiu Resume November 2016Catalin Gheorghiu Resume November 2016
Catalin Gheorghiu Resume November 2016
Catalin Gheorghiu
 
C.V Prof. Ashraf.surger -1-
C.V Prof. Ashraf.surger -1-C.V Prof. Ashraf.surger -1-
C.V Prof. Ashraf.surger -1-
Ashraf Hamada
 
DANNY POIRIER RESUME 2014 -1 copy 3
DANNY POIRIER RESUME 2014 -1 copy 3DANNY POIRIER RESUME 2014 -1 copy 3
DANNY POIRIER RESUME 2014 -1 copy 3
Danny Poirier
 
HubSpotting Around the World
HubSpotting Around the WorldHubSpotting Around the World
HubSpotting Around the World
HubSpot
 

Viewers also liked (17)

Archimedes Trajano
Archimedes TrajanoArchimedes Trajano
Archimedes Trajano
 
santosh_resume
santosh_resumesantosh_resume
santosh_resume
 
AjayMehta-Resume08012016
AjayMehta-Resume08012016AjayMehta-Resume08012016
AjayMehta-Resume08012016
 
Ruzzle
RuzzleRuzzle
Ruzzle
 
BharathiGurusamyResume21082016
BharathiGurusamyResume21082016BharathiGurusamyResume21082016
BharathiGurusamyResume21082016
 
Spark
SparkSpark
Spark
 
VikramSaini Resume
VikramSaini ResumeVikramSaini Resume
VikramSaini Resume
 
Karnan resume
Karnan resumeKarnan resume
Karnan resume
 
Catalin Gheorghiu Resume November 2016
Catalin Gheorghiu Resume November 2016Catalin Gheorghiu Resume November 2016
Catalin Gheorghiu Resume November 2016
 
C.V Prof. Ashraf.surger -1-
C.V Prof. Ashraf.surger -1-C.V Prof. Ashraf.surger -1-
C.V Prof. Ashraf.surger -1-
 
Vikas Kumar
Vikas KumarVikas Kumar
Vikas Kumar
 
Vasanth Subramanian Resume
Vasanth Subramanian ResumeVasanth Subramanian Resume
Vasanth Subramanian Resume
 
Resume
ResumeResume
Resume
 
Curriculum Vitae
Curriculum VitaeCurriculum Vitae
Curriculum Vitae
 
An IBM Storage Solution for Small and Mid-size Businesses -- The IBM Storwize...
An IBM Storage Solution for Small and Mid-size Businesses -- The IBM Storwize...An IBM Storage Solution for Small and Mid-size Businesses -- The IBM Storwize...
An IBM Storage Solution for Small and Mid-size Businesses -- The IBM Storwize...
 
DANNY POIRIER RESUME 2014 -1 copy 3
DANNY POIRIER RESUME 2014 -1 copy 3DANNY POIRIER RESUME 2014 -1 copy 3
DANNY POIRIER RESUME 2014 -1 copy 3
 
HubSpotting Around the World
HubSpotting Around the WorldHubSpotting Around the World
HubSpotting Around the World
 

Similar to Spire Brief - Risk Consulting

Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxChapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
mccormicknadine86
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
Eneni Oduwole
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls training
shifataraislam
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Stephen G. Lynch
 
Audit methodology 2013
Audit methodology 2013Audit methodology 2013
Audit methodology 2013
Nidhi Gupta
 
Audit methodology 2013
Audit methodology 2013Audit methodology 2013
Audit methodology 2013
Nidhi Gupta
 
Internal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC StrategyInternal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC Strategy
David Fernandes
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
Stephen G. Lynch
 

Similar to Spire Brief - Risk Consulting (20)

Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governanance
 
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxChapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls training
 
WIRC-IFC.pdf
WIRC-IFC.pdfWIRC-IFC.pdf
WIRC-IFC.pdf
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...
 
Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...Effective Internal Controls over Financial Reporting with Business Process Ou...
Effective Internal Controls over Financial Reporting with Business Process Ou...
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditing
 
Audit methodology 2013
Audit methodology 2013Audit methodology 2013
Audit methodology 2013
 
Audit methodology 2013
Audit methodology 2013Audit methodology 2013
Audit methodology 2013
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
Internal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC StrategyInternal Audit’s Evolving Role in Corporate GRC Strategy
Internal Audit’s Evolving Role in Corporate GRC Strategy
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case Study
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.ppt
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
 

Spire Brief - Risk Consulting

  • 1. Spire Advisors Pvt Ltd Risk Management Profile 1 SpireSeptember 2015 Management Ensures Auditors Assure
  • 2. Contents Sr. No. Particulars Page No. 1. Preface 3 2. Risk Management Solutions 5 3. Risk Based Internal Audit 6-9 4. Compliance Audit 10-12 5. Internal Financial Controls (IFC) 13-17 6. Information Technology Audit 18-20 7. Standard Operating Procedures 21 8. Other Allied Services 22 2 Spire
  • 3. Preface Risk is part of life. Avoiding all risk would result in no achievement, no progress and no reward. All organizations, individuals and communities have predefined objectives at strategic, tactical and operational levels. Anything that makes achieving these objectives uncertain is a risk. However, as our world becomes increasingly volatile and unpredictable, we must cope with greater uncertainty. Risk Management is the systematic process of understanding, evaluating and addressing these risks to maximize the chances of objectives being achieved. An effective risk management process requires an informed understanding of relevant risks, an assessment of their relative priority and a rigorous approach to monitoring and controlling them. 3 Spire
  • 4. About Us Spire Advisors Private Limited (Spire), established in 1994, has been successfully carrying out its professional activities to facilitate timely and prompt Risk Management services. The core execution team consist of professionals certified from renowned professional bodies across the globe that cater to the needs of its clients in the following core areas of Risk Management defined in the new Companies Act 2013:  Internal Audit [Sec 138]  Risk Management Policy [Sec 134(3)]  Internal Financial Controls [Sec 134(5)] 4 Spire
  • 5. Risk Management Solutions 5 Spire Risk Based Internal Audit (Proactive Model) Compliance Audit Internal Financial Controls (IFC) IT General & Application Controls Standard Operating Procedures
  • 6. Risk Based Internal Audit (Proactive Model) 6 Spire Traditional (Reactive) Model New Age (Proactive) Model Audit in silos Risk based (Integrated) audit Auditing around the system Auditing within the system Bottom–up approach Top-down approach Act as an internal control Controls embedded within the process & fixing process owner accountability for continuous monitoring Focus on limited principals such as compliance and assurance. Concurrent focus on multiple principals such as risk assessment, compliance, cost reduction, etc Traditional Internal Audit model has been reviewing / testing past events or transactions that identifies past issues and problems but it fails to inform stakeholders on exposure to emerging risk and potentially fraudulent activities in advance. Hence, there is a need for new, more proactive, IA model that respond to the existing stakeholders concerns about greater assurance, maximized business performance processes and broader risk management efforts….. while providing for traditional compliance audits as well.
  • 7. New Age Internal Audit Charter In wake of recent changes in regulatory framework, role of internal audit has become very important in helping Board, Audit Committee and Management to fulfill their oversight responsibility and legal duties. 7 Spire Reporting on Internal Financial Controls Robust Enterprise Risk Management Process Enhanced Fraud Risk Assessment Comprehensive Regulatory Compliance Framework New Age Internal Audit Charter Internal Audit function is expected to add value by highlighting leading industry best practices, acting as independent advisor to all stakeholders & actively participate in enterprise risk management.
  • 8. Internal Audit Process Flow 8 Spire Step 1: Planning Step 2: Walkthrough Step 3: Control Testing Step 4: Reporting  Defining scope  Assessment of materiality  Mapping SPOC  Defining the time plan  Discussion with process owners  Identification of inherent risk  Control Mapping  Assessment of design level deficiencies  Defining control test assertions  Sample selection  Substantive control testing  Assessment of operating efficiencies  Interim discussions with process owners  Revalidation of control test results  Draft summary of IFC deficiencies  Exit meeting & remediation plan  Assessment of deficiencies for materiality levels  Risk Classification  Issue Management report  Compliance Tracking
  • 9. Internal Audit Documentation 9 Spire Sr. No. Standard Document Control Document Description 1. Process Narrative Detailed narration of the process being tested. It provides details of all control activities embedded within the process. 2. Process Flow Activity wise graphical representation of controls and activities forming the process. 3. Risk Control Matrix (RCM) Serves as the audit plan. Contains the pertinent information about the risk identified with the control activity and the corresponding controls to mitigate these risk. 4. Sampling Grid A matrix listing the frequency of the control being performed and the ideal sample size for testing. 5. Testing Template Detailed description of the testing being performed including the test conclusions. 6. Management Report A summary of the findings, recommendations and action plan based on control assertions tested. 7. Compliance Tracker Periodic update on latest remediation status for deficiencies reported and tracked against the stakeholders.
  • 10. Need for Compliance Audit Companies Act 2013, has taken some major steps to enforce & hold corporates in India accountable with compliance to “ALL APPLICABLE LAWS”. Directors are responsible for:  Devising adequate systems to help ensure compliance with these provisions  Comment on adequacy & operating effectiveness of such systems & processes 10 Spire In order to discharge its responsibilities effectively, Board needs to demonstrate that all applicable laws are being complied with and non-compliances, if any, have been properly dealt with. Hence, a comprehensive compliance framework is now mandatory to ensure that all applicable laws are identified, mapped to respective process owners across functions and locations. Regular Compliance Audit, including periodic reporting to the Board, is an effective tool that can help every organization:  Assess its compliance management framework  Evaluate existing controls and processes for compliance management  Review its adherence to applicable regulatory guidelines  Continuously monitor and report on adherence to applicable provisions.
  • 11. Key Compliance Risk 11 Spire Component Key Risk Governance & Risk Assessment  Formal policies and adequate risk mitigation plans are often lacking  Compliance risks not considered in the overall risk assessment  Boards are unaware of compliance risks taken on by Management Business Planning & Strategy  Business decisions made without considering regulatory implications  Inefficiencies due to delay in incorporation of regulatory changes  Operations commenced without necessary licenses result in closure Process Automation  Compliance requirements & reporting process not automated  Manual processes & controls over monitoring resulting in higher risk  Lack of adequate maker-check /escalations within the system Compliance Monitoring & Regular Reporting  Exposure levels to regulatory risks are not monitored  Absence of clear reporting mechanism to highlight non-compliance  Follow up procedures not in place to verify corrective actions taken Employee Management  Employees put business gain ahead of compliance related issues  Absence of rewards for positive performance on compliance goals  Employees not trained to carry out compliance responsibilities
  • 12. Effective Compliance Framework 12 Spire Process for monitoring legislative changes at both global & national levels to ensure integration of compliance strategies with geographical growth strategies. Development of awareness on various compliance programs to which it is subject to & get an integrated view to assess the compliance levels across the entity. Accountability within the organization for fostering a culture of compliance in their performance goals. Comprehensive system for identification, monitoring & reporting on emerging compliance risk. Periodic reporting system to identify level of non- compliance & steps taken to address & avoid recurrence. Following activities that considerably reduce the compliance risk must be considered in evaluation of an effective Compliance Framework
  • 13. Internal Financial Control (IFC) 13 Spire What is Internal Financial Controls ??? According to the Companies Act 2013, the term IFC has been defined as: → The policies and procedures adopted by the company → To ensure orderly and efficient conduct of its business, → Including adherence to company’s policies, → Safeguarding of its assets, → Prevention and detection of frauds and errors, → Accuracy and completeness of accounting records and → Timely preparation of reliable financial information. However, the expanded coverage and focus goes way beyond the above definition & includes all “key elements” of a Controls Framework, such as: → Tone at the top & culture within the Organization, → A demonstrable documented framework for internal financial controls, → Documentation of controls to mitigate risk of significant misstatements, → Continuous controls monitoring & Management reporting process, → Requisite accountability for financial reporting structure.
  • 14. IFC Global Scenario Indian regulations have traditionally been modified to reflect developments in Western world. Introduction of IFC in the new Companies Act 2013, further reflects continuation of this trend. 14 Spire In June 2003, Securities & Exchange Commission (SEC) adopted the Rules for implementation of Sarbanes Oxley Act (SOX) that required certification of Internal Controls over Financial Reporting (ICFR) by Management and Auditors. In June 2006, National Legislature of Japan (DIET), passed the Financial Instruments & Exchange Act (J-SOX). Requirements of this legislation are similar to the requirements of ICFR under SOX. UK Corporate Governance Code specifies the Corporate Governance requirements for the Board, that inter alia, includes matters relating to oversight & review of internal controls in the Company. For Better Corporate Governance & Improved Controls over Financial Reporting
  • 15. 15 Spire Schedule IV: Deals with the Code for Independent Directors which emphasizes the requirement for independent directors to satisfy themselves on the strength of financial controls and the systems of risk management & ensure that the same are robust and defensible. Section 143(3)(i): In the Auditors Report, the Statutory Auditor of all companies have to report on adequate IFC systems and their operating effectiveness. Section 134(5)(e): In the Directors Report, the Board of Directors of listed companies have to assume responsibility of laying down IFC and ensuring that such IFC are not only adequate but are also operating effectively. Section 177: Audit committee should act in accordance with the terms of reference specified in writing by the Board, which should, inter alia, include evaluation of IFC and risk management systems in the Company. The New Companies Act 2013 IFC Scenario in India Sub-clause III (D): Role of the audit committee includes evaluation of internal financial controls and risk management systems. Sub-clause IX(C): CEO & CFO, to certify to the Board that they accept responsibility for establishing & maintaining internal controls for financial reporting & that they have evaluated the effectiveness of internal control systems of the Company pertaining to financial reporting. SEBI’s revision of the Clause 49 of the Listing Agreement
  • 16. 16 Spire IFC Applicability: Type of Companies Companies Act 2013 (Section) Responsibility Listed Company Unlisted Public Company Private Limited Company 134(5)(e) Director’s Report Yes Yes1 Yes3 177 & Sch (IV) Audit Committee Yes Yes2 No 143(3)(i) Auditors Report Yes Yes Yes Notes: 1. While Sec 134(5)(e) specifies “Listed companies”, Rule 8(5)(viii) of Companies (Accounts) Rules, 2014 read with Rule 8(4) talks about listed as well as unlisted public companies having a paid up share capital exceeding Rs. 25 crs at the end of preceding year. 2. Rule 6 & 7 of Companies (Meetings of Board and its Powers) Rules, 2014 the Board of every public company with paid up capital exceeding Rs. 10 crs or turnover exceeding Rs. 100 crs or having an aggregate outstanding loans / borrowings / debentures deposits exceeding Rs. 50 crs must constitute an Audit Committee. 3. Chapter IX – The Companies (Accounts) Rules 2014 dated 31st March 2014 additionally require the Board Report for unlisted companies, to contain the details in respect of adequacy of IFC with reference to Financial Statements only.
  • 17. IFC Review: 10 Point Strategy 17 Spire Step Description 1 Identify significant account balances for all key processes to be covered 2 Identify risk of material misstatement within these account balances 3 Identify entity level controls (ELCs) defined to mitigate such risks 4 Identify IT general controls (ITGC) designed within the financial applications 5 Identify account level controls (ALCs) at account balance / transaction levels 6 Meet the process owners to understand identified process, risks & controls 7 Determine nature, timing and extent of control testing & required evidences 8 Perform process walkthroughs with key process owners to corroborate above understanding. Confirm that the control descriptions are aligned to the objectives & activities. Ensure that controls are mapped to COSO 2013 principles, designed effectively & placed in operations. 9 Perform testing of controls to confirm operating effectiveness. Report on the test of design & operating effectiveness. 10 Discuss the exceptions noted & mitigation plan with the Management. Rollout the final version after obtaining management comments.
  • 18. Significant of IT Controls  Organizations today operate in a Dynamic Global Multi-enterprise environment. IT infrastructure & commerce are integrated in almost every business processes within the entity.  Increased connectivity & availability of systems & open environments have proven to be the lifelines of most business entities.  Most important decisions in an organizations are heavily dependent on information processed by IT applications, including the regular & timely flow of such information.  Management wants to meet or exceed their business objectives & attain maximum profitability through an extremely high degree of information availability, faster response time, extreme reliability and a very high level of security.  Design of such systems is complex & management is also very difficult. The increased use of technology therefore necessitates an the need for robust IT controls & greater awareness of IT risk at all levels. 18 Spire
  • 19. IT General Controls (ITGC) 19 Spire  ITGC apply to all systems components, processes and data within an organizations IT environment.  The objective is to ensure proper development & implementation of applications as well as integrity of programs, data files & computer operations.  It involves review of complex technologies & communications protocols that includes the internet, intranet, electronic data interchange, client servers, local area networks, wide area networks, telecommunications & wireless technology. Logical access controls over IT infrastructure, applications & data System & data backup & recovery controls Program change Management controls Review of IT system network architecture Data center physical security controls System development life cycle controls Incident Reporting & Monitoring system IT Policies & Procedures Common ITGC’s
  • 20. IT Application Controls 20 Spire  IT application controls are automated processing activities performed by the IT applications.  Application controls are designed to ensure complete and accurate processing of data, from input through output.  These controls vary based on the business purpose of the specific applications and also help in safeguarding privacy and security of data transmitted between applications. All Transactions” are: Completely processed Errors identified & rectified Accurately processed Processed only once Processing Controls Completeness of data Accuracy of data Data distribution Available to users Audit trail of data Output Controls Classification of IT Application Controls “All Transactions” are:  Accepted by system  Completely recorded  Accurately recorded  Entered only once Input Controls
  • 21. Standard Operating Procedures Written policies & procedures provide insights into the entities philosophies, values and ethical standards. Hence, it is important to define & work according to unambiguous Standard Operating Procedures (SOPs). 21 Spire Clear instructions on the flow of actions performed from beginning to end of the process chain. Prevent duplication of efforts & weed out process redundancies that do not add any value Develop a culture of “Control Consciousness” among all process owners within the entity Provide with sufficient training material to ensure each process is person independent. Advantages of clearly defined SOPs The purpose of a SOP is to carry out the operations correctly and always in the same manner. If deviations from this instruction are allowed, the conditions for these should be documented including who can give permission for this and what exactly the complete procedure will be.
  • 22. Other Allied Services 22 Spire Business Process Redesign Operational Cost Reduction Studies Management Audits Concurrent Audits Branch Audits
  • 23. Risk Consulting Team  The lead client service Head for Risk Consulting practice, Mr. Prashant P. Jain, has obtained his Certified Internal Auditor (CIA) designation from Institute of Internal Auditor’s (IIA), Florida (USA).  An Associate Member of the Association of Certified Fraud Examiners (ACFE), Texas (USA), he has an overall risk management experience of more than 15 years includes wide spread exposure to BFSI, Media, Engineering, Construction & Manufacturing segment.  Prior to his association with the firm, he has worked in various capacities with top Indian NBFC’s, Global MNC’s and Big4 consulting firms.  He is supported by a team of experienced professionals, that are also academically certified by top professional institutions and includes Chartered Accountants, Company Secretaries and MBA’s. 23 Spire
  • 24. 24 Spire Thank You Mr. Prashant Jain (Director – Risk Consulting) Direct: +91 22 4315 3075 Mobile: +91 98331 76543 prashantjain@spireindia.com www.spireindia.com 5, Ground Floor, Onlooker Building, 14, Sir P.M. Road, Fort, Mumbai – 400001. Board: +91 (22) 4315 3000 Fax: +91 (22) 4315 3015

Editor's Notes

  1. Indian regulations places a stronger emphasis than ever before on the role of the Audit Committee on internal financial controls and risk management. Given the importance of these areas, internal audit’s assurance role is very important in helping audit committee directors fulfill their oversight responsibility and legal duties.
  2. Currently, many companies are assessing the impact these new requirements will have on the operation and processes of the Company, including the financial reporting process. At AJA LLP, we fully endorse revisions made to the provisions related to Corporate Governance by the new Companies Act 2013 and SEBI’s listing agreement. We strongly believe that an inclusive legislation by the regulatory bodies would go a long way in facilitating compliance and promoting highest standard of corporate governance in India. This initiative needs a complete mandate from the Board and should be lead by the CEO/MD. There should be clear sponsorship and the 'tone at the top' which is the whole essence of IFC.
  3. Internal financial controls are defined in a wide way in the Company's Act, 2013, and cover many aspects of a company's business. This wide scope of internal controls creates a huge burden on companies and their auditors.
  4. Such controls gained currency after the Sarbanes-Oxley Act of 2002 added this requirement for most public companies in the US following accounting scandals at Enron, Tyco International and WorldCom in the early 2000. In India, internal financial controls assumed importance after the Satyam scandal erupted in 2009.
  5. Currently, many companies are assessing the impact these new requirements will have on the operation and processes of the Company, including the financial reporting process. The Companies Act makes it mandatory for the auditors of a company to report that internal financial controls system are in place. Besides, auditors must also explicitly state the operating effectiveness of such controls. However, an auditor's responsibility, is limited to financial statements, but this new provision stretches it to operations as well. This is not what auditors are supposed to do.
  6. In view of the above, and since the primary responsibility for safeguarding the assets of the Company, preventing and detecting fraud or other irregularities and maintaining proper books of account continues to be with the Board, laying down adequate ICFR and ensuring that such ICFR operates effectively will be the responsibility of the board even in case of unlisted companies. However, there is confusion over the scope of internal financial controls in the 'directors' responsibility statement' of the board because of different provisions for listed and unlisted companies. It is clear that Directors will have to make disclosures on internal financial controls in their report. However, for unlisted companies the requirement is applicable specifically to financial statements, but there no specific provisions for listed companies which may lead to open interpretations. In the absence of explicit provisions for listed companies, the requirements (for directors' disclosure) seem to be applicable for all internal controls and not just those related to financial statements and financial reporting. Moreover, there are harsh penal provisions, including imprisonment for "every officer of the company", if a company contravenes these provisions.