Dr. S Gopalakrishnan CFE
CEO of Cyveritas Risk Advisory Private Limited
The success of any business solely depends on the controls and processes adopted and implemented by the business units. In the ancient times, the businesses were conducted on judgemental basis, which purely individual driven. The concept of collective efforts were not felt and accordingly the merits and de-merits both were witnessed related to those business ventures. As a pinch of autocracy was dominating in those businesses, the employees were considering the employment only as a job for their earnings. But the modern management thoughts takes the business to a different direction whereby democratic participation of all the stakeholders are the need of the hour and hence the management had to take a paradigm shift in the way the businesses were directed. The qualitative elements of the business are of high priority in the current world, which triggers the need to have greater economy, high employment growth and delighted customers, for which strong risk management processes must be embraced. In order to ensure, consistency in terms of risk reduction, appropriate tools ought to be designed and implemented by the Top Management of the business houses and ultimately the Internal controls serve as these tools. The robust controls implemented at all levels of the business will be directing towards a qualitative operations, presiding financials, and sturdy compliances. The controls will be strengthening the base of the operations which will further usher the cash flows which are the foundation for business sustainability. The control mechanisms will be leading to achieve high persistency in terms of revenue and profitability growth for the entity, as the productivity will be at the higher end and the risks at the lower end. Any breakdown of controls, may lead to an organizational collapse, as it will be activating the fraudulent practices from the top to bottom. Hence strong Internal controls and its consistent implementation only can be helpful to bring the risk factors to the acceptable level.
Key words: Internal controls, Governance, Risk factors, Control breakdown, Internal controls over financial reporting, Fraud deterrence, Management Override
There has been a paradigm shift in terms of the objective of the business from the traditional view of profit maximization to the dimensional approach of Value enhancement. The concept of value is considered to be broad, which is a must nowadays for any business to ensure at any cost in order to sustain in the market and grow further. The value is a give and take process, whereby the business confers a value to its entire stake holders community persistently, and in turn the stake holders confers back a value to the business which will be elevating the operational and economical performances of the business throughout. The board of directors, being the key responsible people to the entire success of any business, shoulders the task to ensure value enhancement at all times. In order to reach the value maximization goal, the primary step to be taken by those who are charged with the responsibility of governance (Board of Directors), will be to Identify, analyse and assess the risk factors hitting business, which are the main barriers against achieving its goals. Therefore the directors, being the custodian of the business key, need to work towards bringing the risk factors to the acceptable level for which various Internal Control Mechanisms, the tools required to minimize the risks within the business, must be designed and introduced in the organization. The directors, as the direct agents of the Principals, who are the shareholders, must convey the purpose and the processes of the designed internal controls to the management for further implementing throughout the enterprise to reap the effectiveness. Hence, the Internal controls are the mechanisms, rules, and procedures implemented by a company to ensure the integrity of financial, operational and compliance aspects of any business and the same will be promoting the accountability and preventing the fraud. Unless otherwise a business achieves consistently, the effectiveness of the internal controls, the attainment of the business goals will be a big question mark and hence success of any business relies on the efficacy of the controls.
Corporate governance means the set of rules, regulations, standards, practices and styles which direct and control the business activities. The corporate governance includes various relationships between the various participants and the stakeholders of the business and moreover it deals with agency problems if any between the shareholders and the board of directors. The relationship which exists between governance, risk, and internal controls is in separable. The concept of good governance considers, risks within the organization to be at the acceptable level, which is achieved in turn through constructive implementation of internal controls at its right quality. The board of directors should put in their best efforts in identifying, analyzing and assessing various risk factors which are affecting the business from various corners before concluding any strategies and only then the best results could be reaped at the end of the day. The successful implementation of the internal controls is the requisite to ensure sound governance and the resultant organizational performances, which could be accomplished by perfect co-ordination of all the activities by the board of directors, management, internal auditors and the external auditors.
Promoting appropriate ethics and values within the organization is critical to the positive result oriented implementation of controls and processes. Ethically driven enterprises only would be able to achieve the best results, say it be operational, financial or compliance, and exemplary utility of the respective control processes, brought thoughtfully into the organizations in the most methodical way. The triumph of the internal controls in the organization invariably require the ethical commitment from its board members, management staffs, the chief executive and the other employees. Any deviation from the ethical aspects by any member of the above mentioned teams will be a heavy cost, as the risks would be stagnant in the respective activity, which finally can hamper the overall performances. The ethical efforts from the central committee members are paramount to the design of the internal controls at its best. The ethical attitude of the board will be towards understanding the risk factors which tear off the bottom line, from the grass root level and through which only an observational and flawless controls could be designed. Designing the control tools in the most appropriate way is critical to achieve the concluding goals. The internal controls at its strength can help build a very good atmosphere in which everyone associated with the enterprise feel conducive and carry on their activities by implementing the controls with a clear intention to fulfill the objectives, with a right attitude devoted towards good ethics. As the board members have an oversight responsibility, they need to oversee and evaluate the adequacies of the controls in the enterprises. The board should warrant that the ethical and cultural environment are strong for which the following actions from their part is inevitable:
The Integrated Framework of Internal controls, published by the Committee of Sponsoring Organistions (COSO), gives a clear guidance to the organizations to ensure effectiveness of the controls. The above mentioned Integrated Framework, which very widely accepted by the business houses, highlights five components of Internal controls, which are:
The risk assessment procedures of the enterprise must be at its class throughout the organisation, which are based on a set of complimentary financial, operational, and compliance objectives linked across all levels of the organization. Any major risks observed by the employees must be discussed candidly with the board members. Through this processes, the business administrators will be narrowing down the external and the internal risks, which are the roadblocks to achieve the goals and subsequent to this effort, the control tools would be designed to mitigate the ill effects of the risks. Creating a conducive environment within the business, for the people to conceive and implement the control measures designed in the most democratic way, by the directors, is key to achieve the effectiveness of the same. The board of directors must be committed to hire and bring the efficient and qualitative manpower into the business system only through which successful implementation of the controls will be possible. . To corroborate the hired manpower to be effectual, top to bottom and bottom to top communication style to be embraced by the top management which is integral for the successful accomplishment of controls. Any control measure would finally be effective only when a concrete monitoring and review mechanism is being followed by the business authorities. The most effective control mechanism in any organization can be made sure by the board by taking on the following initiatives
A business can reap continuous success in terms of its operations and ensure a qualitative top and bottom lines sustainably over a period of time and give consistent value to the stakeholders by adhering strictly to the unbending Internal controls. Assuring persistency in terms of its earnings is critically needed for the growing cash profits of an enterprise. An organization where the internal controls over financial reporting is robust, will be able to present and disclose clean and healthy financials to the stakeholders and this unceasing effort from the management, being the most superintend of the entire systems will be reaping the precise business results. Effectiveness of the Internal controls will apparently be cleansing the financial reporting processes and the respective entity will be able to win the confidence of its entire stakeholder communities. The following data of 7 major business corporations in India, as reported by moneycontrol.com, illustrates the consistency of their financials in terms of revenue and the net profits during the past 5 years, due to strict adherence to the Internal controls over financial reporting.
(All Figures expressed in Rs Lacs)Table 1 – HDFC Bank
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 146,063.12 | 31,116.53 | @21.30 |
| 2020 | 138,073.47 | 26,257.32 | @19.02 |
| 2019 | 116,597.94 | 21,078.17 | 18.08 |
| 2018 | 95,461.66 | 17,486.73 | 18.32 |
| 2017 | 81,602.46 | 14,549.64 | 17.83 |
Table 2 – Tata Consultancy Services
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 141,363.00 | 30,960.00 | 21.90 |
| 2020 | 139,388.00 | 33,260.00 | 23.86 |
| 2019 | 130,797.00 | 30,065.00 | 22.99 |
| 2018 | 103,159.00 | 25,241.00 | 24.47 |
| 2017 | 97,261.00 | 23,653.00 | 24.32 |
Table 3 - Infosys
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 88,379.00 | 18,048.00 | 20.42 |
| 2020 | 81,747.00 | 15,543.00 | 19.01 |
| 2019 | 75,959.00 | 14,702.00 | 19.36 |
| 2018 | 65,960.00 | 16,155.00 | 24.49 |
| 2017 | 62,351.00 | 13,818.00 | 22.16 |
Table 4 – National Thermal Power Corpn.
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 103,552.71 | 13,769.52 | 13.30 |
| 2020 | 100,478.41 | 10,112.81 | 10.06 |
| 2019 | 92,179.56 | 11,749.89 | 12.75 |
| 2018 | 85,207.95 | 10,343.17 | 12.14 |
| 2017 | 79,342.30 | 9,385.26 | 11.83 |
Table 5 – TATA Steel
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 65,506.89 | 13,606.62 | 20.77 |
| 2020 | 60,840.09 | 6,743.80 | 11.08 |
| 2019 | 73,015.79 | 10,533.19 | 14.43 |
| 2018 | 60,380.48 | 4,169.55 | 6.91 |
| 2017 | 48,407.48 | 3,444.55 | 7.12 |
Table 6 - ITC
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 48,736.10 | 13,031.64 | 26.74 |
| 2020 | 48,633.36 | 15,136.05 | 31.12 |
| 2019 | 47,480.19 | 12,464.32 | 26.25 |
| 2018 | 42,757.38 | 11,223.25 | 26.25 |
| 2017 | 42,074.59 | 10,200.90 | 24.24 |
Table 7 – HDFC Ltd
| YEAR | REVENUE | NET PROFIT | % MARGIN |
|---|---|---|---|
| 2021 | 48,175.86 | 12,027.30 | 24.97 |
| 2020 | 58,763.34 | 17,769.65 | 30.24 |
| 2019 | 43,378.01 | 9,632.46 | 22.21 |
| 2018 | 40,707.49 | 10,959.34 | 26.92 |
| 2017 | 33,159.60 | 7,442.64 | 22.44 |
The Auditor’s reports of the above 7 organisations confirm the strong internal controls over financial reporting and other operations, which are strictly adhered to and followed by the management and the work forces. All the above organisations are maintaining consistency in terms of revenue and profitability and there is almost a steadiness with respect to the growth as well. The most important point to be noted with respect to the above organisations is the fact that the management is committed totally towards ensuring that the internal controls are implemented throughout the levels in a systematic manner. These organisations practice religiously, their commitment to review periodically the existing controls and working towards improving the existing controls or replacing the age old not applicable controls with robust ones. Moreover no deviations from the systems are being tolerated at any levels of the hierarchy due to which deterrence of financial or operations frauds are at its peak.
Pressures or incentives and Opportunities can lead to override of controls in an organization. This override is carried out either by the employees or the management in order to meet the objectives of the business. It could be by engaging in fraudulent activities or misusing ones authority to misstate the financial statements materially. The override of controls carried out by the management will be more seriously to be looked into than the override carried out by the employees of an enterprise. This is due to the fact that the risk of any management override is very much on the higher side when compared to the risk of override by the workforces. The management officials will be engaging in overriding activities by intentionally misstating the nature and timing of revenue or expenses and will be altering terms or records related to unusual or significant transactions, to dress up the financial statements and project it to reflect a true and fair picture. They will also focus on recording fictitious entries in the books to inflate the profits or to cover up a theft of assets. According to Association of Certified Fraud Examiners (USA), the top three techniques as part of the override are a) fraudulent disbursements related to the accounts payables, b) fraudulent billing schemes and c) expenses reimbursement abuse. The management also will be arriving deliberately, decisions contrary to the controls designed and implemented by them.
Though the root cause of any fraudulent practices in an organization could be clustering around the deliberate actions of the management or staff members in overriding the controls, poor design of Internal controls by those who are charged with the responsibility of governance, due to improper identification and understanding of the risks affecting their business, thereby resulting into a lack of tight and qualitative control mechanisms, would also be another component to stimulate the fraudulent activities. Many business enterprises, especially banking operations across the globe, got severely affected due to control deficient frauds which had brought in sky high losses to the sector undoubtedly. According Reserve Bank of India, over the past seven years, India witnesses the loss of Rs 100 crore per day to Bank Frauds. The following case studies illustrates the magnitude of the losses suffered due to frauds by various sectors due to ineffectual controls.
The executives of the bank created millions worth fictitious savings and checking accounts in a fraudulent manner on behalf of their clients without their consent. The top management initially encouraged and later pressurised, to order credit cards for pre-approved customers without their consent by using their own contact information when filling out the requests for the same in order to prevent customers from discovering the fraud. The clients began to notice the fraud after the bank charged unanticipated charges on them, and also upon receiving unforeseen credit and debit cards. Though initially the blames were pointing towards the branch managers and staff members but upon subsequent investigation it was concluded that the top management’s override of controls were visible as they had funneled abnormal pressures on the branch members to open as many accounts as possible through cross-selling, a concept to sell multiple products to the existing customers. The total value of the transactions through these accounts were estimated to be $3 billion. Subsequent to the investigations, the Consumer Financial Protection Bureau (CFCB US), levied a fine of US$185 million, on account of the illegal practices of creating 1534280 unauthorised deposit accounts and 565433 credit card account between 2011-2016. Over and above this fine, the bank also faces a criminal suits for an estimated sum of US$2.7 billion by the end of 2018.
This is a corporate scam in the aviation industry, which could be quoted as a classic example of the breakdown of the internal controls due to the deliberate actions of the top managerial authority of the group. The company availed loans from all possible sources, including related parties by providing the overestimated worth of its brand Kingfisher as a guarantee. The business could not turn out to be a strong deal and the group had to sell off its much cherished liquor company to pay off the debts. But still the consortium of banks, led by State Bank of India have a clear exposure of around Rs 9000 crores in this regard to an effectively bankrupt company. The employees lost their jobs and a huge sum of defaulted statutory dues like Provident Fund, TDS deducted etc. are existing beyond any scope of recovery.
An once-in-a-lifetime case where by a company would have defrauded the Banks in India in a very big way. This company practically defrauded 33 banks and financial institutions during the period of 2007 to 2014 as per the charge sheet filed by Enforcement Directorate. As per ED, the main person behind this scandal was its Chairman & Managing Director, whose conspiracy had led to the crime. The funds lent by the company was transfered in the form of loans to various associated parties and misappropriated such funds for the collective benefits of the management. As per the report from CBI, the company had diverted around Rs 2348 crores through its directors and other staff members, to the accounts of over 200 shell companies for no apparent purposes. The overall sum misappropriated was estimated to be around Rs 50000 crores.
IL&FS is a non-banking financial company, established were predominantly involved in funding various infrastructure projects in India. The scam is considered to be a prominent one as it triggered the financial crisis in India due to the fact that the company was considered to be an essential vehicle for the growth of infrastructure. This company had boundless debt exposure of Rs 91000 crores including Rs 20000 crores invested by pension and provident funds. The fraud was perpetrated by diverting the lent funds to the companies which are into similar business, owned by the members of the Top Management of IL&FS. Such funds were routed from one group company to another via third party and also started lending money to individuals whose credit ratings were poor, the reasons for the same was unapparent. The company also had carried out over vendor billings, accounting of fictitious costs and inappropriate recognition of project revenue. The company deliberately did not disclose the related party transactions executed. The top management persons of the company were prosecuted and charge sheet was filed against them on 16th August, 2019.
This is a German electronic payments company which had a steady growth, witnessed by the market over a span of 20 years. The auditors of the company tracked down the scandal whereby they had noted a manipulation of roughly US$2billion in the books. They also noted falsification of the entire accounts, reported to the shareholders for many years. As part of the scam, the German prosecutors arrested three main Top Management executives for allegedly acting as masterminds behind to initiate a criminal racket to dress up the fake accounts of the company and defrauding the creditors. The company subsequently was declared insolvent.
When one looks into and analyzes the above cases, it is evident that the management override of controls had literarily put the corporations into financial and legal trap. The root causes for similar scams can narrowed to five categories:
The greatest concern in the above cases would be that the management puts the ethical aspects in the back burner while arriving at business decision and their personal goals dominates over the business goals which resulted into break down of Internal controls. The people who are charged with the responsibility of governance and design and implementation of Internal controls, itself spearhead the transgression activities which impacted the economy in several forms of the region where these businesses are being operated.
The Internal controls and its practices in the business enterprises must be ruthlessly implemented and the management and the staff members must be dedicated towards the same. The rugged governance processes and the respective allegiance from the management is key to achieving the business objectives across the board. Identifying, analyzing and assessing the risk factors, whether internal or external must be religiously and regularly undertaken by those who are charged with the responsibility of governance and must blueprint the respective controls to bring down the risks to the acceptable levels and also must be in control of implementing throughout the business to ensure discipline at all roots of the operations. The tone at the top must be strapping so as to ensure commitments from all levels of the work forces. Coherent and well organized leadership only can corroborate, disciplined and committed staff resources to act as pillars of support to apply the concept of going concern.
Why Internal controls are important for Business? – Article in www.nsktglobal.com The Risk of weak Internal controls – Article by Mr Rakesh Shukla, published on 1st August, 2005 – www.theglobaltreasurer.com The Economic Times – News paper article on value of Bank frauds in India – 29th March, 2022 Wikipedia – Wells Fargo Accounts Scandal Major corporate frauds in India – Article by Anushka Agarwal – www.thecompany.ninja Bhushan Steel Scandal – Reported in India Today by Munish Pandey, New Delhi, 18th January 2020 – www.indiatoday.in IL&FS crisis – 30th August 2021 – www.business-standard.com The & Greatest Financial Frauds in History – By Mark Reeth, 20th July 2020, www.money.usnews.com www.moneycontrol.com – Audit reports and financials of companies. Top profitable companies in India – www.moneycontrol.com Strategies for Improving profitability through effective internal controls (2018) – By Melissa M Washington – Walden University Al-Thuneibat, A. A., Al-Rehaily, A. S., & Basodan, Y. A. (2015). The impact of internal control requirements on profitability of Saudi shareholding companies. International Journal of Commerce and Management, 25, 196-217. doi:10.1108/ijcoma-04-2013-0033 Al-Rassas, A. H., & Kamardin, H. (2016). Earnings quality and audit attributes in high concentrated ownership market. Corporate Governance: The International Journal of Business in Society, 16, 377-399. doi:10.1108/cg-08-2015-0110 Internal controls Types and Frameworks (Study Unit 5) – The study material of Certified Internal Auditor (CIA) program, published by Gleim, USA
Copyright © 2025. All rights reserved. | Powered By Phitany, Web Designing Company Kerala
