Internal Controls, Anti-Fraud Strategies for Companies in India
India is among the world’s fastest growing emerging markets, aided by liberal foreign investment policies and an expanding consumer base.
This has catapulted the number of market players – foreign and domestic – and led to high levels of competition in each industry, often exposing firms to the threat of fraud and other risks.
A recent industry survey showed that in 2017, 89 percent of the companies based in India were victims of at least one instance of fraud; 33 percent of them suffered revenue losses of more than seven percent due to this.
Foreign investors expanding to the Indian market therefore need to prioritize conducting due diligence when entering into partnerships and contracts with firms and vendors in India.
Aside from the due diligence review, firms should pay key attention to daily compliance associated with financial reporting, security of company assets, floor operations, and inventory assessment, among other business activity records.
Fraud prevention in India
Broadly speaking, fraud can be perpetrated by an individual or agency from within an organization or external to the organization.
It falls under three main categories: asset misappropriation, fraudulent accounting and financial reporting, and corruption.
The three most common factors that determines a company’s exposure to fraud are incentives or pressures, opportunity, and rationalization.
To reduce their risk exposure, companies must put in place clear internal control mechanisms that can prevent, detect, and deter fraudulent behavior conducted by employees, vendors, consultants, or various levels of management.
The Companies Act, 2013 first introduced the term ‘internal financial controls’ (IFC) in an effort to curb financial frauds in India. The Act directs companies to implement mechanisms that ensure the following:
- Adherence to company’s policies;
- Safeguard of its assets;
- Prevention and detection of frauds and errors;
- Accuracy and completeness of the firm’s accounting records; and,
- Timely preparation of reliable financial information.
The Institute of Chartered Accountants of India (ICAI) issued an updated ‘Guidance Note on Audit of Internal Financial Controls over Financial Reporting or ICFR’ in September 2015, which mandates the involvement of an external auditor in the compliance process.
Several amendments to the Companies Act, 2013 focus on the prevention of fraudulent activities within a company, with explicit requirements for anti-fraud mechanisms for businesses varying by size and type of businesses.
The Companies (Amendment) Act, 2017 confers greater accountability to the directors and auditing professionals appointed by the business entity. It also makes directors and employees personally liable in case they are found guilty of committing fraudulent activities.
The Act imposes financial penalties, and even imprisonment, in case of non-compliance.
Other Indian laws, such as the Prevention of Corruption (Amendment) Act, 2011, the Whistleblowers Protection Act, 2011, the Right to Information Act, 2005 (RTI), the Information Technology Act 2000 (IT Act), and the Prevention of Money Laundering Act, 2002 (PMLA) aim to protect companies from fraud.
Internal controls prevent, detect, and deter fraud
Aside from the financial loss, the experience of fraud devalues a company’s reputation and credibility and, consequently, its performance in the market.
Preventing fraud thereby necessitates the implementation, monitoring, and periodic adjustment of risk management strategies and internal control systems.
Regulatory and legal recourse in India is still at the developmental stage, which puts the burden of fraud prevention on companies, and makes the implementation of internal controls a top priority.
Foreign companies with subsidiaries in India, often lack direct control over their firm’s day-to-day operations.
Such entities must institute internal control and reporting mechanisms, ensure clarity of policy and penalty in the company handbook, and regularly follow up on any red flag issues.
Some important best practices for firms based in India are as follows:
- Active assessment of risk factors and allegations by management and follow up on action taken;
- Company behavior and ethics code, which should be developed, documented, and communicated to employees;
- Policy for whistle blowing, whereby management ensures the confidentiality and safety of information providers;
- Proper compliance with laws and regulatory guidelines set up by the Indian government – such as the Whistleblowers Protection Act, 2011 or Prevention of Corruption Act, 1988;
- Identifying key areas of focus particular to the relevant business model, to ensure efficient dedication of resources;
- Focus on operational risks, such as asset misappropriations or bribery for supplier selection;
- Transparency in accounting and financial reporting to prevent fraud or insider trading;
- An audit committee that is independent of management, which must have knowledge of the company’s fraud risk exposure and steps taken by management to monitor and mitigate those risks;
- Conducting company-wide fraud risk assessments to increase the visibility of management’s attitudes towards managing fraud risks and curbing individual rationalizations of fraudulent behavior; and,
- Cooperation with police authorities. The Economic Offences Wing is set up under respective state police departments and is responsible for dealing with cheating and fraud cases in India. The EOW consists of a special committee of investigators, including finance professionals, and deals with cases of fraud amounting to US$440,000 (Rs 30 million) and upwards.
Below we discuss the most common instances of fraud, and how to curb them, at the floor management, middle management, and senior management levels.
Monitoring on-the-floor management – Stock, cash, data theft
Senior management should look out for any discrepancy in inventory numbers, over ordering of products from suppliers, or large petty cash disbursements.
Excessive write-offs or obsolete assets may also be an indicator of fraudulent activities.
On the other hand, protecting intangible assets, such as intellectual property rights and company data are of the utmost importance to companies.
Cyber-security officers should be appointed to prevent data breaches, and implement a system that automatically flags peculiar external communications or use of external storage devices on the company network.
Middle management – Bribery, corruption, procurement fraud
Cases of bribery and corruption in the supply chain of a business fall into a grey area.
If managers are expected to entertain and dine suppliers or vice versa – a common business practice in India – a limited budget or proper reimbursement system should be in place, and policies related to this must be clearly defined in the company handbook.
Manager-supplier relations should be strictly professional, with limited influence over the procurement process by either party. Senior managers should flag discrepancies in quality, quantity, and price of products and audit all bills.
While the Prevention of Corruption Act, 1988, applies mostly to public sector employees in India, it has been used to prosecute corporate entities under certain provisions.
For example, using this Act, the federal agency, the Central Bureau of Investigation (CBI), recently booked the CEO of Air Asia for reportedly trying to manipulate government policy, using corrupt means, for business gain.
Additionally, companies may also adopt international best practices and conventions, such as the ISO standard PC278 or UK standard BS10500 to prevent corruption and bribery related fraud, provided they don’t run counter to India’s laws.
Upper management – Conflict of interest, financial fraud, insider trading
A conflict of interest occurs when a company’s employee is involved in related-party collaborations, rigging the supply system for personal gain.
The alleged ICICI-Videocon financial fraud, where a US$500 million (Rs 32.5 billion) loan was sanctioned by Chanda Kochhar, CEO of the Indian multinational bank ICICI, to manufacturing firm Videocon, which held a large stake in her husband’s firm NuPower Renewables, is a clear case of conflict of interest.
The subsequent writing off of the bank loans and its convoluted accounting trail has led to inquiries by the CBI – who are charged with assessing if this was a genuine loan or simply a case of financial fraud.
Other instances of financial fraud include when a company’s accounting statements are falsified to dupe investors and inflate the company value.
To prevent this from happening, company directors have to enforce the proper accounting and auditing of company books by qualified professionals who have no conflict of interest.
Insider trading is another common corporate offence – likely to happen in the higher rungs of management.
In this situation, individuals artificially inflate or deflate company stock by leaking confidential information into the market to manipulate share pricing.
Auditors and directors should beware of swinging share prices ahead of any major announcements, such as takeovers or bankruptcy; it could indicate a leak of information.