May 27, 2013

Rate This Article
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Reforming the Audit Process: Have we learnt from Satyam

- Shardul S Shroff, Managing Partner [ Amarchand Mangaldas, New Delhi ]

Shardul S Shroff

Post liberalization in 1991, and especially during the last decade, India has initiated various reforms to improve and refine its corporate governance norms relating to audit process in Indian companies.

Several contemporary international developments like the enactment of the Sarbanes-Oxley Act, 2002 in the United States of America ("USA") and the Cadbury Committee Report in the United Kingdom, have exercised significant influence on the reform process in India. However, the day of January 7, 2009, marked a turning point in the entire reform process when Mr. Ramalinga Raju, the Chairman of Satyam Computer Services Limited ("Satyam"), disclosed that the revenues, profits and cash balances of Satyam had been falsified over several years by the promoters of Satyam.

The disclosure of this massive fraud (estimated initially to be approx. ` 7,000 Crores) led to a steep fall of more than 80% in the share prices of Satyam and wiped out a significant portion of the investment value for its public shareholders. The magnitude and mechanics of the Satyam fraud had put a question mark on the efficacy and sufficiency of the Indian corporate governance regime and caused both the regulators and the industry to pause, reflect and engage in a constructive process of reforms to further reinforce the system of checks and balances.

Satyam was primarily an accounting fraud. In order to check accounting frauds of the kind that happened at Satyam, Indian law provides for a system of multi-level checks and balances within the corporate structure. For example, public listed companies in India are mandated under law to appoint internal auditors which, in turn, report to the audit committee of the company (consisting of directors of the company) and this ensures adequate internal control on the process of accounting. Section 224 of the Companies Act, 1956 ("Companies Act") provides that every company should appoint its statutory auditors who would certify that proper books and accounts are being maintained by the company in accordance with applicable accounting standards and practices and that the financial information reported by the company portrays a true and fair view of the financial position and affairs of the company.

Further, Section 215 clause (3) of the Companies Act requires the board of directors of a company to confirm that the financial statements of the company have been prepared in accordance with applicable accounting standards. The listing agreement of the stock exchanges ("Listing Agreement") requires the CEO and CFO of a listed company to certify the financial and cash flow statements of such company and certify to the board of directors that they have established and maintained effective internal controls for financial reporting and have evaluated the effectiveness of the financial control systems. It is hard to believe that despite such seemingly effective norms governing the audit process of companies, a fraud of the proportion of Satyam continued for several years without detection at any level of checks and balances.

Internal Audit

The legal requirement for an internal audit system comes from the Companies Act, the listing agreement and the Companies (Auditor's Report) Order, 2003 and the internal audit process is also governed by the Standards on Internal Audit issued by the Committee on Internal Audit set up by the Institute of Chartered Accountants of India ("ICAI") from time to time. The law gives the companies the responsibility of internal audit, which can be done either through an in-house department or may be outsourced to an independent audit firm.

At Satyam, the internal audit was carried out in-house and this has been considered as one of the primary reasons that led to the continuance of fraud over several years without detection. In light of this, it is now being suggested that the use of an independent audit firm for undertaking the internal audit by public companies should be made mandatory. The Securities and Exchange Board of India ("SEBI") Committee on Disclosures and Accounting Standards ("SCODA") considered this proposal in 2009, but in its discussion paper on proposals relating to amendments to the Listing Agreement, the SCODA refrained from suggesting that companies should be mandated to use an external audit firm for the performance of the internal audit function and took the position that the existing mechanism of oversight by the audit committee on the internal auditor was an adequate safeguard.

Neither do the Corporate Governance Voluntary Guidelines, 2009 ("CGVG"), issued by the Ministry of Corporate Affairs ("MCA") in December 2009, recommend that an external auditor should be used for internal audit purposes. As a compromise position, the CGVG recommends that the internal auditor should not be an employee of the company in order to ensure the independence and credibility of the internal audit process.

It is important to note that the mandatory use of an external audit firm for internal audit would increase the cost of compliance for the companies without necessarily improving the quality of internal audit process because an internal auditor, by virtue of his appointment by the management of the company, is susceptible to management's influence.

In fact, a more useful proposition would be that the internal auditor, whether in-house or external, should be appointed by the audit committee of the company and report directly to such committee instead of the management of the company. Such a requirement would ensure a free and fair check by the internal auditor on the management’s decision-making process, without the fear of any repercussions.

The MCA should consider consolidating the law relating to internal audit process in the Companies Bill, 2009 ("Companies Bill") by including a specific provision setting forth the appointment, role and duties of internal auditors. The report of the Parliamentary Standing Committee on Finance, on the Companies Bill ("Standing Committee Report") presented in the Lok Sabha in August 2010, has proposed mandatory appointment of internal auditors by large companies (as prescribed by the Central Government).

Audit Committee

Section 292A of the Companies Act requires public companies having paid-up share capital of not less than Rs. 5 crores to constitute a committee of the board known as the "audit committee". Such audit committee should consist of minimum three directors out of which two-thirds of the total number of members shall be directors other than the managing or whole-time director of the company. Further, the Listing Agreement requires listed companies to have a "qualified and independent" audit committee comprising two-thirds independent directors, with an independent director as the chairman.

The audit committee's role inter alia is to oversee the financial reporting process by the management and ensure robustness of the internal audit process. In the wake of the Satyam fraud, it has been recommended that the audit committee should comprise only of independent directors. However, such a step would not necessarily enhance the quality of supervision by the audit committee considering the fact that the audit committee at Satyam comprised only independent directors.

Instead, it is proposed that the process of nomination, appointment and removal of independent directors should be made more robust. Presently, independent directors are in essence nominated, appointed and removed by the management/ promoters of the company. It is clear that such practice erodes the "real independence" of the independent directors. In fact, this may have been an critical issue faced by the independent directors at Satyam where they raised questions to the promoters regarding the proposed investment by Satyam in promoter owned and controlled entities operating in the real estate business, but did not cast a dissenting vote disapproving the deal at the board level.

The Companies Bill provides for various specific grounds of disqualifications for appointment of a person as an independent director. However, this may not deter the promoters from choosing persons who, while not being caught under the grounds of disqualifications, may be influenced by the promoters or favourably inclined to accept their policies and plans. One plausible solution that may be incorporated into the Companies Bill could be to establish an independent body to appoint independent directors to the board (and audit committees) of public companies and set their remuneration independently.

Drawing form this notion, the CGVG suggests the constitution of a "nomination committee" in a company which shall, in majority, comprise independent directors who would in turn evaluate and recommend appropriate independent and non-executive directors to be appointed based on a transparent and objective set of guidelines. The CGVG further provide for the attributes and tenure of independent directors emphasizing on the preservation of "independence" of such directors. For this purpose, CGVG recommends that all independent directors should provide a detailed "certificate of independence" at the time of their appointment, and thereafter annually.

Such certificate should be put up on the website of the company and if the company is a listed company then such certificate should be provided to the stock exchanges on which the securities of the company are listed. Currently, the Listing Agreement requires audit committee members to be financially literate and mandates that at least one member should have knowledge of finance or accounting. The Companies Bill proposes that the directors on the audit committee should possess an indepth understanding of the nature of the company’s business coupled with strong financial expertise and industry knowledge.

It is believed that the Satyam accounting fraud continued to remain unnoticed for a long span of time due to oversight by the members of the audit committee who may have lacked the requisite financial and accounting expertise to spot the problems. A requirement of business and sectoral proficiency for audit committee members could prove valuable for them in identifying anomalies in the functioning of the company.

This proposal is reiterated by CGVG, which recommends that all the members of the audit committee should have knowledge of financial management, audit or accounts. The Standing Committee Report elaborates on the duties and functions of an audit committee and recommends that the same should be incorporated into the Companies Bill.

Statutory Audit

Section 227 of the Companies Act provides that the statutory auditor should certify that the company has maintained proper books and accounts and that the financial statements of the company project a "true and fair view" of its state of affairs. The ICAI has issued detailed set of principles in form of the Auditing and Accounting Standards for the conduct of the audit process. However, the effectiveness of the audit process is often eroded due to deficiencies in the manner of appointment of the auditors.

For example, while the statutory auditors are appointed by the shareholders, as a matter of procedure, in reality, the shareholders merely put a stamp of approval on the name chosen by the management of the company. Further, due to the relatively higher voting strength of the promoters (due to lack of dispersed public shareholding in Indian companies) and low turn out of public shareholders at general meetings, the promoters are able to easily appoint the auditor of their choice.

The Companies Bill also seeks to resolve the problem of conflict of interest in case of statutory auditors by categorically prohibiting them from providing a host of other services to the company. The Standing Committee Report has suggested that this prohibition against statutory auditors should be extended to the level of subsidiary companies of the relevant company as well. While such provisions may enhance objectivity in the audit process, it may not ensure complete freedom of the statutory auditor from the management's or promoter's influence.

A logical solution to this problem is to give the power of appointment of the statutory auditor to an independent body or to the audit committee, which does not operate under the management/ promoter's influence. Keeping this in view, the Standing Committee Report recommends that the advisory body that is proposed to be constituted by the Companies Bill for overseeing the accounting practices followed by the companies, should also be entrusted the task of preparing a comprehensive list of audit firms over a given period of time, after which it will be mandatory for any company to appoint an auditor from this list only.

To further preserve the independence of the auditors, the Standing Committee Report has recommended that it shall be the responsibility of the audit committee to ensure and monitor that the independence criteria has been fulfilled by the auditor throughout his tenure. In this context, the Companies Bill requires that every company should obtain a certificate from the auditor certifying his/its independence and arm's length relationship with the client company.

Further, the Companies Bill provides that the board or the audit committee may approve the provision of other services by the statutory auditor to the company. It is suggested that in order to ensure the independence and credibility of the audit process only the audit committee, which is appointed in the manner discussed above, should approve such matters.

To make the audit process more robust, in the CGVG, the MCA has recommended that the audit partners should be rotated once every 3 years and the audit firm should be rotated once every 5 years so that the same individuals/ audit firm do not constantly work on a given client account and the audit process is therefore less susceptible to influence by the management. It is further suggested that a cooling off period of three or five years should elapse prior to re-appointment of a partner or an audit firm, respectively.

This view has also been endorsed by the Standing Committee Report, which further adds that no individual auditor of the company who has completed a tenure of 5 years shall be re-appointed before the expiry of 3 years from the completion of such tenure. The ICAI has also recommended that audit firms should change partners working on an audit account of a public company once every five years. A similar suggestion was also made by SCODA in its discussion paper, where it had recommended that SEBI should mandate periodic rotation of the audit firm partner signing the audited accounts of a listed company.

While it is arguable that rotation of audit firms may lower the quality of the audit process as it takes several years for an audit firm to familiarize itself with the business and financial affairs of a company and may not be practical, it is proposed that this requirement could actually go a long way in ensuring the independence of the statutory auditors. Further, the Companies Act mandates the statutory auditor to inspect documents of the company and report whether sufficient information was procured for the purposes of the audit report.

It seems that the statutory auditors at Satyam blindly relied on the information provided by the management and did not independently verify key information such as the bank balances of the company. While it may be argued that it would be practically difficult for the statutory auditor to undertake such verifications each time, proper due diligence requires that the statutory auditor should conduct at least sample checks in relation to significant matters like cash/ bank balances.

The reluctance of the statutory auditors in walking an extra mile as a part of an effective audit watchdog also makes out a strong case for a periodic "audit of audits", as is undertaken by the Public Company Accounting Oversight Board in the USA, which would subject the performance of the statutory auditor to an extra layer of scrutiny and compel them to discharge their functions more responsibly.

In addition to the statutory framework prescribed under the Companies Act and the Listing Agreement, the audit process is also governed by certain Standards on Auditing ("SAs") issued by the ICAI. The ICAI has made certain far reaching changes to the SAs with effect from April 1, 2010, in order to improve the quality of the audit process. However, the SAs have not been discussed in detail as part of this article and I leave that topic for a thorough discussion in the future.

In conclusion, while strengthening the legal and regulatory regime is vital to avert corporate frauds like Satyam in future, there should be an increased emphasis on the effective implementation and compliance with the prescribed norms. While the Standing Committee Report makes some headway into implementing more robust norms, it falls short of truly transformational changes to the audit system for companies in India. Though companies are increasingly vigilant in their outlook, it seems that the lessons taught by Satyam have yet to be imbibed in the ethos of Corporate India.

It is also important to sensitize the individuals involved in implementing the corporate governance norms relating to audit process, i.e., the directors on the audit committee, the internal or statutory auditors – to discharge their duties diligently and honestly in accordance with the applicable law. In addition, frequent, methodical and comprehensive checks accompanied with timely action against violators by the regulators (like SEBI, MCA, ICAI) can increase the effectiveness of audit process in Indian companies with strict compliance with the latter as well as the spirit of the law.


Related Post

follow us

Publication & Enquiries

phone icon  +91 8879635570/8879635571

mail icon