K.P.RAO & CO || BLOGS

CONTROL FRAMEWORKS

(Compiled by K.Viswanath FCA)

COSO – COMMITTEE OF SPONSORING ORGANISATIONS OF THE TREADWAY COMMISSION

COSO is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance.

COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, an independent private sector initiative which studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for the SEC and other regulators, and for educational institutions.

Sponsoring Organizations

AICPA - American Institute of Certified Public Accountants

AAA - American Accounting Association

FEI - Financial Executives International

IIA - The Institute of Internal Auditors

IMA - Institute of Management Accountants

I. COSO AN INTERNAL CONTROL FRAMEWORK :

Issued in 1992 by the COSO this framework has long served as a blue print for establishing internal controls that provide efficiency, minimise risks, help ensure reliability of financial statements and comply with laws and regulations. It has been praised and embraced by many organisations throughout the world for its comprehensiveness, effective and universal principles of strong internal control.

The Committee of Sponsoring Organizations (COSO) has studied internal control and risk management for more than 20 years. That research points to two firm conclusions: Good internal control is an integral part of successful organizations, and all organizations can achieve effective internal control. Commitment to internal control is a matter of company priority, not a matter of resources.

The original COSO framework contains five control components needed to help assure sound business objectives. The control components are:

Control Environment.

Risk Assessment.

Control Activities.

Information and Communication.

Monitoring.

More specifically, the thought process behind these five components was that they would work together to support efforts to achieve an organization's mission, strategies and related business objectives. All five components would need to be in place to achieve an "effective" internal control system.

Control Environment

Integrity and Ethical Values

Commitment to Competence

Board of Directors and Audit Committee

Management’s Philosophy and Operating Style

Organizational Structure

Assignment of Authority and Responsibility

Human Resource Policies and Procedures

Risk Assessment

Company-wide Objectives

Process-level Objectives

Risk Identification and Analysis

Managing Change

Control Activities

Policies and Procedures

Security (Application and Network)

Application Change Management

Business Continuity / Backups

Outsourcing

Information and Communication

Quality of Information

Effectiveness of Communication.

Monitoring

On-going Monitoring

Separate Evaluations

Reporting Deficiencies

“ COSO BACK IN THE LIMELIGHT ”

Although it was issued in 1992 and was being used globally, this Control Framework has come back into the limelight today due to the several changes that have taken place in financial reporting, corporate governance and regulatory environments since the Framework was issued. Today compliance requirements with the provisions of Sarbanes Oxley (Sec 404 & 302) in the USA is a major driver of a company’s internal control over financial reporting and the COSO Framework for Internal Control is the most widely accepted Framework for compliance, globally. This Framework can be easily applied for compliance with the requirements of Clause 49 of the SEBI regulation, the requirements of the Companies Act 2013, and requirements of IFC, in India.

II. COSO ENTERPRISE RISK MANAGEMENT (ERM) FRAMEWORK:

In response to a need for principles-based guidance to help entities design and implement effective enterprise-wide approaches to risk management, COSO issued the Enterprise Risk Management – Integrated Framework in 2004. This framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. The guidance introduces an enterprise-wide approach to risk management as well as concepts such as: risk appetite, risk tolerance, portfolio view. This framework is now being used by organizations around the world to design and implement effective ERM processes.

Overview

1. Internal control environment

2. Objective setting

3. Event identification

4. Risk assessment

5. Risk response

6. Control activities

7.Information and communication

8.Monitoring

The three new components of the COSO framework are Objective setting, Event identification, and Risk response.

Why the focus on Enterprise Risk Management ?

Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives. Enterprise risk management encompasses:

Aligning risk appetite and Strategy - Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
Enhancing risk response decisions – Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance.
Reducing operational surprises and Losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
Identifying and managing multiple and Cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
Improving deployment of capital - Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.

These capabilities inherent in enterprise risk management help management achieve the entity’s performance and profitability targets and prevent loss of resources. Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity’s reputation and associated consequences. In sum, enterprise risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way.

CUT THE CLUTTER

(Compiled by Mohan.R.Lavi)

THE MODEL GST LAW SHOULD NOT LOSE ITS FOCUS

It is clear that we are headed for taxing times in the years to come. The demonetisation dialogue is increasingly moving towards the conclusion that it has become a monetisation opportunity for the tax department. It seems the tax department is angry with a few who have evaded tax and is reacting by taking revenge on many. The byline “Minimum Government, Maximum Governance” is being replaced with the old “Raid Raj”.

Anti-profiteering

Clause 163 of the Revised Model GST law is a new insertion. It states that the Centre may by law constitute an authority, or entrust an existing authority constituted under any law, to examine whether input tax credits availed by any registered taxable person or the reduction in the price on account of any reduction in the tax rate have actually resulted in a commensurate reduction in the price of the said goods and/or services supplied by him.

The authority shall exercise such functions and have such powers, including those for imposition of penalty, as may be prescribed in cases where it finds that the price being charged has not been reduced as aforesaid. In commercial lingo, this is termed as an anti-profiteering measure.

There are multiple issues with this measure. The obvious one is whether such a measure is required for a new law that is still subject to a lot of ifs and buts. The impact that GST would have on many industries remains only a guess since neither have the rates of tax been frozen nor has the law been cast in stone.

Such measures are best introduced a couple of years after the complete impact of the law is understood. It is easy to ascertain if a reduction in the rate of tax has resulted in reduction in the end-price. Existing indirect tax laws had a somewhat similar concept, “unjustified enrichment”, which mandated that no tax payer could make a profit out of taxes.

The scope of the anti profiteering clause is much wider than that of the unjustified enrichment clause. The provision that input tax credits availed should result in a reduction in the end-price is, to say the least, bizarre. Input tax credits have had a long and bumpy ride under Indirect laws.

Although Version 2.0 of the Model GST law has made some improvements regarding input tax credits over the erstwhile version, they are far from clear. The anathema to provide credit on outdoor catering continues despite Tribunal decisions mandating that the department should not get so finicky. Often, the department disallows input tax credit for the most frivolous reasons, expecting a reduction in prices every time is going to be a nightmare for the tax payer and a delight to the authority to check if prices are being reduced proportionately.

Framers of the GST law is making the mistake of trying to put every possible provision in the versions of the model laws. They should focus on essentials; they will have plenty of time to look at the rest of the provisions.

The writer is a chartered accountant.

Blog