Fraud ReportingUnder Companies Act, 2013

C.A. Sandeep ShahBombay Chartered Accountants’ Society

Presented on 15th July 2016

Background

3

� Section 143(12) of Companies Act, 2013 required reportingon fraud by the statutory auditor to Central Government

� Section 143(12) was amended in May 2015 to specify theauthorities to whom reporting of fraud will be made basedon quantum

� Rule 13 of the Companies (Audit and Auditors) Rules, 2014was amended in December 2015.

� ICAI issued the Guidance Note on Reporting on Fraud inFebruary 2015 which was revised in February 2016consequent to amendments to Companies Act/ Rules

� Guidance note covers various aspects on reporting of fraudby auditor under section 143(12)

� “SA 240 – The Auditor’s Responsibility to Consider Fraud andError in an Audit of Financial Statements” deals withreporting of fraud by the auditor which covers aspect likedefinition of fraud, risk assessment procedure, identificationand assessment of material misstatement etc.

6

Reporting is required when they are

conducting the audit under the Companies

Act, 2013

� Though internal auditor is appointed under the Act, fraudreporting doesn’t apply to them

� Auditor appointed under other statutes are not required toreport fraud like Tax auditor, Sales tax / VAT auditor

� Reporting by auditors under Section 143(12) would applyeven if the fraud is required to be / has been reported underany other statute or to any other regulator like reporting ofRBI in case of bank audit

� Reporting by the auditor on fraud is not a separateengagement and is a part of the performance of the duties asan auditor of the financial statements of the company underthe Act

� Change of audit methodology� Change in mind set for identification of fraud during

statutory audit

Section 143(12) on fraud reporting

3

� As per Section 143(12) of the Act if anauditor of a company, in the course ofthe performance of his duties asauditor, has reason to believe that anoffence of fraud• Involving ₹ 1 Crore or above

(individual amount), is being or hasbeen committed in the Company byits officers or employees, report thematter to the Central Government

• In case of fraud involving less than ₹ 1Crore then report the matter to theAudit Committee or to the Board

� In the course of the performance of his duties as auditor• reporting requirement arises when the fraud is identified while

performing the audit under the Companies Act

� There is reason to believe that an offence of fraud is being orhas been committed• To have sufficient information or convincing evidence

� Fraud is being or has been committed against the Companyby its officer or employees• Fraud by third parties and vendors are not covered• Contract employees could be contended that they are not

employees of the company and hence excluded

All frauds against the company by its officers or employees to be reported by auditors to Board or

Audit Committee in 2 days

Fraud amount => ₹ 1 Crore

Company to respond to auditors

within 45 days

Auditors to report to Central Government up to 60 days (whether or not reply is received from

company)

Fraud amount < ₹ 1 Crore

Company to report each fraud details in Board's report

� Where individual fraud amount is ₹ 1 Crore and above and itis reported by the auditor to Board of directors / Auditcommittee then� Board of directors / Audit committee needs to evaluate

the matter, take appropriate action (including conductingof an investigation/forensic audit, if required) andrespond to the auditor within 45 days of the date of theauditor’s communication.

� Where individual fraud amount is below ₹ 1 Crore, auditor isnot required to obtain response from Board of directors /Audit committee� However, as a matter of prudence and professional

skepticism, the auditor should obtain the response fromthe Board of directors or the Audit committee as this willenable the auditor to obtain further assurance andmanagement’s assertion that the amount involved orexpected to be involved in the fraud is less than ₹ 1 Crore

� Reporting to Central Government will be required in casewhen auditor has originally estimated fraud amount less than₹ 1 crore and subsequently actual fraud amount works out tobe ₹ 1 crore and above• Timeline for reporting of fraud to Central Government

should commence when the actual fraud amount isdetermined

� Report shall be sent to Central Government in From ADT-4� Report shall be sent to the Secretary of MCA in a sealed

cover by Registered Post with acknowledgement due or byspeed post followed by an e-mail in confirmation

� Report shall be on the letter-head of the auditor containingpostal address, e-mail address and telephone or mobilenumber and it should be signed by the auditor with his sealand shall indicate his Membership Number

Nature of fraud with description

Approximate amount involved

Parties involved

What is the fraud

3

� Fraud involving one or more members of management orthose charged with governance is referred to as"management fraud"

� Fraud involving only employees of the entity is referred to as"employee fraud“

� Generally, the “management fraud” can be construed as“fraud by the company” while fraud committed by theemployees or third parties may be termed as “fraud on thecompany”

� Internal frauds can include:• payment fraud• procurement fraud• travel and subsistence fraud• personnel management• exploiting assets and information• receipt fraud

� Fraud has been defined by• Section 447 of the Companies Act• Para 11(a) of SA 240• Insurance fraud monitoring framework of IRDA• Section 17 of Indian Contract Act, 1872

� Though RBI has not defined the term ‘fraud’, however,definition of fraud is suggested in the context of electronicbanking in the Report of RBI Working Group on InformationSecurity, Electronic Banking, Technology Risk Managementand Cyber Frauds

Section 447 of the Act -"fraud" in relation to affairs of acompany or any body corporate, includes:� any act;� omission;� concealment of any fact; or� abuse of position committed by any person or any other

person with the connivance in any manner� with the intent to deceive,� to gain undue advantage from, or� to injure the interests of the company, its shareholders or

its creditors or any other personwhether or not there is any wrongful gain or wrongful loss.

Para 11(a) of SA 240 define fraud as� an intentional act by

• one or more individuals among management, thosecharged with governance, employees, or third parties,

� involving the use of deception� to obtain an unjust or illegal advantage

� The definition of fraud as per SA 240 and as per Section 447of the Act are similar, except that• Section 447 includes ‘acts with an intent to injure the

interests of, the company or its shareholders or itscreditors or any other person, whether or not there is anywrongful gain or wrongful loss’

• To detect acts that have intent to injure the interests of thecompany or cause wrongful gain or wrongful loss would bechallenging unless the financial effects of such acts arereflected in the books of account/financial statements ofthe company

� Examples of fraud which auditor may not be able to detect /identify� Employee receiving pay-off for favoring a specific vendor� Password of key managerial person is stolen and misused

to access confidential data� Employee is carrying on business parallel to the

company’s business and diverts customer orders tocontrolled entity

� As per Guidance Note, auditor shall consider therequirements of the SAs, insofar as it relates� to the risk of fraud, including the defination of fraud as

stated in SA 240, in planning and performing his auditprocedures in an audit of financial statements to addressthe risk of material misstatement due to fraud

� Auditor may detect fraud while rendering� Attest services like audit of interim financial statements,

limited review of financial results, tax audit� Non-attest services

� When a statute or regulation requires above services to beperformed by the auditor of the company, the auditor shouldconsider the reporting requirements• As work carried out by the auditor during other services

could be construed as being in the course of performinghis duties as an auditor, even though not under theCompanies Act, 2013.

� As per guidance note issued by ICAI,• Fraud identified / noted while providing other services

which the auditor uses or intends to use whenperforming audit under the Act then in such a case, thematter may become reportable

Management responsibility &

reporting in management

identified fraud

3

By the Management

By the Audit committee

By the Independent

directorsBy the

Auditors

Primary responsibility fordetection and prevention offraud rest with themanagement

Section 134(5)(C) of the Actrequires Directors Report toinclude statement thatDirectors had taken properand sufficient care forsafeguarding the assets ofthe Company and forpreventing and detectingfraud and other irregularities

Section 134(5)(e) of theCompanies Act 2013requires that in case of listedCompany Board report toinclude statement thatDirectors had laid downinternal financial controlsand such internal financialcontrols are adequate andwere operating effectively.Internal financial controlsincludes reporting on fraud

� Section 177(9) & (10) of the Act requires establishment ofVigil Mechanism for its directors and employees

� Applicable to listed companies, companies which acceptdeposits from the public and companies which haveborrowed money from banks and public financial institutionin excess of ₹ 50 Crs

� Audit committee / Board of directors shall oversee the vigilmechanism in case where the Companies are required toconstitute audit committee

� Code of conduct for independent directors includes• Ascertaining and ensuring that the company has an

adequate and functional vigil mechanism• Reporting concerns about unethical behaviour, actual or

suspected fraud or violation of the company’s code ofconduct or ethics policy

Fraud is detected by

Auditor

Need to report to Central Government / Audit

Committee / Board of Directors

Management / other persons

Auditor is not required to report as it is not identified

by auditor during audit

� The auditor should apply professional skepticism toevaluate/verify that the fraud was indeed identified/detectedin all aspects by the management or through the company’svigil / whistle blower mechanism / internal controlmechanism

� The auditor is required to make distinction as to whetherfraud is identified / detected by management or as a result ofmatters raised by the auditor

� Auditor is required to report fraud only in case fraud isidentified / detected by him

� In case fraud is identified by the management and fraudamount is ₹ 1 Crore and above, however, auditor is notsatisfied with the remedial action taken by the management• Auditor should write letter to the management with

reason of dissatisfaction and request the management toperform additional procedures.

• If the management fails to take additional measureswithin 45 days of auditor’s request, then the auditorshould consider whether the reporting to CentralGovernment should be made or not.

When fraud is said to be identified

3

Rule 13 of Companies(Audit and Auditors)Rules 2014 asamended by Rules2015 uses the termreason to believe andknowledge

Reason to believe and knowledge

Form ADT -4 (forreporting of fraud toCentral Government)uses the termsuspected offenceinvolving fraud

Suspicion Reason to believe

Section 143(12) of theAct uses the reasonto believe

� Harmonious reading of Section 143(12), Rule 13 of theCompanies (Audit and Auditors) Rules, 2014, as amended byRules, 2015 and Form ADT - 4,• Reporting on fraud would be applicable only when the

auditor has reason to believe and has knowledge that afraud has occurred or is occurring i.e. when the auditorhas evidence that a fraud exists

Speculation• Informationfrom unrelatedsource which isa rumour,hearsay, gossip,assumption,guess, thoughtor supposition

Suspicion• State of mindmore definitethan peculationbut falls shortof knowledgebased onevidence

Reason to Believe• There needs tobe sufficientinformation orconvincingevidence toadvancebeyondsuspicion

Knowledge• Indicates“reason tobelieve” withmorepersuasiveevidence

� “Fraud risk factors" - Events or conditions that provide anopportunity, a motive or a means to commit fraud, orindicate that fraud may already have occurred.

� SA 240 provides two types of fraud risk factor� Fraudulent financial reporting� Misappropriation of asset

� Fraudulent financial reporting e.g.• To obtain additional debt or equity financing to stay competitive• Significant related-party transactions not in the ordinary course of

business

• Excessive interest by management in maintaining or increasing theentity’s stock price or earnings trend etc.

� Misappropriation of assets e.g.• Adverse relationships between the entity and employees with access

to cash or other assets susceptible to theft• Inadequate internal control over assets may increase the

susceptibility of misappropriation of those assets• Disregard for the need for monitoring or reducing risks related to

misappropriations of assets

� Based on the nature, size and circumstances of the fraud riskfactors, the auditor will have to design appropriate auditprocedures to address the assessed risk of materialmisstatement due to fraud

� SA 240 provides examples of possible audit procedures toaddress the assessed risk of material misstatement due tofraud

Procedures to address assessed risk of material misstatement due to fraud

Various circumstances which affects

fraud reporting

3

� The auditor of the parent company in India will be requiredto report on frauds in the components of the parentcompany, if the• Suspected offence involving fraud in the component is

being or has been committed by employees or officers ofthe parent company and if such suspected offenceinvolving fraud in the component is against the parentcompany

• The principal auditor identifies/detects such suspectedoffence involving fraud in the component in the course ofthe performance of his duties as an auditor of theConsolidated Financial Statements

• The principal auditor is directly informed of such asuspected offence involving fraud in the component bythe component auditor and the management had notidentified / is not aware of such suspected offenceinvolving fraud in the component

� Fraud identified during the year may relate to prior yearwhen the Companies Act 1956 was applicable

� Reporting under Section 143(12) will arise only if the fraud isidentified by the auditor during the financial years on or afterApril 1, 2014 and to the extent that the same was not dealtwith in the prior financial years either in the financialstatements or in the audit report or in the Board’s reportunder the Companies Act, 1956

� Example given in Guidance note (point to ponder)� For corruption, bribery, money laundering and

intentional non-compliance with other statutes, when• such acts have been carried out by officers or

employees of the company� Auditor comes to know that the Company has filed a

fraudulent return of income to evade income tax :auditor may have to report fraud irrespective of whetheradequate provision has been made in the books ofaccounts or not

• Para 28 read with para A19 and A20 of SA 250, provides forreporting non-compliance to regulatory and enforcementauthorities by the auditor• The auditor’s professional duty to maintain the confidentiality

of client information may preclude reporting identified orsuspected non-compliance with laws and regulations to a partyoutside the entity.

• However, the auditor’s legal responsibilities vary underdifferent laws and regulations and, in certain circumstances,the duty of confidentiality may be overridden by statute, thelaw or courts of law.

Reporting in Form ADT –4 will be done by the joint auditor whoidentified/noted fraud. Such joint auditor should provide a copy of the FormADT –4 to the other joint auditor(s).

The reporting to Board of Directors / Audit Committee / to CentralGovernment may be carried out by the joint auditor who identified/notedthe fraud or by any or all of the joint auditors together.

Where fraud is identified by one of the joint auditor then such joint auditorshould communicate the same to the other joint auditor(s) to enable themto consider and evaluate for his areas and each of the joint auditor shouldindividually comply with the requirements of this Guidance Note.

� Fraud risk assessment is part of audit procedure otherwise alsoas per SAs

� If a fraud has been reported under Section 143(12),implications on the financial statements to evaluated� On his audit opinion on the financial statements� On any other matter to be included in his report under

Sections 143(1) to (3) including with regard• To reporting on the adequacy and operating effectiveness

of the internal financial controls and• Matters having adverse effect on the functioning of the

Company

� The following needs to considered for evaluation• When the auditor has reason to believe that the

management is involved in the fraud, how the auditorre-evaluated the risks of material misstatement due tofraud and reliability of the evidences previously obtained

• When the auditor confirms that, or is unable to concludewhether the financial statements are materially misstateddue to fraud, how the auditor evaluated the implicationsfor the audit

� CARO 2016 also requires reporting on fraud where• Fraud is committed by the Company or• Fraud is committed on the Company by its officers or

employees• Auditor needs to disclose the nature and amount of fraud in

CARO• Auditor needs to disclose the fraud noticed or reported

during the year

Particulars CARO reporting Section 143(12) reportingType of fraud covered

Fraud committed by thecompany or fraud on thecompany by its officers oremployees

Fraud committed against theCompany by its officers oremployees

Coverage Fraud noticed or reportedduring the year

Fraud identified during theaudit

Amount of fraud All the amount of fraudneeds to be reported

Fraud below ₹ 1 Crore needsto be reported to Board /audit committee and fraudabove ₹ 1 Crore needs to bereported to CentralGovernment

� Section 143(9) requires the auditor to comply with the SAs,which, inter alia, includes consideration of materiality,applying materiality in evaluating misstatements anddisposition of the same

� Materiality is applicable wherever the amount is quantifiable� Where the amount is not quantifiable, the auditor should

apply professional judgement to estimate the likelihood ofthe amount. It can be based on management estimate orreasonable range of estimate made by the auditor

� As per Section 147(2), if an auditor hascontravened Section 143 knowingly or willfully with the intention to deceive thecompany or its shareholders or creditors ortax authorities� Punishable with imprisonment for a

term up to 1 year and� Fine which should be minimum ₹ 1 lac

and can be further extended to ₹ 35lacs.

Reported in Financial Statements Reporting in audit report

United Spirits Limiteda) Certain parties had given undisputed balance confirmationas on 31st March 2013 and the same has subsequently givendisputed balance confirmation as on 31st March 2014.Parties had claimed that certain UB group companies owedbalance to them and hence to that extant they had not givenmoney to the Company. The Company had initiated internalinquiry and inquiry report stated that between 2010 and 2013,funds involved in many of these transactions were divertedfrom the Company and / or its subsidiaries to certain UB Groupcompanies [certain transaction were also in violation ofCompanies Act 1956].Based on the management estimates, appropriate provisionhas been made in the books of account

The said matter wasreported in CARO andunder basis of Qualifiedopinion.Further it has beenmentioned in the CAROthat this fraud isreported to CentralGovernment undersection 143(12) by theStatutory auditor

Reported in Financial Statements Reporting in audit report

b) The Company had received a letter from the lawyers of anentity (“Alleged Claimant”) alleging that the Alleged Claimanthad given loans of ₹ 2,000 Million to Kingfisher Airlines Ltdwhich requires creation of lien on certain investments of theCompany. Pending the repayment of the above loan, AllegedClaimant required the Company to pledge such investments inits is favour.The Company had sought from Alleged Claimant to submit thecopy of agreement and the inquiry was conducted againstthese transactions.The Inquiry indicated that no Board authorisation / approvalhad been obtained to authorize anyone to execute any suchagreement. Based on the Inquiry and its current knowledge,Management does not expect any liability or obligation to ariseon the Company out of this matter.

The said matter wasreported in CARO.Further it has beenmentioned in the CAROthat this fraud isreported to CentralGovernment undersection 143(12) by theStatutory auditor

Reported in Financial Statements Reported in audit report

Ricoh India Limited (Subsidiary of MNC)Auditor while conducting limited review for quarter ended 30th

September 2015 had observed certain transactions whichrequires further investigation (Till June 15 other auditor wasconducting the audit and Limited review).Audit committee has appointed external agencies for furtherinvestigation and external agency has submitted its report toAudit committee which implies wrongdoing by KMP and twoother employees. Fraud includes unsupported out of booksadjustments to sales, expenses, assets & liabilities in order toreport high profit.Auditor were informed about the investigation report.Thereafter the auditor has reported the said fraud to CentralGovernment.

In the results publishedon 18th May 2016pertaining to quarterended 30th September2015, auditor has statedthat the books ofaccount and results donot reflect the true andfair view of state ofaffairs of the enterprise.

Q & A Session

46