CS Professional Governance, Risk Management, Compliances and Ethics Question Paper New Syllabus

Part 1

Question 1.
Rakesh is the Managing Director of ABC Co. Ltd., a listed company having its registered office in Bangalore. In December, 2018 an allegation of the Managing Director’s immediate family members and Alfa Co. Ltd. which got a Rs. 1,000 crore contract from ABC Co. Ltd. entering into a quid pro quo deal surfaced in the public domain. The matter was personally enquired by the Chairman of the Board of Directors and nothing improper was found. In March, 2019 another complaint from an anonymous “Whistle Blower” was received alleging non-adherence to code to conduct, conflict of interest and quid pro quo by the Managing Director while dealing “with certain customers”.

The allegations were refuted by the Board of Directors of ABC Co. Ltd. as “being malicious and baseless” but when the controversy started getting blown out of proportion the company stated in a regulatory filing that its Board had decided to institute an independent enquiry in the matter and – pending such enquiry, the Managing Director had been asked to go on leave. The enquiry revealed that Rakesh did not make proper disclosure about his family links with the corporate customer to the Board. It also transpired that Rakesh gave scant respect to “conflict of interest and due disclosure or recusal requirements” while awarding contracts to Alfa Co. Ltd. with which his close family members had business interests. Upon the findings of the enquiry being made public, Rakesh resigned and the company stated that it will treat his resignation as “termination for cause” and will also stop payments of unpaid benefits due to him.

In the background of the aforesaid case, answer the following question: (5 Marks each)

(a) How, if so, has Rakesh failed to discharge his duties as a director of ABC ; Co. Ltd.? Which regulations of the SEBI LODR have been breached by him?
In the present case, Rakesh has clearly failed to discharge his duties as a director of ABC Co. Ltd. as according to the facts of the case; the enquiry revealed that Rakesh did not make proper disclosure about his family links with the corporate customer to the Board. Further Rakesh gave scant respect to “conflict of interest and due disclosure or recusal requirements” while awarding contracts to Alfa Co. Ltd. with which his close family members had business interests. Thus Rakesh has violated various provisions of Companies Act, 2013, SEBI (LODR) Regulations 2015, OECD Principles of Corporate Governance, Related Party Disclosures etc.

(b) State the characteristics of an effective Board of Directors.
Following are the characteristics of an effective Board of Directors:

  • To be able to undertake functions efficiently and effectively, the Board must possess the necessary blend of qualities, skills, knowledge and experience.
  • Each of the directors should make quality contribution to the organizations policies, operations and management.
  • Board should have a mix of the following skills, knowledge and experience:
    • Operational or technical expertise, commitment to establish leadership
    • Financial skills
    • Legal skills
    • Knowledge of Government and regulatory requirement.
  • Board induction and training: Directors must have a broad under-standing of the area of operation of the company’s business, corporate strategy and challenges being faced by the Board. Attendance at continuing education and professional development programmes is essential to ensure that directors remain abreast of all developments, which are or may impact their corporate governance and other related duties.
  • The Board must monitor and evaluate its combined performance and also that of individual directors at periodic intervals, using key performance indicators besides peer review. The Board should establish an appropriate mechanism for reporting the results of Board’s performance evaluation.
  • Board independence: Independent Board is essential for sound corpo-rate governance. This goal may be achieved by associating sufficient number of independent directors with the Board.

(c) Analyze the performance of the Board of Directors in handling the complaints against Rakesh, the Managing Director of ABC Co. Ltd.
According to the facts of the present case upon the findings of the enquiry being made public, Rakesh resigned and the company stated that it will treat his resignation as “termination for cause” and will also stop payments of unpaid benefits due to him. Action taken by the company was not justified. Mere resignation and stopping payments of unpaid benefits is not sufficient in law. Formal legal proceedings must be initiated against Rakesh to make good the losses. Penal action must be initiated against Rakesh to ensure dubious activities of such nature are not repeated.

(d) Discuss the principles for Corporate Governance in order to improve the practices followed by ABC Co. Ltd. to prevent such situations from recurring.
In order to prevent such situations from recurring, ABC Co. Ltd. should inculcate the following practices:
Separation of role of chairman and chief executive officer: It is perceived that separating the roles of chairman and chief executive officer (CEO) increases the effectiveness of a company’s board.

Directors training, development and familarisation director’s training: An important aspect of Board effectiveness would be appropriate attention to development and training of directors. Director orientation/ induction should be seen as the first step of the board’s continuing improvement.

Director’s Development: Professional development should not be treated as merely another training schedule rather it must be more structured so as to sharpen the existing skills and knowledge of directors. It is a good practice for boards to arrange for an ongoing updation of their members with changes in governance, technologies, markets, products, and so on through:

  • Ongoing education
  • Site visits
  • Seminars
  • Various short term and long term Courses

Familiarisation Programme for Independent Directors: Regulation 25(7) of SEBI (LODR) Regulations, 2015 provides that the listed entity shall familiarise the independent directors through various programmes about the listed entity, including the following:
a. Nature of the industry in which the listed entity operates
b. Business model of the listed entity.
c. Roles, rights, responsibilities of independent directors.
d. Any other relevant information

Attempt all parts of either Q. No. 2 or Q. No. 2A

Question 2.
(a) Write a short note on Dividend distribution policy. (5 Marks)
Regulation 43A of SEBI (LODR) Regulations, 2015 provides that:
The top five hundred listed entities based on market capitalization (calculated as on March 31 of every financial year) shall formulate a dividend distribution policy which shall be disclosed in their annual reports and on their websites.

The dividend distribution policy shall include the following parameters:
(a) The circumstances under which the shareholders of the listed entities may or may not expect dividend.
(b) The financial parameters that shall be considered while declaring dividend.
(c) Internal and external factors that shall be considered for declaration of dividend.
(d) Policy as to how the retained earnings shall be utilized.
(e) Parameters that shall be adopted with regard to various classes of shares:

If the listed entity proposes to declare dividend on the basis of parameters in addition to clauses (a) to (e) or proposes to change such additional parameters or the dividend distribution policy contained in any of the parameters, it shall disclose such changes along with the rationale for the same in its annual report and on its website.

The listed entities other than top five hundred listed entities based on market capitalization may disclose their dividend distribution policies on a voluntary basis in their annual reports and on their websites.

(b) “A responsible business activity contributes to good public policy and to human rights in the communities in which it operates.” Explain the responsibilities of business provided in the Caux Round Table’s (CRT) Stakeholder Management Guidelines. (5 Marks)
CRT Stakeholder Management Guidelines provide that as a global corporate citizen, a responsible business actively contributes to good public policy and to human rights in the communities in which it operates. Business therefore has a responsibility to:
a. Respect human rights and democratic institutions, and promote them wherever practicable.
b. Recognize government’s legitimate obligation to society at large and support public policies and practices that promote social capital.
c. Promote harmonious relations between business and other segments of society.
d. Collaborate with community initiatives seeking to raise standards of health, education, workplace safety and economic well-being.
e. Promote sustainable development in order to preserve and enhance the physical environment while conserving the earth’s resources.
f. Support peace, security and the rule of law.
g. Respect social diversity including local cultures and minority communities.
h. Be a good corporate citizen through on going community investment and support for employee participation in community and civic affairs.

(c) The Audit Committee of Polar Ltd., a company listed with BSE, consists of three directors, Ashish, Nitin and Rekha. Ashish is the chairman of the Audit Committee and is also the CEO of Polar Ltd., Nitin and Rekha are independent directors and all three directors are financially literate. Rekha is a Chartered Accountant with more than 15 year’s experience in finance and accounting.

Discuss the above constitution of the Audit Committee in the light of the legal requirements in this regard. (5 marks)
Facts: The Audit Committee of Polar Ltd., a public listed company consists of three directors, Ashish, Nitin and Rekha. All there directors are financially literate. Ashish is the chairman of the Audit Committee and the CEO of Polar Ltd., Nitin is an independent director. Rekha is an independent directors and a Chartered Accountant with more than 15 year’s experience in finance and accounting.

Legal provisions: A qualified and independent Audit Committee shall comprise of:

  • Minimum three Directors as members.
  • Two-thirds of the members of audit committee shall be Independent Directors.
  • All members of Audit Committee shall have knowledge of financial matters of Company, and at least one member shall have good knowledge of accounting and related financial management expertise.
  • The Chairman of the Audit Committee shall be an Independent Director.

Conclusion: The Audit Committee of Polar Ltd. comprises three Directors as members thereby fulfilling the condition of having minimum three Directors as members. Nitin and Rekha are independent directors thereby fulfilling the condition; two-thirds of the members of audit committee shall be Independent Directors.

All there directors, Ashish, Nitin and Rekha are financially literate and at least one member should have good knowledge of accounting and related financial management expertise i.e. Rekha being a CA and all there being financially literate fulfil this condition as well.

The Chairman of the Audit Committee should be an Independent Director. Ashish is the chairman of the Audit Committee however is not an independent director as per the given facts of the case.

Therefore the composition of the Audit Committee of Polar Ltd. is not legally viable as it does not fulfil the necessary conditions as laid down in Companies Act, 2013 and SEBI (LODR) Regulations 2015.

OR (Alternate Question to Q. NO. 2)

Question 2A.
i. KLIP Travels Ltd. (KLIP) is a BSE listed company in the travel industry. Arun Kumar is the Chairperson of KLIP. There has been a major re-shuffle in the composition of the Board of Directors of KLIP with several old directors retiring and many new individuals inducted as directors. The Chairperson of the company, Arun, is keen to give an Induction kit to the newly inducted members on the Board but is unsure of its contents. As the Company Secretary of KLIP, prepare the induction kit. (5 Marks)
An induction kit to be given to new director should contain the following:

  • Memorandum and Articles of Association with a summary of most important provisions
  • Brief history of the company
  • Current business plan, market analysis and budgets
  • All relevant policies and procedures, such as a policy for obtaining independent professional advice for directors
  • Protocol, procedures and dress code for Board meetings, general meetings, staff social events, site visits etc. including the involvement of partners
  • Press releases in the last one year
  • Copies of recent press cuttings and articles concerning the company
  • Annual report for last three years
  • Notes on agenda and Minutes of last six Board meetings
  • Board’s meeting schedule and Board committee meeting schedule
  • Description of Board procedures

ii. You are Company Secretary of XYZ Insurance Co. Ltd. The Board of Directors of your company requires you to draw up a policy based on the principles spelt out in the stewardship code for insurers in India. (5 Marks)
Stewardship policy based on the principles spelt out in the stewardship code:


As part of its Investment Policy, the Company invests its funds in various types of securities including equity shares issued by various investee companies. The Insurance Regulatory and Development Authority of India (“IRDAI”) has prescribed stewardship principles to be adopted and implemented by the insurers (“Stewardship Principles”). Insurers are required to adopt a Code based on the Stewardship Principles. Accordingly, this Stewardship Code was approved by the Board of Directors on and shall be effective from

II. Definitions

  • “Company” means XYZ Ltd.
  • “Act” means the Insurance Act, 1938
  • “Authority” or “IRDAI” means the Insurance Regulatory and Development Authority of India.
  • “Guidelines” means Guidelines on Stewardship Code for Insurers in India.

1. Key Stewardship Responsibilities
1.1. Primary Stewardship Responsibilities: The Company shall:
a. Take into consideration, the corporate governance practices of investee companies, when undertaking buy and sell decisions.
b. Enhance shareholder/investor value through productive engagement with investee companies.
c. Vote and engage with investee companies on matters including environmental, social and governance principles in a manner which is in the best interests of its shareholders/investors.
d. Be accountable to shareholders/investors within the parameters of professional confidentiality and regulatory regime.

1.2. Discharge of Stewardship Responsibilities: The Company shall discharge its
stewardship responsibilities through:
a. Voting on shareholders’ resolutions, as may be necessary to protect the long term interest of its shareholders and policyholders.
b. Advocating for responsible corporate governance practices in the investee companies.

1.3. Disclosure of Stewardship Code: This Stewardship Code and amendment thereto, shall be disclosed on the website of the Company. Any amendment or modification to this Code shall also be disclosed on the website.

1.4. Disclosure of Stewardship Activities: The Stewardship Officer shall report the requisite compliance with the Stewardship Code to the Investment Committee from time to time.

2. Managing Conflict of Interest
2.1. A conflict of interest exists where the interests or benefits of the Company conflict with the interests or benefits of its shareholder/policyholders or the investee company.

2.2. Avoid conflict of interest: The Access employees of the Company shall undertake reasonable steps to avoid actual or potential conflict of interest situations. In the event of any doubt as to whether a particular transaction would create (or have the potential to create) a conflict of interest, Access Employees shall consult with the Stewardship Officer.

2.3 Identifying conflict of interest: While dealing with investee companies, the Company may be faced with a conflict of interest, inter alia, in the following instances, where:
a. The Company and the investee company are part of same group.
b. The investee company is a client of the Company.
c. The investee company is partner or holds an interest, in the overall business or is a distributor for the Company.
d. A nominee of the Company has been appointed as a director or a key managerial person of the investee company.
e. A director or a key managerial person of the Company has a personal interest in the investee company.

2.4. Manner of managing conflict of interest: The Company will manage conflicts of interest by requiring the Access Employees to:
a. Avoid conflicts of interest where possible.
b. Identify and disclose any conflicts of interest.
c. Carefully manage any conflicts of interest.
d. Follow this Code and respond to any breaches.

3. Monitoring of Investee Companies: The Company shall monitor all investee companies.

4. Active Intervention in the Investee Company

4.1 Applicability: The Company shall consider intervening in the acts/omissions of an investee company, in which it has invested (acquisition cost) more than 1 % of the Investment Assets of the Company, as at the end of the immediately preceding quarter or 50 crores, whichever is lower.

4.2 Intervention by the Company: The decision for intervention shall be decided by the Stewardship Officer on a case to case basis based on all available facts of investee company at that point of time.

5. Collaboration with other Institutional Investors: The Company shall consider collective engagement with other institutional shareholders when it believes a collective engagement will lead to a higher quality and/or a better response from the investee company.

The Company may approach, or may be approached by, other institutional shareholders to provide a joint representation to the investee companies to address specific concerns.

6. Voting and disclosure of voting activity

6.1 The Company may exercise its voting rights and vote on shareholder resolutions of investee companies, as may be deemed necessary in the interest of policyholders.

6.2 Voting decisions shall be made in accordance with the Company’s voting policy, which is available on the website of the Company.

6.3 The Company shall vote against resolutions which are not consistent with the Company’s voting policy.

7. Reporting of Stewardship Activities On an annual basis, the Company shall report the compliance status of this Code to the Authority in the prescribed format.

IV. Review of the Code The Code shall be reviewed on annual basis by the Investment Committee or whenever any changes are to be incorporated in the Code due to any amendment in the Guidelines on Stewardship Code

V. Effective Date: Pursuant to the observations received from IRDAI, certain modifications were made in the original Code and the amended Code was approved by the Board of Directors at its meeting held on …
The amended Code is effective from………

iii. Discuss the need for Internal Audit as a tool for Corporate Governance in the present day organizations. (5 Marks)
Internal Audit is an independent management function, which involves a continuous and critical appraisal of the functioning of an entity with a view to suggest improvements thereto and add value to and strengthen the overall governance mechanism of the entity including entity’s strategic risk management and internal control system.

The demand for auditing is sourced in the need to have some means of independent verification to reduce record-keeping errors, asset misappropriation, and fraud within business and non-business organizations.

Internal Audit is an independent appraisal activity within an organization for the review of systems, procedures, practices, compliance with policies for accounting, financial and other operations as a basis for service to management. It is a tool of control:
a. To measure and evaluate the effectiveness of the working of an organization.
b. To ensure that all the laws, rules and regulations governing the operations of the organization are adhered to.
c. To identify risks and also suggests remedial measures, thereby acting as a catalyst for change and action.

Question 3.
Write short notes on :
(a) Factors to be kept in mind for planning to mitigate compliance risk.
Following are the factors to be kept in mind for planning to mitigate compliance risk:
a. Impact of failures of compliance that would create significant brand risk or reputational damage.

b. Impact of that damage on the organization’s market value, sales, profit, customer loyalty, or ability to operate.

c. Identification of compliance missteps that could cause the organization to lose the ability to sell or deliver products/services.

d. How should the compliance program design, technology, processes, and resource requirements change in light of growth plans, acquisitions, or product/category/ service expansions?

e. Is the organization doing enough to inform customers, investors, third parties, and other stakeholders about its vision and values? Is it making the most of ethics, compliance, and risk management investments as potential competitive differentiators?

f. Total compliance costs; beyond salaries and benefits at the centralized level and how are costs aligned with the most significant compliance risks that could impact the brand or result in significant fines, penalties, litigation?

g. How well-positioned is the compliance function? Does it have a seat “at the table” in assessing and influencing strategic decisions?

h. The personal and professional exposures of executive management and the board of directors with respect to compliance.

(b) Mission and objectives of International Corporate Governance Network (ICGN).
The International Corporate Governance Network (“ICGN”) is a not-for- profit company limited’by guarantee and not having share capital under the laws of England and Wales founded in 1995.

ICGN’s mission:
ICGN’s mission is to promote effective standards of corporate governance and investor stewardship to advance efficient markets and sustainable economies world-wide.

Objective of ICGN:
It has four primary purposes:
a. To provide an investor-led network for the exchange of views and information about corporate governance issues internationally.
b. To examine corporate governance principles and practices.
c. To develop and encourage adherence to corporate governance stan-dards and guidelines.
d. To generally promote good corporate governance.
The Network’s mission is to develop and encourage adherence to corporate governance standards and guidelines, and to promote good corporate governance worldwide.

(c) Regulation 30(3) of SEBI (LODR), 2015 regarding disclosure of events upon application of materiality guidelines.
Regulation 30(3) of the Listing Regulations 2015 specifies that the listed entity shall make disclosure of events specified in Part ‘A’ of Schedule III, based on application of the guidelines for materiality. The board of directors of the listed entity shall authorize one or more Key Managerial Personnel for the purpose of determining materiality of an event or information and for the purpose of making disclosures to stock exchange(s) under this regulation and the contact details of such personnel shall be also disclosed to the stock exchange(s) and as well as on the listed entity’s website.

(d) Matters that cannot be discussed in a Board meeting conducted through video-conferencing.
As per rule 4 of the Companies (Meeting of Board and its Powers) Rules, 2014, the following types of matters cannot be discussed in a board meeting conducted through video conference:

  • Approval of the annual financial statements.
  • Approval of the Board’s report.
  • Approval of the prospectus.
  • Audit Committee Meetings for consideration of accounts.
  • Approval of the matter relating to amalgamation, merger, demerger, acquisition and takeover.

(e) Matters to be discussed under “Management Discussion and Analysis” to be disclosed in Annual Report of listed companies’. (3 Marks each)
‘Management Discussion and Analysis’ should include discussion on the following matters which are to be disclosed in Annual Report of listed companies:

  • Industry structure and developments.
  • Opportunities and Threats.
  • Segment-wise or product-wise performance.
  • Outlook
  • Risks and concerns.
  • Internal control systems and their adequacy.
  • Discussion on financial performance with respect to operational performance.
  • Material developments in Human Resources/Industrial Relations front, including number of people employed.
  • details of significant changes (z.e. change of 25% or more as compared to the immediately previous financial year) in key financial ratios, along with detailed explanations therefor, including:
    • Debtors Turnover
    • Inventory Turnover
    • Interest Coverage Ratio
    • Current Ratio
    • Debt Equity Ratio
    • Operating Profit Margin (%) (vii) Net Profit Margin (%) or sector specific equivalent ratios, as applicable.
  • Details of any change in Return on Net Worth as compared to the immediately previous financial year along with a detailed explanation thereof.

Part – II

Question 4.
(a) Discuss in brief Enterprise Risk Management, its components and limitations. (5 Marks)
‘Enterprise risk management’ deals with risks and opportunities affecting value creation or preservation, defined as follows:

“Enterprise risk management is a process, effected by an entity’s board I of directors, management and other personnel, applied in strategy setting | and across the enterprise, designed to identify potential events that may | affect the entity, and manage risk to be within its risk appetite, to provide % reasonable assurance regarding the achievement of entity objectives.”

Components of Enterprise Risk Management:
Enterprise risk management consists of eight interrelated components. These are derived from the way management runs an enterprise and are integrated with the management process. These components are:

Internal Environment: The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.

Objective Setting: Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.

Event Identification: Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities.
Opportunities are channeled back to management’s strategy or objective-setting processes.

Risk Assessment: Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.

Risk Response: Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.

Control Activities: Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.

Information and Communication: Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.

Monitoring: The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.

Limitations of Enterprise Risk Management:
Limitations of an enterprise risk management preclude a board and § management from having absolute assurance as to achievement of % the entity’s objectives. Following are these limitations:

  • Human judgment in decision making can be faulty.
  • Decisions on responding to risk and establishing controls need, to consider the relative costs and benefits.
  • Breakdowns can occur because of human failures such as simple errors or mistakes.
  • Controls can be circumvented by collusion of two or more people.
  • Management has the ability to override enterprise risk management decisions.

(b) “Risk analysis is an essential tool and one that could save time, money and reputations.” Explain the statement and bring out the use of risk analysis, (5 Marks)
After identification of the risk parameters, the second stage is of analysing the risk which helps to identify and manage potential problems that could undermine key business initiatives or projects.

To carry out a Risk Analysis, first identify the possible threats and then j estimate the likelihood that these threats will materialize. The analysis j should be obj ective and should be industry specific. Within the industry, the scenario based analysis may be adopted taking into consideration of possible j events that may occur and its alternative ways to achieve the given target.

Risk Analysis can be complex, as it requires drawing of detailed information | such as project plans, financial data, security protocols, marketing forecasts and other relevant information. However, it’s an essential planning tool, and one that could save time, money, and reputations.

Risk analysis is useful in the following situations:

  • While planning projects, to help in anticipating and neutralizing possible problems.
  • While deciding whether or not to move forward with a project.
  • While improving safety and managing potential risks in the workplace.
  • While preparing for events such as equipment or technology failure, theft, staff sickness, or natural disasters.
  • While planning for changes in environment, such as new competitors coming into the market, or changes to government policy.
  • When all the permutations-combinations of possible events/threats are listed while analysing the risk parameters and the steps taken to manage such risks, the risk matrix is designed/popped-up before the decision making and implementing authority.

(c) “Non-financial risks do not have direct and immediate impact on business, but the consequences are very serious and later do have significant financial impact as well if not controlled at the initial stage.” List the non-financial: risks encountered during the course of business by a business entity. (5 Marks)

Types of Non- Financial Risks Meaning
1. Business/Industry & Services Risk Business risks implies uncertainty in profits or danger of loss and the events that could pose a risk due to some unforeseen events in future, which causes business to fail. Business risk refers to the possibility of inadequate profits or even losses due to uncertainties e.g., changes in tastes, preferences of consumers, strikes, increased competition, change in government policy, obsolescence etc. Every business organization contains various risk elements while doing the business. Such type of risk may also arise due to business dynamics, competition risks affecting tariff prices, customer relation risk etc.
2. Strategic Risk Business plans which have not been developed properly and comprehensively since inception may lead to strategic risk. For example, strategic risk might arise from making poor business decisions, from the substandard execution of decisions, from inadequate resource allocation, or from a failure to respond well to changes in the business environment.
3. Compliance Risk This risk arises on account of noncompliance or breaches of laws/regulations which the entity is supposed to adhere. It may result in deterioration of reputation in public eye, penalty and penal provisions.
4. Fraud Risk Fraud is perpetrated through the abuse of systems, controls, procedures and working practices. It may be perpetrated by an outsider or insider. Fraud may not be usually detected immediately and thus the detection should be planned for on a proactive basis rather than on a reactive basis.
5. Reputation Risk This type of risk arises from the negative public opinion. Such type of risk may arise from e.g. from the failure to assess and control compliance risk and can result in harm to existing or potential business relationships.
6. Transaction Risk Transaction risk arises due to the failure or inadequacy of internal system, information channels, employees integrity or operating processes.

What is meant by handling of risk? Explain risk retention as a method of handling risk? (5 Marks)
The ownership of risk should be allocated. Responsibilities and S accountabilities of the persons handling risks need to be identified and assigned. The persons concerned when the risk arises, should document it and report it to the higher ups in order to have the early measures to get it minimized. Risk may be handled in the following ways:

  • Risk Avoidance
  • Risk Retention/absorption – it may be active or positive
  • Risk Reduction
  • Risk Transfer

Risk Retention/absorption: Handling the unavoidable risk internally and 1 the firm bears absorbs it due to the fact that either because insurance I cannot be purchased of such type of risk or it may be of too expensive to cover the risk and much more cost-effective to handle the risk internally.

Usually, retained risks occur with greater frequency, but have a lower severity. An insurance deductible is a common example of risk retention to save money, since a deductible is a limited risk that can save money on insurance premiums for larger. There are two types of retention methods for containing losses as under:

1. Active Risk Retention: Where the risk is retained as part of deliberate management strategy after conscious evaluation of possible losses and causes.

2. Passive Risk Retention: Where risk retention occurred through neg-ligence. Such type of retaining risk is unknown or because the risk taker either does not know the risk or considers it a lesser risk than it actually is.

Part III
Attempt all parts of either Q. No. 5 or Q. No. 5A

Question 5.
(a) Describe the essentials of an effective compliance program. (5 Marks)
The elements of an Effective Compliance Program may be listed as under:
1. High level company personnel who exercise effective oversight: The organization’s governing body should be knowledgeable about the effective compliance program and should have oversight of it. The governing body should have the overall responsibility for the compliance program and shall ensure the effectiveness of it. Specific individuals shall have overall responsibility for the day to day operations of the compliance program.

2. Written policies and procedures: The employees of the organization should be made known the legal requirements so that employees understand their obligations. The employees should be encouraged to report suspected fraud and other irregularities without fear.

3. Training and education: The employees of the organization should be provided reasonable training to understand the organization’s compliance programme and its policies and process.

4. Lines of communication: Information about the compliance program must be widely communicated at all levels of an organization. To enhance the effectiveness of the compliance program, the program must establish lines of communication whereby, employees and agents may seek guidance and report concerns, including the opportunity to report anonymously (such as a compliance hot line); There are assurances that there will be no retaliation for good faith reporting.

5. Standards enforced through well-publicized disciplinary guidelines: The organization’s compliance and ethics program should be promoted and enforced consistently through well-publicized guidelines that provide, incentives to support the compliance and ethics program, disciplinary measures for disobeying the law, the organization’s policies, or the requirements of the compliance and ethics program.

6. Internal compliance monitoring: The organization shall take reasonable steps, including monitoring and auditing, to, ensure that the organization’s compliance and ethics program is followed, periodically evaluate the effectiveness of the organization’s compliance program.

7. Response to detected offenses and corrective action plans: After monitoring and auditing of the compliance program, the organization shall take reasonable steps to, respond appropriately to any violations of the law or policies to prevent future misconduct, modify and improve the organization’s compliance and ethics program.

(b) “Internal control can help an entity in achieving its objectives but it is not a panacea.” Discuss. (5 Marks)
Internal control can help an entity achieve its objectives; however it is not a panacea due to its following limitations:

  • Internal control cannot change an inherently poor manager into a good one.
  • Internal control cannot ensure success, or even survival in case of shifts in government policy or programs, competitors’ actions or economic conditions, since these are beyond the management’s control.
  • An internal control system, no matter how well conceived and operated, can provide only reasonable not absolute-assurance to management and the board regarding achievement of an entity’s objectives.
  • The likelihood of achievement is affected by limitations inherent in all internal control systems.
  • Controls can be circumvented by the collusion of two or more people, and management has the ability to override the system.
  • Another limiting factor is that the design of an internal control system must reflect the fact that there are resource constraints, and the benefits of controls must be considered relative to their costs.

(c) What do you mean by Corporate Sustainability Reporting? Discuss the benefits and key drivers of sustainability reporting. (5 Marks)
Sustainability reporting is a process for publicly disclosing an organization’s economic, environmental, and social performance. Global Reporting Initiative (GRI) has developed a generally accepted framework to simplify report preparation and assessment, helping both reporters and report users gain greater value from sustainability reporting.

Benefits of sustainability reporting:

  • Emphasizing the link between financial and non-financial performance.
  • Influencing long term management strategy and policy, and business plans.
  • Streamlining processes, reducing costs and improving efficiency
  • Benchmarking and assessing sustainability performance with respect to laws, norms, codes, performance standards, and voluntary initiatives
  • Avoiding being implicated in publicized environmental, social and governance failures.

Key drivers of sustainability reporting:

  • Regulations: Governments, at most levels have stepped up the pressure on corporations to measure the impact of their operations on the environment. Legislation is becoming more innovative and is covering an ever wider range of activities. The most notable shift has been from voluntary to mandatory sustainability, monitoring and reporting.
  • Customers: Public opinion and consumer preferences are a more abstract but powerful factor that exerts considerable influence on companies, particularly those that are consumer oriented. Customers significantly influence a company’s reputation through their purchasing choices and brand.
  • Loyalty: This factor has led the firms to provide much, more information about the products they produce, the suppliers who produce them, and the product’s environmental impact starting from creation to disposal.
  • NGO’s and the media: Public reaction comes not just from customers but from advocates and the media, who shape public opinion. Advocacy organisations, if ignored or slighted, can damage brand value.
  • Employees: Those who work for a company bring particular pressure to bear on how their employers behave; they, too, are concerned citizens beyond their corporate roles.

(d) You are Company ‘Secretary of Super Chef Ltd. Shirley, the newly appointed CEO of Super Chef Ltd., is not clear about the concept of internal control and her role and responsibilities with regard to internal controls of the company. She approaches you to understand the same. Prepare a short note to brief Shirley on Internal control and her role and responsibilities in this regard. (5 Marks)
Ms. Shirley
Super Chef Ltd.
Subject: Role and responsibilities towards Internal Control
Dear Ma’am
Internal Control means:
“A system or plan of accounting and financial organization within a business comprising all the methods and measures necessary for safeguarding its assets, checking the accuracy of its accounting data or otherwise sub-stantiating its financial statements, and policing previously adopted rules, procedures, and policies as to compliance and effectiveness”

The chief executive officer is ultimately responsible and should assume “ownership” of the system. More than any other individual, the chief executive sets the “tone at the top” that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfils this duty by providing leadership and direction to senior managers and reviewing the way they’re controlling the business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit’s functions. In a smaller entity, the influence of the chief executive, often an owner-manager is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise

According to Regulation 17(8) of SEBI (LODR) Regulations, 2015, you
shall provide the compliance certificate to the board of directors as specified in Part B of Schedule II.

The following compliance certificate shall be furnished by you:
A. You have reviewed financial statements and the cash flow statement for the year and that to the best of your knowledge and belief: a. These statements do not contain any materially untrue statement or omit any material fact or contain statements that might be misleading.
b. These statements together present a true and fair view of the listed entity’s affairs and are in compliance with existing accounting standards, applicable laws and regulations.

B. There are, to the best of your knowledge and belief, no transactions entered into by the listed entity’s during the year which are fraudulent, illegal or violative of the company’s code of conduct.

C. You accept responsibility for establishing and maintaining internal controls for financial reporting and that you have evaluated the effectiveness of internal control systems of the listed entity’s pertaining to financial reporting and you have disclosed to the auditors and the Audit Committee, deficiencies in the design or operation of such internal controls, if any, of which you are aware and the steps you have taken or propose to take to rectify these deficiencies.

D. You have indicated to the auditors and the Audit committee:
i. Significant changes in internal control over financial reporting during the year.
ii. Significant changes in accounting policies during the year and that the same have been disclosed in the notes to the financial statements.
iii. Instances of significant fraud of which you have become aware g and the involvement therein, if any, of the management or an employee having a significant role in the listed entity’s internal control system over financial reporting.

Thanking You
Mr. A
Company Secretary
Super Chef Ltd.

OR (Alternate Question To Q. NO. 5)

Question 6.
(a) The Board of Directors of Fresco Pvt. Ltd. is in the process of reviewing the list of laws applicable to the company. As the Company Secretary of Fresco Pvt. Ltd., advise the Board on the components of a robust internal compliance reporting program.
For a robust internal compliance reporting program Fresco Pvt. Ltd. should:
1. Understand compliance obligations: The primary element to manage compliance is to understand compliance obligation in the light of strategic goals and objectives. Compliance obligations stem from: Laws and regulations, industry or generic standards, internal policies, processes and procedures and contracts executed with clients and other stakeholders.

2. Assess risks: Once compliance obligations are established, a compliance risk assessment exercise should be undertaken to identify risks, causes, the areas they impact and the consequences thereof. A risk analysis to have better understanding of the risks should follow. Such an analysis should consider the factors affecting the consequences and likelihood of these consequences occurring as well as the controls in place.

3. Address all compliance risks: An enterprise should ensure an effective action plan to address all compliance risks with clear ownership, responsibility, accountability and closure timelines. To ensure risks are. addressed effectively, the management should ensure that all employees with compliance obligation are competent. Periodic training and awareness must be carried out and any other medium to communicate assigned responsibilities should be explored. A continuous communication mechanism is required to ensure all employees understand compliance and contribute to it by reporting risks and discharging their responsibilities effectively.

4. Evaluate performance: A mechanism to measure and monitor the performance of the compliance practices and its impact on strategic goals and objectives must be developed. It can be done by seeking feedbacks from clients, stakeholders, suppliers, vendors, employees and government agencies are a good source of data to ascertain compliance performance. Governance mechanisms in the form of management reviews, internal audits and periodic compliance reporting give great insights on the performance of compliance practices.

(b) “Corporate reporting is an essential means by which companies communicate with investors as a part of their accountability and stewardship obligation.”
Comment and list out the expected information required by investors.
Investors expects the following information:

  • Business model and strategy.
  • Intangible factors and sustainability (i.e. economic, environmental, social) commitments.
  • Impacts and performance that affect a company’s value today and its ability to create value in the future.
  • Key aspects of corporate governance.
  • Internal controls.
  • Human rights/diversity practices and policies.
  • Key financial ratios

(c) “Risk can arise or change due to circumstances.” Comment and point out the circumstances which result into risks for an entity. (5 Marks)
Risks can arise or change due to the following circumstances:
1. Changes in operating environment: Changes in the regulatory or operating environment can result in changes in competitive pressures and significantly different risks.

2. New personnel: New personnel may have a different focus on or understanding of internal control.

3. New or revamped information systems: Significant and rapid changes in information systems can change the risk relating to internal control.

4. Rapid growth: Significant and rapid expansion of operations can strain controls and increase the risk.

5. New technology: Incorporating new technologies into production processes or information systems may change the risk associated with , internal control.

6. New business models, products, or activities: Entering into business areas or transactions with which an entity has little experience may introduce new risks associated with internal control.

7. Corporate restructurings: Restructurings may be accompanied by staff reductions and changes in supervision and segregation of duties that may change the risk associated with internal control.

8. Expanded foreign operations: The expansion or acquisition of foreign operations carries new and often unique risks that may affect internal control, for example, additional or changed risks from foreign currency transactions.

9. New accounting pronouncements: Adoption of new accounting principles or changing accounting principles may affect risks in preparing financial statements.
(Note: Students can write any five points of their choice)

(d) “Internal check refers to allocation of duties in a scientific way so that no one is responsible for all phases of the transactions.” Explain the essential features of Internal check in the light of above statement. (5 Marks)
Following are the essential features of Internal Check:

  1. There should be proper division of work and responsibilities.
  2. The duties of each person should be properly defined so as to fix definite responsibilities of each individual.
  3. Possibilities of giving absolute control to anybody should not be left out unchecked.
  4. Too much confidence on a person should be avoided.
  5. The duties of staff should be rotated and one person should not be allowed to occupy a particular area of operation for long.
  6. Necessary safeguards should be provided so as to avoid collusion of thoughts which quite often leads to commission of fraud.
  7. The person handling cash, stock, securities should be given compulsory leave so as to prevent their having uninterrupted control.
  8. Physical inventory of fixed assets and stocks should be taken periodically.
  9. Assets should be protected from unauthorised use.
  10. To prevent loss or misappropriation of cash, mechanical devices such as the automatic cash register, should be employed.
    (Note: Students can write any five points of their choice)

Part IV

Question 6A.
(a) A ‘Code of Ethics’ and a ‘Code of Conduct’ are often confused or used interchangeably. Discuss. (5 Marks)
The terms “Code of Ethics” and “Code of Conduct” are often mistakenly used interchangeably. They are, in fact, two unique documents. Codes of ethics govern decision-making, and codes of conduct govern action, represent two common ways that companies self-regulate.

Similarities between “Code of Ethics” and “Code of Conduct” Ethics guidelines attempt to provide guidance about values and choices to influence decision making.

Conduct regulations assert that some specific actions are appropriate, others in appropriate. In both cases, the organization’s desire is to obtain a narrow range of acceptable behaviours from employees.

Differences between “Code of Ethics” and “Code of Conduct”

Both are similar as they are used in an attempt to encourage specific forms of behaviour by employees. Ethical standards generally are wide-ranging and non-specific, designed to provide a set of values or decision making approaches that enable employees to make independent judgments about the most appropriate course of action.

Conduct standards generally require a fairly clear set of expectations about which actions are required, acceptable or prohibited.

Violation of code of ethics may not lead to action against the employee but violation of code of conduct may lead to disciplinary action.

(b) Explain the concept and need to apply the Triple Bottom approach for CSR. (5 Marks)
Triple Bottom Line’ is a phrase coined in 1994 by John Elkington. The concept of the Triple Bottom Line proposed that business goals are inseparable from the society and environment within which they operate. The Triple Bottom Line (TBL) is made up of “Social, Economic and Environmental”aspect and is indicated by the ‘People, Planet, Profit’ phrase.

‘People’ (Human Capital) pertains to fair and beneficial business practices towards labour and the community and region in which a corporation conducts its business.

‘Planet’ (Natural Capital) refers to sustainable environmental practices, Planet concerns include: Climate change, energy, water, biodiversity and land use.

‘Profit’ is bottom line shared by all customers. It is the reflection of | lasting economic impact the organisation has on its business activities. and that too after meeting all costs that would protect society and environment.

The need to apply the concept of TBL is caused due to
(a) Increased consumer sensitivity to corporate social behaviour.
(b) Growing demands for transparency from shareholders/stakeholders.
(c) Increased environmental regulation.
(d) Legal costs of compliances and defaults.
(e) Concerns over global warming.
(f) Increased social awareness.
(g) Awareness about and willingness for respecting human rights.
(h) Media’s attention to social issues.
(i) Growing corporate participation in social upliftment

Governance Risk Management Compliances and Ethics Notes