Fraud reporting: new bottle, old wine?

YOGESH SHARMA PRIYANKA CHAUDHARY | Updated on January 24, 2018 Published on June 14, 2015

More of the same: Makes no difference

There’s no point reporting fraud to the Centre if the audit committee or Board has already mediated in the matter

In early 2015, a joint study conducted by Assocham and Grant Thornton India revealed that there was a 45 per cent increase in Indian corporate frauds over the past two years. Given that the lurking risk of fraud can dissuade global companies from investing in India and adversely impact the investor and/or other stakeholders, reforms in this direction could not have been more timely.

The landmark legislation in the form of the Companies Act, 2013 (‘2013 Act’) introduced many new reporting requirements for auditors of companies, one of which is ‘Fraud reporting to Central Government’. Overruling all other sections in the Act, Section 143(12) requires auditors to report to the Centre about the fraud or suspected fraud committed against the company by officers or employees of the company.

It should be noted that in addition to statutory auditors, reporting responsibilities under this section applies to cost accountants conducting a cost audit under Section 148, as well as company secretaries conducting secretarial audit under Section 204 of the Act if they have reason to believe there is fraud or suspected fraud during the course of performance of their duties as auditor. The section does not apply to auditors appointed under other statutes or non-attest service engagements, except in specified circumstances. Recently, the Institute of Chartered Accountants of India (ICAI) issued a guidance note on reporting on fraud under Section 143(12) of the Companies Act, 2013.

Raising the bar

Fraud consideration in audit is not a new phenomenon. Under Standards on Auditing (SA) 240 — ‘The auditors’ responsibilities relating to frauds in an audit of financial statements’ — issued by the ICAI, the auditor is required to consider the risk of fraud in planning and performing his audit procedures in an audit of financial statements to address the risk of material misstatement due to fraud.

As fraud has to be reported if identified during the course of performance of audit, it is reasonable to assume that these will be assessed within the realm of auditing standards which are based on the fundamental concept of materiality in financial reporting.

However, the 2013 Act currently requires reporting of all frauds to the Centre within 60 days of awareness of such fraud. As a result of recommendations from stakeholders, including the ICAI, the proposed Companies (Amendments) Bill, 2014 introduced monetary limits for fraud reporting to the Centre. Any fraud below the specified amounts is to be reported to the audit committee or Board, immediately.

Perhaps due to the history and background of corporate frauds reported in the past decade, the section requires reporting only for fraud perpetrated by officers or employees of the company. Further, the requirement to report arises if the auditor himself detects the fraud. The requirement indeed makes the auditor directly responsible for whistleblowing and consequently could have a significant impact on the audit approach on fraud matters. Further, an interesting addition to this responsibility is to report “suspected frauds” which may cause confusion on the stage and timing of the reporting.

This differs from the requirements of the Companies (Auditor’s Report) Order, 2015 (CARO) by which auditors need to report to members on any fraud on or by the company that has been noticed or reported during the year. It appears then that statutory auditors would need to comply with overlapping requirements: report frauds on or by the company, whether or not reported.

Watchdog to whistleblower

Section 143(12) requires reporting by auditors if there is “sufficient reason to believe” that an offence of fraud is being, or has been, committed. While auditors are not required to make legal determination of existence of fraud, what is “sufficient” will require exercise of considerable professional judgment. In practice, to be able obtain adequate and supportable information from within the company to make a conclusion on the existence of fraud may be a challenge. It also seems to significantly expand auditors’ obligation in the exercise of “due skill and care”.

Another challenge seemingly posed by the section is with regard to the audit of consolidated financial statements which is now mandatory. According to the note, if an auditor is aware of or detects fraud pertaining to a foreign non-corporate component or one which is not committed by the employees or officers of or on the parent company, he has no duty to report such a fraud.

However, the auditor cannot absolve himself of his responsibilities under SA 240 in such cases nor do the rules under the 2013 Act allow such dispensation. One wonders how such differences would be dealt with in practice. Further, it is not clear how frauds associated with foreign subsidiaries are to be reported as they do not come under the purview of the 2013 Act.

Assessing implementation

Once a fraud is reported by the auditor to the Board or audit committee, the latter has a period of 45 days to not only make an assessment of existence of fraud, appoint forensic experts or other specialists, and conclude on the auditors’ finding, but also remediate internal controls to prevent such recurrence. Practically, it may be a challenge for companies to take tangible action within the slated timelines. In addition, the auditors’ report in the prescribed form should include details of fraud which may potentially lead to disclosure of sensitive information and, perhaps, impact investor and customer confidence.

While Corporate India lauds the reforms for fraud reporting, its success will be measured with reference to implementation in spirit. If a fraud has been detected and remediated by the Board or audit committee, is there a real need to report such matters to the Centre? Most of the corporate frauds in the last decade were a result of the collusion of several stakeholders.

One wonders if the real intent of this legislation is to deter the occurrence of fraud or simply reinforce the implementation of existing provisions and auditing guidance.

It is an old adage that there are three things in the world that deserve no mercy: hypocrisy, fraud and tyranny.

The 2013 Act seems to have chosen auditors to blow the whistle on fraud.

(The writers are with Grant Thornton LLP)

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on June 14, 2015
This article is closed for comments.
Please Email the Editor