Directors of listed companies may soon — for the first time — be mandated to design Internal Financial Controls for their respective companies and ensure proper compliance, while auditors will be made to certify the effectiveness of such controls.
The report of the directors and statutory auditor on Internal Financial Controls would then have to be made available to shareholders. This new provision — on the lines of the Sarbanes-Oxley Act in the US — is aimed at enhancing the accountability of the auditors and management, official sources told Business Line. The provision, meant to fix liability on directors and auditors for shortfalls in internal controls, has been incorporated in the new Companies Bill, they said. Internal controls will help in the prevention and detection of fraud. “Any strengthening of internal control system is welcome. It will provide greater transparency to the accounts of a company,” said Mr Rahul Roy, Director, Ernst & Young. He said the new provisions would bring uniformity in the internal controls of companies across the country. Risk mitigation With the new norms, companies will have to do their own risk-rating of the various internal processes to determine their weaknesses and strengths and further prioritise the corrective measures. This will ensure a proper risk-mitigation plan. Internal Financial Controls ensure more accurate financial results. These controls pertain to a company’s purchase procedure, consumption record, processes in obtaining raw material and stocks as well as comparative quotation in making purchases. They also include norms on employees’ allowances, accounting for assets — including property, machinery and intellectual property rights — in a company’s possession and whether those assets are mortgaged. Though the current rules stipulate a Directors Responsibility Statement on safeguarding the assets of the company, the new provisions would make them more responsible for all internal controls. Also, at present, auditors have to follow the Company Auditors Report Order (CARO), 2003, which asks if a company has proper internal control system on purchase and sale of goods and services. The CARO also asks if there are any weaknesses that the auditors have noticed in the internal control of a company and whether it is a continuing weakness.